Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | No. 264

News & Analysis | No. 264

New Member Podcast Feed, NSA and DNS, GSA kills Drones, Parler in Russia, White House AI, SAP, Ubiquity, OpenWRT, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Jan 202124min

News & Analysis | No. 263

News & Analysis | No. 263

Congressional System Integrity, FBI Egregor, Parler Dox, Clearview Spike, JetBrains Speculation, Chinese Finacial APTs, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Jan 202114min

News & Analysis | No. 259

News & Analysis | No. 259

Recon/Attack Surface Management Analysis, The Pentester's BluePrint, Amazon's 10,000 Small Bets, Sunburst APT29 Hack, Data Dump on the CCP, Ransomware Makes Half of All Major Incidents, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Jan 202127min

News & Analysis | No. 257

News & Analysis | No. 257

Amazon Curate (I Wish), Tesla Hack, IoT Security Bill, Iran Assassination, Robot Dogs, Drupal, TikTok Cartels, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Jan 202112min

News & Analysis | No. 255

News & Analysis | No. 255

Tim Berners-Lee's Solid Idea, Police Looking Through Ring Cameras, Feinstein's Chinese Spy, Trump Banned 31 Chinese Companies, Microsoft on MFA, US Trolling Russian APT, Zoom Thanksgiving, Facbook Copying Snap, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Jan 202121min

News & Analysis: No. 253

News & Analysis: No. 253

US Election Security, How to Write Well, The Future of Sensors and Algorithms, I Like Pre-recorded Conference Talks, Substack is Great For Newsletters BUT, Zoom End-to-End Encryption, Chinese Espionage Database, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Nov 202021min

News & Analysis | No. 251

News & Analysis | No. 251

The Content Value Hierarchy, Chinese Suicide Drones, 900,000 Unemployment Claims, Law Enforcement Suspending Leave, Tricking Teslas, Sweden Increasing Military Spending, Atlanta Drone Arrest, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, the Weekly Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Okt 202024min

Operation Fortify: A US Ransomware Plan

Operation Fortify: A US Ransomware Plan

A simple yet comprehensive plan for how the United States could address its devastating ransomware problem.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Okt 20209min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
natets-morka-sida
mediepodden
developers-mer-an-bara-kod
skogsforum-podcast
rss-elektrikerpodden
rss-technokratin
rss-badfluence
hej-bruksbil
rss-uppgang-och-fall
rss-veckans-ai
rss-digitala-influencer-podden
rss-laddstationen-med-elbilen-i-sverige
vi-bilagares-podcast
solcellskollens-podcast
rss-snacka-om-ai