POPULARITY
A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing campaign rerouted employee paychecks. Atlassian patches multiple high-severity vulnerabilities. A Wisconsin telecom provider confirms a cyberattack caused a week-long outage. VMware issues a Security Advisory addressing multiple high-risk vulnerabilities. Prosecutors say a 19-year-old student from Massachusetts will plead guilty to hacking PowerSchool. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, discussing deliberate simplicity of fundamental controls around zero trust. Oversharing your call location data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, today we are joined by Rob Allen, Chief Product Officer at ThreatLocker from RSAC 2025. Rob is discussing the deliberate simplicity of fundamental controls around zero trust. Token theft and phishing attacks bypass traditional MFA protections, letting attackers impersonate users and access critical SaaS platforms — without needing passwords. Listen to Rob's interview here. Learn more from the ThreatLocker team here. Selected Reading Russian GRU Targeting Western Logistics Entities and Technology Companies ( CISA) Ransomware attack disrupts Kettering Health Network in Ohio (Beyond Machines) America's CFPB bins proposed data broker crackdown (The Register) Krebs on Security hit by 'test run' DDoS attack that peaked at 6.3 terabits of data per second (Metacurity) SEO poisoning campaign swipes direct deposits from employees (SC Media) Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server (Cybersecurity News) Cellcom Service Disruption Caused by Cyberattack (SecurityWeek) VMware releases patches for security flaws in multiple virtualization products (Beyond Machines) Massachusetts man will plead guilty in PowerSchool hack case (CyberScoop) O2 VoLTE: locating any customer with a phone call (Mast Database) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to the security box, podcast 146. On this podcast, we may have multiple morons; one is a definite, news, notes and a very interesting topic about the proxy services and what they're up to. Potential Morons 48 States Sue Phone Company That Allegedly Catered To Needs of Robocallers talks about the majority of the U.S. and how they're suing a telephone company in Arizona who seems to be catering to the robocallers by allowing customers to spoof caller ID among other things. Free VPN Service SuperVPN Exposes 360 Million User Records. was found on Monday, the 29th. Class, what can we learn from this article? Topic This time, we're going to talk about a very interesting KrebsOnSecurity article titled Giving a Face to the Malware Proxy Service ‘Faceless' which was quite interesting. The first paragraph says: For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we'll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name. Supporting the podcast If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Si estás viendo este vídeo en 2030 desde Europa, este sonido hace tiempo que no lo escuchas. Si lo estás viendo desde 2040 te suena de verlas en algún lugar, pero si eres joven y estás viviendo en, el para mí, remoto 2050, igual no sabes ni lo que son. La desaparición del efectivo es sólo una de las trampas que están preparando los bancos centrales. Lo grave es que nadie se da cuenta.Nota: Una CBDC o Central Bank Digital Currency (en español, Moneda Digital de Banco Central), es una forma de dinero fiduciario digital que es emitido por el banco central de una país y por tanto tiene valor de curso legal en dicha nación. Es una versión digital de una moneda como el dólar estadounidense o el euro, respaldada por ese banco central. Fuentes: AGRAWAL, H. (2019). "5 Different Types Of Crypto Wallets You Should Know About", CoinSutra. https://coinsutra.com/types-of-crypto...ANTONOPOULOS, A. M. y WOOD, G. (2020). Mastering Ethereum. https://github.com/ethereumbook/ether...KREBS, B. KrebsOnSecurity. https://krebsonsecurity.com/¿Cómo funciona una blockchain? - Simplemente explicado. Disponible en: https://www.youtube.com/watch?v=MHZTT...https://www.eleconomista.es/mercados-...https://www.rankia.com/blog/psicologi...https://decrypt.co/es/95281/edward-sn...https://www.blockchaineconomia.es/los...https://academy.bit2me.com/que-es-una...https://www.criptonoticias.com/comuni...https://www.imf.org/en/News/Articles/...https://www.pwc.com/m1/en/media-centr...https://www2.deloitte.com/in/en/pages...
Hoy te voy a hablar de algo muy importante. Algo que toca llevarlo a todas partes y que se sepa. El riesgo de perder el control y de generar una sociedad diviso-dependiente es enorme. Te voy a hablar del riesgo que corremos con esas monedas digitales y de si queda alguna barrera como el bitcoin para enfrentarnos a la madre de todas las batallas socioeconómicas que se nos viene. Nota: Una CBDC o Central Bank Digital Currency (en español, Moneda Digital de Banco Central), es una forma de dinero fiduciario digital que es emitido por el banco central de una país y por tanto tiene valor de curso legal en dicha nación. Es una versión digital de una moneda como el dólar estadounidense o el euro, respaldada por ese banco central. Fuentes: AGRAWAL, H. (2019). "5 Different Types Of Crypto Wallets You Should Know About", CoinSutra. https://coinsutra.com/types-of-crypto...ANTONOPOULOS, A. M. y WOOD, G. (2020). Mastering Ethereum. https://github.com/ethereumbook/ether...KREBS, B. KrebsOnSecurity. https://krebsonsecurity.com/¿Cómo funciona una blockchain? - Simplemente explicado. Disponible en: https://www.youtube.com/watch?v=MHZTT...https://www.rankia.com/blog/psicologi...https://decrypt.co/es/95281/edward-sn...https://www.blockchaineconomia.es/los...https://academy.bit2me.com/que-es-una...https://www.criptonoticias.com/comuni...https://www.imf.org/en/News/Articles/...https://www.pwc.com/m1/en/media-centr...https://www2.deloitte.com/in/en/pages...
Traditional espionage and counterespionage during the hybrid war. Assessing Russian cyberattacks. Conti's fate and effects. Investigating cut Internet cables in France. My conversation with AD Bryan Vorndran of the FBI Cyber Division on reverse webshell operation and Hafnium. Our guest is Tom Kellermann of VMware to discuss the findings of their Modern Bank Heists report. And, finally the dark online world of “pig-butchering.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/138 Selected reading. UK Spy Chief Sees Russia's Military Running ‘Out of Steam' Soon (Bloomberg) Exhausted Russian army gives Ukraine chance to strike back, says British spy chief (The Telegraph) 'Cut by half' Putin's masterplan backfires as 400 Russian spies thrown out of Europe (Express) Half of Russian spies in Europe expelled since Ukraine invasion, says MI6 chief (the Guardian) MI6 chief: Russia's spies ‘not having a great war' in Ukraine (The Record by Recorded Future) CIA chief says 15,000 Russians killed in war, dismisses Putin health rumors (Washington Post) CIA Chief Says Russia's Iran Drone Deal Shows Military Weakness (Bloomberg) Ukraine confronts Kremlin infiltration threat at unreformed state bodies (Atlantic Council) US seeking to understand Russia's failure to project cyber power in Ukraine (Defense News) Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare (CyberScoop) How Conti ransomware hacked and encrypted the Costa Rican government (BleepingComputer) Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion (AdvIntel) Conti Criminals Resurface as Splinter RaaS Groups (Security Boulevard) The Unsolved Mystery Attack on Internet Cables in Paris (Wired) Massive Losses Define Epidemic of ‘Pig Butchering' (KrebsOnSecurity)
Experian, according to KrebsonSecurity, has an unacceptable security risk for nearly every person's credit monitoring that could be easily solved with MFA and some changes in how new accounts are created. But now they have a big gaping security hole that is being exploited. Experian has had a bad run of late with security issues, and they need to get a handle on it now. The post Experian has unacceptable security issues! #1611 appeared first on Geek News Central.
Experian, according to KrebsonSecurity, has an unacceptable security risk for nearly every person's credit monitoring that could be easily solved with MFA and some changes in how new accounts are created. But now they have a big gaping security hole that is being exploited. Experian has had a bad run of late with security issues, and they need to get a handle on it now. The post Experian has unacceptable security issues! #1611 appeared first on Geek News Central.
Welcome to the security box, podcast 99. We're excited to bring you another great show. First, in our chat section, we're going to talk about KrebsOnSecurity in New Netflix Series on Cybercrime which I've already bookmarked as I signed up for Netflicks. I also watched another movie titled Cyber Hell. (subscription required) Movies and documentaries like these are great to get out in the community, and the Cyber Hell movie I heard of somewhere, probably on clubhouse. There's more including one I talked about some time back, but this will get us started. If people have things they want us to talk about during other news, we can definitely talk about it. In our main segment, we're going to talk about Shields Up. No, not GRC's program, no not a submarine shield, but our shield. 'Shields Up': the new normal in cyberspace is our Cyberscoop article. All this, your thoughts, comments and other things on this week's edition of The Security box. Enjoy!
Venäjälle varastetut maatalouskoneet sammutettu etänähttps://www.dw.com/en/ukraine-how-farm-vehicles-stolen-by-russia-were-remotely-disabled/a-61691839John Deere ja oikeus korjata omat romunsahttps://www.dw.com/en/calls-for-consumer-right-to-repair-growing-louder-for-electronics-in-eu/a-55624164Autojen ominaisuuksia tilauksena?https://www.consumerreports.org/automotive-industry/why-you-might-need-to-subscribe-to-get-certain-features-on-your-next-car-a6575794430/Relay-hyökkäykset avaimettomalla käynnistyksellähttps://leasing.com/guides/relay-car-theft-what-is-it-and-how-can-you-avoid-it/Bluetooth-hyökkäyksellä voi pölliä Teslojahttps://arstechnica.com/information-technology/2022/05/new-bluetooth-hack-can-unlock-your-tesla-and-all-kinds-of-other-devices/Maltsua kortinlukijassani? It's more likely than you think!https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/Lainsäädäntö lievenee - valkohattuja ei enää vankilaan?https://www.engadget.com/doj-security-research-hackers-no-criminal-charges-170715840.html
In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses Brian Kreb’s recent article “Don’t wanna pay ransom gangs? Test your backups”. Topics discussed include dealing with ransomware as a disaster recovery and business continuity problem. Do you have the proper backups in place? Do you really know what recovery will require in the event of a large-scale ransomware issue? Related Episodes & Blog Posts Blog Post: 6 times business continuity and disaster recovery plans mattered Blog Post: 10 Ways An Effective Crisis Manager Survives a Crisis Episode #50: Conducting an Effective After-Action Process Episode #63: Prioritizing Top Risks Episode #82: Speed in a Crisis Episode Transcript Hello, and Welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, Principal and Chief Executive here at Bryghtpath. And in this week’s episode, I want to talk about ransomware specifically about backup strategies and ransomware. And what raised this to my attention earlier this week is an article by information security journalist, Brian Krebs who writes at KrebsOnSecurity.com, and his article is entitled, Don’t Wanna Pay Ransom Gangs? Test Your Backups. And Brian hits upon some really important facts and underlying issues with the way we think about ransomware right now. And we’re thinking about ransomware, I think we think about ransomware primarily as an information security problem, and it is, but it’s also a disaster recovery and business continuity problem. And it’s bigger. It’s more of an issue. It’s a bigger issue than we think of in the BCDR space. So, I want to kind of talk through some key points that Brian makes then I’ll add a little bit of other contexts to wrap up this episode. Krebs writes, look at the comments on almost any story about a ransomware attack and you’ll almost surely encounter the view that the victim organization could have avoided paying the extortionist, the ransom working if they’d only had proper data backups. The ugly truth, as he writes, there’s many non-obvious reasons why victims wind up paying even though they’ve done nearly everything right from a data backup perspective. His story, he points out is not about what companies are doing in response to cyber criminals that are holding their data for hostage and that’s become a best practice now. And in an approach on how they’re going to, how you respond, how do you do this? But rather why will victims pay for a key? The key that’s needed to decrypt their systems, even when they already have the means to restore anything from backups on their own. What experts are saying according to Krebs is the biggest reason that ransomware targets are, why ransomware targets or their insurance providers are still paying, even when they already have reliable backups. Is nobody at the victim organization has bothered to test in advance how long that data restoration process might take? Krebs quotes Fabian Wosar, the chief technology officer at Emsisoft, perhaps. And Fabian says, in a lot of cases companies do have backups, but they have never
In this episode we talk about ransomware, the protections against it and how security professionals should think about these issues and how to react to them. Below are the links that I mentioned in the episode. As always, if you enjoy the episode please leave a review and rate the podcast on whichever platform you are on.KrebsOnSecurity: https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/Darknet Podcast: https://darknetdiaries.com/episode/96/Support the show (https://www.buymeacoff.ee/secunf)
Welcome to the Security box, podcast 44. On this episode of the program, its time to make sure we're all caught up on Windows Update and what may be important to you. Next, we'll talk about a task force that hopes to disrupt ransomware payments. We're not done with Experian yet, and we'll have a things to ponder on this particular article I read about their API which is apparently disabled for at least one vendor. We'll also have news, notes, commentary and questions from listeners if any, and yes, even podcast listeners can join the fun. Podcast listeners can dial 623-263-8934 to leave a voice message, just follow the prompts. Email, Imessage, text and whatsapp are all given throughout the show. Windows Update Windows Update is back, and Microsoft has given us only 54 different patches, but a lot of them are critical. 13 of them were from the ZDI program from Trend Micro. May Patch Tuesday Offers Relative Respite Trend Micro Microsoft Patch Tuesday, May 2021 Edition Things to ponder Looks like Experian is still being talked about. In this Things to Ponder, Experian API Exposed Credit Scores of Most Americans is the article which we'll be picking apart as your things to ponder. A true story of a telephone number not to call and why Jennifer is now along with a very interesting story, with a very interesting twist and yes, it is a true story. A task force that is out there to disrupt ransomware I'm happy to read articles like this one, and I want to talk about it as part of the program. Its not too old, but its something of value to all of us. KrebsOnSecurity has the details. Task Force Seeks to Disrupt Ransomware Payments is the article to read. News Notes Four men plead guilty to being go-to ‘bulletproof’ hosts for cybercriminals Cyberscoop Fintech Startup Offers $500 for Payroll Passwords Krebs on Security A Closer Look at the DarkSide Ransomware Gang Krebs on Security Ransomware Playbook: Defense in Depth Strategies to Minimize Impact Phishlabs DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized Krebs on Security Stop Ransomware Groups Who Weaponize Legitimate Tools Trend Micro Worried About Ransomware? Turn on MFA Last pass
Welcome to podcast 39 of the Security Box. Looks like we've got commentary from the replay of broadcast 38's airing. We'll answer any questions from those comments if any, as well as talk about yet another story I read afterword in regards to Facebook and why it might be a good idea to remove your telephone number or use something like Google or Text Now as your number instead of your primary one. We'll have news, notes, commentary and more. We hope you enjoy the program as much as I have bringing it to you. Thanks for listening! Topic: More on Facebook, why Brian Krebs deleted his Facebook account In an article that I read on April 7th, Brian goes in to detail on why he eventually deleted his Facebook account sometime in 2020. According to the article, a paragraph says: The phone number associated with my late Facebook account (which I deleted in Jan. 2020) was not in HaveIBeenPwned, but then again Facebook claims to have more than 2.7 billion active monthly users. We know that Facebook has never been trustworthy after any type of incident, and I honestly don't believe that Mr. Krebs couldn't be part of the 533 million people affected by the breach. Checking with the site, yours truly isn't effected either, but I honestly wouldn't believe it now-a-day especially since news of this is two years old. The supposed database has been kicking around the Internet Cybercrime community since Last Summer, according to the article. I've never seen any of these databases, and with the massive amounts of databases out there and what they contain, who could confirm every piece of data in it? I like what Have I been Poned and what it is trying to offer, so don't get me wrong when it says that I'm not in there when I put my mobile number in the site to check. We now learn that the database was put up since June 2020 and include names, mobile number, gender, occupation, city, country and marital status. It includes data for 100 different countries and there is a link to a January 2021 twitter post within the article. KrebsOnSecurity goes on to talk about what might happen if someone with malicious intent gets ahold of your mobile number. One of the things that could happen is your phone number changing hands, otherwise known as a Sim-swapping attack. This happens because an employee at the store you got service is tricked in to changing the information to the attacker and you don't find out until you use your phone. Brian talks about how it is probably time to remove your number from services like Facebook once verification of the account is complete. I'm almost tempted on doing this myself. There is a very interesting paragraph in which I got interested in. It says: Why did KrebsOnSecurity delete its Facebook account early last year? Sure, it might have had something to do with the incessant stream of breaches, leaks and privacy betrayals by Facebook over the years. But what really bothered me were the number of people who felt comfortable sharing extraordinarily sensitive information with me on things like Facebook Messenger, all the while expecting that I can vouch for the privacy and security of that message just by virtue of my presence on the platform. We can't vouch for a presence of a sensitive message just because we're on the platform. I've never used Facebook or its messenger client for anything secure anyway, but that paragraph is very important. Are You One of the 533M People Who Got Facebooked? is the question and article title we're talking about in this segment, do read the article. News notes on the blog. Enjoy!
Onderwerpen Vlaamse scholen krijgen tot 510 euro per leerling voor aanschaf van laptops. Er ging toch iets grondig fout bij Ubiquity. Alle details van KrebsonSecurity. Is jouw telefoonnummer ook bij het Facebook datalek? Benikerbij.be Tips Toon: Hebban.nl Maarten C. De popquiz &Happy scale Dewi: Wereldwijven , June
La enorme riqueza de miles de millones de dólares de las bandas de cibercriminales que subcontratan su trabajo: El negocio del Ransomware Hay un viejo refrán en la comunidad InfoSec que dice: "Todas las empresas están sometidas a pruebas de penetración, ya sea que paguen por ellas o no, alguien siempre lo hará por placer". Existen cientos de miles de anuncios en internet y en la deep web ofreciendo trabajo a pentesters para trabajar en el mundo underground del cibercrimen. Entrar a equipos y a grandes corporaciones no es problema, el problema real para ellos es contratar a las suficientes personas para sacar el mayor provecho a los accesos ilegales que tienen en las empresas. Una de las actividades que más generan dinero son los ataques con Ransomware. Pero en muchos casos, requiere de mucho tiempo (días, semanas o meses) para los cibercriminales desde el día que logran ingresar a las empresas, la instalación del ransomware hasta la obtención del pago de las víctimas. Esto se debe a que, por lo general, los intrusos necesitan tiempo y mucho esfuerzo para pasar de una sola PC infectada a tomar el control de suficientes recursos dentro de la organización víctima, para que tenga sentido lanzar el ataque (secuestrar la información). ¿Cómo logran esto? Solo necesitan ingresar a una computadora y obtener a una cuenta de usuario (con mínimos privilegios), posteriormente explotan vulnerabilidades en el equipo para obtener acceso a una cuenta de administrador para deshabilitar las herramientas de seguridad instaladas en el equipo, como un antivirus. La cuenta de administrador tiene mayores privilegios dentro del equipo y dentro de la red de la empresa. Con la cuenta de administrador escanean la red en busca de software de seguridad que los pueda detectar, una vez identificado el software de seguridad lo deshabilitan, realizan la búsqueda de sistemas de respaldos, identifican los sistemas o métodos de respaldos y la información respaldada para posteriormente destruirlos durante el ataque. La historia de un “empresario” que subcontrata criminales. Dr. Samuil, es un cybercriminal que tiene presencia en foros underground desde hace 15 años. Dr. Samuil coloca anuncios en algunos foros para contratar a expertos para las etapas de post-explotación. Una etapa post-explotación, se da cuando un atacante tiene acceso a un equipo y necesita obtener privilegios de administración, recolectar información y saltar a otros equipos dentro de la red para obtener acceso a la mayor cantidad de equipos posibles. Uno de sus anuncios de Dr. Samuil dice “Se le proporcionarán con regularidad accesos selectos que fueron auditados (estos son aproximadamente 10-15 accesos de cada 100), esto ayuda a todos los involucrados a ahorrar tiempo” A partir de otros anuncios clasificados que publicó en agosto y septiembre de 2020, parece claro que el equipo del Dr. Samuil tiene algún tipo de acceso privilegiado a los datos financieros de las empresas víctimas que les da una mejor idea de cuánto efectivo puede tener disponible la empresa víctima para pagar un rescate: “Existe una enorme información privilegiada sobre las empresas a las que nos dirigimos, incluida información si hay respaldos en unidades de cinta y/o en la nube, lo que afecta significativamente la escala de la tasa de conversión. Requisitos: - Experiencia con almacenamiento en la nube, ESXi. - Experiencia con Active Directory. - Escalamiento de privilegios en cuentas con privilegios limitados. * El nivel de información privilegiada de las empresas con las que trabajamos es alta. Hay comprobantes de pagos realizados por las víctimas, pero solo para LEAD verificados. * También hay un MEGA INSIDE privado, sobre el cual no escribiré aquí en público, y es solo para LEADs experimentados. * No miramos los informes de INGRESOS / INGRESOS NETOS. Reportes contables, este es nuestro MEGA INSIDE, en el que sabemos exactamente cuánto exprimir con confianza al máximo en total. La firma Intel 471 dice que dentro de la clandestinidad de los ciberdelincuentes, los accesos comprometidos a las organizaciones se compran, venden y comercializan fácilmente. Quien es Dr. Samuil? Al realizar la investigación para esta historia, KrebsOnSecurity descubrió que Dr. Samuil es el identificador utilizado por el propietario de multi-vpn [.] Biz, un servicio de red privada virtual (VPN) de larga duración comercializado para ciberdelincuentes que buscan anonimizar y cifrar su tráfico online haciéndolo saltar a través de varios servidores en todo el mundo. MultiVPN es el producto de una empresa llamada Ruskod Networks Solutions (también conocida como ruskod [.] Net), que de diversas formas afirma tener su sede en los paraísos de empresas offshore de Belice y Seychelles, pero que parece estar dirigida por un tipo que vive en Rusia. Los registros de registros de dominios para ruskod [.] Net fueron ocultos hace mucho tiempo por los servicios de privacidad de WHOIS. Pero según Domaintools.com, los registros de WHOIS originales para el sitio de mediados de la década de 2000 indican que el dominio fue registrado por Sergey Rakityansky. Este no es un nombre poco común en Rusia o en muchas naciones vecinas de Europa del Este. Pero un ex socio comercial de MultiVPN que tuvo una pelea bastante pública con Dr. Samuil en la clandestinidad le dijo a KrebsOnSecurity que Rakityansky es de hecho el apellido real del Dr. Samuil, y que él tiene 32 o 33 años que actualmente vive en Bryansk, una ciudad ubicada aproximadamente a 200 millas al suroeste de Moscú.
.NET 5 RC1 is coming soonOk so technically this isn't "released" yet but David Fowler of the .NET team shared this photo in a tweet that shows two interesting tidbits, .NET 5 preview 7 is the last preview (AKA 'alpha') release and .NET 5 (Version 5.0.100) RC1 is coming soon. The other interesting tidbit is the 'master' branch (poor naming choice) is .NET 6.0.x, and at least as of this moment .NET 6 is slated for November 2021.Microsoft Ignite is September 22-24th, 2020, and is Free.Sign up here: https://www.microsoft.com/en-us/igniteDevIntersection is hosting a 2-day series of workshops on .NET:https://virtual.devintersection.com/#!/ is hosting a virtual 2-day series of workshop for the corporate friendly price of $199 on October 26th and October 27th 2020. Speakers include some pretty big names in the .NET space, including the Gu (sigh. Fine, "Scott Guthrie"), Kimberly Tripp, , Carl Franklin, Michelle Bustamente, and Scott Hunter.Each workshop is $199 and for that you also get access to the free keynotes. I signed up for the keynotes, and understand that if you do, you can be entered to win an XBox or a free workshopMicrosoft's Ignite conference is September 22-24, 2020, and is free. The subtitle of the conference is "Empowering the technical community to help customers innovate and rebuild in a changing world" which roughly translates to "Build new &$@#, get paid". Registration opens September 3rd, 2020.Looks like CSharpForMarkup is staying in Xamarin Forms 5do you ever see those fight videos on youtube that start just a few seconds too late so you don't know what caused it and you're left reading the comments to figure out what the hell is going on? This is like that, but on Github.Anyway, turns out after the team was going to take out CSharpFormarkup support out of Xamarin Forms 5 and move it to .NET 6 (MAUI), the loud voices on Github convinced them to keep it in.C# for Markup allows a programmer to write C# markup instead of XAML for Xamarin forms. Looks neat. Incidentally, it was the author of C#ForMarkup that let me know about this on twitter.EFCore updates -- Many to Many is in the daily buildsYou know an ORM is nascent when Many-to-Many support is just landing. I remember when EFCore was billed as a lightweight alternative to EF6. There's no doubt that Entity Framework 6 was plagued by three different ways to do the same thing with teams ending up mixing and matching and driving each other crazy. The hope is the EFCore team keeps their eye on the ball and keeps a unified focus on what the API should look like for EFCore. Given that Microsoft's bread is buttered by large enterprises that hate change, I'm not holding my breath, however.Emotions we have but don't can't explainThis is still messing me up.Scott Hanselman releases a video explaining the .NET EcosystemIf you're new to .NET (or even if you aren't) this video by Scott Hanselman explains the .NET ecosystem in all its 20 year sprawling majesty in a youtube video.Tempted to make a TikTok. Let's GO!*.The .NET Team releases a deep dive into how .NET is built and releasedThis is a follow-up to the public twitter statement that .NET daily builds aren't available when there are undisclosed security fixes; the .NET went through their entire build process. On a personal note, I made it through after a two-drink minimum. It also brings to sharp relief that .NET will always have Microsoft as its benevolent dictator for life.Maoni Stephens releases a 3 part series on the .NET GC on YoutubeMaoni Stephens shares how the GC works in three parts. I love these sorts of videos. I had to learn about the GC from Jeffrey Richter's "CLR via C#" book (back when there was only 1 edition), and now we can learn this stuff on Youtube. There's a little bit of jealousy, but mostly I'm grateful for people who take the time to share this stuff.Mads Torgerson addresses the viral "stuff I wish C# had but doesn't" tweetMads went to twitter to address the tweet that made it on the Orange Site that detailed some changes the author wishes C# had. Mads wrote: This is a great list of useful features missing from C#. They aren't fundamental flaws and could all be addressed; many are already on the radar for future versions. E.g. primary constructors are planned for C# 10.0, and could then be a building block for object expressions.I'm not really one to ask about all these new features because I'd be perfectly happy with C# 5. Some of the newer features are rather nice; but I don't think fundamental tinkering with the syntax of a language is a great way to maintain language cohesiveness. Call me old fashioned.Rick Brewster opines on what neat things you could do if we could get rid of the .Count property for certain collections:https://threadreaderapp.com/thread/1295936199345844224.htmlDid you know the ASP.NET community team holds a weekly Standup?I'm not sure it's actually a standup but naming is hard. Anyway, you can check it weekly, here.Proposal to allow Wildcard using statementsIf you've used Python or TypeScript, you've seen this sort of approach when importing modules from a third-party library. Dave mentions it as a way to handle the fact that some types of utility methods (like extension methods) should really be at the top level, even though organizationally, Visual Studio loves it when your namespaces reflect your folder structure, and penalizes you with red squigglies when you don't. It's an interesting proposal, and I'm going to keep an eye on it.System.Text.Json getting more love for .NET 5.After Microsoft bought out Newtonsoft and its author, it immediately set to replacing NewtonSoft.Json with it's own System.Text.Json (incidentally, I'm not clear as to whether James Newton-King worked on System.Text.Json), and for .NET 5 it appears System.Text.Json is getting some much needed additions. It even has its own Kanban board.David Fowler of the .NET team shows off more Top-level statementsI'm torn on top-level statements. One of my favorite parts of Perl was the ease at which I could create a one-liner or a single file program, and from a nostalgia perspective I'm happy C# is getting that, but on the other hand, it's this "there's ten billion ways to do the same thing" that ends up plaguing all programming language environments and making it hard for new people to figure out what the hell is going on. Yea, "You're only new once", but it's an eternal september out here, folks.Anyway, David Fowler shows off what you can do with Top-level statements in this tweet.What's coming with Blazor in .NET 5?The .NET Team showed off blazor improvements during their .NET community standup, I missed this when it happened, but I absolutely refuse to rename this the "Last two weeks in .NET" newsletter.Some of the touted improvements: CSS Isolation Lazy-loading Auto refresh with dotnet watch Blog post on C# 9 records has been releasedC# 9 makes it easier to declare immutable data structures with the advent of Records.Todo: Fix vulnerabilityhttps://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/Microsoft patched CVE-2020-1464 on August 11 during their normal Patch Tuesday release. This CVE dealt with how Windows validates digital signatures for programs. Developers among us call this 'code signing', and it allows for a company to have their software blessed as being 'from them' and just as importantly verify that nobody mucked with the executable itself. One of the more frightening parts of the internet is that before code signing (and even after it), we just blindly trust software we downlaod, and that was fine when it didn't underpin our way of life, but this being 2020, software is everywhere, used for everything.This CVE exploited that process to effectively spoof the origin of a piece of software, or more nefariously, be able to modify an executable without triggering a warning upon install.All of this is normal so far, as far as CVEs go. They happen, and they get patched. What makes this remarkable is that Microsoft waited two years to patch this CVE, even though there was evidence it was being exploited in the wild and that researchers told Microsoft of this fact repeatedly.In case that isn't enough to raise the hairs on the back of your neck, one of the people who knew it was being exploited, Bernardo Quintero, released a blog post detailing how it was being exploited -- after all, his company, VirusTotal, detects malware as a service. As Brian Krebs quotes in his post: “In short, an attacker can append a malicious JAR to a MSI file signed by a trusted software developer (like Microsoft Corporation, Google Inc. or any other well-known developer), and the resulting file can be renamed with the .jar extension and will have a valid signature according Microsoft Windows,” Quintero wrote. [...] “Microsoft has decided that it will not be fixing this issue in the current versions of Windows and agreed we are able to blog about this case and our findings publicly,” his blog post concluded.The exploit is called Glueball (Developers, take note, security researchers are better at naming than we are).But the over all part of this that burns my backside is that Microsoft knew and publicly did nothing about the exploit for two years. In fact, when asked the very question of "Why the hell didn't you do something for two years?" The representative from Microsoft answered (with temerity, I'm sure) "Windows user who have applied the latest security updates are protected from this attack". “A security update was released in August,” Microsoft said in a written statement sent to KrebsOnSecurity. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.”I'm opining here, but I can't believe Microsoft would let such a risky exploit go for two years unless they were forced to. I wouldn't be surprised if a nation-state actor was using that exploit and politely asked Microsoft not to patch it.Yes, that's an opinion, but that is slightly more plausible than Microsoft saying "No big deal, let's wait two years to fix an already exploited security Vulnerability.We've seen Microsoft jump into action immediately on Zero-days; but this behavior from Mirosoft is just too weird to ignore.C# 9 Natively Sized IntegersAnthony Giretti blogs about forthcoming support for Natively Sized Integers in C# 9.For the subset of programmers that code that needs to worry about such a thing (if you have no idea what this is, then you're not one of them), then this is good news, and one less reason to have to dive into Interop.Raymond Chen talks about why you can't just hack off the GUID and use part of it for uniquenessDon't lie, you've thought about doing this before.The .NET team is busy adding nullable annotations to the BCLOk, this took some reading and I'm still not sure I fully undestand what's going on, but my simple response is starting in C# 8.0, you have the ability to tell the compiler that a certain reference is 'nullable', that is that it can be assigned null; through the ? operator: string? myVar = null;. This tells other programmers that yes, a string can have a null value; (Yes, No, FileNotFound, anyone?); and helps to clearly express the situations where null is a good idea, and the situations where it's bad. Billion dollar mistake bad.To lighten our loads, the .NET team has taken to adding these nullable annotations to the .NET BCL. Presumably this will help static analysis tools not be such unsympathizing assholes all the time. Presumably.
This week: Visa is claiming that digital currency is in their DNA and Steve Wozniak is fed up with YouTube scams. Plus, Twitter got hacked hard last week – what do we know over a week later? More info @ Talk.Bitcoin.Tax Show Notes: (00:13) On Wednesday, Visa released a blog post entitled “Advancing our approach to digital currency”. In short, this blog post is meant to alert consumers of Visa's “digital currency strategy”, and their dedication to embracing cryptocurrency. Overall, a good thing for adoption. Diving a bit deeper into the blog post, Visa mentions their existing partnerships with “regulated digital currency platforms like Coinbase and Fold” and “more than 25 digital currency wallets”. They highlight their history of blockchain technology research, and state that their current research goal is to develop “new mechanisms to improve scalability and enable offline digital currency transactions”. For reference, Visa's research team consists of an impressive number of Ph.D scientists and researchers, with focuses ranging from cryptography, machine learning, quantum computing, blockchain technology, and a number of other tech-related concentrations; this well-versed research team certainly illustrates that Visa is serious about crypto and blockchain. The blog post also touts Visa's involvement in shaping cryptocurrency related policy, citing their collaborative work with the World Economic Forum where they were involved in creating policy recommendations for a Central Bank Digital Currency. Finally, Visa states the key values that will guide their digital currency strategy: protecting consumer data and privacy while adhering to all applicable laws, remaining currency and network agnostic by supporting the digital currencies and blockchain networks that their partners and customers want, and utilizing their existing expertise and capabilities to shape and enhance their continued foray into crypto and blockchain technology. The blog post shows that Visa is serious about cryptocurrency and blockchain technology, a sentiment that is more and more commonly shared by well-known names in the finance space. It certainly wouldn't be surprising to hear about some additional Visa partnerships with high-profile cryptocurrency companies in the near-future. — (02:21) Next up – YouTube scams are really annoying Apple co-founder Steve Wozniak (and everyone else). So much so that he is reportedly suing YouTube! If you've spent any time on YouTube, you've probably seen some sort of video that is trying to scam you out of your money – whether you've realized it or not. The lawsuit that Steve Wozniak filed on Tuesday relates to “images and videos of Plaintiff STEVE WOZNIAK, and other famous tech entrepreneurs”… “that have defrauded YOUTUBE users out of millions of dollars”… “[using] images and video of STEVE WOZNIAK to convince YOUTUBE users that he is hosting a live “BTC” or “BITCOIN GIVEAWAY” event and that, for a limited time, any user who sends in their bitcoin will receive twice as much back.” At this point, these types of scams are commonplace – they've been around for a long time, and take place on various social media platforms. We'll be talking about the big Twitter attack that occurred last week, which utilized a similar type of scam. The lawsuit actually mentions that attack, stating that “Twitter acted swiftly and decisively to shut down these accounts and to protect its users from the scam”. According to the lawsuit, YouTube not only refused to remove the scam videos, they also promoted them AND profited off them via paid advertising. Again drawing comparison to the recent Twitter attack, the lawsuit says that the YouTube scams have generated millions of dollars in stolen crypto, whereas the unprecedented Twitter hack only yielded around $120,000 worth of crypto income for the attackers. As we discussed on our April 24th episode, Ripple Labs and their CEO Brad Garlinghouse filed a similar lawsuit against YouTube. With all the heat YouTube is receiving, it seems to me that it would be incredibly likely for them to take some sort of eventual action to address these types of scams on their platform. — (04:04) On the topic of crypto scams, let's briefly discuss the aforementioned unprecedented Twitter hack that occurred on July 15th, 2020. If you haven't heard what happened, the TLDR of it is that a hacker (or group of hackers) apparently utilized social engineering to gain access to a Twitter employee's administrator account, giving them unfettered access to seemingly every Twitter account. The accounts that were outwardly targeted belonged to high-profile verified twitter users, ranging from tech gurus like Elon Musk and Bill Gates, performers like Kanye West, and even former President Barrack Obama. On the crypto side of things, major cryptocurrency-related profiles were also targeted, like Coinbase and Binance. These accounts all posted the same, or similar messages, instructing their followers to send some crypto (primarily BTC) to a wallet address – claiming that, in return, the sender would receive a significantly larger amount of crypto back. Again, this is a classic scam that has been around quite a while – but it's power and believably is directly connected to the platform it's being propagated on. In other words, to someone without knowledge of this scam, they might see a tweet from the official account of Elon Musk and believe that he will send them a bunch of Bitcoin as long as they send a bit first. The hack lasted a decent number of hours, with Twitter actively deleting the messages and temporarily suspending all verified accounts. Over a week after the attack occurred, what do we know? Well, Twitter themselves said “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Social engineering, briefly, is the act of “hacking” an individual for information to access a protected system, as opposed to hacking the system itself. Reuters reports that earlier this year, more than 1,000 Twitter employees and contractors had access to a sort-of “god-mode” administrative panel, meaning any one of those individuals could have been the unlucky victim of the social engineering attack. Twitter has recently divulged that 130 accounts were targeted, 45 accounts sent out tweets, 36 accounts had their DMs accessed (including a politician in the Netherlands), and 8 non-verified accounts had their account data fully exported. KrebsOnSecurity released a detailed report that points to a lone hacker that is well-known in SIM Swapping circles as the culprit. Of course, as the hack affected billionaires and politicians, the FBI has launched their own investigation. So, 9 days after the attack we know that it was due to social engineering and we know that the attackers gained around $120,000 in crypto, a fairly low amount of money for the unprecedented amount of access the hacker or hackers apparently had. We also know that the attackers actively accessed direct messages and other Twitter data from some of the accounts. We have some well-placed theories about who the hacker is, but no definitive proof as of now. We also don't know a motive – some camps believe the goal was to make some money but that the hacker hadn't adequately planned that out, resulting in a paltry sum compared to what could have been made, utilizing the hack for various other nefarious schemes. Others believe this was an attack that was meant to gain information from protected accounts, while others think the attack was meant to sent a message. Only time, and some hearty investigations, will yield concrete answers. Once those answers are found, we'll be sure to report on them!
Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at https://www.digitalshadows.com/blog-and-research/fresh-blow-for-dark-web-markets-nightmare-market-in-disarray/ KrebsonSecurity article: https://krebsonsecurity.com/tag/first-american-financial-corp/ Find the full intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-08-aug-15-aug-2019
Maureen K. Ohlhausen: Should Antitrust Law Rein in Big Tech? (Ep. 179) Maureen K. Ohlhausen joined Joe Miller to discuss whether U.S. antitrust law is the appropriate mechanism by which to rein in big tech. Bio Maureen K. Ohlhausen (@M_Ohlhausen) is the Antitrust and Competition Law Practice Chair and Partner at the law firm of Baker Botts. Previously, she served as Acting Chairman at the Federal Trade Commission for 2 years and prior to that as a Commissioner for 6. She directed all aspects of the FTC's antitrust work, including merger review and conduct enforcement, and steered all FTC consumer protection enforcement, with a particular emphasis on privacy and technology issues. A thought leader, Maureen has published dozens of articles on antitrust, privacy, IP, regulation, FTC litigation, telecommunications, and international law issues in prestigious publications and has testified over a dozen times before the U.S. Congress. Maureen has relationships with officials in the U.S. and abroad, with a particular emphasis on Europe and China, and has led the U.S. delegation at the international antitrust and data privacy meeting on many occasions. She has received numerous awards, including the FTC's Robert Pitofsky Lifetime Achievement Award. Prior to her role as a Commissioner, Maureen led the FTC's Internet Access Task Force, which produced an influential report analyzing competition and consumer protection legal issues in the area of broadband and internet. In private practice, he headed the FTC practice group at a leading telecommunications firm, representing and counseling telecommunications and technology clients on antitrust compliance, privacy, and consumer protection matters before the FTC and the FCC. She also clerked at the U.S. Court of Appeals for the D.C. Circuit. Resources Baker Botts – Antitrust and Competition Law Practice Group Here’s how we can break up big tech by Elizabeth Warren (Ms. Ohlhausen argues against.) News Roundup Facebook blocks race, age, gender, ZIP code ad targeting for housing, employment, credit Facebook is no longer permitting housing, employment and credit advertisers to target users based on their age, race, gender or zip code. This brings Facebook in line with federal rules preventing broadcasters from discriminating in ad sales contracts on the basis of race or gender. The new prohibitions are part of a settlement with several advocacy organizations that filed discrimination lawsuits against Facebook after ProPublica published an investigative report showing its ability to exclude certain ethnicities from seeing housing ads. Dems plan to vote on net neutrality bill on April 8th House democrats plan to vote, on Monday, April 8th, on the bill that would reinstate the 2015 net neutrality rules—the Save the Internet Act. Opponents are trying to tack on a bunch of Amendments even though the bill is pretty straight forward in terms of its intended scope. Even if the bill passes the House though, it faces an uphill climb in Mitch McConnel’s lair high up on the mountain -- I mean the Senate. And the president would also have to sign it – we’ll see what happens. Security firm: Facebook stored user data in plain text for years This time, the security firm KrebsonSecurity found that, for years, Facebook stored hundreds of millions of user names and passwords in a text file. What’s the problem with this you ask? Well the text file was searchable by any of Facebook’s 20,000 employees. So let’s say a date didn’t go so well with some brah who happens to work at Facebook? Well guess what he could just go ahead and search for your password. Facebook has allegedly used this method dating back as far as 2012. Cummings demands documents related to Kushner’s use of encrypted app for official business House Oversight Chair Elijah Cummings has demanded documents from the attorney representing Jared Kushner regarding Kushner’s use of a private email address and What’s App to conduct official business. This of course is the same thing Republicans went after Hillary Clinton for during the 2016 presidential campaign. FCC to pay $43k in settlement for not releasing fake comments records The FCC will pay $43,000 in attorneys’ fees and costs to a New York journalist named Jason Prechtel for failing to turn over information, under a Freedom of Information Act (FOIA) request, related to fake comments filed in the net neutrality proceeding. The case was settled without prejudice which means the FCC won’t admit to any wrongdoing—even though it didn’t respond to the journalist within the statutory timeframe. Nunes suing Twitter California Republican Representative Devin Nunes is suing Twitter and 3 users for $250 million saying he was “defamed” and claiming that Twitter bans conservative viewpoints. Trump finally names a CTO After two years, President Trump has finally named a Chief Technology Officer. Michael Kratsios is just 32 but well-connected and worked for Thiel Capital. Peter Thiel as you’ll recall is a Donald Trump Supporter Events Tuesday March 26th Hudson Institute How Does the U.S. Maintain its Competitive Edge in 5G? 9:15AM-11:00AM 1201 Pennsylvania Ave. It will be livestreamed Senate Commerce Committee Hearing on Small Business Perspectives on the Federal Data Privacy Framework 2:30pm – Dirksen 562 Wednesday March 27th House Judiciary Committee Lost Einsteins: Lack of Diversity in Patent Inventorship and the Impact on America’s Innovation Economy 10AM 2141 Rayburn March 29th Brookings Stephen Bryer Lecture: Digital Technology in the age of artificial intelligence: A comparative perspective 10:30-12 noon Falk Auditorium @ Brookings 1776 Massachussetts, NW There will be a webcast for this as well.
"Microsoft Patches Two Zero-Day Flaws Under Active Attack", "5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws", "Mirai DDoS attack against KrebsOnSecurity cost device owners $300,000", and "The final compliance countdown: Are you ready for GDPR?" Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
"Microsoft Patches Two Zero-Day Flaws Under Active Attack", "5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws", "Mirai DDoS attack against KrebsOnSecurity cost device owners $300,000", and "The final compliance countdown: Are you ready for GDPR?" Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
This week, we interview Joe Gray from the Advanced Persistent Security Podcast! Paul will deliver the Technical Segment this week entitled “Docker Security Incident: Lessons Learned”! In the news, we have updates from Microsoft, Powerful Botnets, Mirai DDoS attack against KrebsOnSecurity, GDPR, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode559 Visit https://www.securityweekly.com/psw for all the latest episodes! →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
This week, we interview Joe Gray from the Advanced Persistent Security Podcast! Paul will deliver the Technical Segment this week entitled “Docker Security Incident: Lessons Learned”! In the news, we have updates from Microsoft, Powerful Botnets, Mirai DDoS attack against KrebsOnSecurity, GDPR, and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode559 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!
This week Dave and Gunnar talk about: DDoS attack on DynDNS, DDoS Coin, and a USB killstick. Gunnar recommends following @MachinePix and @TheJoinery_jp on Twitter Your Nexus phone will soon automatically connect to open Wi-Fi networks Stealing login credentials from a locked PC or Mac just got easier USBee stings air-gapped PCs: Wirelessly leak secrets with a file write Now you can buy a USB stick that destroys anything in its path Someone Is Putting Malicious USB Sticks in Australian Mailboxes Gunnar recommends the latest Mom and Dad are Fighting D&G Ad Experience Optimization of the Week: Facebook Testing Autoplay Video Ads That Have The Sound Turned On By Default uBlock Origin working great Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net Record-breaking DDoS reportedly delivered by >145k hacked cameras Distributed Censorship or Extortion? The IoT vs Brian Krebs Hacker Releases Code That Powered Record-Breaking Botnet Attack DDoSCoin: Cryptocurrency using DDoS attacks as (malicious) proof of work The Terrible Security Of Bluetooth Locks Dave’s a blogger now? Government insight, Linux containers, and Microsoft: Three reasons you can’t miss this year’s Red Hat Government Symposium People, Please Don’t Store Private Data in Your Address Book 9 tricks to appear smart in brainstorming meetings Cutting Room Floor Names For Emotions People Feel But Can’t Explain Angry Desert Rain Frog Squeaks With Displeasure Know Who’s at the Office with the Raspberry Pi Wheelie-popping, modified racing roomba Ultra Orthodox Rabbis Sing Pink Floyd’s “Wish You Were Here” on the Streets of Jerusalem Marionette playing Rush’s Tom Sawyer and 2112 Overture and Temples of Syrinx Musicians Obsolete? Sony A.I. Creates Beatles-Inspired Song Vintage driver’s licenses once issued to Alfred Hitchcock, Johnny Cash, James Brown, & more! HAARP Holds Open House To Dispel Rumors Of Mind Control Vintage Pocket Guides to Syria & Beyond for the WW II American Soldier Photos from Inside NORAD’s Cheyenne Mountain Combat Center National Air and Space Museum Offers Audio Tours in Klingon Ka-Bar Tactical Spork Tool Wizards Now Have Their Own Version Of Apple Pay Chinese tourist who lost wallet in Germany ends up in refugee shelter New Teddy Ruxpin: Adorable Or The Blinking Demon Of Your Nightmares? Lock Up Your Raspberry Pi with Google Authenticator HRROOGA! And Other Vintage Comic Book Monster Sounds Real-life Space Invaders with drones and lasers We Give Thanks The D&G Show Slack Clubhouse for the discussion topics!
Our inspiration for this week's show was Michelle Obama's popular catchphrase, "When they go low, you go high." Don't worry, our next episode will also have a fun Republican catchphrase. In this episode, we discussed how low the security of our favorite things have gone - in music, email, and the internet of things(IoT). Music. There are a lot of music lovers that use Spotify on their desktops, but they weren't expecting it to periodically cause their browser to open malicious sites without their permission. Email. These days, even though kids these days think email is passé, organizations still rely on email. That's why, we must cover Yahoo's 500 million leaked accounts as well as hacked presidential candidates emails. (Psst, go to 5:03, if you wanna know how much Yahoo would have paid if GDPR - the EU's latest data protection regulation - was in effect) IoT. Lastly, we discussed Mirai, the recent DDoS attack against Brian Krebs, who runs KrebsOnSecurity.com, a publication about cybersecurity. Thinking Like a Hacker In this segment, we attempt to explain "SQL Injection" to a 5-year-old. A Tool for Sysadmins Fiddler - The free web debugging proxy for any browser, system or platform Subscribe & Follow itunes / android / RSS feed @infosec_podcast
EP111 GunBlog VarietyCast - Sean Tells Erin it Can’t Be Done Pacifiers & Peacemakers - Only in Alabama? Ladies’ Sunday School Shooting Outing Felons Behaving Badly - Murder charge for Raleigh man after victim shot in the head dies Tech Tips with The Barron - Democratizing Censorship Main Topic - Gun Rights Policy Conference The Bridge - Like Daughter Like Mother? Blue Collar Prepping - How to be on camera This Week in Anti-Gun Nuttery - Weer’d vs. Science: Part II Plug of the Week - Second Amendment Foundation Episode Sponsors - LuckyGunner and Remington Ammunition Pacifiers & Peacemakers - Only in Alabama? Ladies’ Sunday School Shooting Outing Felons Behaving Badly - Murder charge for Raleigh man after victim shot in the head dies Murder charge for Raleigh man after victim shot in the head dies - http://wncn.com/2016/09/26/murder-charge-for-raleigh-man-after-victim-shot-in-the-head-dies/ Suspect - http://webapps6.doc.state.nc.us/opi/viewoffender.do?method=view&offenderID=1201775&searchLastName=Neal&searchFirstName=Anthony&listurl=pagelistoffendersearchresults&listpage=1 Victim 1 - http://webapps6.doc.state.nc.us/opi/viewoffender.do?method=view&offenderID=1460663&searchLastName=Malloy&searchFirstName=Travis&listurl=pagelistoffendersearchresults&listpage=1 Victim 2 - http://webapps6.doc.state.nc.us/opi/viewoffender.do?method=view&offenderID=1115699&searchLastName=Thomas&searchFirstName=Kedrick&searchMiddleName=d&listurl=pagelistoffendersearchresults&listpage=1 Tech Tips with The Barron - Democratizing Censorship Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net - http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/ KrebsOnSecurity Hit With Record DDoS - https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/#more-36426 The Democratization of Censorship - http://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ Someone Is Learning How to Take Down the Internet - https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html The Main Topic - GRPC Step By Step Gun Training - https://stepbystepguntraining.com Live Video - https://www.facebook.com/paul.a.lathrop.9/videos/1264666736898114/ Sean’s Livestream Interview - https://youtu.be/Rcp-2Fh5t6M?t=15m19s Erin’s Livestream Interview - https://youtu.be/Rcp-2Fh5t6M?t=4h31m15s The Bridge - Like Daughter, Like Mother? Take the Gun Away - http://frontsightpress.com/2016/09/take-the-gun-away/ Tiff’s dad - http://frontsightpress.com/2015/11/bittersweet/ The “family class” that my mom referenced - http://frontsightpress.com/2015/02/a-thing-of-beauty/ Blue Collar Prepping - How to be on camera This Week in Anti-Gun Nuttery - Weer’d vs. Science: Part II Science Vs Guns: https://gimletmedia.com/episode/guns/ Science Vs Gun Control: https://gimletmedia.com/episode/gun-control/ Serious violent crime under-reported for a decade: http://www.telegraph.co.uk/news/uknews/3245966/Serious-violent-crime-under-reported-for-a-decade.html Suicide Rate in Australia: http://reconnecthealth.com.au/news/wa-has-the-third-highest-suicide-rate-in-australia Plug of the Week Second Amendment Foundation - https://www.saf.org/join-saf/
In today's podcast, we follow the latest on the Yahoo! breach. British sources say GCHQ stopped a Russian attack on last year's UK general election. A White House staffer's email is hacked. KrebsOnSecurity is back, but many see a lesson in the dangers of IoT botnets and democratized censorship. Researchers describe iOS and Android vulnerabilities. The FBI releases more documents from its State Department email investigation. Yisroel Mirsky from Ben-Gurion University discusses security risks of Android touch loggers. Switzerland votes for more surveillance, and US states reassure voters that the election won't be hacked.
In today's podcast, we hear more on the recent hacking of German political parties. Russia reorganizes its security services—apparently the KGB is back in everything but name. KrebsOnSecurity sustains a record-breaking DDoS attack. Yahoo! discloses a record breaking data breach. Ben Yelin from the University of Maryland Center for Health and Homeland Security weighs in on a possible Snowden pardon. Steve Durbin tells us what organizations like the ISF have to offer. Ransomware may be meeting data manipulation.
Brian Krebs, freelance tech reporter, editor of KrebsOnSecurity.com and straight from the stage, takes time out in Vienna to speak to both Martin McKeay and Chris John Riley about his rogue-pharma-spam-focused presentation at FIRST 2011, "Funny Pharma: Inside the Web's Leading Rogue Pharmacies." Brian presented at FIRST 2011 Vienna on Tuesday, June 14, 2011.