Sign up to save your podcasts
Or
Share Take 1 Security Podcast: Episode 8
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Take 1 Security Podcast: Episode 8
START CONTENT
* New SSL attack called FREAK
* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret
* Using Ruby’s Open-URI could be dangerous
* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls
* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense
* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations
* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default
* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue
* DLink routers have a remote command injection bug
* Could allow DNS hijacking and other attacks
* ISIS has threatened some members of the Twitter team for disabling their accounts
* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously
* There has been some major fraud happening with people connecting stolen cards to ApplePay
* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue
* Up to 18.8 non-Anthem customers exposed in the Anthem breach
* This is in addition to the 80 million actual anthem customers
* GoPro vulnerability on its website exposes customer Wi-fi passwords
* Expect more of this
* Uber took over 5 months to issue a breach notification
* There was a breach of driver names and license numbers that they just now disclosed
* Seagate NAS vulnerability allows unauthorized root access
* This raises the cloud storage issue I blogged about last week
END CONTENT
Play Podcast
Notes
* Sorry about my voice on this one. I’m a bit sick. :(
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
View all episodes
By Daniel Miessler
4.6
134134 ratings
START CONTENT
* New SSL attack called FREAK
* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret
* Using Ruby’s Open-URI could be dangerous
* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls
* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense
* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations
* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default
* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue
* DLink routers have a remote command injection bug
* Could allow DNS hijacking and other attacks
* ISIS has threatened some members of the Twitter team for disabling their accounts
* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously
* There has been some major fraud happening with people connecting stolen cards to ApplePay
* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue
* Up to 18.8 non-Anthem customers exposed in the Anthem breach
* This is in addition to the 80 million actual anthem customers
* GoPro vulnerability on its website exposes customer Wi-fi passwords
* Expect more of this
* Uber took over 5 months to issue a breach notification
* There was a breach of driver names and license numbers that they just now disclosed
* Seagate NAS vulnerability allows unauthorized root access
* This raises the cloud storage issue I blogged about last week
END CONTENT
Play Podcast
Notes
* Sorry about my voice on this one. I’m a bit sick. :(
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
More shows like Unsupervised Learning
View all
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Hacked
180 Listeners
CyberWire Daily
1,012 Listeners
Smashing Security
316 Listeners
Click Here
407 Listeners
Darknet Diaries
7,962 Listeners
Cybersecurity Today
174 Listeners
CISO Series Podcast
190 Listeners
Hacking Humans
316 Listeners
Practical AI
187 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
43 Listeners