Sign up to save your podcasts
Or
Share DtSR Episode 143 - NewsCast for May 18th, 2015
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 143 - NewsCast for May 18th, 2015
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9797 ratings
In this episode...
- Netflix launched FIDO (not that one, or that one, no the other one)
- Focused on automating incident response practices
- FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
- If you don't use it, at least they provide a structured framework for response and IR workflow
- http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
- IT Chief leaves sensitive data in car- spoiler: it gets stolen
- Something smells like a fish market in the July heat on this story
- Maybe it's time to check in on YOUR off-site handling procedures?
- http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/
- Crowdstrike discovers, names "Venom"
- Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors
- Even if you disable floppy disk emulation, separate bug lets you enable it
- This has a graphic and everything!
- http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html
- United Airlines launches bug bounty
- Does this have anything to do with the now infamous (alleged) airplane hacker?
- Seems like some contradictory statements in the description
- (see below on United's response to our inquiry)
- http://www.united.com/web/en-US/content/contact/bugbounty.aspx
Note back from United Bug Bounty Team:
Posted with permission--
"Rafal:
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
190 Listeners
Security Now (Audio)
2,007 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,031 Listeners
Smashing Security
322 Listeners
Click Here
421 Listeners
Darknet Diaries
8,109 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
191 Listeners
Defense in Depth
74 Listeners
Cybersecurity Headlines
138 Listeners
Risky Bulletin
44 Listeners