Sign up to save your podcasts
Or
Share DtSR Episode 143 - NewsCast for May 18th, 2015
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 143 - NewsCast for May 18th, 2015
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
184 Listeners
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,016 Listeners
Smashing Security
322 Listeners
Click Here
414 Listeners
Darknet Diaries
8,001 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
169 Listeners