Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

Unsupervised Learning: No. 72

Unsupervised Learning: No. 72

Apple fixed tons of bugs, hacking smart TVs over DVB-T, gift card bots, handgun AIs, Uber manipulations, AI vs. jobs, how to read more, cloud secret management, OPSEC and phishing, links, projects, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Apr 20171h 3min

Unsupervised Learning: No. 71

Unsupervised Learning: No. 71

Half of Android devices haven't been patched in over a year, Tavisclosure, NEST camera flaws, senate vs. privacy, electronics ban, bad Let's Encrypt certs, Moodle SQLi, infosec venture capital drying up, IBM employees heading into the office, Twitter going paid model, Google killing Talk, Quiet spaces, Age of the influencer, AI vs. jobs, tools, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Mars 201742min

Unsupervised Learning: No. 70

Unsupervised Learning: No. 70

Russians at it again, Microsoft and Adobe updates, PoS breaches, US-CERT throws TLS shade, epilepsy tweet stalking, Tesla's billion, lip-reading AI, autonomous BMWs, Fiber Lasers, taxing robots, Green Zones and Red Zones, AI disruption of healthcare, discovery, recommendations, and aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

20 Mars 201724min

Unsupervised Learning: No. 69

Unsupervised Learning: No. 69

The Vault7 CIA dump, Russian shenanigans, Dahua, Verifone, mandatory genetic testing, Wordpress, atomic storage, Google Kaggles, presenting at HouSecCon, fasting research, data wars, chaos, voice interfaces, tools, projects, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Mars 201727min

Unsupervised Learning: No. 68

Unsupervised Learning: No. 68

Amazon's S3 outage, Uber greyballing, fooling AI, DNS RATs, automating human jobs, suicide and ML, post-work IQ and creativity, greatness vs. imperfection, media choice, tools, projects, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Mars 201737min

Unsupervised Learning: No. 67

Unsupervised Learning: No. 67

CloudBleed, SHA1-1, White House Leaks, Planets, Satellites, Drones vs. Eagles, InfoSec Jobs, ExFil, IQ and Creativity in a Post-work World, Weaponized Narrative, Security Tools, Tons of Great Links, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Feb 201731min

Unsupervised Learning: No. 66

Unsupervised Learning: No. 66

My recap of RSA 2017, Google's zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Feb 201729min

Unsupervised Learning: No. 64

Unsupervised Learning: No. 64

Tax phishing, Microsoft SMB vulnerability, Cellebrite tools released, Computer interfaces, Centrism, Mobile 2.0, new projects, more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Feb 201722min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-racevecka
rss-elektrikerpodden
developers-mer-an-bara-kod
natets-morka-sida
rss-technokratin
rss-laddstationen-med-elbilen-i-sverige
mediepodden
ai-sweden-podcast
rss-uppgang-och-fall
solcellskollens-podcast
hej-bruksbil
rss-it-sakerhetspodden
har-vi-akt-till-mars-an
teknikveckan
rss-badfluence