Sign up to save your podcasts
Or
Share DtSR Episode 203 - NewsCast for July 19th 2016
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 203 - NewsCast for July 19th 2016
Send the hosts a message - try it now!
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
Send the hosts a message - try it now!
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Security Now (Audio)
1,982 Listeners
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
640 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Hacked
180 Listeners
CyberWire Daily
1,016 Listeners
Smashing Security
316 Listeners
Click Here
407 Listeners
Darknet Diaries
7,942 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
311 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
168 Listeners