Sign up to save your podcasts
Or
Share Episode 17 - Driving Vulnerability Programs and Other Bad Transitions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 17 - Driving Vulnerability Programs and Other Bad Transitions
Discussed Articles
1) Fortinet SSH Backdoor - Fortidoor
A piece of exploit code was released on FullDisclosure that shows how to get root SSH access to Fortinet ForiOS firewalls if they haven’t been patched since July 2014.
* http://www.darknet.org.uk/2016/01/fortinet-ssh-backdoor-found-firewalls/
* http://seclists.org/fulldisclosure/2016/Jan/26
2) GM Announces New Bug Bounty Program
At CES this year, GM announced they’re launching a vulnerability disclosure, 'bug bounty' program on HackerOne
* http://www.fastcompany.com/3054535/gms-cybersecurity-secrets
* http://samy.pl/popular/
* http://www.autoalliance.org/index.cfm?objectid=8D04F310-2A45-11E5-9002000C296BA163
Breach of the Week
Ex-Cardinals exec: Yes, I hacked rival Astros’ database
Now ex-scouting director for the St. Louis Cardinals confessed to accessing rival team’s player recruiting database multiple times over the course of a year. He admitted after being investigated by the FBI. Plead guilty on Friday to five counts of computer hacking.
* https://nakedsecurity.sophos.com/2016/01/12/ex-cardinals-exec-yes-i-hacked-rival-astros-database/
* https://www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html
View all episodes
Discussed Articles
1) Fortinet SSH Backdoor - Fortidoor
A piece of exploit code was released on FullDisclosure that shows how to get root SSH access to Fortinet ForiOS firewalls if they haven’t been patched since July 2014.
* http://www.darknet.org.uk/2016/01/fortinet-ssh-backdoor-found-firewalls/
* http://seclists.org/fulldisclosure/2016/Jan/26
2) GM Announces New Bug Bounty Program
At CES this year, GM announced they’re launching a vulnerability disclosure, 'bug bounty' program on HackerOne
* http://www.fastcompany.com/3054535/gms-cybersecurity-secrets
* http://samy.pl/popular/
* http://www.autoalliance.org/index.cfm?objectid=8D04F310-2A45-11E5-9002000C296BA163
Breach of the Week
Ex-Cardinals exec: Yes, I hacked rival Astros’ database
Now ex-scouting director for the St. Louis Cardinals confessed to accessing rival team’s player recruiting database multiple times over the course of a year. He admitted after being investigated by the FBI. Plead guilty on Friday to five counts of computer hacking.
* https://nakedsecurity.sophos.com/2016/01/12/ex-cardinals-exec-yes-i-hacked-rival-astros-database/
* https://www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html