POPULARITY
In the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more people Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-876
In the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more people Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-876
In the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more people Show Notes: https://securityweekly.com/psw-876
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In Glorias allererster "Random Encounters"-Folge sprachen wir damals über ein Spiel, das uns beide gleichermaßen begeisterte und bis heute unsere Liste der besten Adult Games schmückt: Die Cyberpunk-Visual-Novel "Hardcoded". Nun nähert sich das Projekt nach vielen Jahren Entwicklungszeit endlich dem finalen Release und das erschien Nina als die perfekte Gelegenheit, mit Chefentwicklerin Kenzie unter anderem über die Herausforderungen der Spieleentwicklung, Trans-Repräsentation in der Pornografie, und übereifrige Selbstregulierung in queeren Communities zu sprechen.
The bar has been raised yet again. Games we played this week include: Like a Dragon: Infinite Wealth (10:50) Helldivers 2 (16:30) Mouthwashing (31:10) Deep Rock Galactic: Survivor (34:25) Final Fantasy Rebirth (40:45) Destroy All Humans 2 Reprobed (47:15) Hardcoded (49:20) --- News things talked about in this episode: MS to address rumors around console exclusivity (56:10) https://www.theverge.com/2024/2/12/24070445/microsoft-xbox-business-update-event-future-february-15 French worker unions call for strikes at Ubisoft (58:10) https://www.pcgamer.com/unions-call-for-strikes-at-ubisoft-studios-in-france-to-protest-wages-we-cannot-tolerate-being-treated-as-expendable-to-mitigate-their-bad-decisions Microsoft layoffs hit Toys For Bob hard (1:04:05) https://www.eurogamer.net/microsoft-layoffs-affect-86-staff-at-spyro-crash-bandicoot-studio The FTC seems irritated by Microsoft's layoffs (1:01:30) https://www.polygon.com/24065269/ftc-microsoft-activision-deal-layoffs-appeal Voice actor responsible for PEGI rating stingers was paid 200 Euros for the gig (1:05:00) https://www.eurogamer.net/the-voice-actor-behind-pegi-18-says-he-was-paid-just-200 --- Buy official Jimquisition merchandise at thejimporium.com Find Laura at LauraKBuzz on Twitter, Twitch, YouTube, and Patreon. All her content goes on LauraKBuzz.com, and you can catch Access-Ability on YouTube every Friday. Follow Conrad at ConradZimmerman on Twitter/Instagram/BlueSky and check out his Patreon (patreon.com/fistshark). You can also peruse his anti-capitalist propaganda at mercenarycreative.com.
Content warning: this episode is primarily about porn Kenzie Shores (she/her) is a game developer and artist best known for the pornographic visual novel, Hardcoded. Nearing the game's full release, Kenzie joined me to chat about Hardcoded's origins, the challenge of monetizing porn, and why it really sucks to work on the same game for seven years. You can follow Kenzie on Twitter @yoplatz, support Hardcoded on Patreon, and download the free demo on itch. Kenzie's Cool Things to Share - Using vegetable stock instead of water for rice (!) - The Erotic Poems of E. E. Cummings Things Discussed - Hardcoded - Why Patreon sucks for porn - Ladykiller in a Bind (Love Conquers All Games, 2016) - Ancient porn mods for The Elder Scrolls III: Morrowind - Manhunt (Gretchen Felker-Martin, 2022) - Content warnings in games (or the lack thereof) - Untitled sexy fantasy card game Kritiqal Care is produced by me, Nathalie, with music by Desired. It's available on Pocket Casts, Apple Podcasts, and wherever else you get podcasts. If you enjoyed the show, consider sharing it with a loved one and supporting Kritiqal on Ko-Fi.
A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features an appearance from Pearce Barry, principal security researcher at Rumble Network Discovery, this episode's sponsor. Show notes Risky Biz News: Confluence servers under attack due to hardcoded password
Cars are the next target for hackers; we look at vulnerabilities in standalone GPS devices, and we also discuss how Honda shrugged when presented with security vulnerabilities. We also go over the recent Apple operating system updates, and look at how Content Caching on a Mac may prevent security updates from being installed automatically. Show Notes: CVE-2022-32839 - remote code execution How can you tell whether your Mac is up to date? How to Use Content Caching on macOS to Save Bandwidth macOS Monterey 12.5 isn't yet safe for all OpenCore Legacy Patcher patched Macs Hardcoded password in Confluence app has been leaked on Twitter Security flaws in a popular GPS module could allow hackers to track vehicles The Rolling Pwn - Security Now #879 show notes Zoom brings end-to-end encryption to its cloud phone service This Is the Code the FBI Used to Wiretap the World Drobo Files for Bankruptcy Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/spring4shell-pear-bugs-and-gitlab-hardcoded-passwords.html This week we have some fun with some bugs that really shouldn't have passed code-review, we of course talk about Spring4Shell/SpringShell and dive into the decade long history of that bug, and a bit of discussion about triaging more subtle bugs. [00:00:29] [Stripe] CSRF token validation system is disabled [00:09:42] GitLab Account Takeover with Hardcoded Password [00:21:22] Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring [00:37:49] PHP Supply Chain Attack on PEAR [00:52:16] Finding bugs that doesn't exists The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: [Intro to brain-like-AGI safety] 7. From hardcoded drives to foresighted plans: A worked example, published by Steve Byrnes on March 9, 2022 on The AI Alignment Forum. Part of the “Intro to brain-like-AGI safety” post series. (This post substantially overlaps with my post from last summer, Value loading in the human brain: a worked example. Compared to that older post, this version has numerous minor edits for clarity, correctness, and fitting-into-the-flow-of-this-series.) 7.1 Post summary / Table of contents The previous post presented a big picture of how I think motivation works in the human brain, but it was a bit abstract. In this post, I will walk through an example. To summarize, the steps will be: (Section 7.3) Our brains gradually develop a probabilistic generative model of the world and ourselves; (Section 7.4) There's a “credit assignment” process, where something in the world-model gets flagged as “good”; (Section 7.5) There's a reward prediction error signal roughly related to the time-derivative of the expected probability of the “good” thing. This signal drives us to “try” to make the “good” thing happen, including via foresighted planning. All human goals and motivations come ultimately from relatively simple, genetically-hardcoded circuits in the Steering Subsystem (hypothalamus and brainstem), but the details can be convoluted in some cases. For example, sometimes I'm motivated to do a silly dance in front of a full-length mirror. Exactly what genetically-hardcoded hypothalamus or brainstem circuits are upstream of that motivation? I don't know! Indeed, I claim that the answer is currently Not Known To Science. I think it would be well worth figuring out! Umm, well, OK, maybe that specific example is not worth figuring out. But the broader project of reverse-engineering certain aspects of the human Steering Subsystem (see my discussion of “Category B” in Post #3)—especially those upstream of social instincts like altruism and status-drive—is a project that I consider desperately important for AGI safety, and utterly neglected. More on that in later posts. In the meantime, I'll pick an example of a goal that to a first approximation comes from an especially straightforward and legible set of Steering Subsystem circuitry. Here goes. Let's say (purely hypothetically.
This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and testing if your high! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718
This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and testing if your high! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718
Your purpose has been hardcoded into you since before you were born. But often, that purpose lies dormant as we try to navigate this world. It gets buried beneath the many layers of obligation and expectation, which is why it feels ever-elusive and impossible for most to pin down. Some people come across their purpose early in life. But for many, it takes a truly challenging chapter to activate us. To crack us so far open that we can no longer live out of alignment with our deepest truth. It's time to thread that storyline and uncover the purpose of the path you're walking, and that's exactly what we'll be diving into in this profound conversation. Today's special guest Stephenie Zamora has been merging the worlds of personal development, digital media, and online marketing to help individuals build purpose-driven lives and businesses for over a decade. She'll be sharing actionable tools and processes to start utilizing this work for yourself so that you can feel clear and confident around what your unique purpose is in the world. Stephenie Zamora is an author and coach, business and marketing strategist, and founder of Stephenie Zamora Media—a digital media and production company, publishing house, and a full-service life-purpose development, branding, and online marketing boutique. Her work helps catalyze individuals on their healing and growth journeys so they can uncover the purpose of their path, step into who they're here to be, and do the work they're here to do. She does this through several distinct brand verticals that follow a proven five-phase process and house various digital media content, educational programs, inspirational and motivational products, and services to support their growth at any scale.
- www.scmagazine.com: China’s new cyber tactic: targeting critical infrastructure - www.forbes.com: Hackers Break Into ‘Biochemical Systems’ At Oxford University Lab Studying Covid-19 - arstechnica.com: Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10 - www.theregister.com: Chinese businessman plotted with GE insider to steal transistor secrets, say Feds - www.darkreading.com: Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks - www.zdnet.com: GAO report finds DOD's weapons programs lack clear cybersecurity guidelines --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/professor-cyber-risk/message Support this podcast: https://anchor.fm/professor-cyber-risk/support
Zwei von 61 Podcastfolgen mit rein männlicher Beteiligung sind ein ganz guter Schnitt. Nur schade, dass Daniel und Florian sich bei einer dieser seltenen Gelegenheiten durch zwei der fünf Spiele mit schlechten Wortwitzen und Pennälerhumor durchcringen müssen, obwohl die Titel es gar nicht verdient hätten. Denn sowohl das First-Person-Point'n'Click House Party als auch die queere Dating-Sim Hardcoded sind mehr als plumpe Pornografie. Weil das Geschwisterchen Gewalt nie fern ist, wenn es um Sex geht, stellt Florian das Slice 'em up Hellish Quart und den Hollywoodaction-Deckbuilder Fights In Tight Spaces vor, bevor Daniel weirde Alien-Inseln in Stars Die besucht. Die Leckerlevels drehen sich um die Power der Zitrone und eine Entschuldigung an alle wählerischen Esser*innen. Im Cast besprochene Spiele: House Party ab 2:43, Hellish Quart ab 9:29, Hardcoded ab 18:51, Fights In Tight Spaces ab 26:26, Stars Die ab 36:53
We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge *** Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software. https://nakedsecurity.sophos.com/does-a-friend-need-money-urgently https://nakedsecurity.sophos.com/chrome-browser-has-a-new-years-resolution https://nakedsecurity.sophos.com/zyxel-hardcoded-admin-password With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
In today's podcast we cover four crucial cyber and technology topics, including: 1. Ticketmaster pays 10 Million USD for hacking competitor 2. GenRx disclosed data breach as result of September 2020 ransomware attack 3. Zyxel Firewall and VPN products vulnerable 4. U.S to ban Chinese telecommunication companies from NYSE I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Sponsored by us! Support our work through: Our courses at Talk Python Training Test & Code Podcast Patreon Supporters Michael #1: fastapi-chameleon (and fastapi-jinja) Chameleon via Michael, Jinja via Marc Brooks Convert a FastAPI API app to a proper web app Then just decorate the FastAPI view methods (works on sync and async methods): @router.post('/') @fastapi_chameleon.template('home/index.pt') async def home_post(request: Request): form = await request.form() vm = PersonViewModel(**form) return vm.dict() # {'first':'Michael', 'last':'Kennedy', ...} The view method should return a dict to be passed as variables/values to the template. If a fastapi.Response is returned, the template is skipped and the response along with status_code and other values is directly passed through. This is common for redirects and error responses not meant for this page template. Brian #2: Django REST API in a single file, without using DRF Adam Johnson He’s been on Test & Code a couple times, 128 & 135 Not sure if you should do this, but it is possible. Example Django app that is a REST API that gives you information about characters from Rick & Morty. Specifically, just Rick and Morty. / - redirects to /characters/ /characters/ - returns a JSON list /characters - redirects to /characters/ /characters/1 - returns JSON info about Rick /characters/2 - same, but for Morty Shows off how with Django off the shelf, can do redirects and JSON output. Shows data using dataclasses. Hardcoded here, but easy to see how you could get this data from a database or other part of your system. Michael #3: 2020 StackOverflow survey results Most Popular Technologies Languages: JavaScript (68%), Python (44%), Java(40%) Web frameworks: Just broken, jQuery? Seriously!?! Databases: MySQL (56%), PostgreSQL (36%), Microsoft SQL Server (33%), MongoDB (26%) Platforms: Windows (46%), macOS (28%), Linux(27%) Most loved languages: Rust, TypeScript, Python Most wanted languages: Python, JavaScript, Go Most dreaded language: VBA & ObjectiveC Most loved DBs: Redis (67%), PostgreSQL (64%), Elasticsearch (59%), MongoDB (56%) Most wanted DBs: MongoDB (19%), PostgreSQL (16%) Most dreaded DB: DB2 Brian #4: A Visual Guide to Regular Expression Amit Chaudhary Gentle introduction to regex by building up correct mental models using visual highlighting. Goes through different patterns: specific character white space (any whitespace s, tab t, newline n) single-digit number d word characters w : lowercase, uppercase, digits, underscore this sometimes throws me, since w seems like it might somehow be related to whitespace. It’s not. dot . : anything except newline pattern negations: d is digits, D is anything that is not a digit s whitespace, S not whitespace w word characters, W everything else character sets with square brackets [], and optionally dash - for range anchors ^ beginning of line $ end of line escaping patterns with repetition with {}, *, +, ? Using Python re module findall match and match.group search Michael #5: Taking credit by Tim Nolet Oh @awscloud I really do love you! But next time you fork my OS project https://github.com/checkly/headless-recorder and present it as your new service, give the maintainers a short "nice job, kids" or something. Not necessary as per the APLv2 license, but still, ya know? Amazon CloudWatch Synthetics launches Recorder to generate user flow scripts for canaries A Chrome browser extension, to help you create canaries more easily. Brian #6: Raspberry Pi 400 “complete personal computer, built into a compact keyboard” by itself, or as a kit with mouse and power adapter and cables and such, for $100 4 core, 64-bit processor, 4 GB RAM, wifi & LAN, can drive 2 displays, 4K video 40-pin GPIO header, so you can still play with hardware and such. There’s an adafruit video with Limor Fried where she describes this as something as close as we get today to an Apple IIe from my youth. For me, IIe was at school, at home I had a TRS80 plugged into an old TV and using my sisters tape deck for disk storage. This seems great for education use, but also as a second computer in your house, or a kids computer. Comes with a Beginner’s Guide that includes getting started with Python Extras: Brian: vim-adventures.com - with a dash. Practice vim key bindings while playing an adventure game. Super cool. Michael: TIOBE Index for November 2020 via Tyler Pedersen Joke: You built it, you run it.
Show Description****************Chris & Dave give an update on the website redesign project and then dive into your question: What kind of gear should you ask for from a new job? How do you fix a hardcoded issue in a project? And how is life using IntelliJ? Listen on Website →Links***** Apollo GraphQL Without Javascript Alpine […]
The Hardcoded Episode: Blowing Glass. A Cancelled Project. Reality Shows. The Elevator Pitch. The Best Laid Plans. Why I Gave Up. Fake. Prototype This. Take It Away. An episode about one of my favorite projects that I gave up in the face of logic and discovery. Everyone's got a few of these if they work creatively. This one got pretty far along before it ended. I checked, and I don't know where the written notes are - sorry about that. But I'll answer questions if people have any.
In this Soundbyte, we’re talking sexy, sexy sex games, why they’re interesting, and the queer erasure that comes along with blacklisting them from websites like Twitch. Astrid speaks to Robert Yang, NYU arts professor and renowned gay video game developer about the homophobic portion of his audience. Christine Love talks about the importance of consent through dialogue in her BDSM visual novel Ladykiller in a Bind. And Kenzie Stargrifter shares her excitement about trans cyberpunk porn game Hardcoded. But let's ask them: what makes a good sex game? Links: Robert Yang’s Twitter: https://twitter.com/radiatoryang Hurt Me Plenty itch.io page: https://radiatoryang.itch.io/hurt-me-plenty Christine Love’s Twitter: https://twitter.com/christinelove Ladykiller in a Bind Steam page: https://store.steampowered.com/app/560000/Ladykiller_in_a_Bind/ Kenzie Stargrifter’s Twitter: https://twitter.com/yoplatz Hardcoded Demo itch.io page: https://yoplatz.itch.io/hardcodeddemo My thoughts on Hardcoded: https://www.rockpapershotgun.com/2018/11/26/hardcoded-lets-trans-women-be-horny-without-being-a-fetish/ Tusks: The Orc Dating Sim itch.io page: https://hxovax.itch.io/orc-dating-sim
This week: games you might have missed recently. Alice reckons you might like Glass Masquerades 2, a jigsaw puzzler about stained-glass windows. And Brendan wants more folks to try tiny chess game Pawnbarian. We’ve also been playing stuff. Alice is witholding her Life Is Strange 2 thoughts for another time, but Brendan is ready to spit with frustration at Pathologic 2. Links: Hurling is great: https://www.youtube.com/watch?v=TmzivRetelE Pawnbarian is like Slay the Spire but chess: https://www.rockpapershotgun.com/2019/03/15/pawnbarian-is-slay-the-spire-with-less-math-and-more-chess/ John’s Baba Is You review: https://www.rockpapershotgun.com/2019/03/14/baba-is-you-review/ Brendan’s Objects In Space review: https://www.rockpapershotgun.com/2019/03/01/objects-in-space-review/ Glass Masquerades 2 is a stained-glass jigsaw puzzler: https://www.rockpapershotgun.com/2019/03/25/glass-masquerades-2-puzzle-game-released/ Skater XL is a skateboarding sim, but is it realistic? https://www.rockpapershotgun.com/2019/01/16/skater-xl-is-a-prototype-skateboard-sim/ Alec’s early access review of Foundation: https://www.rockpapershotgun.com/2019/02/08/foundation-review-early-access/ Cities: Skylines has a pedestrian mod that lets you see things up close: https://www.pcgamer.com/see-your-city-up-close-with-this-cities-skylines-mod/ Brendan’s Pathologic 2 review: https://www.rockpapershotgun.com/2019/05/23/pathologic-2-review/ Life Is Strange 2, episode 3 is out: https://www.rockpapershotgun.com/2019/05/09/life-is-strange-2-episode-3-released/ Alice’s review of Plague Tale: Innocence: https://www.rockpapershotgun.com/2019/05/13/a-plague-tale-innocence-review/ Hardcoded lets trans women be horny without being a fetish: https://www.rockpapershotgun.com/2018/11/26/hardcoded-lets-trans-women-be-horny-without-being-a-fetish/ Gestalt_OS is neat and we have no idea what’s going on: https://games.increpare.com/Gestalt_OS/ Contrapoints is a YouTube channel Alice likes: https://www.youtube.com/user/ContraPoints The Rise And Fall of the Dinosaurs is a book Brendan likes: https://www.goodreads.com/book/show/35068612-the-rise-and-fall-of-the-dinosaurs
This week on the podcast, The HUGE Crew is back in the recording basement and ready to talk about video games (and one movie)! Divinity: Original Sin, Fog of Love, Zelda 2, Travis Strikes Again, Glass, and plenty more! As always keep sending questions to hoppedupeast@gmail.com, we love them! Beer featured this week: Tag! You're It! by Big Spruce Brewing and Grumpy Sour by Roof Hound Brewing.
This week on the podcast, The HUGE Crew is back in the recording basement and ready to talk about video games (and one movie)! Divinity: Original Sin, Fog of Love, Zelda 2, Travis Strikes Again, Glass, and plenty more! As always keep sending questions to hoppedupeast@gmail.com, we love them! Beer featured this week: Tag! You're It! by Big Spruce Brewing and Grumpy Sour by Roof Hound Brewing.
intro CFP for Bsides Barcelona is open! https://bsides.barcelona Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
We are talking sigil magic this time with the wonderful anarchawitch herself, a 20 year old nonbinary trans girl from the Pacific southwest, she is a hacker and an eclectic Wiccan Taoist witch here to talk with us about sigil magic. Chaos magic is but one form of sigil work she lays down, and this episode makes a perfect companion piece to the RevLeft episode on post-structualism and post-modernism as it illustrates the theory that shaped the early writers laying down chaos magic(k). Song credit: ACAB by Anarchawitch She povides a video library for all kinds of great anarchist propaganda videos via her YouTube. She is a member of the Trans and Non-binary Socialist Association found on Twitter @TransSocialists The game Hardcoded got her into practical witchcraft and the website is found here: https://yoplatz.itch.io/hardcodeddemo "Hardcoded is an open-world dating-sim, set in the lawless reaches of a cyberpunk dystopia, in which you take on the role of a thinking/learning droid who has recently escaped her owners and is on the run. Before you can fully settle into your new life, it becomes obvious that Pira City is a place of dark and dangerous secrets. Fortunately, you're able to befriend a cast of very horny characters who seek your aid in pursuing a shadowrun-style investigation. You can spend your down time trying to establish yourself, by earning money, decorating your apartment, buying clothes, collecting sci-fi dildos, or working on turning friendships into romances." !!!This game is very explicit! There are many dicks in this game! Most of them are attached to girls!!!" @anarchawitch_on Twitter Become a Patreon of Black Banner Magic patreon.com/blackbannermagic Twitter: @blackbannerpod Email: BlackBannerMagic@riseup.net 2/3rds of every dollar raised through this Patreon will go to the Omaha Freedom Fund! community bail fund. As a member of the Revolutionary Left Radio federation of podcasts, Black Banner Magic records in the RevLeft bunker, and the last 1/3rd goes into studio and engineering costs. More info about OFF! can be found on omahafreedomfund.wordpress.com or on twitter @omahabail Support Revolutionary Left Radio and get exclusive bonus content here: patreon.com/RevLeftRadio
Oggi parliamo di dati "hard coded", ovverosia incisi per sempre (nel codice o in una registrazione) senza che vi sia possibilità di modificarli a posteriori.Che dite? È una cosa brutta?Sì, è una cosa brutta, e vi facciamo qualche esempio per spiegare perché...Ad ogni modo mi trovate qui:https://t.me/technopillzriothttps://twitter.com/alxgihttp://www.alexraccuglia.netSostenete Runtime Radio:http://runtimeradio.it/ancheio/
Oggi parliamo di dati "hard coded", ovverosia incisi per sempre (nel codice o in una registrazione) senza che vi sia possibilità di modificarli a posteriori.Che dite? È una cosa brutta?Sì, è una cosa brutta, e vi facciamo qualche esempio per spiegare perché...Ad ogni modo mi trovate qui:https://t.me/technopillzriothttps://twitter.com/alxgihttp://www.alexraccuglia.netSostenete Runtime Radio:http://runtimeradio.it/ancheio/