Sign up to save your podcasts
Or
Share DtSR Episode 203 - NewsCast for July 19th 2016
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 203 - NewsCast for July 19th 2016
Send the hosts a message - try it now!
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
Send the hosts a message - try it now!
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Security Now (Audio)
1,965 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Hacked
179 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Click Here
388 Listeners
Darknet Diaries
7,844 Listeners
CISO Series Podcast
186 Listeners
Hacking Humans
313 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
118 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners