Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

Unsupervised Learning: No. 129

Unsupervised Learning: No. 129

Reboot your router, China hacked a U.S. Navy contractor and stole around 600GB of top secret data. Newark, NJ is monitoring much of the city with surveillance cameras, and they're making the camera footage available to the public. Facebook also shared data with a number of Chinese companies. Tech, Humans, Ideas, Discovery, Reconmendations, Aphorism… Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Juni 201811min

Unsupervised Learning: No. 128

Unsupervised Learning: No. 128

Pentagon background checks, China using machine learning in schools, Rusian ethnicity detecting AI, US Military presence in Africa, Atlanta lost dashcam footage, Kidnapping insurance, Technology News, Ideas, Recommendation, Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Juni 201810min

Unsupervised Learning: No. 127

Unsupervised Learning: No. 127

VPNFilter botnet, Echo private convo, Ghostery GDPR fail, PornHub VPN, Technology News, Human News, Ideas, Trends, & Analysis, Discovery, Recommendations, the weekly Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

29 Maj 20189min

Unsupervised Learning: No. 126

Unsupervised Learning: No. 126

VPNFilter botnet, LA + Palantir, Amazon Surveillance, Momentum report, Clapper says Russia turned the election, Chinese supply chain attacks, Tech News, Human News, Ideas, Discovery, Recommendation, the Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Maj 20189min

Unsupervised Learning: No. 125

Unsupervised Learning: No. 125

Regulators aren't staffed to audit you on GDPR, inaudible Siri and Alexa commands, iOS 4 is bringing lots of privacy updates, California DNA storage, technology news, human news, Ideas, recommendation, the weekly aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Maj 201812min

If You’re Not Doing Continuous Asset Management You’re Not Doing Security

If You’re Not Doing Continuous Asset Management You’re Not Doing Security

How enterprises are completely ignoring the security activity that could help the most.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

16 Maj 20187min

Unsupervised Learning: No. 120

Unsupervised Learning: No. 120

It's 2 billion users now, Liinux beep, Digital Shadows finds fail files, cloud misconfiguration, AlterEgo, AI applications, Alexa sending payments, Tech, Ideas, Recommendation, Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Apr 201819min

Unsupervised Learning: No. 119

Unsupervised Learning: No. 119

Atlanta disabled, MyFitnessPal hacked, Cambridge Analytica election tampering, Drupal, Saks, DARPA drones, Cloudflare 1.1.1.1, Slack bosses, Democratic Chinese AIs, Georgia facepalm, tech, humans, ideas, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Apr 201827min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
bosse-bildoktorn-och-hasse-p
rss-laddstationen-med-elbilen-i-sverige
skogsforum-podcast
rss-technokratin
developers-mer-an-bara-kod
natets-morka-sida
hej-bruksbil
mediepodden
rss-veckans-ai
ai-sweden-podcast
rss-uppgang-och-fall
bli-saker-podden
rss-it-sakerhetspodden
rss-snacka-om-ai
rss-badfluence