Sign up to save your podcasts
Or
Share DtSR Episode 203 - NewsCast for July 19th 2016
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 203 - NewsCast for July 19th 2016
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9797 ratings
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners