Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | No. 271

News & Analysis | No. 271

Hafnium Fallout and Response, Software Supply Chain Naming Attacks, SITA Airline Attack, REvil, China vs. India in Cyberspace, Russian Cybercrime Forum Hacks, Russians Underming American Vaccines, US Not Ready For AI Competition, CPU Side-channel Attacks, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Mars 202129min

News & Analysis | No. 270

News & Analysis | No. 270

SolarWinds Malware Tool, SolarWinds Blaming the Intern, Amazon Whistleblowers, Google Linux Devs, NYC Black Mirror Dog, Portswigger Top 10, API Security Top 10, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Mars 202124min

News & Analysis: No. 269

News & Analysis: No. 269

US charges North Korean hackers, Egregor users arrested, Let’s Encrypt Upgraded, Very Few Vulnerabilities Are Dangerous, North Korea Pursued COVID Vaccine Data, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Feb 202143min

News & Analysis | No. 268

News & Analysis | No. 268

Florida water hack, ESET Reports 768% More UDP Attacks, 223 Vulns Being Used in Ransomware, Microsoft Will Report State Hack Attempts, Cops Using Copyright Weapons, TikTok Russian Battles, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Feb 202127min

News & Analysis | No. 267

News & Analysis | No. 267

Supercookies, Mobile App Tracking, 80% PII, Moody's Cyber Rates, Facial Recognition California, Chinese Men Feminine, Google Bounty Payouts, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Feb 202135min

News & Analysis | No. 266

News & Analysis | No. 266

China has 80% of US Adult PII, Chris DeRusha now US CISO, New Version of NAT Slipstreaming, Exposing.AI Looks For Your Face, Birdwatch Misinformation, Pentagon Vaccination Program, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Feb 202122min

News & Analysis | No. 265

News & Analysis | No. 265

FireEye Solar Details, Cyberinsurace Supporting Crime, FBI Tracking Cell Pings, RDP DDoS Amplification, Palantir Stock, Fake Job Offers, DDoS Ransomware, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Jan 202127min

What They Don’t Tell You About Being a Bounty Hunter or Content Creator

What They Don’t Tell You About Being a Bounty Hunter or Content Creator

How the dopamine hits of bugs and praise can become a trap.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Jan 20215min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
rss-badfluence
market-makers
elbilsveckan
bilar-med-sladd
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
rss-technokratin
garagehang
rss-veckans-ai
solcellskollens-podcast
skogsforum-podcast
hej-bruksbil
rss-uppgang-och-fall
rss-elektrikerpodden
teknikveckan
bosse-bildoktorn-och-hasse-p
har-vi-akt-till-mars-an
rss-snacka-om-ai