Serious About Security

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Research shows how MacBook Webcams can spy on their users without warning by Ashkan Soltani and Timothy B.Lee (The Washington Post), FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance by Craig Timberg and Ellen Nakashima (The Washington Post), iSeeYou: Disabling the MacBook Webcam Indicator LED by Matthew Brocker and Stephen Checkoway (Technical Report 13-02, Department of Computer Science, Johns Hopkins University) Liberty and Security in a Changing World by The President’s Review Group on Intelligence and Communications Technologies, White House panel recommends new limits on NSA surveillance by Ken Dilanian and Christi Parsons (Los Angeles Times), Obama Is Urged to Sharply Curb N.S.A. Data Mining by David E. Sanger and Charlie Savage (The New York Times), Obama review panel: strip NSA of power to collect phone data records by Dan Roberts and Spencer Ackerman (The Guardian), EFF Statement on President’s Review Group’s NSA Report by Rebecca Jeschke (The Electronic Frontier Foundation)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles For Nearly Two Decades the Nuclear Launch Code at All Minuteman Silos in the United States was 00000000 by Karl Smallwood (Today I Found Out), ‘Secret’ Nuclear Missile Launch Code During Cold War Was ‘00000000’ by Ryan Grenoble (The Huffington Post), Zero protection from nuclear code by Oliver Burkeman (The Guardian), Keeping Presidents in the Nuclear Dark by Bruce Blair (Bruce Blair’s Nuclear Column), For nearly 20 years, the launch code for US nuclear missiles was 00000000 by Lisa Vaas (nakedsecurity blog), Permissive Action Links by Steven M. Bellovin Further improving digital certificate security by Adam Langley (Google Online Security Blog), Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France by Paul Ducklin (nakedsecurity blog), Google catches French finance ministry pretending to be Google by David Meyer (GigaOM)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Forward Secrecy (Wikipedia), Twitter Enables Perfect Forward Secrecy Across Sites To Protect User Data Against Future Decryption by Matthew Panzarino (TechCrunch), Forward Secrecy at Twitter by Jacob Hoffman-Andrews (Twitter Engineering Blog), Pushing for Perfect Forward Secrecy, an Important Web Privacy Protection by Parker Higgins (EFF Deeplinks Blog) Google, Facebook, payroll accounts targeted in major password theft, security experts say by Hayley Tsukayama (The Washington Post), 2 Million Stolen Facebook, Yahoo And Google Passwords Posted Online by Alexis Kleinman (The Huffington Post), Look What I Found: Moar Pony! by Trustwave SpiderLabs

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Our Commitment to Protecting Your Information by Marissa Mayer (Yahoo!), After N.S.A. Disclosures, Yahoo Moves to Encrypt Internal Traffic by Nicole Perlroth (NY Times Bits Blog), Yahoo Will Follow Google In Encrypting Data Center Traffic, Customer Data Flow By Q1 ’14 by Matthew Panzarino (TechCrunch), Google encrypts data amid backlash against NSA spying by Craig Timberg (The Washington Post) Expert to warn Congress of HealthCare.gov security bugs by Reuters, Hackers throw 16 attacks at HealthCare.gov plus a DoS for good measure by Lisa Vaas (nakedsecurity blog), Healthcare.gov ‘may already have been compromised,’ security expert says by FoxNews.com

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Facebook Warns Users After Adobe Breach by Brian Krebs (Krebs on Security), Facebook mines Adobe breach data for reused passwords, warns users to change them or disappear by Liam Tung (ZDNet), Anatomy of a password disaster - Adobe’s giant-sized cryptographic blunder by Paul Ducklin (naked security blog) IE zero-day exploit disappears on reboot by Shona Ghosh (PC Pro), IE Zero Day Watering Hole Attack Injects Malicious Payload into Memory by Michael Mimoso (threat post)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps by Dan Goodin (Ars Technica), badBIOS by Bruce Schneier (Schneier on Security), Security researcher says new malware can affect your BIOS; communicate over the air by Ian Paul (PCWorld), ‘BadBIOS’ System-Hopping Malware Appears Unstoppable by Marshall Honorof (Tom’s Guide), The badBIOS Analysis Is Wrong. by Phillip Jaenke NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say by Barton Gellman and Askan Soltani (Washington Post), How the NSA’s MUSCULAR tapped Google’s and Yahoo’s private networks by Sean Gallagher (Ars Technica), How we know the NSA had access to internal Google and Yahoo cloud data by Barton Gellman, Askkan, and Andrea Peterson (Washington Post)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Ten Steps You Can Take Right Now Against Internet Surveillance by Danny O’Brien (EFF) Major Corporations Fail to Defend Against Social Engineering by Michael Mimoso ()

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Apple’s iCloud iConundrum - does convenience mean insecurity? by Chester Wisniewski (nakedsecurity), Cracking and Analyzing Apple’s iCloud Protocols by Vladimir Katalov (Hack in the Box Malaysia) Call yourself a ‘hacker’, lose your 4th Amendment right against seizures by John Leyden (The Register), Call Yourself A Hacker, Lose Your 4th Amendment Rights by Dale Peterson (Digital Bond), Battelle Energy Alliance, LLC v. Southfork Security, Inc. et al

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Is Truecrypt Audited Yet?, The TrueCrypt Audit Project, New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks by Cyrus Farivar (Ars Technica), Let’s audit Truecrypt! by Matthew Green (A Few Thoughts on Cryptographic Engineering) Destructive malware “CryptoLocker” on the loose - here’s what to do by Paul Ducklin (nakedsecurity), CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams (bleepingcimputer.com)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Attacking Tor: how the NSA targets users’ online anonymity by Bruce Schneier (The Guardian), NSA and GCHQ target Tor network that protects anonymity of web users by James Ball, Bruce Schneier and Glenn Greenwald (The Guardian), ‘Tor Stinks’ presentation – read the full document on The Guardian Is Microsoft recycling old Outlook.com and Windows Live email accounts? by Lee Munson (nakedsecurity blog), Microsoft is quietly recycling Outlook email accounts by Andreas Udo de Haes (PC World)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Students Find Ways To Hack School-Issued iPads Within A Week by Sam H. Sanders (NPR), LAUSD halts home use of iPads for students after devices hacked by Howard Blume (LA Times) Silent Circle Moving Away from NIST Ciphers In Wake of NSA Revelations by Dennis Fisher (threatpost)

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Oracle Java fails at security in new and creative ways by Chester Wisniewski (nakedsecurity blog) Recycled Yahoo email addresses still receiving messages for previous owners - passwords included by Lee Munson (nakedsecurity blog) Chaos Computer Club claims to have “cracked” the iPhone 5s fingerprint sensor by Paul Ducklin (nakedsecurity blog), Is Touch ID Hacked Yet?

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles iPhone fingerprint scanner sparks privacy worries by Charlie Osborne (CNet), Fingerprint-Reading IPhone Seen as Protection Against NSA by Todd Shields & Allan Holmes (Bloomberg), How secure is your iPhone 5S fingerprint? by Brandon Griggs (CNN), Is Touch ID Hacked Yet?

Youtube Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security by Jeff Larson (ProPublica), Nicole Perlroth and Scott Shane (The New York Times), Revealed: how US and UK spy agencies defeat internet privacy and security by James Ball, Jullian Borger and Glenn Greenwald (The Guardian), N.S.A. Able to Foil Basic Safeguards of Privacy on Web by Nicole Perlroth, Jeff Larson and Scott Shane (The New York Times), How The NSA Revelations Are Hurting Businesses by Kashmir Hill (Forbes), NSA shares raw intelligence including Americans’ data with Israel by Glenn Greenwald, Laura Poitras and Ewen MacAskill (The Guardian)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Anatomy of a brute force attack - how important is password complexity? by Paul Ducklin (nakedsecurity blog), How Important is Password Complexity by Brien Posey (Redmond Magazine) Apple apps turned upside down writing right to left - you’re only 6 characters from a crash! by Paul Ducklin (nakedsecurity blog), Rendering bug crashes OS X, iOS apps with string of Arabic characters (Updated) by Andrew Cunningham and Dan Goodin (Ars Technica)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles To Our Customers by Silent Circle, Silent Circle follows Lavabit in shuttering encrypted e-mail by Steven Musil (CNet), Important Announcement by Ladar Levison (Lavabit LLC), Edward Snowden has applied for asylum in Russia Live Blog from Global Post, Forced Exposure ~pj by Pamela Jones (Groklaw) Security Researcher Hacks Mark Zuckerberg’s Wall To Prove His Exploit Works by Greg Kumparak (TechCrunch), Mark Zuckerberg’s own Facebook timeline hacked by Palestinian researcher by Lee Munson (nakedsecurity blog)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles iPhone Hacked in Under 60 Seconds Using Malicious Charger by David Gilbert (International Business Times), Apple Fixes Threat from Fake iPhone Chargers in iOS 7 by Bryan Chaffin (the Mac Observer), Apple fixes Malicious Charger Hack in iOS 7 (iPhone Hacks) Black Hat: Ad networks lay path to million-strong browser botnet by Paul F. Roberts (IT World) Samsung Smart TV: Like A Web App Riddled With Vulnerabilities by Paul (the security ledger)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Articles Feds Are Suspects in New Malware That Attacks Tor Anonymity by Kevin Poulsen (Wired), Freedom Hosting arrest and takedown linked to Tor privacy compromise by John Hawes (nakedsecurity blog) Take two: Twitter drops SMS for private keys stored on Android or iPhone smartphones, adds previously missing recovery capability by Mathew J. Schwartz (Information Week), Twitter hardens two-factor authentication with app-based secure logins by Neil McAllister (The Register), New Twitter Login Verification System Avoids SMS Codes by Dennis Fisher (threatpost)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Personal data on 72,000 staff taken in University of Delaware hack by John Hawes (nakedsecurity blog), Stanford University hacked, becomes latest data breach victim by John Hawes (nakedsecurity blog), Stanford University Is Investigating An Apparent Security Breach, Urges Community To Reset Passwords by Billy Gallagher (Tech Crunch), University of Massachusetts Announces Data Breach by Gabriel Perna (Healthcare Informatics), University of Virginia Admits Data Breach by Jeff Goldman (eSecurity Planet)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Apple Developer Site Breached InfoSecurity Magazine, Apple takes Dev Center down for days, finally admits, “We got owned!” by Paul Ducklin (nakedsecurity blog), Researcher claims responsibility for security breach at Apple Developer website by Lucian Constantin (PCWorld) D’OH! Use Tumblr on iPhone or iPad, give your password to the WORLD by John Leyden (The Register), Tumblr’s iOS fix for clear-text password login howler was WEEKS LATE by John Leyden (The Register), Tumblr security lapse - iPhone and iPad users update your passwords now! by Lee Munson (nakedsecurity blog)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Anatomy of a security hole - Google’s “Android Master Key” debacle explained by Paul Ducklin (nakedsecurity blog), Relax: Google, Carriers Patching Android “Master Key” Exploit by Kevin Parrish (Tom’s Hardware), Uncovering Android Master Key that Makes 99% of Devices Vulnerable by Jeff Forristal, Bluebox CTO (Bluebox blog) Nations Buying as Hackers Sell Flaws in Computer Code by Nicole Perlroth and David E. Sanger (NY Times), VUPEN Services, Business Is Booming In the ‘Zero-Day’ Game on Slashdot

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Nintendo cracks after month-long, 15.5 million-strong hacker bombardment by Lisa Vaas (nakedsecurity blog), Nintendo’s fan site hit by illicit logins, 24,000 accounts accessed by Jay Alabaster (Network World) IOActive Security Advisory: DASDEC Vulnerabilities by IOActive and Mike Davis, Monroe Electronics DASDEC Compromised Root SSH Key by ICS-CERT, Did brainless flaw in US Emergency Alert System lead to epic zombie attack warning? by Lisa Vaas (nakedsecurity blog), Root SSH Key Compromised in Emergency Alerting Systems by Steve Ragan (Security Week)

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Tools Tor Using Tor and other means to hide your location piques NSA’s interest in you VPN Services That Take Your Anonymity Seriously, 2013 Edition Private Internet Access, VPN Service (used by Preston) BoxCryptor Classic TrueCrypt BotTorrent Sync Gibberbot Cryptocat Pidgin and the Off-the-Record Messaging Plugin

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Important Message from Facebook’s White Hat Program by Facebook Security (Facebook), Facebook issues data breach notification - may have leaked your email and phone number by Paul Ducklin (nakedsecurity blog), Facebook squashes bug that exposed e-mail addresses for 6 million users by Dan Goodin (Ars Technica) New Bounty Program Details by swiat (Microsoft Security Research & Defense blog), Microsoft Launches $100K Bug Bounty Program by Kim Zetter (Wired), Microsoft ready to cough up (potentially big!) bounty bucks for bugs by Lisa Vaas (nakedsecurity blog)

Youtube video Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Articles Yahoo’s going to boot us off our deadbeat accounts, but who is going to grab them? by Lisa Vaas (nakedsecurity blog), Yahoo tries to breathe life into dead pool of email accounts by offering IDs to newcomers by The Associated Press (Yahoo! News) US FDA calls on medical device makers to focus on cybersecurity by Grant Gross (Network World), FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks by the Food and Drug Administration, Probing Insulin Pumps For Vulnerabilities by Soulskill (Slashdot), Content of Premarket Submissions for Management of Cybersecurity in Medical Devices - Draft Guidance for Industry and Food and Drug Administration Staff by the Food and Drug Administration