MemFixed sends flush packets to memcached servers. Security tools start showing up for Ethereum. ISPs insert spyware into downloads from legitimate sites. Carl joins to discuss the recently disclosed AMD vulnerabilities.

Links:

• Followup - MemFixed - https://www.bleepingcomputer.com/news/security/memfixed-tool-helps-mitigate-memcached-based-ddos-attacks/
• Ethereum Security Tool - https://blog.trailofbits.com/2018/03/09/echidna-a-smart-fuzzer-for-ethereum/
• Government injected spyware - https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
• AMD Vulnerabilities - https://www.wired.com/story/amd-backdoor-cts-labs-backlash/
• Two Photos, one millisecond - https://petapixel.com/2018/03/07/two-photographers-unknowingly-shot-millisecond-time/
• Numberphile - http://numberphile.com/videos/analytical_continuation1.html

Security implications of Google's Android 'P' first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico.

Links:

• GitHub DDoS - https://github.com/649/Memcrashed-DDoS-Exploit
• Android P security features - https://www.theverge.com/2018/3/7/17088394/android-p-developer-preview-notifications-kotlin-microphone
• Android ecosystem statistics - https://developer.android.com/about/dashboards/index.html
• Unclassified 2016 'BOD-16-02' - https://twitter.com/RidT/status/970880435411709952
• Girl Scouts cybersecurity badges - https://www.nbcnews.com/tech/tech-news/girl-scouts-fight-cybercrime-new-cybersecurity-badge-n852971
• Drones in Puerto Rico - https://www.wired.com/story/drones-electricity-puerto-rico/

 

Security implications of Google's Android 'P' first developer preview. Newly unclassified documents from 2016 (likely Shadow Broker fallout). Girl Scout cybersecurity badges and drones in Puerto Rico.

Links:

• GitHub DDoS - https://github.com/649/Memcrashed-DDoS-Exploit
• Android P security features - https://www.theverge.com/2018/3/7/17088394/android-p-developer-preview-notifications-kotlin-microphone
• Android ecosystem statistics - https://developer.android.com/about/dashboards/index.html
• Unclassified 2016 'BOD-16-02' - https://twitter.com/RidT/status/970880435411709952
• Girl Scouts cybersecurity badges - https://www.nbcnews.com/tech/tech-news/girl-scouts-fight-cybercrime-new-cybersecurity-badge-n852971
• Drones in Puerto Rico - https://www.wired.com/story/drones-electricity-puerto-rico/

Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries.

Links:

• Trustico emails private keys - https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/
• GitHub does not <3 open memcached - https://www.wired.com/story/github-ddos-memcached/
• LA Times Open S3 == Cryptojacked - https://threatpost.com/cryptojacking-attack-found-on-los-angeles-times-website/130041/
• Jon's pwned password - https://haveibeenpwned.com/Passwords
• Jon's Something Fun: Visual Capitalist - http://www.visualcapitalist.com/
• Eric's Something Fun: Round Planet - https://www.netflix.com/title/80212704

 

Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries.

Links:

• Trustico emails private keys - https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/
• GitHub does not <3 open memcached - https://www.wired.com/story/github-ddos-memcached/
• LA Times Open S3 == Cryptojacked - https://threatpost.com/cryptojacking-attack-found-on-los-angeles-times-website/130041/
• Jon's pwned password - https://haveibeenpwned.com/Passwords
• Jon's Something Fun: Visual Capitalist - http://www.visualcapitalist.com/
• Eric's Something Fun: Round Planet - https://www.netflix.com/title/80212704

We chat CSS Keyloggers and are not worried. Careful what you put into securityheaders.io. Is your Password in the list of 500 million known passwords? And you can't chat with Peter without a Disney sidetrack.

Links:

• CSS Keyloggers - https://www.bram.us/2018/02/21/css-keylogger-and-why-you-shouldnt-worry-about-it/
• securityheaders.io - https://securityheaders.io
• Pwned Passwords - https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
• Avatar Flight of Passage - https://disneyworld.disney.go.com/attractions/animal-kingdom/avatar-flight-of-passage/
• Check your Password - https://haveibeenpwned.com/Passwords
• Peter's Something Fun: D&D Starter Set - https://www.amazon.com/dp/B00SI774U6

We chat CSS Keyloggers and are not worried. Careful what you put into securityheaders.io. Is your Password in the list of 500 million known passwords? And you can't chat with Peter without a Disney sidetrack.

iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and Salon.com wants to mine cryptocurrencies in exchange for viewing their website. Jon talks about building a Raspberry Pi time-lapse video and Eric talks about StackOverflow stats.

Links:

• iFixit and iPhone X Teardown - https://video.vice.com/en_us/video/motherboard-ifixit-worlds-best-iphone-teardown-repair/5a01b91b177dd416f530a081
• Consumer Reports adds Security and Privacy - https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/
• Zero-day Vulnerability in Telegram - https://securelist.com/zero-day-vulnerability-in-telegram/83800/
• Unicode character crashes iPhones - https://techcrunch.com/2018/02/16/iphone-bug-telugu-unicode-ios-mac-text-bomb/
• Salon.com wants to mine cryptocurrencies - https://www.salon.com/about/faq-what-happens-when-i-choose-to-suppress-ads-on-salon/
• Python library for checking astral data - https://pypi.python.org/pypi/astral
• Eric checks StackOverflow stats - https://stackoverflow.com/users/251299/eric
• Jon's stats on StackOverflow - https://stackoverflow.com/users/4155/niniki

iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and Salon.com wants to mine cryptocurrencies in exchange for viewing their website. Jon talks about building a Raspberry Pi time-lapse video and Eric talks about StackOverflow stats.

Carl talks meltdown/spectre from the trenches. Jon fawns over the Falcon Heavy launch. Eric yaps about Right to Repair and Hacking John Deere tractors. Carl wants an alarm clock, buys an Alexa - its all downhill from there, and it is Cedric's fault.

Links:

• Netflix Repokid - https://medium.com/netflix-techblog/introducing-aardvark-and-repokid-53b081bf3a7e
• Transaction Synchronization Extension - https://software.intel.com/en-us/node/524022
• Falcon Heavy Launch - https://www.space.com/39632-spacex-falcon-heavy-launch-whats-next.html
• Tesla added to US satellite catalog - https://twitter.com/AFSpace/status/961371676582797313
• Right to Repair - https://repair.org/
• Hacking Tractors - https://motherboard.vice.com/en_us/article/xykkkd/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware
• Carl buys an Echo Spot - https://www.amazon.com/Amazon-VN94DQ-Echo-Spot-Black/dp/B073SQYXTW/