Sound Security Podcast

Episode 24 - Think Like an Attacker and Other Bad Ideas


Listen Later

Discussed Articles
1) Ransomware: Past, Present, And Future
A thoroughly researched history of ransomware by the Cisco Talos group that provides great insights into where ransomware has come and where it might go.
* http://blog.talosintel.com/2016/04/ransomware.html
2) Early Impacts of Certificate Transparency
Facebook's security team posts a great article about their attempts to use Certificate Transparency logs to detect nefarious SSL certificates issued for domains they control from unexpected CAs.
* https://www.facebook.com/notes/protect-the-graph/early-impacts-of-certificate-transparency/1709731569266987
* https://security.googleblog.com/2016/04/improvements-to-safe-browsing-alerts.html
3) 'Think Like an Attacker' is an opt-in mistake / HackingTeam Breach Walkthrough
In which we give you insight into how an attacker moves through a network, and admonish you not to waste your time building defenses by thinking like an attacker.
* http://emergentchaos.com/archives/2016/04/think-like-an-attacker-is-an-opt-in-mistake.html
* http://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ref=sr_1_1?ie=UTF8tag=braxtoncom0f-20qid=1461647269sr=8-1keywords=threat+modeling
* https://www.youtube.com/watch?v=WKgD305OFAQ
* http://www.ranum.com/security/computer_security/editorials/dumb/
* https://ghostbin.com/paste/6kho7
* http://www.csoonline.com/article/3058764/security/hacking-team-postmortem-is-something-all-security-leaders-should-read.html
Breach of the Week
MongoDB Configuration Error Exposed 93 Million Mexican Voter Records
Pretty much what it says on the box, yet another huge PII database set out on the interwebs for everyone to query.
* http://www.csoonline.com/article/3060204/security/mongodb-configuration-error-exposed-93-million-mexican-voter-records.html
...more
View all episodesView all episodes
Download on the App Store

Sound Security PodcastBy Sound Security