Sign up to save your podcasts
Or
Share Take 1 Security Podcast: Episode 8
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Take 1 Security Podcast: Episode 8
START CONTENT
* New SSL attack called FREAK
* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret
* Using Ruby’s Open-URI could be dangerous
* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls
* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense
* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations
* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default
* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue
* DLink routers have a remote command injection bug
* Could allow DNS hijacking and other attacks
* ISIS has threatened some members of the Twitter team for disabling their accounts
* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously
* There has been some major fraud happening with people connecting stolen cards to ApplePay
* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue
* Up to 18.8 non-Anthem customers exposed in the Anthem breach
* This is in addition to the 80 million actual anthem customers
* GoPro vulnerability on its website exposes customer Wi-fi passwords
* Expect more of this
* Uber took over 5 months to issue a breach notification
* There was a breach of driver names and license numbers that they just now disclosed
* Seagate NAS vulnerability allows unauthorized root access
* This raises the cloud storage issue I blogged about last week
END CONTENT
Play Podcast
Notes
* Sorry about my voice on this one. I’m a bit sick. :(
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
View all episodes
By Daniel Miessler
4.6
136136 ratings
START CONTENT
* New SSL attack called FREAK
* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret
* Using Ruby’s Open-URI could be dangerous
* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls
* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense
* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations
* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default
* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue
* DLink routers have a remote command injection bug
* Could allow DNS hijacking and other attacks
* ISIS has threatened some members of the Twitter team for disabling their accounts
* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously
* There has been some major fraud happening with people connecting stolen cards to ApplePay
* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue
* Up to 18.8 non-Anthem customers exposed in the Anthem breach
* This is in addition to the 80 million actual anthem customers
* GoPro vulnerability on its website exposes customer Wi-fi passwords
* Expect more of this
* Uber took over 5 months to issue a breach notification
* There was a breach of driver names and license numbers that they just now disclosed
* Seagate NAS vulnerability allows unauthorized root access
* This raises the cloud storage issue I blogged about last week
END CONTENT
Play Podcast
Notes
* Sorry about my voice on this one. I’m a bit sick. :(
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
More shows like Unsupervised Learning
View all
The a16z Show
1,095 Listeners
Smashing Security
320 Listeners
Darknet Diaries
8,088 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,098 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
639 Listeners