Первый украинский подкаст об информационной безопасности
securit13podcast@gmail.com (securit13podcast@gmail.com)
Latest Google+ flaw leads Chocolate Factory to shut down site early https://www.theregister.co.uk/2018/12/11/google_hacked_again/ Update now! Adobe issues emergency Flash update for a serious flaw https://www.komando.com/happening-now/518954/update-now-adobe-issues-emergency-flash-update-for-a-serious-flaw Adobe Security Bulletin https://helpx.adobe.com/security/products/flash-player/apsb18-42.html https://helpx.adobe.com/security/products/flash-player/apsb18-42.html Australia passes new law to thwart strong encryption https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwart-strong-encryption/ GOOGLE TRACKS YOU EVEN IF LOCATION HISTORY'S OFF. HERE'S HOW TO STOP IT https://www.wired.com/story/google-location-tracking-turn-off/amp https://www.facebook.com/photo.php?fbid=2147208615360926&set=a.222301541184986&type=3&permPage=1 Iranians indicted in Atlanta city government ransomware attack https://arstechnica.com/information-technology/2018/12/iranians-indicted-in-atlanta-city-government-ransomware-attack/ Hackers breach Quora.com and steal password data for 100 million users https://arstechnica.com/information-technology/2018/12/quora-says-hackers-stole-password-data-and-other-details-for-100-million-users/ Microsoft is building its own Chrome browser to replace Edge https://www.theverge.com/2018/12/4/18125238/microsoft-chrome-browser-windows-10-edge-chromium New Report: Unknown Data Scraper Breach https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach/ Exploit Code for the Kubernetes Flaw Is Now Available https://www.bleepingcomputer.com/news/security/exploit-code-for-the-kubernetes-flaw-is-now-available/
Framework for Improving Critical Infrastructure Cybersecurity https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Доповідь Тараса про критичну інфраструктуру https://www.youtube.com/watch?v=vLy9i9OPcxU
На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom https://www.bloomberg.com/amp/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story https://www.buzzfeednews.com/amphtml/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi What Businessweek got wrong about Apple https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/ https://www.documentcloud.org/documents/4995748-Letter-20-October-208th-20version.html Facebook has been hacked and 50 million people's accounts have been exposed https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-hack-view-as-issue-bug-data-profile-am-i-safe-security-privacy-a8560061.html Google+ to shut down after coverup of data-exposing bug https://techcrunch.com/2018/10/08/google-plus-hack/ Here’s how Google is revamping Gmail and Android security https://techcrunch.com/2018/10/08/heres-how-google-is-revamping-gmail-and-android-security/amp/ Google's Project Zero thwarts another major bug in Facebook's WhatsApp https://www.theinquirer.net/inquirer/news/3064393/googles-project-zero-thwarts-another-major-bug-in-facebooks-whatsapp Microsoft killing off the old Skype client… for real this time https://arstechnica.com/gadgets/2018/09/microsoft-killing-off-the-old-skype-client-for-real-this-time/ A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ How to Stop Google From Tracking Your Location https://www.wired.com/story/google-location-tracking-turn-off/ U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and
UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Yanick Fratantonio http://www.s3.eurecom.fr/~yanick/ Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Serhii Korolenko about #UISGCON14 #CTF https://www.hackthis.co.uk The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 Passing Security By - Serhii Korolenko https://www.youtube.com/watch?v=rDOYUCy9phA Serhii Korolenko - XSS from zer0 to Hero (Workshop) https://www.youtube.com/watch?v=mKqc9u_BRLM Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
UISGCON14 https://14.uisgcon.org/ SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ Interview with Alexander Færøy Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave https://www.news.com.au/technology/innovation/motoring/tech-billionaire-elon-musk-smokes-marijuana-and-drinks-whiskey-on-podcast/news-story/b228f58547f797e012c26074b959435e Windows 10 to get disposable sandboxes for dodgy apps https://arstechnica.com/staff/2018/08/windows-10-to-get-disposable-sandboxes-for-dodgy-apps/ Mongo Lock Attack Ransoming Deleted MongoDB Databases https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/ Open .Git Directories Leave 390K Websites Vulnerable https://threatpost.com/open-git-directories-leave-390k-websites-vulnerable/137299/ Tesla’s new bug bounty protects hackers — and your warranty https://techcrunch.com/2018/09/06/teslas-new-bug-bounty-protects-hackers-and-your-warranty/ How Bitcoin's hidden footprint is impacting water use https://www.thesourcemagazine.org/how-bitcoins-footprint-is-impacting-water-use/ Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими
UISGCON14 https://14.uisgcon.org/ На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури https://ssu.gov.ua/ua/news/1/category/2/view/5037#.MkS7rpun.dpbs Ukraine claims it blocked VPNFilter attack at chemical plant https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/ Speculative Buffer Overflows: Attacks and Defenses (pdf) https://people.csail.mit.edu/vlk/spectre11.pdf New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/ Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users https://thehackernews.com/2018/07/google-chrome-site-isolation.html Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу https://www.cisco.com/c/dam/global/uk_ua/assets/pdfs/Final_Files_Cisco_2018_ACR_Web.pdf?dtid=oemzzz000186&ccid=cc000160&ecid=10432&oid=anrsc005679 Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/ GitHub to Pythonistas: Let us save you from vulnerable code https://www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from_vulnerable_code/ Microsoft seeks regulation of facial recognition technology https://www.reuters.com/article/us-microsoft-facial-recognition/microsoft-seeks-regulation-of-facial-recognition-technology-idUSKBN1K32F0 Two-factor auth totally locks down Office 365? You may want to check all your services... https://www.theregister.co.uk/2018/07/13/2fa_o365_bypass_attacks/ The Tale of SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 Facebook fined for data breaches in Cambridge Analytica scandal https://amp.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres https://www.theregister.co.uk/2018/07/09/gas_station_hack/ 2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10864&cat=SIRT_1&actp=LIST Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10089 Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ Ammyy Admin compromised with malware again; World Cup used as cover https://www.welivesecurity.com/2018/07/11/ammyy-admin-compromised-malware-world-cup-cover/ https://regmedia.co.uk/2018/07/13/burkdoll_affidavit.pdf US: Government Has Planted Spy Phones With Suspects https://www.hrw.org/news/2018/07/13/us-government-has-planted-spy-phones-suspects The 111 Million Record Pemiblanc Credential Stuffing List https://www.troyhunt.com/the-111-million-pemiblanc-credential-stuffing-list/ June’s Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors https://blog.checkpoint.com/2018/07/05/junes-most-wanted-malware-banking-trojans-crypto-mining/ Did CrowdStrike really miss the mark? https://medium.com/@rsatter/did-crowdstrike-really-miss-the-mark-ecedf0e09dd7 Securit13 Patreon https://www.patreon.com/securit13
В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель. 6688 http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=62236 Github Gentoo organization hacked - resolved https://gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html Apple corrects the record on reported iPhone vulnerability https://www.cyberscoop.com/iphone-brute-force-passcode-matthew-hickey/ Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature https://motherboard.vice.com/en_us/article/bj34wa/cops-unlock-iphones-without-a-warrant-apple-usb-restricted-mode Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles https://www.theregister.co.uk/2018/06/28/facebook_data_abuse_bug_bounty/ Former NSA contractor Reality Winner accepts guilty plea for leaking classified report https://www.cyberscoop.com/former-nsa-contractor-reality-winner-accepts-guilty-plea-leaking-classified-report/ Firefox is adding 'Have I Been Pwned' alerts https://www.cyberscoop.com/firefox-is-adding-haveibeenpwned-alerts/ «Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google https://thebell.io/gryaznyj-sekret-gmail-pisma-polzovatelej-chitayut-ne-tolko-sotrudniki-google/ "Stylish" browser extension steals all your internet history https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ Brave browser adds private tabs with Tor for 'enhanced privacy protection' https://www.cyberscoop.com/brave-browser-adds-tor-tabs/ Fusion https://wiki.mozilla.org/Security/Fusion Alter attack https://alter-attack.net/ ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/ A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod https://www.theregister.co.uk/2018/06/27/notpetya_anniversary/ New RAMpage attack affects all Android phones released since 2012 [Update] https://www.androidcentral.com/rampage-attack-discovered Thanatos Ransomware Decryptor Released by the Cisco Talos Group https://www.bleepingcomputer.com/news/security/thanatos-ransomware-decryptor-released-by-the-cisco-talos-group/ First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million https://www.justice.gov/opa/pr/first-nationwide-undercover-operation-targeting-darknet-vendors-results-arrests-more-35 The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp/0451497899/ UISGCON14 https://14.uisgcon.org/ Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
SecurityBsides Odessa CTF is open! https://odessa.securitybsides.org.ua/#ctf All who wants to support BSides Odessa you can do it here https://bsidesodessa.ticketforevent.com/ SecurityBSides Kharkiv https://kharkiv.securitybsides.org.ua The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies. https://motherboard.vice.com/en_us/article/wnxgwq/guccifer-20-is-likely-a-russian-government-attempt-to-cover-up-their-own-hack The security firm halted the work after questions were asked in the European Parliament about its software. https://www.bbc.com/news/technology-44501506 She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave http://montrealgazette.com/news/local-news/mcgill-music-student-awarded-350000-after-girlfriend-stalls-career Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done? https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ https://www.ieee-security.org/TC/SP2018/program.html https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ https://fpcentral.tbb.torproject.org Apple is going after another way sites track you for ads. https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end https://www.cnbc.com/2018/06/12/you-think-its-your-friend-calling-but-its-actually-this-growing-phone-scam.html Support us on Patreon https://patreon.com/securit13
Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей. https://www.youtube.com/watch?v=5QBOmr_ZyLo DEFCON 25 Nissan Leaf security https://www.troyhunt.com/controlling-vehicle-features-of-nissan/ Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs https://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf Tpyota unintended acceleration bug http://esd.cs.ucr.edu/webres/can20.pdf CAN bus specs (BOSCH) https://www.bmw.co.uk/bmw-ownership/connecteddrive BMW ConnectedDrive https://www.macworld.co.uk/news/apple/apple-car-release-date-3425394/ Apple iCar release date rumours, features & images https://www.nvidia.com/en-us/self-driving-cars/ NVIDIA Self-driving cars https://hackaday.com/2017/06/19/intel-discontinues-joule-galileo-and-edison-product-lines/ Intel Discontinues Joule, Galileo, And Edison Product Lines https://techmaker.ua TWIC who wants to participate as an AppSec mentor on Techmaker email to info@techmaker.ua https://mobiliuz.com/ Connected cars Books Thinking, Fast and Slow, Daniel Kahneman ISBN 9785170800537 https://www.amazon.co.uk/Thinking-medlenno-reshay-bystro-Russian/dp/5170800533/ref=sr_1_1 Franchesca, Dorje Batuu ISBN 978-617-679-485-1 https://www.yakaboo.ua/ua/francheska-povelitel-ka-traektorij.html Securit13 Patreon https://www.patreon.com/securit13
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957 EFAIL https://efail.de/ Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496 Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/ Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/ Memcached https://memcached.org/ 7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/ Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/ Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/ Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/ DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151 Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
Мы немного поговорили про конференции, организованные, будущие и посещенные. #BSidesKyiv 2018 https://www.facebook.com/pg/BSidesUkraine/ Video https://www.youtube.com/channel/UCOSf0249iC28paeqYY5nRSQ 22.05.2018 WWCode Security event https://www.facebook.com/events/243552549527834/ 16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Jack Daniel https://twitter.com/jack_daniel/status/992135632616124416 GiSec https://www.gisec.ae/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие. General Data Protection Regulation https://www.eugdpr.org/ How Europe's New Privacy Law Will Change the Web, and More https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/amp Some more information: GDPR - A Practical Guide For Developers - Bozho's tech blog https://techblog.bozho.net/gdpr-practical-guide-developers/ America should borrow from Europe’s data-privacy law https://www.economist.com/news/leaders/21739961-gdprs-premise-consumers-should-be-charge-their-own-personal-data-right Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi Iran hit by global cyber attack that left U.S. flag on screens https://flipboard.com/@flipboard/-iran-hit-by-global-cyber-attack-that-le/f-9fa77d2247%2Freuters.com FIDO Alliance and W3C have a plan to kill the password https://techcrunch.com/2018/04/10/fido-alliance-and-w3c-have-a-plan-to-kill-the-password/amp/ Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions https://motherboard.vice.com/en_us/article/3kjpyn/john-mcafee-100k-twitter-promote-cryptocurrency-paid Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки))) Everything You Need to Know About Facebook and Cambridge Analytica https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/amp Cambridge Analytica whistleblower Christopher Wylie appears before MPs https://www.youtube.com/watch?v=X5g6IJm7YJQ Fact Check: Your Call and SMS History http://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history/ https://www.facebook.com/settings?tab=applications (FB removed "Apps others use") Total Meltdown? https://blog.frizk.net/2018/03/total-meltdown.html?m=1 It's baaack – WannaCry nasty soars through Boeing's computers http://www.theregister.co.uk/2018/03/28/wannacry_boeing/ Egg on Cisco's face: Three critical software bugs to fix over Easter http://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/ Guccifer 2.0 Was Always Sloppy https://motherboard.vice.com/amp/en_us/article/a3ygmp/guccifer-2-russian-military-intelligence-gru-vpn Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale https://www.bleepingcomputer.com/news/security/rapid-20-ransomware-released-will-not-encrypt-data-on-pcs-with-russian-locale/ Academics Discover New CPU Side-Channel Attack Named BranchScope https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-side-channel-attack-named-branchscope/ Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems https://arxiv.org/pdf/1510.07563.pdf Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 https://krebsonsecurity.com/2018/03/adrian-lamo-homeless-hacker-who-turned-in-chelsea-manning-dead-at-37/ https://github.com/fulldecent/system-bus-radio Microsoft May Ban Users For Offensive Language Starting In May https://www.bleepingcomputer.com/news/microsoft/microsoft-may-ban-users-for-offensive-language-starting-in-may/ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 https://www.drupal.org/sa-core-2018-002 NOTICE OF DATA BREACH https://content.myfitnesspal.com/security-information/notice.html Durov refuses to hand over Telegram encryption keys to FSB http://searchsecurity.techtarget.com/news/252437323/Dorov-refuses-to-hand-over-Telegram-encryption-keys-to-FSB Signalling Security in Telecom SS7/Diameter/5G — ENISA https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Adam Doupé http://www.adamdoupe.com/ Adam on twitter https://twitter.com/adamdoupe Adam on youtube https://www.youtube.com/channel/UCWA6pfcx4Ok4xsIA7Mkr39w Series of live hacking of CTF challenges on YouTube https://www.youtube.com/playlist?list=PLK06XT3hFPziMAZj8QuoqC8iVaEbrlZWh Book The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787
Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами. Intro / Outro Extraction de la pierre de folie by Cuicuitte http://freemusicarchive.org/music/Cuicuitte/LAntville/Cuicuitte_-_LAntville_-_09_Extraction_de_la_pierre_de_folie #BsidesKyiv 2018 https://securitybsides.org.ua/ Shedule https://securitybsides.org.ua/#schedule Tickets https://securitybsides.ticketforevent.com/ Radar2 http://www.radare.org/r/ Vero - True Social https://www.vero.co/ How To Get Started With Vero - True Social https://www.forbes.com/sites/anthonykarcz/2018/02/23/how-to-get-started-with-vero-true-social/#2b54ae3d2889 Here's how to delete your Vero account https://mashable.com/2018/02/27/how-to-delete-vero-account/#J8IkV29ZoOqy Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
White House blasts Russia for NotPetya cyberattack https://edition.cnn.com/2018/02/15/politics/white-house-russia-notpetya/index.html Memcached servers can be hijacked for massive DDoS attacks https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html Memcrashed - Major amplification attacks from UDP port 11211 https://blog.cloudflare.com/memcr ashed-major-amplification-attacks-from-port-11211/ GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED https://www.wired.com/story/github-ddos-memcached/amp NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника https://cyberpolice.gov.ua/news/u-xarkovi-zasudzheno-pidozryuvanogo-za-prodazh-kliyentskoyi-bazy-poshtovogo-pereviznyka-6604/ Speculative Execution Bounty Launch https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/ Frequently Asked Questions about Microsoft Bug Bounty Programs https://technet.microsoft.com/en-us/security/dn425055.aspx AMD allegedly has its own Spectre-like security flaws https://www.cnet.com/google-amp/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/ Linus Torvalds slams CTS Labs over AMD vulnerability report http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/ Intel: Our next chips won't have data leak flaws we told you totally not to worry about https://www.theregister.co.uk/2018/03/15/intel_spectre_mitigation/ Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake https://arstechnica.com/gadgets/2018/02/intel-ships-hopefully-stable-microcode-for-skylake-kaby-lake-coffee-lake/ Samba settings SNAFU lets any user change admin passwords https://www.theregister.co.uk/2018/03/14/samba_password_bug/ Zero-day vulnerability in Telegram https://securelist.com/zero-day-vulnerability-in-telegram/83800/ Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges https://thehackernews.com/2018/03/text-editors-extensibility.html В Исландии похитили 600 серверов для добычи Bitcoin https://www.ixbt.com/news/2018/03/06/v-islandii-pohitili-600-serverov-dlja-dobychi-bitcoin.html CBM - Car Backdoor Maker https://www.kitploit.com/2018/03/cbm-car-backdoor-maker.html Let's Encrypt updates certificate automation, adds splats https://www.theregister.co.uk/2018/03/14/lets_encrypt_updates_certificate_automation_adds_splats/ CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS http://www.theregister.co.uk/2018/03/13/phantom_secure_ceo_arrested/ Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно. Intro / Outro Ninja by Indikings http://freemusicarchive.org/music/Indikings/Back_In_Space/indikings_ninja Breaking the x86 Instruction Set https://www.youtube.com/watch?v=KrksBdWcZgQ DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set https://www.youtube.com/watch?v=ajccZ7LdvoQ 17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud https://www.youtube.com/watch?v=a9sGk7FtnYk Clémentine Maurice https://cmaurice.fr/ PinMe: Tracking a Smartphone User around the World https://arxiv.org/pdf/1802.01468.pdf Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle Books: Intel® 64 and IA-32 Architectures Software Developer’s Manual https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf Intel® 64 and IA-32 Architectures Optimization Reference Manual https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы? Intro / Outro The Yellow Flying Cog by Flying Species http://freemusicarchive.org/music/Flying_Species/Cogs/4_-_The_Yellow_Flying_Cog Google's AI Built Its Own AI That Outperforms Any Made by Humans https://www.sciencealert.com/google-s-ai-built-it-s-own-ai-that-outperforms-any-made-by-humans On the security, privacy, and safety challenges of AI http://www.ml4aad.org/automl/ Why Zuckerberg and Musk Are Fighting About the Robot Future https://www.theatlantic.com/technology/archive/2017/07/musk-vs-zuck/535077/ Elon Musk says we need to regulate AI before it becomes a danger to humanity https://www.theverge.com/2017/7/17/15980954/elon-musk-ai-regulation-existential-threat Live grilling in Mark's backyard https://www.facebook.com/zuck/videos/10103911836230631/ OpenSOC: An Open Commitment to Security https://blogs.cisco.com/security/opensoc-an-open-commitment-to-security http://opensoc.github.io/ https://ru.wikipedia.org/wiki/Гордиевский,_Олег_Антонович https://en.wikipedia.org/wiki/Stanislav_Petrov Banned In Germany: Kids' Doll Is Labeled An Espionage Device https://www.npr.org/sections/thetwo-way/2017/02/17/515775874/banned-in-germany-kids-doll-is-labeled-an-espionage-device CCS 2017 http://ieeexplore.ieee.org/document/8055659/ GDPR (General Data Protection Regulation) https://www.eugdpr.org/ Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек? И наоборот, может ли AI определять "плохое" поведение людей https://snap.stanford.edu/www2017tutorial/ Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-fredrikson-privacy.pdf Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures https://www.semanticscholar.org/paper/Model-Inversion-Attacks-that-Exploit-Confidence-In-Fredrikson-Jha/02bc27c39eaaa6b85d336be81b15ca19f112a950 David Wagner keynote https://ccs2017.sigsac.org/keynote.html AI может "to hack back": https://www.rescam.org Blindsight by Peter Watts https://en.wikipedia.org/wiki/Blindsight_(Watts_novel) Далекая Радуга by Братья Стругацкие http://strugacki.ru/book_12.html WarGames (1983) https://www.imdb.com/title/tt0086567/ Introduction to Artificial Intelligence for Security Professionals https://www.amazon.com/Introduction-Artificial-Intelligence-Security-Professionals-ebook/dp/B07654CFFQ http://defense.ballastsecurity.net/static/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
BSides Kyiv 21.04.2018 https://securitybsides.org.ua/, cfp https://securitybsides.org.ua/#cfp Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ Security hole in AMD CPUs' hidden secure processor revealed ahead of patches https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/ Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield https://www.theverge.com/platform/amp/2018/1/3/16844630/intel-processor-security-flaw-bug-kernel-windows-linux?__twitter_impression=true Intel Releases New Technology Specifications to Protect Against ROP attacks https://software.intel.com/en-us/blogs/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks A Simple Explanation of the Differences Between Meltdown and Spectre https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/ blizzard: agent rpc auth mechanism vulnerable to dns rebinding https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=2 https://twitter.com/secwrks/status/955554405364981761 I’m harvesting credit card numbers and passwords from your site. Here’s how. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5 Part 2: How to stop me harvesting credit card numbers and passwords from your site https://hackernoon.com/part-2-how-to-stop-me-harvesting-credit-card-numbers-and-passwords-from-your-site-844f739659b9 Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 Australia probes sale of secret papers in filing cabinets https://apnews.com/2897f5d8449c413796efe03b9202a1ca Strava's heatmap revealed military bases, but it also showed nothing is anonymous online http://www.abc.net.au/news/science/2018-02-04/strava-heatmap-online-anonymity-is-almost-impossible/9380326 Now even YouTube serves ads with CPU-draining cryptocurrency miners https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/ Uber ignores security bug that makes its two-factor authentication useless http://www.zdnet.com/google-amp/article/uber-security-flaw-two-factor-login-bypass/ British hacker arrested for cyberattacks against Pokemon, Google, and Skype. https://www.scmagazine.com/british-hacker-arrested-for-selling-malware-and-launching-cyberattacks-against-pokemon-google-and-skype/article/738288/ Ay MaMi https://objective-see.com/blog/blog_0x26.html Hospital Pays $55K Ransomware Demand Despite Having Backups https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/ СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення - https://ssu.gov.ua/ua/news/1/category/2/view/4273#.T1a7701Q.dpbs Satellite derived time and position blackett review https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/676675/satellite-derived-time-and-position-blackett-review.pdf Dutch agencies provide crucial intel about Russia's interference in US-elections https://www.volkskrant.nl/media/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~a4561913/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017) К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить? Intro / Outro Clouds of Tenderness by Lobo Loco http://freemusicarchive.org/music/Lobo_Loco/BOB/Clouds_of_Tenderness_ID_792 Russian-controlled telecom hijacks financial services’ Internet traffic https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/ Resource Certification (RPKI) https://www.ripe.net/manage-ips-and-asns/resource-management/certification The Resource Public Key Infrastructure (RPKI) to Router Protocol https://tools.ietf.org/html/rfc6810 BGPsec Protocol Specification https://tools.ietf.org/html/rfc8205 [ipv6-wg] Belgian limits on CGN/NAT? https://www.ripe.net/ripe/mail/archives/ipv6-wg/2016-November/003004.html Доклад по интернет-блокировкам на Генассамблее ООН: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf, туда же заодно и http://www.ohchr.org/Documents/Issues/Opinion/A.66.290.pdf Доклад на ENOG, расшифровка в составе сессии: https://habrahabr.ru/company/qrator/blog/342846/ , презентация: https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.key, https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.pdf, запись выступления: https://youtu.be/4MhCXbjSox8 Москва — Пєтушкі by Венедикт Єрофєєв https://uk.wikipedia.org/wiki/Москва_—_Пєтушкі http://www.moskva-petushki.ru/ Связаться с Алексеем можно по адресу alex.semenyaka@gmail.com или https://www.facebook.com/alex.semenyaka
Intro / Outro Sleepy in the Garden by Lobo Loco https://freemusicarchive.org/music/download/7b5af5facd7ab75f565ca518647fb28f56f1dc08 Malvertising https://en.wikipedia.org/wiki/Malvertising Malvertising: When Online Ads Attack (2015) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malvertising-when-online-ads-attack Juniper Acquires Cyphort (2015) https://www.cyphort.com/press-release/cyphort-labs-issues-special-report-on-the-rise-in-malvertising-cyber-attacks/ Malvertising and crypto threats have rocketed in 2017 https://www.htbridge.com/blog/malvertising-and-crypto-threats-have-rocketed-in-2017.html Malvertising Campaign Redirects Browsers To Terror Exploit Kit https://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-exploit-kit/128596/ Malvertising on Equifax, TransUnion tied to third party script (updated) https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/ New Malvertising Campaign Exploits Home Routers, Changes DNS Servers https://www.pindrop.com/blog/new-malvertising-campaign-exploits-home-routers-changes-dns-entries/ Expired domain names and malvertising https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/ Russian Influence Reached 126 Million Through Facebook Alone https://www.nytimes.com/2017/10/30/technology/facebook-google-russia.html Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference https://www.npr.org/sections/alltechconsidered/2017/10/30/560836775/facebooks-advertising-tools-complicate-efforts-to-stop-russian-interference Ad network takes steps to reduce fraud https://www.csoonline.com/article/3195998/security/ad-network-takes-steps-to-reduce-fraud.html Will Crypto Browser Mining Replace The Ad Industry https://www.cryptoglue.com/2017/09/22/will-crypto-browser-mining-replace-the-ad-industry/ For $1000, anyone can purchase online ads to track your location and app use http://www.washington.edu/news/2017/10/18/for-1000-anyone-can-purchase-online-ads-to-track-your-location-and-app-use/ I never signed up for this! Privacy implications of email tracking https://senglehardt.com/papers/pets18_email_tracking.pdf The Future of Ad Blocking: An Analytical Framework and New Techniques https://arxiv.org/pdf/1705.08568.pdf https://brave.com https://cliqz.com/en/ https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack&hl=en https://recon.meddle.mobi https://play.google.com/store/apps/details?id=edu.cmu.mcom.ppa&hl=en https://fdvt.org
Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально. Intro / Outro State of Mind by Audiobinger http://freemusicarchive.org/music/Audiobinger/~/State_of_Mind BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року https://engage2demand.cisco.com/LP=7258 2016 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf The Black Swan by Nassim Nicholas Taleb https://www.amazon.com/Black-Swan-Improbable-Robustness-Fragility/dp/081297381X Связаться с Владимиром можно по адресу voilibma@cisco.com или https://www.facebook.com/vladimir.ilibman
Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь! Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/ NSA-leaking Shadow Brokers just dumped its most damaging release yet https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/ Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/ New ransomware, old techniques: Petya adds worm capabilities https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/ The MeDoc Connection http://blog.talosintelligence.com/2017/07/the-medoc-connection.html Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html Equifax website hack exposes data for ~143 million US consumers https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/ We have broken SHA-1 in practice http://shattered.io/ ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/ KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/ Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/53847a/camera-dildo-svakom-siime-eye-hacked-livestream MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5 Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/ Блокування веб-русурсів в Україні МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру” http://life.pravda.com.ua/society/2017/12/29/228234/ Мінінформ оприлюднить доповнення до списку заборонених сайтів http://www.pravda.com.ua/news/2017/12/29/7167028/ #FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight https://informnapalm.org/uca/ http://usa.mfa.gov.ua/ua/consular-affairs/services/passport Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите! 00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight https://informnapalm.org/uca/ http://usa.mfa.gov.ua/ua/consular-affairs/services/passport 00:07:26 Apple и все все все Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html As Apple fixes macOS root password hole, here's what went wrong http://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/ https://forums.developer.apple.com/thread/79235 https://twitter.com/fristle/status/935670476214378496 Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1 https://support.apple.com/en-us/HT208317 MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/ Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/ Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out https://9to5mac.com/2017/12/07/homekit-vulnerability/ 00:12:50 John McAfee https://twitter.com/officialmcafee/status/935900326007328768/photo/1 Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin https://www.darkreading.com/cloud/bitcoin-miner-nicehash-hacked-possibly-losing-$62-million-in-bitcoin/d/d-id/1330585 Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными https://forklog.com/sajt-blokchejn-proekta-confido-nedostupen-vse-profili-komandy-proekta-okazalis-poddelnymi/ 00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine http://securityaffairs.co/wordpress/66475/hacking/cve-2017-11937-malware-protection-engine.html 00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data 00:18:28 Intel Management Engine pwned by buffer overflow https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/ 00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts http://securityaffairs.co/wordpress/66432/hacking/keylogger.html Websites use your CPU to mine cryptocurrency even when you close your browser https://arstechnica.com/information-technology/2017/11/sneakier-more-persistent-drive-by-cryptomining-comes-to-a-browser-near-you/ 00:19:09 Android flaw lets attack code slip into signed apps https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/ 00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters http://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Немного самых громких новостей последних недель вам в ленту. Тут и кролик, и Алиса, и сладкие истории на ночь. ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/ Certificate expiry monitoring, KeyChest for HTTPS, TLS, Letsencrypt expiry and server status https://keychest.net/roca Estonia government locks down ID smartcards: Refresh or else https://www.theregister.co.uk/2017/11/03/estonian_e_id_lockdown/ Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis Bad Rabbit: Not-Petya is back with improved ransomware https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/ The Shadow Internet – Comae Technologies https://blog.comae.io/the-shadow-internet-d42b7195a118 Fake WhatsApp app in official Google Play Store downloaded by over a million Android users http://securityaffairs.co/wordpress/65159/malware/fake-whatsapp-app.html Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address http://securityaffairs.co/wordpress/65168/hacking/tor-tormoil-vulnerability.html Oracle Security Alert CVE-2017-10151 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html Dangerous liaisons https://securelist.com/dangerous-liaisons/82803/ Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe http://www.theregister.co.uk/2017/11/03/equifax_share_trade_investigation/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
И снова вместо 300 секунд наши неугомонные ведущие обсуждают новости и события. Присоединяйтесь! A new Mirai-Like IoT Botnet is growing in a new mysterious campaign http://securityaffairs.co/wordpress/64565/malware/new-iot-botnet-growing.html Google launched Google Play Security Reward bug bounty program to protect apps in Play Store http://securityaffairs.co/wordpress/64545/mobile-2/google-play-security-reward.html Equifax website borked again, this time to redirect to fake Flash update https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/?amp=1 New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock https://thehackernews.com/2017/10/android-ransomware-pin.html PUBLIC SECURITY ALERT: New Facebook attack - watch out for phishy messages that say you’re a “Trusted Contact” - Access Now https://www.accessnow.org/public-security-alert-new-facebook-attack/ KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/ YouTube sin-bins account of KRACK WPA2 researcher https://www.theregister.co.uk/2017/10/19/youtube_krack_down/ Malware hidden in vid app is so nasty, victims should wipe their Macs https://www.theregister.co.uk/2017/10/20/mac_os_reinstall_eltima_elmedia_malware/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Intro / Outro Art Of Escapism - The Sands of Windhoek http://freemusicarchive.org/music/Artofescapism/Midnight_Caravan/The_Sands_of_Windhoek В связи с повышением количества атак на цепь поставок (Supply chain), в том числе и обновления, программного обеспечения, наши ведушие Андрей, Алиса, Алексей и Тарас решили разобраться что же это такое и с чем его едят, рассмотреть примеры и варианты, а так же возможные пути защиты и предотвращения. Supply chain https://en.wikipedia.org/wiki/Supply_chain What Is a 'Supply Chain Attack?' https://motherboard.vice.com/en_us/article/d3y48v/what-is-a-supply-chain-attack CCleanup: A Vast Number of Machines at Risk http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html Java security plagued by crappy docs, complex APIs, bad advice https://www.theregister.co.uk/2017/09/29/java_security_plagued_stack_overflow/ Apple Mac fans told: Something smells EFI in your firmware https://www.theregister.co.uk/2017/09/29/mac_firmware_insecurity/ Reflections on Trusting Trust https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
В качестве возвращения и начала нового сезона осень-зима 2017-2018, Андрей и Алиса кратенько прошлись по последним новостям Взлом сайтів в доменій зоні *.gov.ua та помилка у CERT-UA https://goo.gl/A6kJve 4G/5G Wireless Networks as Vulnerable as WiFi and putting SmartCities at Risk http://securityaffairs.co/wordpress/64098/hacking/4g5g-wireless-networks-flaws.html Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold https://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/ FIN7 hacking group is switched to new techniques to evade detection http://securityaffairs.co/wordpress/64083/apt/fin7-new-techniques.html VPN logs helped unmask alleged 'net stalker, say feds http://www.theregister.co.uk/2017/10/08/vpn_logs_helped_unmask_alleged_net_stalker_say_feds/ Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim http://www.theregister.co.uk/2017/10/05/anonymous_report_russian_spies_used_kaspersky_lab_software_to_steal_nsa_secrets/ Sri Lanka police arrest two men over cyber theft at the Taiwan Bank http://securityaffairs.co/wordpress/64034/cyber-crime/taiwan-bank-cyber-heist.html Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter https://thehackernews.com/2017/10/cortana-for-skype.html Warning: Millions Of P0rnHub Users Hit With Malvertising Attack https://thehackernews.com/2017/10/online-malvertising-attack.html Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach https://thehackernews.com/2017/10/disqus-comment-system-hacked.html The iPhone's Constant Password Popups Are a Hacker's Dream https://motherboard.vice.com/en_us/article/ne7gxz/ios-iphone-password-phishing-app-popups Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE
Intro / Outro Finest Cockles by Blah Blah Blah http://freemusicarchive.org/music/Blah_Blah_Blah/MOONRAKER_5317_1904/Finest_Cockles Интервью с Максимом Тульевым о блокировках и будущем украинского интернета
Intro / Outro I Do Believe I've Had Enough by Zephaniah And The 18 Wheelers http://freemusicarchive.org/music/Zephaniah_And_The_18_Wheelers/Live_On_WFMUs_Honky_Tonk_Radio_Girl_Program_with_Becky_11316/Zephaniah_And_The_18_Wheelers_02_I_Do_Believe_Ive_Had_Enough Big 4 of the top security and privacy conferences: S&P ("Oakland"), NDSS, CCS and USENIX Security. Наука не делается самостоятельно, a нужно учиться у передовых исследований, как они интегрируются с практикой, понимать их уровень, и себя показывать. По-этому, для того кто первый с украинским affiliation опубликует статью на этих конференциях - с меня можно пообещать "коньяк" :) The Network and Distributed System Security Symposium (NDSS) 2017 by Internet Society - http://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017 > From the keynote speech by J. Alex Halderman: "Want to Know if the Election was Hacked? Look at the Ballots" - https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba "Securing Digital Democracy" course - https://www.coursera.org/learn/digital-democracy Video - https://www.youtube.com/watch?v=Snoo6CXiyWU&feature=youtu.be > Web Security section: "(Cross-)Browser Fingerprinting via OS and Hardware Level Features" by Yinzhi Cao et al. - https://www.internetsociety.org/doc/cross-browser-fingerprinting-os-and-hardware-level-features Websites to test your browser and device fingerprint: https://panopticlick.eff.org https://amiunique.org http://uniquemachine.org (now, cross-browser!) "Fake Co-visitation Injection Attacks to Recommender Systems" by Guolei Yang et al. - https://www.internetsociety.org/doc/fake-co-visitation-injection-attacks-recommender-systems > User Authentication section: "Cracking Android Pattern Lock in Five Attempts" by Guixin Ye at el. - https://www.internetsociety.org/doc/cracking-android-pattern-lock-five-attempts "Towards Implicit Visual Memory-Based Authentication" by - https://www.internetsociety.org/doc/towards-implicit-visual-memory-based-authentication > TLS et al. (several papers on Diffie-Hellman and more) "The Security Impact of HTTPS Interception" by Zakir Durumeric et al. - https://www.internetsociety.org/doc/security-impact-https-interception "WireGuard: Next Generation Kernel Network Tunnel" by Claude Castelluccia et al. - https://www.internetsociety.org/doc/wireguard-next-generation-kernel-network-tunnel (by a single author, Jason Donenfeld!) More on WireGuard: https://fosdem.org/2017/schedule/event/wireguard/ https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-2016 https://www.wireguard.io > On Tor: "The Effect of DNS on Tor's Anonymity" by Benjamin Greschbach et al. - https://www.internetsociety.org/doc/e-effect-dns-tors-anonymity "Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection" by Aaron Johnson et al. - https://www.internetsociety.org/doc/avoding-man-wire-improving-tors-security-trust-aware-path-selection (more on proper path selection for Tor, possible attacks on Astoria). > Malware: "Dial One for Scam: A Large-Scale Analysis of Technical Support Scams" - наша статья, получившая Distinguished Paper Award! https://www.internetsociety.org/doc/dial-one-scam-large-scale-analysis-technical-support-scams "MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models" by Enrico Mariconti et al. - https://www.internetsociety.org/doc/mamadroid-detecting-android-malware-building-markov-chains-behavioral-models "A Broad View of the Ecosystem of Socially Engineered Exploit Documents" by Stevens Le Blond et al. - https://www.internetsociety.org/doc/broad-view-ecosystem-socially-engineered-exploit-document s (можно проводить много интересных исследований на базе данных из VirusTotal). ... and much more interesting works on SGX, virtualization, and binary reassembly, etc. Plus, a DNS Privacy Workshop program - https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme
Intro / Outro Semme Automatic Stay the Course https://www.jamendo.com/track/1421989/stay-the-course 00:00:34 Слухи про блокировки в интернетах ДО их официальной блокировки 00:04:52 Давайте поговорим про фищинг 00:07:40 Google Docs users hit with sophisticated phishing attack https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam 00:08:44 Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/ 00:09:47 Получили письмо из налоговой? 00:11:08 __blank в Edge Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit https://www.scmagazine.com/researcher-pwns-charles-darwin-to-demonstrate-microsoft-edge-exploit/article/652807/ 00:13:16 Захист від фішингу від Британської податкової 00:14:27 https://en.wikipedia.org/wiki/Phishing 00:24:45 В Тернополе в торговом центре мужчина при свидетелях открыл банкомат и похитил оттуда полмиллиона (видео) https://www.unian.net/incidents/1893219-v-ternopole-v-torgovom-torgovom-tsentre-mujchina-pri-svidetelyah-otkryil-bankomat-i-pohitil-ottuda-polmilliona-video.html 00:29:06 Prevent & report phishing attacks https://support.google.com/websearch/answer/106318?hl=en 00:31:53 Киберполиция Украины помогла ликвидировать киберсеть "Аваланш" (Avalanche), которая с 2009 года использовалась для распространения вредоносных программ, спама и фишинга - ITC.ua http://itc.ua/news/kiberpolitsiya-ukrainyi-likvidirovali-kiberset-avalansh-avalanche-kotoraya-s-2009-goda-ispolzovalas-dlya-rasprostraneniya-vredonosnyih-programm-i-spama-a-takzhe-fishinga-i-otmyivaniya-deneg/
Intro / Outro Lady We Knew by Cullah http://freemusicarchive.org/music/MC_Cullah/Cullahmity/03_-_Lady_We_Knew Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/camera-dildo-svakom-siime-eye-hacked-livestream?utm_source=mbtwitter Teampass http://teampass.net/ Squid: Optimising Web Delivery http://www.squid-cache.org/ SNORT https://www.snort.org/ Suricata https://suricata-ids.org/ pfSense https://www.pfsense.org/ Life and death for Windows: Vista support ends as Creators Update starts to roll out https://www.geekwire.com/2017/microsoft-makes-april-11-a-day-of-life-and-death-for-versions-of-windows-and-office/
Intro / Outro Just Wait by Drake Stafford http://freemusicarchive.org/music/Drake_Stafford/SUNDAY/JUST_WAIT_-_DRAKE_STAFFORD Identity management system https://en.wikipedia.org/wiki/Identity_management_systems Dashlane https://www.dashlane.com TeamPass http://teampass.net/ Microsoft built a special government-approved version of Windows 10 for China https://thenextweb.com/microsoft/2016/03/28/microsoft-windows-10-china/
Intro / Outro StrangeZero - Burnin Star https://www.jamendo.com/track/1378740/burnin-star 00:03:12 Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/ Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak https://www.reddit.com/r/netsec/comments/5y1pag/vault_7_megathread_technical_analysis_commentary/ 00:06:10 Интервью с Евгением Пилянкевичем. Связаться с Евгением можно по почте eugene@cossacklabs.com или в твиттере @9gunpi Acra https://www.cossacklabs.com/acra/ Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead https://www.amazon.com/Work-Rules-Insights-Inside-Transform/dp/1455554790/ref=asap_bc?ie=UTF8 A Graduate Course in Applied Cryptography https://crypto.stanford.edu/~dabo/cryptobook/
Intro / Outro Brady Harris - Welcome Me Back https://www.jamendo.com/track/1381589/welcome-me-back 00:01:24 Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ Pragmatic thoughts on #CloudBleed https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/ 00:11:14 We have broken SHA-1 in practice http://shattered.io/ 00:19:26 KasperskyOS 11-11: в России разработана уникальная операционная система https://hi-tech.mail.ru/news/kaspersky-os-11-11/ 00:23:15 Microsoft forced to issue emergency Flash fix after delaying Windows patches http://www.theverge.com/2017/2/22/14696358/microsoft-security-fix-adobe-flash-february-2017-patch-tuesday 00:30:08 China just made VPNs illegal https://www.engadget.com/2017/01/23/china-vpn-illegal-internet-censorship-government-approval/ An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf 00:35:14 Security experts now warn AGAINST changing online passwords often as it leaves Brits vulnerable to hackers https://www.thesun.co.uk/news/2865824/security-experts-now-warn-against-changing-online-passwords-often-as-it-leaves-brits-vulnerable-to-hackers/
Intro / Outro DDmyzik- Gypsy Swing https://www.jamendo.com/track/1369034/gypsy-swing Про будущее Астории, Tor-client Cipollino: https://arxiv.org/pdf/1605.03596.pdf https://github.com/sbunrg/Astoria Полная статье по Technical Support Scam: http://securitee.org/files/tss_ndss2017.pdf (о други проектах лаборатории можно узнать на http://pragsec.com) The full paper about web shells: http://securitee.org/files/webshells_www2016.pdf и немного визуализации на картах можно найти тут: http://www.cyber-investigator.org/cybercrime/on-the-detection-of-malicious-web-shells-and-compromised-websites/ Про PrivacyMeter: http://www.datatransparencylab.org/grantees2016.html https://www.youtube.com/watch?v=NW4Z7k71Pn8 Про браузерные дополнения: 1) Our study "Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions" - на днях появится на http://www.cyber-investigator.org/about/ 2) WOT extension: http://thehackernews.com/2016/11/web-of-trust-addon.html http://news.thewindowsclub.com/web-of-trust-wot-add-on-taken-down-86981/ 3) Other spying extensions: http://mweissbacher.com/blog/2016/03/31/these-chrome-extensions-spy-on-8-million-users/ https://labs.detectify.com/2015/11/19/chrome-extensions-aka-total-absence-of-privacy/ Detecting browser extensions: 1) https://extensions.inrialpes.fr (based on web accessible resources) 2) Our study on fingerprinting browser extensions based on their functional side effects and on-page changes - скоро появится на http://www.cyber-investigator.org/about/ Занимательные сервисы для обучения: https://www.hacksplaining.com https://microcorruption.com Книги по алгоритмам: Кнут и Кормен Седжвик Р. Фундаментальные алгоритмы на C++ Прошариться в философию: http://philosophybro.com Кстати, именно по поводу Фейсбук и Tor: facebookcorewwwi.onion https://www.facebook.com/notes/facebook-over-tor/1-million-people-use-facebook-over-tor/865624066877648/ И на внеклассное чтение, нашумевшее про "data science" и "big data" касательно "personalized/targeted agitation" :) http://tech.firstpost.com/news-analysis/big-data-and-psychographic-profiling-helped-donald-trump-win-the-us-presidential-election-359960.html
Intro / Outro Muciojad - Before I sleep https://www.jamendo.com/track/1406716/before-i-sleep 00:00:44 Best company name ever! Share capital £1, name priceless… https://nakedsecurity.sophos.com/2017/01/06/best-company-name-ever-share-capital-1-name-priceless/ 00:04:07 Bug Bounty anniversary promotion: bigger bounties in January and February https://github.com/blog/2302-bug-bounty-anniversary-promotion-bigger-bounties-in-january-and-february 00:05:13 Немного истории о расскрытии уязвимостей Disclosing vulnerabilities to protect users https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html Charlie Miller and Apple. iPhone Security Bug Lets Innocent-Looking Apps Go Bad http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/#5fd06fe62336 Legal woes http://martin.swende.se/blog/IP-issues.html Fatal flaw found in PricewaterhouseCoopers SAP security software http://www.theregister.co.uk/2016/12/09/fatal_flaw_in_pricewaterhousecoopers_sap_software/ 00:29:23 MongoDB hackers now sacking ElasticSearch http://www.theregister.co.uk/2017/01/13/elasticsearch_mongodb/ 00:30:46 WordPress plugs eight holes in latest release http://www.theregister.co.uk/2017/01/13/wordpress_plugs_eight_holes_in_latest_release/ 00:31:17 Peace-sign selfie fools menaced by fingerprint-harvesting tech http://www.theregister.co.uk/2017/01/12/fingerprint_photographs/ 00:32:21 We already have a contender for the "Best PR Description" aware for 2017 https://github.com/rapid7/metasploit-framework/pull/7815 00:33:20 ISC squishes BIND packet-of-death bugs http://www.theregister.co.uk/2017/01/13/isc_fixes_bind_denialofservice_vuls/ 00:34:01 Docker swings door shut on privilege escalation bug http://www.theregister.co.uk/2017/01/12/docker_container_escape_vuln_patched/ 00:34:23 GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug http://www.theregister.co.uk/2017/01/11/godaddy_pulls_unvalidated_digital_certs/ 00:34:45 Who is Anna-Senpai, the Mirai Worm Author? https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/ 00:35:23 Windows 10 anniversary update: Security and privacy, hope and change? http://www.welivesecurity.com/2017/01/12/windows-10-anniversary-update-security-privacy/
Intro / Outro Freaky girl by Yung Vikk https://www.jamendo.com/track/1334898/freaky-girl Antivirus tools are a useless box-ticking exercise says Google security chap http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/ Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan http://news.softpedia.com/news/medical-equipment-crashes-during-heart-procedure-because-of-antivirus-scan-503642.shtml USE OF FANCY BEAR ANDROID MALWARE IN TRACKING OF UKRAINIAN FIELD ARTILLERY UNITS (pdf) https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf Cuckoo Sandbox https://cuckoosandbox.org/ How to Stay Safe Online v0.0.2 https://www.xmind.net/m/8tR8 Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/
Intro / Outro BeenCalledWorse-DueTime (produced by Expo) by Tab https://www.jamendo.com/track/1338032/beencalledworse-duetime-produced-by-expo Hofling hospital experiment https://en.wikipedia.org/wiki/Hofling_hospital_experiment Security scare: Kate Middleton nurse reveals medical details to DJ impersonating the Queen in radio prank call http://www.mirror.co.uk/news/uk-news/kate-middleton-nurse-reveals-medical-1473720?service=responsive “Успешный” дедушка из Москвы https://www.facebook.com/photo.php?fbid=10208638914708436&set=a.2961938685656.2129723.1177252976&type=3&theater https://www.instagram.com/borisbork/ Осторожно! Появились мошенники, которые выманивают деньги представляясь работниками "Ощадбанка" http://7dniv.info/lang-ru/society/81796-oberezhno-ziavilis-shahraii-iak-vimaniuiut-koshti-predstavliaiuchis-pracvnikami-oschadbanku.html Drammer: Deterministic Rowhammer Attacks on Mobile Platforms (pdf) https://vvdveen.com/publications/drammer.pdf Рассуждения на тему стандартизации и укрепления законодательной базы
Intro / Outro The last ones by Jahzzar http://freemusicarchive.org/music/Jahzzar/Smoke_Factory/The_last_ones 00:01:00 UISGCON12. Afterworlds. https://12.uisgcon.org/ https://www.facebook.com/rekun.photo/photos/?tab=album&album_id=730563853779312 Видео докладов https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI 00:01:54 No Name Podcast https://nonamepodcast.podbean.com/ 00:02:14 Интервью с Сергеем Смитиенко. 00:12:34 Hundreds of thousands of TalkTalk and Post Office broadband users are knocked off the internet by cyber-attack that seizes control of their routers http://www.dailymail.co.uk/news/article-3991714/Hundreds-thousands-TalkTalk-Post-Office-broadband-users-knocked-internet-cyber-attack-seizes-control-routers.html 00:16:43 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/ Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? (pdf) http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf How it takes just six seconds to hack a credit card (video) https://www.youtube.com/watch?v=uwvjZGKwKvY 00:34:23 Хакери атакували українське казначейство http://znaj.ua/news/regions/80081/hakeri-atakuvali-ukrayinske-kaznachejstvo.html 00:43:52 Утверждена Доктрина информационной безопасности России http://kremlin.ru/acts/news/53418 00:51:54 Связаться с Сергеем можно через facebook https://www.facebook.com/sergey.smitienko 00:53:34 Полтавський суд відпустив кіберзлочинця, якого 4 роки шукали правоохоронці 30 країн світу http://poltava.to/news/40979/ 00:56:04 СМИ сообщили о краже 2 млрд руб. со счетов в ЦБ http://www.rbc.ru/finances/03/12/2016/584238709a7947256285e2ff 00:56:59 The UK now wields unprecedented surveillance powers — here’s what it means http://www.theverge.com/2016/11/23/13718768/uk-surveillance-laws-explained-investigatory-powers-bill 00:58:06 FBI’s New Hacking Powers Take Effect This Week http://fortune.com/2016/11/30/rule-41/ 01:01:06 [tor-talk] Javascript exploit https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html Security vulnerabilities fixed in Firefox 50.0.1 https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/ 01:03:03 Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/ 01:04:02 Android, Qualcomm move on insecure GPS almanac downloads http://www.theregister.co.uk/2016/12/07/android_qualcomm_move_on_insecure_gps_almanac_downloads/ 01:08:11 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/ (повторение мать заикания) 01:09:16 Clarkson stung after bank prank http://news.bbc.co.uk/2/hi/7174760.stm 01:12:28 Printer security is so bad HP Inc will sell you services to fix it http://www.theregister.co.uk/2016/12/06/printer_security_sucks_so_bad_hp_has_opened_a_pain_outsourcing_unit/ Книги: Donald E. Knuth The Art of Computer Programming https://www.amazon.com/Computer-Programming-Volumes-1-4A-Boxed/dp/0321751043 Peter Watts Blindsight https://www.amazon.com/Blindsight-Peter-Watts/dp/0765319640/ref=sr_1_1?s=books&ie=UTF8&qid=1483619160&sr=1-1&keywords=Blindsight Cixin Liu The Three-Body Problem https://www.amazon.com/Three-Body-Problem-Cixin-Liu/dp/0765382032/ref=sr_1_1?s=books&ie=UTF8&qid=1483619237&sr=1-1&keywords=The+Three-Body+Problem Neal Stephenson Cryptonomicon https://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/0060512806/ref=sr_1_1?s=books&ie=UTF8&qid=1483619337&sr=1-1&keywords=Cryptonomicon
Intro / Outro Hirokazu Sato - Tomorrow Song 佐藤弘和 https://www.youtube.com/watch?v=JyjuqiKEgrw Константин Корсун про то, чего стоит ожидать на #UISGCON12 Сайт конференции https://12.uisgcon.org/ Программа конференции https://12.uisgcon.org/program
Последний розыгрыш билетов на UISGCON 12! Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg Email - securit13podcast@gmail.com
Intro / Outro Touhou Project / Bad Apple (Nika Lenina Ukrainian Orchestra Version) https://www.youtube.com/watch?v=-5WdPSAwdPY Funtenna project https://github.com/funtenna/funtenna_2015/blob/master/us-15-Cui-EmanateLikeABoss.pdf A Monitor Darkly https://recon.cx/2016/resources/slides/RECON-0xA-A_Monitor_Darkly.pdf Compromising emanations: eavesdropping risks of computer displays https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf
Второй розыгрыш билетов на UISGCON 12! Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg Email - securit13podcast@gmail.com
Special - Подарунок вiд Secrit13 та UISGCON Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg Електрична адреса - securit13podcast@gmail.com
Подарунок вiд Secrit13 та UISGCON YouTube канал - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg
Intro / Outro Insecurity (Treatment) by fourstones Ft: Ms. Vybe http://dig.ccmixter.org/files/victor/8194 00:02:19 ISIS using encrypted apps for communications; former intel officials blame Snowden https://goo.gl/ujfnWQ Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks https://goo.gl/58455L Encrypted messages: Does the government need a way in? https://goo.gl/wFLskc Telegram Messenger Blocks 78 Islamic State-Related Channels https://goo.gl/8vBPgY Russian bill requires encryption backdoors in all messenger apps https://goo.gl/2wWcHH France calls for worldwide help to fight messaging encryption https://goo.gl/KXP1iW Encryption under fire in Europe as France and Germany call for decrypt law https://goo.gl/DulsCG France, Germany Call for European Decryption Law https://goo.gl/yL8LKG German Intelligence Plans 12% Budget Increase for Communications Monitoring https://goo.gl/OQi2gx Telegram app complicates job of French anti-terror police https://goo.gl/pJmY95 Terror investigators grapple with Telegram app https://goo.gl/9kVIun 00:38:57 СМИ узнали о возможном запрете на иностранное шифрование для банков https://goo.gl/oQPFgr 00:42:21 Bellingcat vs Fancy Bear: how hackers tried to halt the MH17 investigation https://goo.gl/3cndtZ 00:47:05 Critical DoS Flaw found in OpenSSL — How It Works https://goo.gl/uGYF9C 00:47:36 FBI probes hacks targeting phones of Democratic Party officials -sources https://goo.gl/yBng7w 00:47:58 How Russia Wants to Undermine the U.S. Election https://goo.gl/FXE2cR 00:48:30 ISIL-Linked Hacker Sentenced to 20 Years in Prison https://goo.gl/p9uQWi 00:49:09 Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor https://goo.gl/f2RIyi 00:50:14 KrebsOnSecurity Hit With Record DDoS https://goo.gl/7KDoxb 00:52:17 US elections and the hacking of e-voting machines https://goo.gl/08EwJG 00:52:44 Apple Weakened iOS 10 Backup Encryption; Now It can be cracked 2,500 times faster https://goo.gl/wqRP4t 00:53:43 Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab https://goo.gl/CqwEYJ 00:56:50 Oh, It's On Sale! USB Kill to Destroy any Computer within Seconds https://goo.gl/aKvV3S 00:57:56 ФАС просит доработать правила регулирования мессенджеров https://goo.gl/0ZM75s 00:59:43 The FBI recommends you cover your laptop's webcam, for good reason https://goo.gl/h9ELsC 01:02:45 "Газпром" запретил своим сотрудникам ловить покемонов на работе http://www.interfax.ru/russia/527351
Intro / Outro Who Knows by sLow_starteR Ft: Tigoolio http://dig.ccmixter.org/files/sLow_starteR/38883 Интервью с Владимиром Таратушкой (vladimir@hackit-ukraine.com) HackIt Ukrain http://hackit-ukraine.com Рекомендуемая книга Теодор Драйзер - Финансист https://www.booklya.ua/book/finansist-116954/