Sign up to save your podcasts
Or
Share DtSR Episode 203 - NewsCast for July 19th 2016
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 203 - NewsCast for July 19th 2016
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9797 ratings
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
189 Listeners
Security Now (Audio)
2,005 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,035 Listeners
Smashing Security
322 Listeners
Click Here
422 Listeners
Darknet Diaries
8,119 Listeners
Cybersecurity Today
178 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
191 Listeners
Defense in Depth
74 Listeners
Cybersecurity Headlines
138 Listeners
Risky Bulletin
44 Listeners