Sign up to save your podcasts
Or
Share DtSR Episode 143 - NewsCast for May 18th, 2015
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 143 - NewsCast for May 18th, 2015
Send the hosts a message - try it now!
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
Send the hosts a message - try it now!
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Security Now (Audio)
1,966 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Hacked
179 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Click Here
387 Listeners
Darknet Diaries
7,845 Listeners
CISO Series Podcast
186 Listeners
Hacking Humans
313 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
118 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners