Discussed Articles

1) Hillary Clinton Used Personal Email Account at State Dept

Hillary Clinton then defends use of private e-mail. Also, how you can prevent users from autoforwarding emails externally in Exchange

* http://www.nytimes.com/2015/03/03/us/politics/hillary-clintons-use-of-private-email-at-state-department-raises-flags.html

* http://www.usatoday.com/story/news/politics/elections/2015/03/10/hillary-clinton-emails-state-department/24668715/

* http://blogs.technet.com/b/lystavlen/archive/2012/04/10/how-to-prevent-internal-users-from-autoforwaring-mails-to-external-recipients.aspx

2) FREAK SSL Downgrade Attack

* http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

3) HBO NOW did not properly setup DNSSEC

See also: Arguments Against DNSSEC

* http://www.internetsociety.org/deploy360/blog/2015/03/hbo-now-dnssec-misconfiguration-makes-site-unavailable-from-comcast-networks-fixed-now/

* http://sockpuppet.org/blog/2015/01/15/against-dnssec/

Breach of the Week

Google WHOIS Disclosure

Also discussed, the finger protocol

* http://blogs.cisco.com/security/talos/whoisdisclosure

* https://en.wikipedia.org/wiki/Finger_protocol

Discussed Articles

1) Lenovo/Superfish Debacle

The silliness of the system was only made worse by Lenovo's slow, conflicting response. Naturally, we dovetailed into a discussion of Honest Achmed and the requirements for having a publicly trusted root CA certificate.

* http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

* http://support.lenovo.com/en/product security/superfish

* http://support.lenovo.com/en/product security/superfish uninstall

* https://bugzilla.mozilla.org/show bug.cgi?id=647959

* http://www.livehacking.com/2011/04/25/honest-achmeds-used-cars-and-certificates-wants-to-become-a-trusted-certificate-authority

* https://cabforum.org/baseline-requirements-documents/

2) Burning Man - Hacking or Not?

* http://www.wired.com/2015/02/hacking-burning-man-tickets/

3) OSX, iOS, and Linux Had More Vulnerabilities Than Windows Last Year

* http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

4) LinkedIn Settles Class-Action Suit Over Weak Password Security

* http://bits.blogs.nytimes.com/2015/02/23/linkedin-settles-class-action-suit-over-weak-password-security/

5) Honorable Mention - Full Disclosure vs Responsible disclosure debate

* http://googleonlinesecurity.blogspot.com/2015/02/feedback-and-data-driven-updates-to.html

6) Honorable Mention - OPSEC failure on the software part

See page 19

* https://securelist.com/files/2015/02/Equation group questions and answers.pdf

7) Honorable Mention - CITIZENFOUR winning an Oscar for Best Documentary

* http://oscar.go.com/nominees/documentary-feature/citizenfour