POPULARITY
3 episodes with ss7
2 episodes with ss7
3 episodes with ss7
2 episodes with ss7
2 episodes with ss7
3 episodes with ss7
2 episodes with ss7
2 episodes with ss7
Most scams where the victim is tricked into paying money to fraudsters originate on social media—often on Facebook, Instagram and WhatsApp.But in the UK around one scam in five—and nearly half by the total value stolen—exploits weaknesses in our telecommunications infrastructure.That could be someone spoofing the number of a legitimate entity, such as the tax office or your bank, when calling you. It could be a scammer exploiting security vulnerabilities in the mobile network to compromise and intercept voice and SMS messages. In a rapidly rising form of fraud, criminals impersonate the nearest cell phone tower and send messages that look like they're from your bank or mobile service provider. One click on a link and you're soon handing over valuable personal information or downloading malware that gives the scammers access to your payment app or crypto wallet.In the latest episode of Unseen Money from New Money Review, my co-host Timur Yunusov and I are joined by telecom cybersecurity expert Dmitry Kurbatov, chief executive of UK-based company SecurityGen.In the podcast, Dmitry explains how criminals can spoof a trusted entity's phone number when calling you. We look at SIM swap frauds and discuss who bears responsibility for the continuing security flaws in mobile networks. We highlight in which countries users are currently most exposed to mobile phone-based frauds. We look at the recent SK Telecoms breach in South Korea, which exposed the personal and financial data of up to 23 million users. And we describe the ever more ingenious methods being used by scammers to subvert telecoms networks.Some technical terms used during the podcast:“SIP trunking” is the digital method of making and receiving phone calls and other digital communication over an internet connection.“SIP protocol” is a signalling protocol used for initiating, maintaining, and terminating multimedia sessions, including voice, video, and messaging.“SIM farms” or “SIM boxes” bridge the internet and cellular networks, enabling the routing and redirection of calls or messages through multiple SIM cards.“Rich Communication Services (RCS)” are a messaging protocol that enhances traditional SMS by offering richer features like multimedia sharing, group chats, read receipts and typing indicators.“Drive-by smishing” is where fraudsters use fake base stations to force victims' phones to connect to a fake mobile network and then use SMS messages to distribute malicious links or initiate scams.In “software-defined radio”, components that are conventionally implemented in analogue hardware (e.g., mixers, filters, amplifiers, modulators/demodulators, detectors) are instead implemented by means of software on a computer.A “global title” is an address used in SCCP (Signalling Connection Control Part, a network-layer protocol in telecommunications) for routing signalling messages on telecommunications networks.“SS7” is a set of telecommunications protocols that are used to exchange information between different telephone networks.“IPX” is a telecommunications interconnection model for the exchange of internet protocol-based traffic between customers of separate mobile and fixed operators.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us a textReady to unlock the secrets of cybersecurity and ace your CISSP exam? Tune in to the latest episode of the CISSP Cyber Training Podcast, where I, Shon Gerber, guide you through the complexities of a groundbreaking malware discovery by Black Lotus Labs. Unearthed in Juniper routers within critical sectors, JMAGIC poses a stealthy threat by lingering in memory and potentially exfiltrating data. As we dissect this sophisticated malware, we'll also address pivotal CISSP exam questions, offering insights into defending against unauthorized access to SS7 signaling systems and the risks associated with unauthorized VoIP calls to premium rate numbers.Prepare to fortify your telecommunication systems as we uncover strategies to combat vishing, unauthorized PBX call forwarding, and the vulnerabilities of SS7 protocols. You'll learn about leveraging Secure Real-time Transport Protocol (SRTP) for encrypting VoIP communications and employing robust spam filters to counter SPIT. As we wrap up, I'll provide a tried-and-true CISSP exam preparation blueprint to bolster your confidence and readiness. Whether you're keen on enhancing your cybersecurity prowess or ensuring exam success, this episode is packed with essential knowledge and strategies designed to help you thrive in the ever-evolving cybersecurity landscape.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Send us a textUnlock the secrets of voice security and communication evolution with Shon Gerber on the CISSP Cyber Training Podcast. We tackle the intriguing issue of Subaru's Starlink vulnerability, which Wired Magazine recently spotlighted. This flaw, affecting about a million vehicles, highlights the growing security challenges of IoT and connected vehicles, echoing similar vulnerabilities in other brands like Acura and Toyota. Tune in to discover how these incidents shape the landscape of cybersecurity in the automotive industry.Journey through the fascinating history of communication systems, from the hands-on days of telephone operators to the seamless digital networks we rely on today. Explore the transformation of circuit switch networks and the critical role played by SS7 systems, all while navigating the complex security risks they introduce, such as interception and eavesdropping. Gain insight into how technological progress has bridged global communication gaps and the essential awareness required to address the concomitant security implications.Our conversation takes a deep dive into the world of secure voice communications, examining the transition from traditional analog methods to modern VoIP technology. With threats like eavesdropping, man-in-the-middle attacks, and denial of service on SIP protocols, understanding the nuances of VoIP security is crucial. We also demystify social engineering tactics like vishing and phreaking, offering strategies to bolster defenses against these manipulative threats. Prepare to enhance your cybersecurity expertise and safeguard your systems with practical advice and cutting-edge information.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
We go deep into this week's topics and break into the stories covered. What's happening with bot detection these days? Traditional CAPTCHAs are becoming ineffective as bots are now able to solve them easily. This has led to developers exploring alternative methods like behavior analysis and biometrics, but these come with their own privacy and accessibility concerns. The rise of AI agents further complicates things, requiring platforms to distinguish between helpful and harmful bots. Are car companies being hypocritical about data privacy? Yes, senators are calling out automakers for opposing "right-to-repair" laws while simultaneously selling customer data. They argue that automakers' cybersecurity concerns are a smokescreen for maintaining control over repair profits, as there's no evidence independent shops mishandle data more than dealerships. This raises questions about consumer rights concerning vehicle repairs and data privacy. What's the problem with digital license plates? A security researcher has demonstrated that digital license plates can be hacked to display false information, enabling users to evade tolls and tickets or even incriminate others. The vulnerability lies in the hardware and requires replacing the plate's chip to fix it, making it a costly solution. While digital plates offer convenient features, their security flaws present a significant risk. How is a GPS tracking company ironically exposing customer data? Hapn, a company specializing in GPS tracking, ironically exposed customer names, email addresses, and device serial numbers due to a misconfigured server. This incident highlights the importance of robust cybersecurity measures, especially for companies handling sensitive location data. It serves as a reminder to research a company's security practices before entrusting them with your data. Is there a privacy-focused alternative to Alexa or Google Assistant? Yes, Home Assistant has launched Voice PE, a voice-controlled device that operates entirely offline, ensuring user privacy. It supports multiple languages, offers customizable wake words, and can integrate with AI models like ChatGPT. While still in development, it offers a promising alternative for those seeking a local, privacy-centric smart home voice control system. What is Apple doing about spyware attacks on its users? Apple is directing victims of spyware attacks to a nonprofit security lab for assistance. This lab specializes in cybersecurity and provides resources to help victims understand and address spyware threats. This partnership highlights Apple's commitment to user security and privacy and emphasizes the importance of community efforts in tackling cybersecurity challenges. Why is Australia changing its cryptography standards? Australia is proactively phasing out certain cryptographic algorithms by 2030 to mitigate the threat of future quantum computing attacks. These algorithms, currently widely used, are expected to become vulnerable as quantum computing technology advances. What are the latest concerns about SMS-based authentication? Federal agencies are warning against using SMS for two-factor authentication due to its vulnerability to interception and phishing attacks. SMS messages are unencrypted, making them susceptible to compromise. Opt for more secure alternatives, like authenticator apps or passkeys, whenever available, to enhance their online security. Are there security concerns with global telecommunications networks? The Department of Homeland Security has revealed that countries like China, Russia, Iran, and Israel are exploiting weaknesses in the SS7 protocol, which connects global telecom systems, to spy on Americans. Users are encouraged to consider using encrypted communication apps and limiting location tracking to minimize their exposure to such surveillance.
Episode 222 For our first story Bot Detection Is No Longer Working. CAPTCHAs are now a reverse IQ test—humans fail while bots ace them effortlessly.Then senators rip into the automakers: Car makers sell your data but won't let you fix your car—talk about a two-for-one insult.Fancy digital plates? Cool until someone hacks them to dodge tolls—or make you pay theirs.A GPS tracker company left customer data exposed, which is a little ironic for a business built on knowing your every move.Then a new smart assistant that won't gossip about you to the cloud. It's still got some rough edges, but we'll take rough over exposed.Apple's sending spyware victims to a nonprofit because even their genius bar needs backup sometimes.Australia's future-proofing by ditching old cryptography—quantum hackers, this puts them way ahead of the elliptic curve!From there it's another day, another healthcare hack. This time it's 5.6 million patients learning about their healthcare provider's poor data hygiene the hard way.Still using SMS for 2FA? The feds say it's a lot like locking your door but leaving the key under the mat.The US Department of Homeland Security says global spies are routinely using old and completely insecure SS7 telecom flaws. Maybe you want to rethink that unencrypted text you just sent.We filled your stockings with this weeks update, and the best part? Not a single piece of coal in sight! Let's get unwrapping! Find the full transcript to this podcast here.
Really excited about this one. We spend the entire episode talking about SS7, the fundamental network and protocol which is both at the heart of the world's telecommunications infrastructure, and crucial for governments, spy firms, and criminals to monitor people or intercept texts. In the first half we break ton what SS7 is, why it's an issue, and our nearly 10 years of experience covering it. Then, we talk about the news we revealed about a U.S. cybersecurity official breaking rank with his agency to expose SS7 attacks in the U.S. In the subscribers-only section, we talk about Axon's new ChatGPT-like tool which automatically creates narratives from police bodycam audio, and all the implications that might have. Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S. Here Is What Axon's Bodycam Report Writing AI Looks Like Subscribe at 404media.co for access to bonus content. Learn more about your ad choices. Visit megaphone.fm/adchoices
There's a whiff of Auld Lang Syne about episode 500 of the Cyberlaw Podcast, since after this it will be going on hiatus for some time and maybe forever. (Okay, there will be an interview with Dmitri Alperovich about his forthcoming book, but the news commentary is done for now.) Perhaps it's appropriate, then, for our two lead stories to revive a theme from the 90s – who's better, Microsoft or Linux? Sadly for both, the current debate is over who's worse, at least for cybersecurity. Microsoft's sins against cybersecurity are laid bare in a report of the Cyber Security Review Board, Paul Rosenzweig reports. The Board digs into the disastrous compromise of a Microsoft signing key that gave China access to US government email. The language of the report is sober, and all the more devastating because of its restraint. Microsoft seems to have entirely lost the security focus it so famously pivoted to twenty years ago. Getting it back will require a focus on security at a time when the company feels compelled to focus relentlessly on building AI into its offerings. The signs for improvement are not good. The only people who come out of the report looking good are the State Department security team, whose mad cyber skillz deserve to be celebrated – not least because they've been questioned by the rest of government for decades. With Microsoft down, you might think open source would be up. Think again, Nick Weaver tells us. The strategic vulnerability of open source, as well as its appeal, is that anyone can contribute code to a project they like. And in the case of the XZ backdoor, anybody did just that. A well-organized, well-financed, and knowledgeable group of hackers cajoled and bullied their way into a contributing role on an open source project that enabled various compression algorithms. Once in, they contributed a backdoored feature that used public key encryption to ensure access only to the authors of the feature. It was weeks from being in every Linux distro when a Microsoft employee discovered the implant. But the people who almost pulled this off seemed well-practiced and well-resourced. They've likely done this before, and will likely do it again. Leaving all open source projects facing their own strategic vulnerability. It wouldn't be the Cyberlaw Podcast without at least one Baker rant about political correctness. The much-touted bipartisan privacy bill threatening to sweep to enactment in this Congress turns out to be a disaster for anyone who opposes identity politics. To get liberals on board with a modest amount of privacy preemption, I charge, the bill would effectively overturn the Supreme Court's Harvard admissions decision and impose race, gender, and other quotas on a host of other activities that have avoided them so far. Adam Hickey and I debate the language of the bill. Why would the Republicans who control the House go along with this? I offer two reasons: first, business lobbyists want both preemption and a way to avoid charges of racial discrimination, even if it means relying on quotas; second, maybe Sen. Alan Simpson was right that the Republican Party really is the Stupid Party. Nick and I turn to a difficult AI story, about how Israel is using algorithms to identify and kill even low-level Hamas operatives in their homes. Far more than killer robots, this use of AI in war is far more likely to sweep the world. Nick is critical of Israel's approach; I am less so. But there's no doubt that the story forces a sober assessment of just how personal and how ugly war will soon be. Paul takes the next story, in which Microsoft serves up leftover “AI gonna steal yer election” tales that are not much different than all the others we've heard since 2016 (when straight social media was the villain). The bottom line: China is using AI in social media to advance its interests and probe US weaknesses, but it doesn't seem to be having much effect. Nick answers the question, “Will AI companies run out of training data?” with a clear viewpoint: “They already have.” He invokes the Hapsburgs to explain what's going wrong. We also touch on the likelihood that demand for training data will lead to copyright liability, or that hallucinations will lead to defamation liability. Color me skeptical. Paul comments on two US quasiagreements, with the UK and the EU, on AI cooperation. And Adam breaks down the FCC's burst of initiatives celebrating the arrival of a Democratic majority on the Commission for the first time since President Biden's inauguration. The commission is now ready to move out on net neutrality, on regulating cars as oddly shaped phones with benefits, and on SS7 security. Faced with a security researcher who responded to a hacking attack by taking down North Korea's internet, Adam acknowledges that maybe my advocacy of hacking back wasn't quite as crazy as he thought when he was in government. In Cyberlaw Podcast alumni news, I note that Paul Rosenzweig has been appointed an advocate at the Data Protection Review Court, where he'll be expected to channel Max Schrems. And Paul offers a summary of what has made the last 500 episodes so much fun for me, for our guests, and for our audience. Thanks to you all for the gift of your time and your tolerance!
There's a whiff of Auld Lang Syne about episode 500 of the Cyberlaw Podcast, since after this it will be going on hiatus for some time and maybe forever. (Okay, there will be an interview with Dmitri Alperovich about his forthcoming book, but the news commentary is done for now.) Perhaps it's appropriate, then, for our two lead stories to revive a theme from the 90s – who's better, Microsoft or Linux? Sadly for both, the current debate is over who's worse, at least for cybersecurity. Microsoft's sins against cybersecurity are laid bare in a report of the Cyber Security Review Board, Paul Rosenzweig reports. The Board digs into the disastrous compromise of a Microsoft signing key that gave China access to US government email. The language of the report is sober, and all the more devastating because of its restraint. Microsoft seems to have entirely lost the security focus it so famously pivoted to twenty years ago. Getting it back will require a focus on security at a time when the company feels compelled to focus relentlessly on building AI into its offerings. The signs for improvement are not good. The only people who come out of the report looking good are the State Department security team, whose mad cyber skillz deserve to be celebrated – not least because they've been questioned by the rest of government for decades. With Microsoft down, you might think open source would be up. Think again, Nick Weaver tells us. The strategic vulnerability of open source, as well as its appeal, is that anyone can contribute code to a project they like. And in the case of the XZ backdoor, anybody did just that. A well-organized, well-financed, and knowledgeable group of hackers cajoled and bullied their way into a contributing role on an open source project that enabled various compression algorithms. Once in, they contributed a backdoored feature that used public key encryption to ensure access only to the authors of the feature. It was weeks from being in every Linux distro when a Microsoft employee discovered the implant. But the people who almost pulled this off seemed well-practiced and well-resourced. They've likely done this before, and will likely do it again. Leaving all open source projects facing their own strategic vulnerability. It wouldn't be the Cyberlaw Podcast without at least one Baker rant about political correctness. The much-touted bipartisan privacy bill threatening to sweep to enactment in this Congress turns out to be a disaster for anyone who opposes identity politics. To get liberals on board with a modest amount of privacy preemption, I charge, the bill would effectively overturn the Supreme Court's Harvard admissions decision and impose race, gender, and other quotas on a host of other activities that have avoided them so far. Adam Hickey and I debate the language of the bill. Why would the Republicans who control the House go along with this? I offer two reasons: first, business lobbyists want both preemption and a way to avoid charges of racial discrimination, even if it means relying on quotas; second, maybe Sen. Alan Simpson was right that the Republican Party really is the Stupid Party. Nick and I turn to a difficult AI story, about how Israel is using algorithms to identify and kill even low-level Hamas operatives in their homes. Far more than killer robots, this use of AI in war is far more likely to sweep the world. Nick is critical of Israel's approach; I am less so. But there's no doubt that the story forces a sober assessment of just how personal and how ugly war will soon be. Paul takes the next story, in which Microsoft serves up leftover “AI gonna steal yer election” tales that are not much different than all the others we've heard since 2016 (when straight social media was the villain). The bottom line: China is using AI in social media to advance its interests and probe US weaknesses, but it doesn't seem to be having much effect. Nick answers the question, “Will AI companies run out of training data?” with a clear viewpoint: “They already have.” He invokes the Hapsburgs to explain what's going wrong. We also touch on the likelihood that demand for training data will lead to copyright liability, or that hallucinations will lead to defamation liability. Color me skeptical. Paul comments on two US quasiagreements, with the UK and the EU, on AI cooperation. And Adam breaks down the FCC's burst of initiatives celebrating the arrival of a Democratic majority on the Commission for the first time since President Biden's inauguration. The commission is now ready to move out on net neutrality, on regulating cars as oddly shaped phones with benefits, and on SS7 security. Faced with a security researcher who responded to a hacking attack by taking down North Korea's internet, Adam acknowledges that maybe my advocacy of hacking back wasn't quite as crazy as he thought when he was in government. In Cyberlaw Podcast alumni news, I note that Paul Rosenzweig has been appointed an advocate at the Data Protection Review Court, where he'll be expected to channel Max Schrems. And Paul offers a summary of what has made the last 500 episodes so much fun for me, for our guests, and for our audience. Thanks to you all for the gift of your time and your tolerance!
Episode 186 Look, up in the sky! It's a bird, it's a plane! It's... your insurance company!?!? This week we have stats and stories that will leave you gasping, and that's good because you'll have a chance to catch your breath during our spring break over the next couple weeks. We start this update up there, in the sky, and the novel new way insurance companies are finding to lower risk and increase profits. From there we move on to a US privacy bill that we never thought we would see get as far as it has, and just how many people are potentially lining up to stop it.It's not 007, but SS7 and it involves spies and use by adversaries for so long that the Federal Communications Commission is calling for accountability.There's a ransomware attack that hasn't hit healthcare but a coffee loyalty program that has raised the profile of ransomware to new heights.From a Canadian listener an update on Microsoft's Security Chickens.And finally the most amazing, incredible, unbelievable identity theft story we have ever heard.They removed the last public phone box in Metropolis in 2022, so there's no chance to change, but that's fine because by the time we get to the end of this week's update we'll only need one identity and it will be secure. Find the full transcript to this week's podcast here. --- Send in a voice message: https://podcasters.spotify.com/pod/show/rps5/message
3月29日(金)、WRC世界ラリー選手権第3戦『サファリ・ラリー・ケニア』のデイツーが行われ、TOYOTA GAZOO Racingワールドラリーチーム(TGR-WRT)のカッレ・ロバンペラ/ヨンネ・ハルットゥネン組(トヨタGRヤリス・ラリー1)が総合首位に立っている。TGR-WRTのレギュラーである日本人ラリードライバーの勝田貴元(トヨタGRヤリス・ラリー1)は、首位と1分00秒8差の総合3番手で大会二日目を終えている。 ■2024年WRC世界ラリー選手権第3戦サファリ・ラリー・ケニア SS7後暫定結果 投稿 【順位結果】2024年WRC第3戦サファリ・ラリー・ケニア SS7後 は autosport web に最初に表示されました。
In today's episode of Building Texas Business, I speak with Chuck Leblo, founder of Interact One. Chuck shares his entrepreneurial journey from working in the corporate world, where he was overwhelmed by paperwork, to starting his own business. He offers valuable lessons learned from launching a side business while employed and the critical decisions that helped him succeed. Chuck leaves us with wisdom on building effective teams and maintaining a balanced lifestyle as an entrepreneur. SHOW HIGHLIGHTS Chuck Leblo, the founder of Interact One, shares his journey from corporate America to entrepreneurship, detailing the reasons behind his transition, such as the overbearing workload in his corporate job. We highlight the importance of having a side gig while starting a business to ensure financial stability. He explains how his unique problem-solving skills were instrumental in the exponential growth of his business from a modest $14,000 to a whopping $140,000 a month. Chuck details his process of tackling a telecom company's issue of short duration calls and building a team of diverse fractionals to aid in problem-solving. He talks about the various challenges he faced as an entrepreneur, including the need to make decisions and pivot the business when necessary. We discuss the impact that COVID-19 had on his business and how he successfully managed to meet the new market needs. He emphasizes the importance of building a successful team of partners and fractionals and shares his experience in helping businesses navigate the remote working world. Chuck shares his experience of managing a large-scale door-to-door team in the deregulated electricity market in Texas and the challenges of the project. He emphasizes the importance of maintaining a healthy work-life balance, sharing his personal experience and strategies. Chuck advises entrepreneurs to treat everyone with respect, earn people's trust, and widen their network to succeed in business. LINKSShow Notes Previous Episodes About BoyarMiller GUESTS Chuck LebloAbout Chuck TRANSCRIPT (AI transcript provided as supporting material and may contain errors) Chris: In this episode you will meet Chuck Leblo, founder of Interact One. Through Interact One, chuck helps business owners solve problems and stresses the importance of building trust with clients as the foundation to successfully growing your company. All right, chuck, I want to thank you for joining me here on Building Texas Business. It's great to have you on the show. Now it's a pleasure to be here. So I know you've got a business or two you're involved with now and maybe others you've had before. But let's just kind of start by you telling the listeners kind of a little bit about yourself and the company that you've got and what it's known for. Chuck: Well, I'm pretty boring story, but so Interact One. Really, we're known for being problem solvers right, and not the type of problem solvers like I need a guy whacked right. Chris: Yeah, we have to stop the recording right now. Chuck: Right, right right, so I can say use the money, you can be my legal counsel, right. So, but now we solve problems for businesses right, and we've been doing that for about 17, 18 years now. I've always been known as a natural problem solver, from the time of a kid all the way through the military, through my corporate days and into my business. So it was a natural, natural evolution for me to just basically start a company that solves problems. Chris: All right. So I guess you mentioned a lot of, I guess, background going back from your childhood and military service. What was the real inspiration for you to kind of becoming an entrepreneur and actually starting a business? Chuck: Well, so 20 years in corporate America I was. I started out as a problem solver on an engineering basis right In telecom and then I got into the business side and I solved business problems which were more to do with like profitability right. And one day I was sitting there and I looked around my office and I just saw stacks in the business 20 years ago, right, everything wasn't digitized then. So stacks and stacks of invoices and contracts and lease cost, routing guides and all of this kind of stuff and I realized I was wasting my life away just doing that, just spending all my time. I was heavily compensated for what I did. Most people would die to have the job, but I was just like I'm not spending time with my family, I'm working 20 hours, sometimes 20 hours a day, right, and I said enough is enough. So I started my. At that point, you know, I had the funds available and I started my own company. Now, unfortunately in retrospect, I started a company doing basically exactly the same thing that I was doing for the telecom companies. I was controlling profitability for helping other telecom companies do that and then helping fortune 1000 clients and government agencies do it. So so that was like my little step in entrepreneurship, because I was really doing the same thing, but just doing it on my own. Then, about five years later six years later is when I really said no, we got to go full tilt into just solving problems. I want to solve them for all types of businesses. So really it was just sitting there looking at all the boxes and just to press the heck out of me. Chris: Yeah, the guy sounds like you're in a situation where you lost your motivation and you had to kind of look introspectively to go. How can I regain the motivation and inspiration I had about what it is I did? Chuck: Yeah. Chris: I wasn't excited about it anymore. Yeah, so. So you step out on your own, whether it was kind of that in that first venture or the five year later, let's talk about that. I mean, what were some of the, the lessons you learned that you were like, oh, I wish I to someone would have told me this. Right, it's like I gotta imagine some things kind of hit you in the face and you had to learn to adapt really quick to now you know, owning your own show. Chuck: Yeah, so the first thing I learned was when I took that first step, right where I owned the company, doing exactly what I was doing before, and what I learned was one it's feast or famine out there, right, as a consultant. It was a. It was feast or famine. The second thing I learned was it's okay to keep your toe in the corporate pond, right. So what I would do is, during those types of famine, I would go get a little gig you know, part time gig help a company out to pay the bills. One of the examples is we did an analysis for state government where we looked at five years of their telecom bills going back. We got them about five million bucks back, okay. So we renegotiated all their contracts, saved them about three million dollars a year going forward. Wow, it took us two years to do that analysis and to start getting that money back and we were paid on a contingency basis. We got a percentage of what we got them back. So two years without money. So if I hadn't known at the time that it's okay, it's okay to be, it's okay to be a part time entrepreneur, and in most cases it's better to get your side gig going before you take a full time side, before you take that side gig full time yeah. Chris: Yeah, that's interesting perspective because I don't know that. I've heard people use that term before, but I think there's some truth to it about that. Okay to be a part time entrepreneur, to kind of get your legs underneath yeah. Chuck: Now most people think that they have a side gig and then that side gig becomes their new job. I looked at it as that, that my business was my job, that I looked at the corporate America side as the side gig. Chris: Yeah, okay. So so you get you kind of learn that lesson and you move forward. What were some of the things, when you look back, that you feel like were the decisions you made that kind of set the foundation for your future success Because anything right, you can use any analogy you want, but also you got to have a strong foundation to be able to build from Anything that comes to mind that you really look back on and are kind of proud of the early decisions you made, in the way you set things up. Chuck: I think that you have to choose your clients wisely, right? There's an old saying out there that if everyone's your potential customer, no one's a customer. Right, you have to and I'm listening up, because I'm not perfect in any means. When I first started, I started going just after telecom companies, and that because that was what I knew. I'd spent 20 years in telecom and I had to learn all other aspects if I wanted to do this. So, you know, I became an expert at digital marketing. I already knew operations from telecom. I already knew finance from telecom. Right technology, of course I knew that one. I really know a whole lot about HR or legal, but what I didn't know was marketing and sales. So I had to become an expert in that Right. And that was really the catalyst is when I went from just being a just knowing, just doing telecom companies to now specializing in really all types of businesses, but only particular size businesses. So I learned that I didn't want to do business with those big fortune 1000s anymore. The big electric providers right, those were our clients. Telecom companies, those were the state agencies, government agencies and things like that. I didn't want to deal in that arena anymore because I can impact a small business much more. Right, if I save a small business you know $100,000 a year or fix a problem that solves, that's worth $100,000 or $200,000, that's much more impactful than getting a state agency back $5 million because it's not real money to them anyway. Right, it's just taxpayer money. It's not like they're going to give it back to the taxpayers. They're going to find someplace else to spend it. Chris: Right, right. Well, I think there's some truth to what you're saying is, as you're starting out with the new business, it's very important to be really laser focused about who your customer is and stay kind of within those bounds and not start to chase every little thing that may come your way because it may not fit your skill set, it may not fit your purpose and it can be distracting. Chuck: It can be distracting and it'll give you, you know, doubt as to what you're doing, whether or not you're competent, right, and that'll kill you as an entrepreneur. When you start doubting yourself and doubting your abilities than others will. Chris: So we've talked a little bit about kind of getting started as you were kind of moving through the process. You've talked about kind of focusing in, I guess after about five years on really just being a problem solver. Let's talk maybe a little more detail about what are some of the things you're talking about when you say you know we solve problems. I know they can vary, but I'm just curious about some kind of specifics, to the extent you can share some specifics on that. Chuck: Sure. First of all, I always tell people is your problem worth at least $2,000? Don't be gonna do me with a problem, right? That's not worth something. I'm not doing it for free, so let me give you an example. So about a year and a half ago I got called by a customer of mine, a roofer, and he goes hey, I've got this company that I want to outsource my back office to and I need you to vet them. So that's a problem. I said, okay, fine, let me vet them for you. So I did that and they were a good company, right. And about six months later after that, I get a call from that company and as owner of the company, and she held up a little sticky note and it said hire Chuck. And I said what's that? She goes. When we had our conversation I know that I knew that I needed a Chuck and I said, okay, so how can I help you? And she goes listen, I've been in business for almost a year now. We're an outsourced VA virtual assistance company and we're just not really making. We're not growing fast enough. We're going to get about $14,000 a month in revenue. And I said okay, and I took a look into our organization and we started making some changes and first thing we did was we rebranded her as a business process outsourcing company instead of a virtual assistance company. Then we made some operational changes with her personnel, helped her grow and hire the right people, got all of her people certified in the softwares that they were using so they could truly be viewed as an expert instead of just a virtual assistant. In less than a year they went from $14,000 a month revenue to $140,000 a month in revenue. Okay, just changes that. We did Another company, a telecom company, swiss telecom, a telecom company right, they were getting a lot of short duration calls that they were being billed for and they didn't know what the problem was. So we've got a problem. So we did an analysis of tens of millions of TCAP messages which are getting technical here in SS7. It's like a phone record, but it's the digital version of it, right and we found that what was happening was, down the line, one of the providers that they were connecting to, because, remember, you go through several switches. You call them the US, it might go here. Anyway, one of those switches was given back what's called false answer supervision, before the call was ever answered. So that's why they're having short duration calls. People would call, it would ring nine, 10 times, no one would answer and they'd hang up but it was showing it's answered. So we fixed that problem. So really, it's any type of problem. It's like I want to open a new location, okay, so one of the things that we do in our LinkedIn reach out, that we do how we find clients is we just ask people what their problem is and we tell them everyone. We tell them how we would solve the problem. One is what's the true problem and what's the real problem? Because a true problem or their problem might be I need more revenue. Okay, so what's the real problem? Or is the real problem you need more revenue because your costs are too high, because if your costs are too high and we bring in more revenue, we put you out of business because you're selling low cost, right? Is it because you're marketing? Is it because you just don't have the right staff in place? So we do that analysis and take them through that and either fix it for them and hand it back to them or, once it's corrected, we can monitor on an ongoing basis. Chris: So when you do these projects, you assume you're not just a one man show. You've got a team working with you, and how have you gone about, I guess, building that team around you to make sure you have the right people? Chuck: So what I? Did is listen. So experience is important, diversity is important right, and diversity from the sense of people with different backgrounds are going to have different ways that they interpret a problem and the corrective action that they would find for that right. So although I'm the chief strategist for the company, I don't really go by the title CEO, but I'm CEO and chief strategist. I'm more of a strategy kind of guy, so I do handle a lot of the problems. Chris: When you know, name of the companies interact one. Chuck: You're going to interact with me, right? In most cases, but what we did is we wanted to find people like me, because I don't know everything that lets surround yourself with people smarter than you, right? So we go out and we find fractional people just like me, right? Possibly someone that's got a full-time job, they are a CEO of a company or they're an entrepreneur that own their own company or they're an accountant, right? So we have a lot of people that are working with us for finance issues, it professionals, right, and we've built a network of these people to where we hold all of their information so that when a problem comes in, we have three or four or five in some cases, 10 people that we can send that problem to and see what their thoughts are on it and then engage that person the one that we want to engage with to help us solve that. And then we do the program management or the program project management of that and we have a lot of employees, but we have a lot of fractionals working for us. Chris: Okay, that's an interesting model. I mean it makes sense, given what you're doing, and then you can kind of pick the right person for the issue at hand, Absolutely. So we were talking a little bit earlier and I know you know we talked about challenges you faced and being an entrepreneur and I just want you know, maybe share, some of the challenges you've gone through and how that's impacted the business or changed what you've done. From you know, from a, I guess, a business strategy. Chuck: Well, I mean, if you're in business, you're always going to have challenges, right. So you know, starting from the very beginning, just being able to redirect yourself. You know don't beat a dead horse, redirect, you know, make a decision one way or the other lead, follow. Get out of the way all those little sayings they say is you know, do that? Make decisions. Some of the you know. The first one was switching from being just strictly telecom to really handling smaller businesses. That was one. Then we diversified into where we had our own public relations firm because a lot of companies, what they were, what we found is a lot of companies have an issue with actually people knowing who they were right. So we created that company and being able to to in the economy, be able to utilize, you know, both companies right. Listen when very small businesses, they can't afford a lot sometimes but they can afford a little bit and that's like the PR company. One of the challenges that we had with that diversification is when COVID hit. Right, we were leading up into COVID. We were spending probably 90% well, 70% of our business was from a revenue perspective, was coming from the PR firm and these are small clients paying $395, $500 a month, right, for our PR services. And the Interact One, the more consulting, the high dollar ones, was really just me at that time, okay, and when COVID hit, basically all those customers call me hey, we don't know what's going on. We've got to stop and we've let everyone out of their contracts, for sure, but we lost about 90% of that business, and at the time I really didn't know what I was. Yeah, it was a very big hit and they really know what to do. But then I started thinking well, people really have problems now. Right, they've got problems that need solved. A lot of problems were, you know, during COVID is. You know, how do we maintain a remote workforce? How do we keep our store open but just have deliveries? How do we keep our employees engaged out? You know, how do we give our customers engaged? How do we transfer our shop from totally brick and mortar to an online right? So it was a godsend for me as far as building back up or getting more involved in the Interact One business. But because if I didn't have that, I don't know where I'd be today. I'd probably be dipping my toe back in the corporate pond again, right, right, but you've got to be able to. Chris: Yeah, the ability to, I guess you know, kind of pivot when necessary and kind of keep going is critical, yeah, For an entrepreneur especially small business owner Yep. What other? I guess, excuse me, what other advice when you think about how you interact with your? You know your partners, your kind of your, these, maybe these what I would call maybe alliances you have with other fractionals. But maybe there are other type of partners you used to keep your business successful, whether that's you know banking relationships, you know accounting, legal. What are some advice you have on that, on you know best practices to make sure you kind of surround yourself with that kind of strong team that you need to kind of have a stable business. Chuck: Yeah. So, listen, a lot of small businesses out there, right, they try to do it all themselves, right and don't. Right, there are professionals out there that can help you and even if you want to build everything in house, you know, make sure that you know, like you said, have a strong relationship with a banker, a financial person, you know, some sort of business coach maybe to help you do things. What I do is I just try to treat everyone with respect and, as a consultant, sometimes we especially when we're solving problems, right, I can't, someone can't say something to me and me go well, crap, how stupid are you? Right, you got to treat that business owner with respect and sometimes, if they're making boneheaded decisions, there's a little bit of dance involved in it. Right, so be respectful and earn people's trust and with, whether it's your business partners like me, you know all the other C level professionals that I work with, right, because most of the people that we bring on as our partner or our hybrid or partner or fractional whatever you want to call it consultants that we lean on in areas that we don't have the expertise, they're all C level, okay, so you've got to be respectful of them and trust their decision. Now we have a leave at them. First, right, trust just isn't given. But you know, be respectful and widen your network. Right, you're only as good as the people that you're surrounded by. Chris: Yeah, no, that's for sure. And they're a reflection of you, right? If you're bringing them in, whether that's an employee and you're putting them on a project or a consultant, and you're bringing them in, whoever that client is sees them as a reflection of you. So it's important to make sure they align, you know, with your fundamental values, absolutely, absolutely so in what I think you referred to this a minute ago, when you're talking about certain problems, you've been helping people solve anything you've seen in the last couple of years where you've been involved and maybe in certain projects and develop some. I don't know if there are best practices, but I'm thinking about work, the work remote world we're in and helping companies kind of navigate to a place that can work for the business, to remain profitable but also allow for some of that flexibility. Anything you can share on that regard. Trust Right. Chuck: So one of the biggest problems Just in case. Chris: I didn't hear that clearly. I want to make sure the audio is clear. You said trust. Chuck: That's what I'm talking about Trust, right, that's my text is coming out Trust. So what happens? And it's instilled a sin from the very beginning? Oh, 40 hours a week, and this is your rate, right? And how do I know that my people are working if they're not here? And I can see what's going on behind the desk? And my answer to them is the work being done. Right, is the work being done? And you, as a manager this is what I tell the business owner you, as a manager, need to make sure that you're giving them the work that can be done in the time period that you want it done in, right? You know, if you give someone three things to do and they can do it in four hours instead of eight hours, well, those are the things you needed them to do and they did it. So why shouldn't they get paid what you would have paid them, which was eight hours, okay, but then again, if you don't have your finger on it to where you know how long it takes them to do something, then that's on you, that's not on them. And if you give them too much and they're not getting it all done, then that's when you've got to start looking into it. Am I giving them too much Right. Chris: So the main thing with work remote. Chuck: That I tell, like I said I tell people is trust your people Trust, trust yourself that you made the right decision when you hired them, right, or it's your fault anyway, and then trust the fact that they're working. I've seen businesses that are like well, they've got to log into this system and stay logged in. Okay, well, they could be logging in while they're taking a nap. That doesn't mean that they're doing the work. Well, you know, we make them have a zoom open so that at any time we can look and see if they're working. I said you know I would quit. I don't, I'm going to do the work, but if you're insisting on having a camera on me making sure that I'm doing work all the time, then it's not a right fit. Right, there has to be trust. Chris: Yeah, you're right. I mean I think you know, in addition to trust, I think what I've seen and I think you're saying this as well is you got to communicate clearly what the expectations are Right. So when you talk about these assignments, I mean you know not only is the word getting done, is it getting done timely and efficiently and correctly Right, and if so, then you know you're on to something. And if not, then you got to correct that from a work performance standpoint and be able to say look, this is what the assignment was, this is what the deadline was, and if it didn't meet the standards, be able to explain why. And then figure out what's the right corrective action from there. Chuck: Yeah, expectations are everything and then being able to you know, another thing you do is get buy in from that remote worker you know how, what can you do, how much can you do it? You know, it's like my telecom days, the old telecom days. You had what was called an occupancy rate, so you had a call center where people are answering the call and then, oh, I want 100% occupancy, which that meant that 100% of the time that people were on the phone. And it's not possible, right, even the best call centers run at 60 to 65% occupancy, right, and you got to realize the way your people are too. If you're paying them for eight hours, you know what you'll be good, you're doing really good if you're getting six hours of real work out of them. Because you got to stop and think sometimes, as, as American culture, we really, I guess we really think that our employee employees owe us when really we owe them. Chris: Yeah, that's a good point. So let's talk a little bit just about you know, maybe on your personal leadership style. How would you describe your leadership style? And first there, and then you know how do you work with some of your clients. Maybe help them with their leadership style when those opportunities present themselves. Chuck: Well, I think that in the business that I'm in, I have to be collaborative, right, you can't make all the decisions and do everything yourself, and really that's what business owners have to do all the time telling them that you're, you know, you're micromanaging your people, you know. Give them some room to breathe, let them have some creativity, let them help make decisions. Don't just tell them what to do, ask them what needs to be done, and that's kind of my leadership style, right. But then I always go back to problem solving. So I want to know what the real problem is, what, not just the problem, the problem, you think the perceived problem, but what is the real problem and how can we correct this with any decision that's made? Chris: Yeah, so kind of we talked a little bit about this maybe. But I want to ask you a maybe different way when you think about yourself and your career, any kind of setbacks that you've encountered, that you look back and go man, that was a tough time, or I made a boneheaded decision or whatever, but what I learned from it benefited me so much that I can look back and be grateful for that experience. Anything come to mind for there that you can share? Chuck: Yeah, Back when I kind of first started the Interact One on the marketing side, when I was learning marketing, I had a company come to me and it was like we want you to help us acquire more customers. You remember back when deregulation happened on electricity in Texas. Chris:So we started working. Chuck: The problem and the problem that we gave them was you need to have a door-to-door team that needs to be trained this way and done this way and do all this kind of stuff. And they said, okay, great, do it for us. And 286 people later right, five locations across the state of Texas, a lot of money, Thank you, but it wasn't worth it and it almost made me to where I didn't want to even continue. Right, it was so stressful having that many people that are working on a commission-only basis right, Selling electricity, training them, looking at Perf and all of that kind of stuff. So it was very profitable and it's one of the things that, if I had my if I go back in time, that's maybe one thing that I would have changed is I wouldn't have went down that path that took so much energy and took three years of my life to do that. I could have done much greater things. Chris: I believe, interesting. So that kind of segues well into the next question I want to ask you and that is how do you go about maintaining you know there's all the. You know the typical word is work-life balance, and I'm kind of a believer and I had some other guests on the podcast and I agree with this is more about work-life integration than how do you manage both, because you have work and you have your personal life and how do you integrate those so you can show up effectively in both? What are some of the things that you do to try to make that happen in your life? Chuck: I take naps. Chris: I love it. Chuck: I'm a big proponent of taking naps, but really OK. So I've got, maybe, a different viewpoint, because I did the corporate America gig for 20 years and I had my business, grew it very big, then pulled it back small again and I work because I want to work. There is no work-life balance. I have life and I work when I want to work. And if I want to work five hours this week, that's what I work this week. If I want to take a week off, I take a week, and I know it's different for a lot of entrepreneurs, you know. But I'm entering the, the, the twilight state. I don't look at that. I'm pretty dang old, right, and I think that for the younger people starting out, or you know, mid-mid-age, right it's important, right? Don't do what I did in the first 20 years of my career, where all I did was work and I saw my kids on weekends, which initially eventually led to a divorce, which meant that I only saw them every other weekend, right? Yeah, 14 years ago I started over again. Wonderful woman, she keeps me grounded and she is my life, makes me want to be a better man, and we started a new family, so that helps out too. So I've got an eight year old son now, right, and I've got an eight year old granddaughter and I've got an eight year old grandson right. Oh, wow, yeah. So it gives you the. It's allowing me to have a second chance with that and I'm not going to fail it. So, yeah, I don't necessarily know how you do it, whether it's working out or yoga. This is the one of the one of the people in the podcast. They were doing yoga and all this kind of stuff. I know that you have to have something that stimulates your brain at all points in time. I've got an eight year old that does that I've got. You've got to have something that exercises your body. I've got an eight year old that does that. I help coaches lacrosse team and the day after practices I can barely walk. So I don't know if I have a great answer for it. I know it's important, but I'm not there anymore. I just I work because I want to work. Chris: Yeah, no, I work great hours. I think what I love there. Everyone has a little different take on it because, look, everyone's situation is different and so you've got to get to figure out what works in your ecosystem and your environment, and that includes, right, the family and the business and the career and all those things, and those things can change over time. Chuck: There's another camp. Chris: All right. So yeah, I appreciate all this has been really good stuff. I'm going to turn it a little bit to the lighter side and ask you what was your first job? Like real job or entrepreneurial job? No, that real job, I mean I don't know, like in junior high you had to pay for route, or yeah. No, I didn't, I didn't do the paper route. Chuck: So my for my, as I was raised by a single mom, right, we didn't have anything. She was a waitress. So I went into the family business and I bust tables and lost dishes at a restaurant. Chris: That will humble you really quick right, make you hungry, and not just hungry to say I want something different. Chuck: Yeah, I know that I want. I always knew that I wanted to have something more than what I had growing up. Chris: I know you said you listened to some of the prior podcast episodes, so I know you're ready for this one Tex-Mex or barbecue. Chuck: Well, it depends where right Sure, you know. So I do my own barbecue. Okay, so if I'm eating out someplace, I don't necessarily do Tex-Mex very well, except for guacamole I'm a great guacamole. But so I would say, if I'm eating out, it's a text. I eat more Tex-Mex than barbecue, but I enjoy barbecue. Chris: Ma'am, I may have to see if you can ship me some of yours and I bet it's pretty good. Yeah, I make some pretty good barbecue. I love. The honest answer there was. It depends where, because so many of us have. Well, if it's, you know, if it's this that I'm hungry for, then it might be this barbecue joint or this different Tex-Mex place. So I have to share. I just saw and I share with my girls, you know the L L L L Roya in Austin in their signs. There, there was, I saw a picture of this. One says Texan a person who chooses a restaurant based on their chips and salsa. Chuck: You know that's very true, Isn't that true? Chris: What we need is a. Chuck: Tex-Mex barbecue. Chris: Yeah, but we have some of that here in Houston. We have some places that are using like brisket in their tacos and things, so it is. Chuck: They have Korean barbecue. Right, they have Korean barbecue, so why not? You know Tex-Mex barbecue and you know have more. Of. You know the beans would be more of the barbecue style beans with some jalapenos in there. So I put jalapenos in everything. So everything is Tex-Mex. Chris: I like it. Well, you and I may have to get offline and we may come up with a new restaurant concept here. Chuck: Yeah, so okay, last question. This one's out of the menu, yeah. Chris: Everything's out of the menu. Yes. Last question is, if you could take a 30-day sabbatical or you just get away, where would you go and what would you do? Chuck: Well. So sabbatical means something different, right, and getting yourself in a different thing. So I like, at least twice a year, we go to the Smoky Mountains, which is my, that's my spot, right. When I first went to the Smoky Mountains, I was like this is where I belong, right. But a sabbatical might be a little bit different, and I think it would be really cool to go over to Africa and do a photo safari. I don't want to shoot the animals anymore. I did that growing up. I don't need to do it anymore, but to get them on camera and to live in the camps and stuff like that would just be. That'd be something to be really cool, yeah. Chris: It's a bucket list item for sure. Yeah, that's great. Chuck: Well, Chuck, I want to thank you again for taking the time. Chris: come on the show and share your story. I love hearing kind of the career you've had and the way you evolved and I love this the way you're helping companies solve big problems, so really appreciate it. Chuck: Well, I appreciate you having me. It was fun. Chris: All right, we're going to stop the recording there. Let me see if I can actually do that. Hmm, no, here we go. I'm not the host, it won't love me, but they know where we stopped, so hey. I was talking, I talk enough. No, you did great. Look, we, you know I was watching our timer. Yeah, we were. We probably stopped the recording in minute 3435 and 30 to 40 minutes is our goal, so we were right in the sweet spot. And yeah, and it always goes so fast because you're just having a conversation and I think everyone gets amazed that I can't believe it went that well. We were actually talking for that long, but yeah. Chuck: In my business I don't talk, I listen. So it's hard for me to fathom that I'm. You know, when I listen like when I do a conference call with a client I one of the people you had said they use order. We use order also and it shows you the stats on how long each person talked and I always make sure and always tell the other people that make sure that the client's talking more. Chris: Yeah, what you're talking, you know. Chuck: you look at the the the recap and it says Chuck talked for 36 out of 60 minutes. Well, that's too much, Right? Chuck needs to talk for eight minutes out of an hour and let the customer talk. Chris: That's good, that was good. Chuck: I look forward to seeing the seeing the episode. Chris: Absolutely, we'll be back in touch. I don't know. So, josie, with my team and Mackenzie they're my marketing kind of folks and I can't remember the name I know you kind of came through, a group that was, you know, helps you book these things, yeah, thanks. We want a headshot, kind of thing and all that. Chuck: They're having great the ride up on me. All that kind of stuff yeah. Chris: Well then, what we'll do? We'll give you a little. Obviously, there'll be some advanced warning once we get it all packaged up and we have a date certain that we're going to release it, and we'll get it all to you and your people, and then it'll be, it'll hit the presses. Chuck: So also, and the next time I'm in Houston I'll look you guys up and we do lunch or something. Chris: Please do. I would love that Love to go grab some barbecue. Yeah, thank you All right man, I talk to you later. Enjoy the rest of your day. Bye, bye. Special Guest: Chuck Leblo.
Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel's SS7 access Much, much more! This week's show is brought to you by Gigamon. Mark Jow, Gigamon's EMEA Technical Director is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers' networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World's Top Cybercrime Gangs | WIRED
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Why everyone should pay attention to some recent attacks on Okta customers Why third party comms apps are risky af Why are Russian espionage opps using Tor for C2? Surveillance firms abuse Fiji Telco Digicel's SS7 access Much, much more! This week's show is brought to you by Gigamon. Mark Jow, Gigamon's EMEA Technical Director is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Cross-Tenant Impersonation: Prevention and Detection | Okta Security BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps NCSC-MAR-Infamous-Chisel.pdf Ukraine says an energy facility disrupted a Fancy Bear intrusion Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News CISA, MITRE shore up operational tech networks with adversary emulation platform LogicMonitor customers hit by hackers, because of default passwords | TechCrunch Barracuda thought it drove 0-day hackers out of customers' networks. It was wrong. | Ars Technica Why is .US Being Used to Phish So Many of Us? – Krebs on Security UK cyber agency announces Ollie Whitehouse as its first ever CTO Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p ONLINE-SCAM-OPERATIONS-2582023.pdf Unmasking Trickbot, One of the World's Top Cybercrime Gangs | WIRED
1 Little Booker T Delvon Lamarr Organ Trio 04:19 Close but No Cigar 2 i'll keep my light in my window Free Life 04:03 Free Life 3 08 Love Train Holmes Bros 04:43 Speaking In Tongues 4 That Lucky Old Sun SOLOMON BURKE 03:00 Proud Mary 5 We Got Something Good Irma Thomas 02:36 Chess Soul Sisters 6 Too Busy Thinking About My Baby Jimmy Ruffin 02:46 The Ultimate Motown Collection 7 Chokin' Kind Sandra Feva 03:23 Mo' Southern Soul, Vol. 1: Love Doctor 8 I'm The Midnight Special Clarence Carter 02:38 Sixty Minutes With Clarence Carter 9 Bip Bam Thank You Mam Ann Peebles 03:13 St. Louis Woman/Memphis Soul Disc 2 10 Can't Break Away Sam Baker 02:18 Single ref SS7-2613 11 Checking In Kat Eaton 03:32 12 America G.E. Smith & LeRoy Bell 04:07 13 Street Life Black Roots 03:33 Ghetto Feel 14 Heart of Gold (feat. Menahan Street Band) Charles Bradley 03:04 Black Velvet 15 Wake Up Macy Gray 03:53 Covered 16 People Never Give Up Curtis Mayfield 05:51 Something To Believe In 17 Religion (Live) PJ Morton feat. Lecrae 05:10 Gumbo Unplugged (Live) 18 Angola Louisiana Gil Scott-Heron & Brian Jackson 05:35 Secrets 19 18 For 20 Year Black Merda 05:11 Force Of Nature 20 Many Rivers To Cross The Brand New Heavies 03:33 All About The Funk 21 Fighting Against Conviction Bunny Wailer 05:11 Blackheart Man (2002 Remaster) 22 No More Talking (Feat Korbo) Professor Wouassa 09:34 Dangerous Koko! 23 Club Funkateers (feat. Branford Marsalis, Danielle René Withers & Victor Wooten) Bootsy Collins 03:35 The Power of the One 24 Hollywood Swinging Brian Culbertson 04:10 Bringing Back The Funk 25 03 - Shake Your Thang EU 04:02 26 Sex Machine Fred Wesley 03:54 Let It Flow 27 Reprise Tonight (Original Mix) FSQ Denise KING 04:21 Reprise Tonight 28 01 Don't Give A Damn (feat John McCallum) Haggis Horns 03:45 Stand Up For Love 29 Give It Up Or Turnit A Loose James Brown 05:15 Funk Power, A Brand New Thang 30 One Woman Man (feat. David Hidalgo/Aaron Frazer) Adrian Quesada 04:11 Look At My Soul The Latin Shade Of Texas Soul
Cellusys currently has over 1 billion subscribers worldwide – and growing fast. Brendan Cleary, CEO for Cellusys speaks with Don Witt of The Channel Daily News, a TR publication about their technology and their solutions. He explains how they monitor the DNA of the data traffic identifying nefarious activity and notifying organizations so something can be done about it. Brendan Cleary Many carriers are currently behind the security personnel hiring 8 ball. There are not enough telephony security personnel available. Those that are available are not familiar with many of the protocols like SS7. This makes the Cellusys services that much more important to their carrier customers. Cellusys has the talent and the staff to support their growing customer base. If you want to hear about how roaming is supported moving into and out of a network, you will hear some interesting facts. This now also applies to IoT device roaming. Cellusys delivers innovative elegant solutions for mobile operators. They design and deliver solutions that give operators clear insights and comprehensive control over their signaling, with a focus on security, roaming, SMS monetization and analytical applications. Cellusys has continually broken new ground since their inception in 2005, when they brought together a team with a depth of expertise in signaling, technology, and IP not seen elsewhere. They are not held back with preconceived notions of how things should or shouldn't be done. With this, plus their creativity, and huge input from customers, they will remain leaders in innovation, and the commercial and common-sense choice for mobile network operators. For more information, go to: https://www.cellusys.com/
Log4Shell - Eka mä olin et... https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/...mut sit mä olinki et https://news.sophos.com/en-us/2022/01/24/log4shell-no-mass-abuse-but-no-respite-what-happened/Kuinka SS7-hyökkäys toimii? https://www.firstpoint-mg.com/blog/ss7-attack-guide/Piilokarhun jäljillä https://blog.adaptivemobile.com/the-hunt-for-hiddenartAirTagien turvallisuus puhuttaa taas https://www.nytimes.com/2022/02/10/business/apple-airtags-safety.htmlNöftä. Tiedoke. Ei. https://twitter.com/kotus_tiedotus/status/1489164743478763524?s=21
Dinis Guarda citiesabc openbusinesscouncil Thought Leadership Interviews
Dror Fixler is the Director of the Institute of Nanotechnology, Bar-Ilan University and CEO FirstPoint Mobile Guard, a company that develops best in class #cybersecurity solutions or cellular devices, for security minded companies and individuals. Dror Fixler is the guest in this Dinis Guarda citiesabc openbusinesscouncil YouTube Series.Dror Fixler Interview Focus1. You have an amazing academic and entrepreneur background. Can you tell us about that and how you have been managing that?2. Career highlights.3. Can you tell us about your background as an academic, hacker and serial entrepreneur. What have you learned from your experience in these areas?4. Can you tell us about FirstPoint Mobile Guard Ltd. company / companies, organisations and focus? Your company protects people, IPs and devices from cellular threats. This is the biggest challenge for our world economic digital flows. Can you elaborate on this?5. Sensors and the Internet of Things networks are affected by Fake Cell Towers, Man in the Middle Attacks, SS7 & Diameter Loopholes, Denial-of-Service, DDoS, Data Leaks, Malicious SMS, SMS Phishing & Hijacking, Malware Injections, Location Tracking, Stingray Attacks. Can you elaborate on this?6. Your company is part of the World Bank Group, and you are part of the 3GPP and GSMA 5G Security committee. Can you tell us about how these organisations are tackling this?7. The Darker Side of 5G Mobile Networks and Why Enterprises Need to Up their Mobile Security. Can you elaborate on this?8. With AI, nanotechnology and biology biohacking increasing power and other disruption tech, how do you see the main trends in tech and society?9. What are your views on our society, technology and digital transformations when it comes to education and special cybersecurity?Dror Fixler BiographyProf. Dror Fixler is an established entrepreneur with decades of hands-on experience in the telecommunications industry. He previously founded a pay by mobile startup, Raging Mobile (acquired), served as CTO Monitel A.N. Technologies Ltd., (telecom probing services), R&D and management positions at ECItelesystems and Septier, part a founding member of the Israeli HLS forces SIGINT group.Prof Fixler Is a member of the 3GPP Partnership Project, European Telecommunications Standards Institute (ETSI) and GSMA 5G committees. He has led development of various telecommunication system and projects for many communication provider's including: Fraud management systems, SS#7 network management and monitoring system, callback blockingsystem, billing verification and inter exchange billing system. He has also built a GSMA-interface stack, for monitoring and intrusive systems.He has been awarded top industry accolades; he received President International Fellowship Initiative Award of the Chinese Academy of Sciences in 2017. He was honored with the European Science Foundation's Plasmon-Bionanoscience Award in 2015. In addition, he received an award from the Wolf Foundation to promote science and art for the benefit ofmankind.Prof Fixler holds 13 patents, had published over 85 scientific publications and has organized 12 conferences. He is currently Head of the Bar Ilan Institute of Nanotechnology and Advanced Materials and a Professor of Electrical Engineering.About Dinis Guarda profile and Channelshttps://www.openbusinesscouncil.orghttps://www.dinisguarda.com/https://www.intelligenthq.comhttps://www.hedgethink.com/https://www.citiesabc.com/
SS7 signalling protocol has been around since 1975, and it is archaic to say the least. Remarkably, we are still dependant on SS7 as a protocol for SMS. Dr David Day and Kieran Twidale-Smith explores the issues relating to SMS
JS and Lance discover the inner working of the SS7 protocol used in networks by phone carriers, how it’s being abused, and why it’s something we should probably be more concerned about. Show notes: https://www.randomlytyped.com/30
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Adobe Magento Patches https://helpx.adobe.com/security/products/magento/apsb20-59.html Attacks against SS7 https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991 https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Out of Band MSFT Patches https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023 Adobe Magento Patches https://helpx.adobe.com/security/products/magento/apsb20-59.html Attacks against SS7 https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991 https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 230. It is Tuesday October 20th 2020. I am your host Scott Gombar and QAnon/8Chan sites were taken down, temporarily This podcast is brought to you by Nwaj Tech, a Client Focused and Security Minded IT Consultant based in Central Connecticut. You can visit us at nwajtech.com Cyber Security Awareness Tip 20 Avoid Connecting to Unsecured Wireless Networks Microsoft Exchange, Outlook Under Siege By APTs Fooling self-driving cars by displaying virtual objects Coinbase phishing hijacks Microsoft 365 accounts via OAuth app US Treasury hits bitcoin mixer with $60 million penalty FBI warns of newly registered domains spoofing US Census Bureau Hackers hijack Telegram, email accounts in SS7 mobile attack QAnon/8Chan Sites Briefly Knocked Offline
சிறுகதையின் பெயர்: என் பெயர் ஆண்டாள் புத்தகம் : சுஜாதா சிறுகதைகள் ஆசிரியர் : எழுத்தாளர் சுஜாதா வாசித்தவர்: உஷாராணி ராம்குமார் (Ss7) இந்த சிறுகதை, பேசும் புத்தகம் வாசிப்பு போட்டிக்காக அனுப்பப்பட்டது. மறக்காமல் தங்கள் கருதுக்களை பகிர்ந்திடுங்கள்.
Michael Downs, Director of Telecoms Security, speaks with Don Witt of the Channel Daily News, a TR publication about the transition away from Huawei. Listen is as Michael answers the following questions and more: How do you see the UK’s ban on Huawei equipment affecting the telecoms industry? Some may think this decision can be solved by simply swapping out for an alternative vendor, but you don’t believe it will be that easy. Why, and what all do you see it entailing? What does this mean for the 5G testing that has already been performed, and will that process need to be started over again? Approximately how long could that take? How do you see it affecting UK’s 5G infrastructure in the long term? And could it also have an effect on older mobile networks? Michael Downs Positive Technologies (https://positive-tech.com/) is a global cybersecurity company that has pioneered research into telecoms security, discovering over 50 methods for exploiting telecoms vulnerabilities and dozens of zero-day flaws in telecoms systems. Through its work simulating the actions of would-be attackers to help network operators protect their subscribers and services, it was the first to discover security issues associated with communications protocol, Signaling Systems 7 (SS7), which can be exploited to remotely intercept phone calls and bypass 2-factor authentication for access to social media profiles. The company's testing has repeatedly shown that exploits—including signaling fraud attacks, customer data theft, and SMS interception—are still possible on all tested networks despite advances in LTE and 5G. Operators working with Positive Technologies include O2, Telecom Italia Sparkle, VimpelCom (VEON), Ooredoo, Etisalat, Sky Mobile, SK Telecom, Wind Tre, Tele2, Telcel, Turkcell. Its flagship Telecom Cybersecurity Suite enables network. For more information, go to: https://positive-tech.com/
Martin – Ellen Cooper – 2020 Black Lives Matter – Ronnie Williams & The Masters Of Song – 2020 More Faith Is What It Takes – Charles May & Annette May Thomas – Songs Our Father Used To Sing – Gospel Truth Reissue – 1973 U Bring Me Joy – Oli Silk feat Elle Cato – 6 – 2020 In The Groove (Nigel Lowis Mix) – Reggie Myrix feat Hill St Soul – IZIPHO Soul 45 – 2020 I’m Useless – Charles Smith – SS7 45 1972 Digital – 2020 Why Cant We Be Together – Gerald McClendon – Can’t Nobody Stop Me Now – 2020 Love Is Rising – Cheri Maree – 2020 True Love (Part 1) – New Horizon – Adena 45 1977 Digital – 2020 All We Need Is Love – Brian Owens & The Royal Five – Love Came Down – 2020 Something's Different This Time – Alvin Garrett – 2020 Make Me Think You Love Me (Previously Unreleased) – The Masqueraders – Forthcoming Soul4Real 45 – 2020 Amazing – Billy Bruner – Billy Bruner – 2020 Tell Your Boyfriend – Al Wordlaw feat Rushing – Forthcoming IZIPHO Soul 45 – 2020 Love Came Down - Brian Owens & The Royal Five – Love Came Down – 2020 Keep My Baby Warm - Charles May & Annette May Thomas – Songs Our Father Used To Sing – Gospel Truth Reissue – 1973 Feels Good – Ronlyn & The Concert Supremes – Never Alone EP – 2020 Look To The Hills – Rev Luther Barnes & The Restoration Worship Center Choir – Look To The Hills – 2020 Good To Know – Justifyed - Justifyed – 2020 Tonight – Eugene Cole – 2020 Happy Wife – Alyson Williams – 2020 Exercise My Love – Ripple 2.0 feat Doc Samuels – Forthcoming IZIPHO 45 – 2020 Love In Your Eyes – Raymond Barton feat Yaya Diamond – Forthcoming – 2020 Heartbreak, Sorrow & Pain – James King – Pyramid 12” - 1985 Where Do We Go From Here - Gerald McClendon – Can’t Nobody Stop Me Now – 2020 No One Will Ever know – Authentics feat Ronnie Walker – MD Records 45 - 2020 I Want To Be In Love – Al Wordlaw feat Rushing – Forthcoming IZIPHO Soul 45 – 2020 Testing Time (Previously Unreleased) – James Black Revolution – Forthcoming Super Disco Edits 2020
Guardate che gli SMS sono brutti e cattivi... cioè insomma eccohttps://bit.ly/2RnLlil Fonti: Intercettare telefonate con SS7, ecco come funziona - IlSoftware.ithttps://www.ilsoftware.it/articoli.asp?tag=Intercettare-telefonate-con-SS7-ecco-come-funziona_13753 Come spiare cellulare con la vulnerabilità del SS7 - FASTWEBhttps://www.fastweb.it/internet/come-spiare-cellulare-con-la-vulnerabilita-del-ss7/ INSTAGRAM https://www.instagram.com/br1.brown/ TELEGRAM https://t.me/br1brownOfficial
Jimmy Jones, Telecoms Cybersecurity Expert at Positive Technologies, discusses the security issues of 5G with Don Witt form The Channel Daily News, a TR publication. Jimmy’s first comment summarizes the advancements of 5G being a transition from human to human communication to primarily a machine to machine era. With that, there has been an abundance of new signaling protocols like HTTP2 and JSON to support the evolving technology. APIs have enhanced extensions to support the IoT devisces which need to be secured. While accelerating the 5G transition, it is also increaseing the security risk. Bridging or gatewaying to other networks becomes more complex to maintain low security risk. Jimmy Jones Listen in as Jimmy discusses the extensive research Positive Technologies has done and find out what the analysis into 5G vulnerabilities has revealed. Positive Technologies is a global cybersecurity company. Its flagship Telecom Cybersecurity Suite enables network operators to drive business performance while protecting their subscribers and services. By providing greater visibility into infrastructure vulnerabilities and securing customer services, Positive Technologies helps to strengthen loyalty, drive revenue with value-added security offerings, and protect emerging telecom technologies such as 5G and the IoT. PT Telecom Attack Discovery (PT TAD) next generation signaling firewall empowers mobile network carriers to secure networks that use Signaling System 7 and Diameter protocols, protect subscribers and safeguard assets from hacker attacks. Criminals in the wild are already performing denial of service, intercepting calls and text messages, tracking subscriber locations, committing fraud, and stealing cellular operator data. PT TAD enables carriers to earn customer trust and guarantee compliance with GDPR, GSMA, and other recommendations for Diameter and SS7 protection. For more information, go to: https://positive-tech.com/
Nate Jones and I dig deep into Twitter's decision to delete Rudy Giuliani's tweet (quoting Charlie Kirk of Turning Point) to the effect that hydroxychloroquine had been shown to be 100% effective against the coronavirus and that Gov. Whitmer (D-MI) had threatened doctors prescribing it out of anti-Trump animus. Twitter claimed that it was deleting tweets that “go directly against guidance from authoritative sources” and separately implied that the tweet was an improper attack on Gov. Whitmer. So where did Twitter find the “authoritative guidance” that Giuliani was supposed to be “going directly against”? Of course, Twitter isn't explaining itself, which raises questions about the basis for its action. (I offered two of its representatives a chance to come on the podcast to offer a defense; they didn't respond.) In short, all the people who've been telling us our freedoms are at risk as a result of the health emergency might be right, but the source of the danger isn't government. It's Silicon Valley. Nate thinks (probably correctly) that Kirk and Giuliani were wrong about the “100% effective” claim, and that people like them and the president are going to get people to take dangerous drugs without medical advice if they aren't policed. It's a spirited exchange. In contrast, Paul Rosenzweig and I find a fair amount of common ground outside this week's media consensus that Zoom is either evil or stupid, maybe both, for its handling of privacy and security of users. No doubt there are a staggering number of privacy and security holes in the product, and the company will get sued for several of them. But we suspect that many of the problems would have been exposed and fixed over the course of the three years it would have taken Zoom to reach the levels of use it's instead reached in three weeks. One error, exposing LinkedIn data to unrelated users with the same Internet domain, seems to have hit Dutch users especially hard. The DOJ inspector general has found widespread gaps in the FBI's compliance with its now-famous Woods procedures. Matthew Heiman and I try to put the damaging report in perspective. It's hard to know at this point how serious the gaps are, though the numbers suggest that some will be serious. Meanwhile, the FISA court has ordered a rush evaluation from Justice of more or less exactly the same questions the IG is asking. We manage to agree that the court's June 15 deadline is not realistic given everything else the same group of lawyers will be doing between now and November. Matthew tells us that the Saudis are suspected of a phone spying campaign in the United States. I point out that foreign location collection is pretty much built into the SS7 phone system, so the worst that can be said about the event is that the Saudis were caught doing “too much” spying in the US. Paul comes down agreeing with a new court ruling that violating a site's terms of service isn't criminal hacking. And now that that's settled, I have a research proposal for the Hewlett Foundation. Washington State has adopted a facial recognition law that Microsoft likes, Nate tells us. No surprise, I suggest, since the law will only regulate governments, not the private sector. I'm not a fan; it looks like a law that virtually guarantees that any facial recognition system will be forced to “correct” empirical results in favor of quotas for “protected subpopulations.” This leads, in light of Zoom's problems, to the question of whether that includes the Dutch. Who is hacking the WHO? Who isn't? Matthew notes that Iran has joined what must be a crowd of eavesdroppers in WHO networks. Nostalgic for the days before the coronavirus? How about this blast from the past: Marriott has revealed a data breach exposing (some) personal data for up to 5.2 million customers. I close the episode with the good news that some coders seem to be taking up the challenge I offered in the last episode and on Lawfare to construct an infection tracing system using mobile phones that will work in the US. Download the 310th Episode (mp3). Take our listener poll at steptoe.com/podcastpoll. You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
On this week’s show Patrick and Adam discuss the week’s security news, including: KSA uses SS7 to track its citizens in USA Governments begin virus tracking through personal devices FBI warns of Iran-linked crew in yer supply chains Voatz gets booted from HackerOne All the cloud and Zoom drama (PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat) This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview. Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Revealed: Saudis suspected of phone spying campaign in US | World news | The Guardian SS7map: SS7 Networks Exposure Government Tracking How People Move Around in Coronavirus Pandemic FBI re-sends alert about supply chain attacks for the third time in three months | ZDNet HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers Houseparty app offers $1m reward to unmask entity behind hacking smear campaign | ZDNet Marriott discloses new data breach impacting 5.2 million hotel guests | ZDNet FCC tells US telcos to implement caller ID authentication by June 30, 2021 | ZDNet Memento Labs, the Reborn Hacking Team, Is Struggling - VICE RDP and VPN use skyrocketed since coronavirus onset | ZDNet Update #2 on Microsoft cloud services continuity | Azure blog and updates | Microsoft Azure Zoom hit with class-action lawsuit for sharing user data with Facebook FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic — FBI A Norwegian school quit using video calls after a naked man ‘guessed’ the meeting link | TechCrunch FBI warns Zoom, teleconference meetings vulnerable to hijacking - CyberScoop Zoom Removes Code That Sends Data to Facebook - VICE FBI turns to insurers to grasp the full reach of ransomware - CyberScoop Cyber insurer Chubb had data stolen in Maze ransomware attack | TechCrunch Medical and military contractor Kimchuk hit by data-stealing ransomware | TechCrunch Microsoft announces new 'Hardware-enforced Stack Protection' feature | ZDNet Android lets advertisers get a list of all your apps -- and this API feature is broadly used | ZDNet Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics | ZDNet Risky Business Live, March 31, 2020 - YouTube Risky Business Live #3 -- Booz Allen Hamilton's Russia report, Azure getting creaky and more - Risky Business Network of fake QR code generators will steal your Bitcoin | ZDNet A mysterious hacker group is eavesdropping on corporate email and FTP traffic | ZDNet Malware from notorious FIN7 group is being delivered by snail mail Rare BadUSB attack detected in the wild against US hospitality provider | ZDNet Google to resume Chrome updates it paused last week due to COVID-19 | ZDNet Google says no APP users have been phished to date | ZDNet Russians Shut Down Huge Card Fraud Ring — Krebs on Security U.S. cybersecurity experts see recent spike in Chinese digital espionage - Reuters Dark web hosting provider hacked again -- 7,600 sites down | ZDNet OpenWRT code-execution bug puts millions of devices at risk | Ars Technica Seriously Risky Business
Diretamente do Chile, Fábio Assolini conversou com alguns dos palestrantes da conferência de segurança 8.8 (@8dot8). Os destaque do evento foram: vulnerabilidades em sex toys, ataques ao SS7 e aos SIEMs, vazamento de dados corporativosContinue reading
Não é nada simples manter a segurança dos contatos por meio das linhas telefônicas, seja por meio de chamadas ou mensagens de voz ou SMS. Em alguns casos, os riscos estão presentes no próprio aparelho. Em outros, a insegurança está na relação entre as operadoras, com impacto sobre transações bancárias. Essa fragilidade fica exposta no protocolo de comunicação SS7. O que isso significa? Quais são os riscos? Há como se defender? O AO PONTO tem a participação do repórter Sérgio Matsuura, de Economia, e do especialista em segurança cibernética Fábio Assolini.
Topics: -Joe has spent time recently dedicating his focus on Addigy and Watchman Monitoring and understanding how to best leverage those tools -Scripts has been what Joe has been concentrating on and he has found a tremendous amount of help and support through the MacAdmins Slack and the Addigy community - Joe created a script to help ensure your client's Mac fleet gets restarted regularly, according to the best practice you decide. Initial prompt to gently suggest a restart after a "recommended" uptime, default to do nothing if ignored. Second prompt when uptime reaches "preferred", defaulting to gracefully restart if ignored. Final prompt when uptime reaches "limit", defaulting to try a graceful restart and then try a forcible restart if needed. Default values: 7 days, 21 days, 75 days. "I prefer HyperCard" - Joe's script, for Addigy users: Restart Mac per Best Practice gets approved while recording the show! -Sam talks about the “Easy Button” he learned while working with Jamf. He likes the thought of empowering the users to have them complete step 0 before calling support. -These conversations seem to always point to how it weaves into your managed services or hourly plans. And having clients wonder why they have you if things are working so well. -Joe also created a couple of great scripts to work with Watchman Monitoring functionality: — This script to easily "Adjust Watchman Monitoring Time Machine Warning", default 21 days. For those users who just can't seem to run a backup regularly whether by circumstance or habit. Previously used to connect remotely to adjust this, since it can't be changed remotely in the Monitoring Client web interface. Now we can deploy it remotely, even across multiple machines or an entire client! —Another script to "Adjust Watchman Monitoring Root Capacity Warning", default 95%. For those users who perpetually, or periodically, ride the edge of Apple's recommended best practice and you want to give them a bit more leeway. Again, it can't be changed remotely in the Monitoring Client web interface and we used to have to connect remotely to adjust this. -Jerry gets a call from a new client in a remote location and discovers a 2011 iMac that was fairly unresponsive. Jerry is tasked with the job of migrating to a new iMac. He sees an old version of TeamViewer on the computer and discovers a surprise! -Jerry & Joe discuss an episode of the CYBER podcast - Snowden on iPhone: with Android, patching landscape is a disaster because manufacturers discontinue phones quickly and don't continue providing software updates, and because phone vendors don't control chipset updates like for WiFi and cellular chips. This leaves many older phones vulnerable but in many different ways so there's no simple exploit or "skeleton key" for all devices. This mitigates the kind of widespread attack that can be developed for iPhone, since so many iPhones are running the same versions of iOS and have the same chips and firmware running on the chips. -A worrisome story about sharing sensitive data with others on Dropbox is shared by Joe. It leads him to think of a method of phishing or scamming end users: create phony Dropbox accounts, create shared folders, share some data with strangers "accidentally" in a folder with a generic name like “SECURE”. Listen as Joe talks about how he would set his trap. -Dave Provine brought up the SS7 vulnerability in the MacAdmins Slack, which was originally demonstrated at the Chaos Communication Congress hacker conference in 2014 and made some news on 60 Minutes in April 2016. It exploits vulnerabilities in a system called Signaling System No 7 (SS7), originally developed in 1975. So it's not just SIM hijacking that makes SMS a weak link. By hacking SS7, an attacker could silently snoop on SMS text messages, phone calls, and access phone location data. Yikes!
Rebecca Jarvis joins our hosts to go in-depth on Theranos and Elizabeth Holmes. She's the resident expert, producing and hosting the podcast The Dropout for ABC. We also talk about Angela Ahrendt's legacy at Apple, as Deirdre O'Brien takes over a SVP of Retail + People. Then, the SS7 exploits that have allowed hackers to drain bank accounts in Europe. Finally Christina, Brianna, and Simone also discuss the massive media layoffs that hit this month.
Groovin' Blue 19 - 01 - First G.B. for 2019. 1. ( :41) WAGRadio G.B. 19-01 Opening 2. (6:25) "Doin' The Hustle (DJZigZag Reel MkOy EdiT)" - SUGARSTARR, WOLF KOLSTER [Big Love] 3. ( :08) TooT Da RooT Id 4. (3:27) "Broke" - SAMM HENSHAW [Sony] 5. ( :36) WAGRadio Mike Cherry 2013 Id 6. (3:55) "Cherish (DJZigZag EdiT)" - CLAUS CASPER & JEAN PHILLIPS [NoBrainer Records] 7. (2:59) "Who-Dun-It" - MONK HIGGINS [St. Lawrence 45rpm #1013] 1966 Prod./Arr. Burgess Gardner & Debbie Lennox 8. (4:02) "Goosebumps" - KNOX BROWN [soundcloud] 9. ( :09) WAGRadio TeddYBear Id 10.(2:26) "Jim Dandy" - MARGIE HENDRIX [Sound Stage 45rpm #SS7-2624] 1968 11.( :19) WAGRadio Id 12.(3:50) "U Don't Know (DJZigZag Henry Ballard EdiT)" - GROOVE ASSASSIN [Things May Change] 13.( :38) WAGRadio GooGad Id 14.(3:44) "Flex" - KNOX BROWN [soundcloud] 15.(3:36) "Say What U Want" - USHER & ZAYTOVEN [Usher/RCA] 16.( :28) WAGRadio Ain't Nothin' Music Segue 17.(3:39) "Cacao (DJZigZag Jimmy Soul EdiT of the Original Mix)" - YVVAN BACK, BLAZE (ITA) [Tactical] 18.(2:45) "Hold On Baby" - SAM HAWKINS [Blue Cat 45rpm #BC112] 1965 19.( :04) DJZZ EyeDee 20.(3:55) "Mama" - RAY BLK [Island] 21.( :42) WAGRadio Innosent Id 22.(3:09) "Get Down (DJZigZag Vernon Burch Inspired EdiT)" - KUSMEE [96 Musique] 23.(2:55) "Perfect Timing" - MihTy (JEREMIH & TY DOLLA $IGN) [soundcloud] Prod. Hitmaka 24.(3:12) "African Mailman" - NINA SIMONE [Bethlehem 45rpm #11055] 1959 25.(6:32) "Peace (DJZigZag Joe Tex Re-Woik)" - DEE-BUNK [Thunder Jam Records] 26.( :16) WAGRadio Hott Laff Id 27.(3:36) "Catch Me I'm Falling" - KELLY FINNIGAN [Colemine] 28.( :14) WAGRadio Drig Drag 2018 Id 29.(3:36) "You" - NICOLE BUS [Roc Nation] 30.(6:04) "Found A Cure (DJZigZag Shorty Long Patdown of the Joey Negro Found A Dub Mix)" - ASHFORD & SIMPSON [Z Records] 31.(3:02) "Heavy California" - JUNGLE [XL Recordings] 79:31
In the final episode of Fatal Error, Chris and Soroush go through some follow-up, then recap the news from WWDC. 59. Why did they even hire Chris?? Swift Unwrapped Ghost Animoji has a tongue! (h/t @parrots) Platforms State of the Union CodeRunner Steve S Smith Marzipan Thread Jake Marsh on Intents UNNotificationContent.threadIdentifier One of many articles on SMS hijacking via SS7 (search the Web for “SS7 SMS Hijack” for more) YubiKey Social engineering SMS code Chromium Touch ID second factor (Tweet) Published after we recorded the episode: The Pixelbook's power button can double as a U2F security key Thank you for your support! Tweets & photos from the live show at WWDC: From @_ivancr From @_jessetipton From @jbradforddillon From @freak4pc
Qredo is creating a secure payment space for the telecom industry and has developed Qredocoin, a quantum resistant cryptocurrency based on smartphone utilization and hardware. Qredo is creating a multi-sided platform designed to link telecoms around the world. Join Brian Spector, CEO of Qredo, as he discusses Qredocoin and explains the need for architecture to enable cross-border and cross telecom payment flows analogous to the SS7 network that connects all telecoms to deliver SMS messages around the world. Qredo may revolutionize mobile commerce by facilitating safe customer-to-customer payments among telecoms. Qredo also protects user identity attributes and data with rigorous security and regulatory compliant features that include strongly authenticated user identification, private ledgers, and identity-based cryptocurrency protected from quantum attacks.
In this episode Jason, Simon and Andra are joined by Myke and Liz for the news. We find out if bitcoin to blame for ransomware, whether consumers actually want to cut the banks out of loans. Everyone debates why anyone would want to buy the Co-Op. Jason commits a vile podcast sin and will Google be your next bank? Guests Elizabeth Lumley FinTech commentator & Author of girl-disrupted.com Myke Hurley Co-Founder at Relay FM News this week BBC News – Massive ransomware infection hits computers in 99 countries – Link The Register – After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts – Link Business Insider – Zopa becomes the first of the ‘Big 3' peer-to-peer lenders to be authorised by the City watchdog – Link Business Insider – Startup bank Tandem cuts headcount after funding setback – Link City AM – Virgin Money walks away from Co-op Bank takeover talks after months of speculation – Link Quartz – The world's most successful mobile money market is introducing cross-network transfer systems – Link Symphony secure messaging app gets 63m at 1b – Link Fortune – Amex debuts its first Alexa Skill – Link Harvard Business Review – Link Finextra – UK consumers ready to swap banks for tech giants – Link Money Watch – DrnkPay: Payments System Aims To Stop Drunken Spending – Link The post Ep253 – CyberRansomWarfare! appeared first on 11:FS. Special Guest: Liz Lumley.
In this episode Jason, Simon and Andra are joined by Myke and Liz for the news. We find out if bitcoin to blame for ransomware, whether consumers actually want to cut the banks out of loans. Everyone debates why anyone would want to buy the Co-Op. Jason commits a vile podcast sin and will Google be your next bank? Guests Elizabeth Lumley FinTech commentator & Author of girl-disrupted.com Myke Hurley Co-Founder at Relay FM News this week BBC News – Massive ransomware infection hits computers in 99 countries – Link The Register – After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts – Link Business Insider – Zopa becomes the first of the ‘Big 3’ peer-to-peer lenders to be authorised by the City watchdog – Link Business Insider – Startup bank Tandem cuts headcount after funding setback – Link City AM – Virgin Money walks away from Co-op Bank takeover talks after months of speculation – Link Quartz – The world’s most successful mobile money market is introducing cross-network transfer systems – Link Symphony secure messaging app gets 63m at 1b – Link Fortune – Amex debuts its first Alexa Skill – Link Harvard Business Review – Link Finextra – UK consumers ready to swap banks for tech giants – Link Money Watch – DrnkPay: Payments System Aims To Stop Drunken Spending – Link The post Ep253 – CyberRansomWarfare! appeared first on 11:FS. Special Guest: Liz Lumley.
Some applications may seem safe and make it in the walled garden, but checking what they are actually doing with a proxy like Charles Proxy can clue you in to what they are really doing. Amazon releases new Echo devices, SS7 has been exploited, and more on this episode of Developer Antics. Get all the links, show notes, and comments at https://www.developerantics.com/episodes/41-traffic-in-the-background
In today's podcast, we hear that haste may make for, not exactly waste, but at least brazen and ineffectual influence operations. Metadata evidence of Fancy Bears paws in En Marche! emails. Moscow snorts "false flags," but UK, German, and US officials say the Bears are there and up to no good. ISIS posts another bit of depravity as inspiration. North Korea is thought to be paying for its advanced weapons programs with cyber bank heists. Persirai joins Mirai in the IoT botnet world. The US FCC sustains a DDoS attack. Joe Carrigan from JHU explains the benefits of segmenting your home network. Andrew Blaich from Lookout on finding the Pegasus lawful intercept tool on Android devices. Microsoft patches an RCE flaw in its Malware Protection Engine. SS7 protocol weakness permits defeat of two-factor authentication.
In our 163rd episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, Maury Shenk, and Jennifer Quinn-Barabanov discuss: Putin does what Putin does, this time in the French election: maybe with forged documents, plus prosecution threats for publishers, and NYT reporters whining about automated retweets ; OK, that’s nuts, but quite possibly the plaintiff bar’s future; transparency report reveals shocking stat on FBI searches of NSA data for criminal suspects. The bureau did it … once; less comforting stat: roughly a quarter of NSA’s 4000 intel reports describing Americans disclosed the Americans’ names; still no EO, but at least we have a new leaked draft; Home Depot settlement and what it means for class actions over breach; Trump White House’s American Tech Council launched; UK floats draft interception bill to a select audience; Germany’s intel service whines about Russian hacking and then about its lack of authority to, uh, hack back to destroy third party servers. Chris Painter, call your office!; DHS cybersecurity does well in budget deal DHS backpedals on privacy rights of non-Americans; ABA whines about border searches; Guardian plays world’s smallest violin: Cybercrime on the high seas: the new threat facing billionaire superyacht owners; Uh-oh. Two factor authentication falls to SS7 hack. Our guest interview is with Susan Munro, Steptoe partner and head of our Beijing office to discuss China’s new cyberlaw measures. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.
*** Challo -Wer zahlt eigentlich für einen Feuer-Fehlalarm *** Amazon Betrug - Nachklapp - t3n: Amazons Kampf gegen organisierte Kriminelle: Millionen gefälschte Angebote - Kleiner Einschub: N26 war down, sogar zweimal, sagt aber irgendwie nicht, dass sie zwischenzeitlich mal wieder online waren - Hörertipp für Two-Factor-Authentication: Authy (hilfreich, wenn man man 2-Factor auf mehreren Geräten syncen muss) - Kontoklau via SMS - Heise: Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt - 31C3 (2014!!!): SS7 offen wie ein Scheunentor *** Puerto Rico ist pleite (und keinen juckt es) - NPR: Puerto Rico Makes Unprecedented Move To Restructure Billions In Debt - NYT Dealbook: Puerto Rico Declares a Form of Bankruptcy - Tja, warum hat man im Fall von Griechenland nicht ähnlich pragmatisch gehandelt? - Sartorius investiert trotz der Pleite - Sartorius stellt übrigens auch "Wägen" (so heißt es richtig) her *** Vanillakalypse - Xinhua: Vanilla crop loss in Madagascar may lead to soaring ice cream prices - Vanille Chart - UN - Vanillearoma künstlich herzustellen ist gar nicht so einfach: Wikipedia: Vanillin *** Quickies - Tesla macht 13.000$ Minus pro Auto - FAZ+: Kunden sollen fürs Barzahlen eine Gebühr bezahlen - Norbert Häring will Rundfunkbeitrag bar bezahlen (Marco ist das Thema etwas suspekt) - Definitiv empfehlenswert ist die Autobahnraub-Berichterstattung von Häring: Autobahnraub (Fratzscher-Kommission) - Gebühr für's Geldabheben jetzt auch bei Sparkassen. Warum so viel schlechte Presse für so wenige Einnahmen? - Apple ist jetzt langweilig, Ergebnis kann man sehr gut schätzen (ganz im Gegensatz zu Tesla). Interessant: Apple hat viel Geld (bekannt) und dafür inzwischen so viele Anleihen gekauft, dass sie jetzt mehr Geld in Anleihen halten als der größte Anleihefonds der Welt … - Bloomberg: Apple Buys More Company Debt Than World's Biggest Bond Funds Werden die Unternehmen dieses Geld aus dem Ausland in die USA zurückholen, wenn Trump die Steuern auf 15 oder gar 10% senkt? *** Picks - Ulrich: Mark Schieritz versucht Laffer zu verstehen ;) Zeit: Steuerpolitik: "Leistung lohnt sich bei euch nicht" - Podcast zum Mythos "Steuersenken schadet Steuereinnahmen nicht" NPR Planet Money #577: The Kansas Experiment - Marcos Nachpick: re:publica 2017: HOW TO REPORT ON A HACK WITHOUT BECOMING A PUPPET *** Ciao - Unterstützt uns! - Hausaufgabe für Hörer: Kann es zwei Verwalter für eine Facebook-Seite geben?
[SecurityCast] WebCast #43 - Mitos e verdades sobre os ataques ao protocolo SS7
![DEF CON 23 [Audio] Speeches from the Hacker Convention](https://ivyfm.s3.amazonaws.com/i320/160193.jpg)
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Omer-Coskun-Why-Nation-State-Malwares-Target-Telco-Networks-UPDATED.pdf Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts Omer Coskun Ethical Hacker with KPN REDteam, KPN (Royal Dutch Telecom) The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, it exclusively has almost focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment. GSM networks still use ancient protocols; Signaling System 7 (SS7), GPRS Tunneling Protocol (GTP) and the Stream Control Transmission Protocol (SCTP) which contain loads of vulnerable components. Malware authors totally aware of it and weaponing exploits within their campaigns to grab encrypted and unencrypted streams of private communications handled by the Telecom companies. For instance, Regin was developed as a framework that can be customized with a wide range of different capabilities, one of the most interesting ability to monitor GSM networks. In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2. Omer works as an Ethical Hacker for KPN's (Royal Dutch Telecom) REDteam in Amsterdam, the Netherlands. He enjoys diving into lines of code to spot bugs, tinkering in front of the debugger and developing wise tactics/tools to break applications on his day to day work. Prior to joining KPN REDteam, Omer worked for companies like IBM ISS, Verizon and as an external government contractor. He holds an Honour's Engineering degree in Computer Science.
Windows 10, Windows Holographic, and an 84-inch Microsoft Surface – say whaaaaat? A Galaxy S6 Edge with dual curves and an HTC M9 with a square camera? Get outta town! Hackers hacking the very fabric of the cellular network to listen in on your calls to grandma? Shut the front door. And hold on to your hats, because that's not all. BlackBerry's CEO seems to think net neutrality entitles his smartphones to more third-party apps, Google might be dipping its toes in MVNO waters once more, and Sharp –bless it– refuses to let flip-phones die! The techno-world is going plum crazy, folks, and before we run out of incredulous expressions, we better get to talking about it. All of the above, plus a slick smattering of listener mail, lies ahead; join us, won't you? Pocketnow Weekly 132 is waiting for your participation –either through the live video stream at 12:15pm Eastern on January 23 (click here for your local time), or the high-quality audio version available later on– and shoot your questions to podcast [AT] pocketnow [DOT] com for a shot at getting your question read aloud on the air. See you then! Pocketnow Weekly 132 Recording Date January 23, 2015 Hosts Michael Fisher Stephen Schenck Joe Levi Producer Jules Wang Podcast Rundown Sponsor (00:01:48) Kickstart your new year and challenge yourself to learn something new with a free 10-day trial to lynda.com! It's is used by millions of people around the world and has over 3,000 courses on topics like web development, photography, visual design and business, as well as software training like Excel, Wordpress, and Photoshop. All of their courses are taught by experts and new courses are added to the site every week. Whether you want to invest in a new hobby, ask your boss for a raise, find a new job or improve upon your current job skills in 2015; lynda.com has something for everyone! News (00:04:09) Microsoft Microsoft shows off Windows 10 on smartphones Cortana announced for the PC as part of Windows 10 Microsoft announces Project Spartan, the future of web browsing on Windows Microsoft unveils Windows Holographic Microsoft Surface Hub technical details start arriving Everyone else How Google may become a carrier of its own More HTC One M9, M9 Plus leaks attempt to leak upcoming hardware Samsung Galaxy S6 announcement on March 2, pre-MWC, says report Galaxy S6 rumors double down on dual-curve theory The flip phone lives on with new Sharp Android model Learn Something (00:59:58) A segment from our resident Android expert and web authority Joe Levi, chock full of information for you to apply directly to your forehead. On today's installment, a write-in suggestion from listener Brendon Pifer: it's about security, and you better listen hard (because someone else might be listening to you mighty hard). Are hackers using an SS7 vulnerability to spy on your phone calls? Context: German researchers discover a flaw that could let anyone listen to your cell calls + Companies are now selling the ability to track your phone number wherever you go Dial F for Fail (01:21:11) A segment from our top news wrangler about injustice, misdeeds, and general foolishness within the mobile industry. Today’s topic: BlackBerry's CEO and his interesting interpretation of the biggest internet debate of the century. Net Neutrality ain't got bunk to do with apps ... but could BlackBerry have a point? Context: BlackBerry hijacks net neutrality conversation to complain about lack of apps Listener Mail (01:33:39) E-mailed submissions from Christopher Drummer, Grant Butler, and Michael McGrath Music It may just sound like a ringtone to you, but our transition music track ("Radiation") is a real song, from a real album, by a real artist: Ali Spagnola. You can download that album, along with many others, at Ali's website here, visit her YouTube page here, and follow her on Twitter here! • Thanks for listening! We'll see you next week. See omnystudio.com/listener for privacy information.
iCloud, upognjene teorije in (ne)varnost. Povezave Goodreader in App store Moment app App Store in vračila nakupov v 14 dneh OS X in samodejna varnostna posodobitev 313c konferenca Reconstructing narratives Prying Eyes: Inside the NSA's War on Internet Security On the new Snowden documents Skype tutorial za prisluškovanje Security Now o OTR Video seznam govorov Let’s encrypt SS7 Rocket Science!
В своём подкасте мы не могли не осветить такое событие, как Positive Hack Days, прошедшее в Москве в конце мая. На нём от лица компании Pentestit с докладом выступал Александр Sinister — гость 8-го выпуска. Pentestit — компания молодая, даже очень молодая, не имеющая практически аналогов ни в России, ни даже за рубежом. Роман Романов — директор Pentestit — был в гостях подкаста полгода назад в 8-м выпуске вместе с Александром и рассказывал о своих лабораториях. В этот раз Максим Майоровский — руководитель отдела разработки лабораторий на проникновение Pentestit — продолжает рассказ о развитии компании и о том, как они готовили лабу для PHD. Александр расскажет в подкасте о форуме Positive Hack Days в целом, а также о двух докладах, затрагивающих сети связи. Один из них, с которым собственно он выступал, посвящен Intercepter-NG — мощному инструменту, позволяющему прослушивать трафик и организовывать атаки MITM в автоматическом режиме. С этим приложением связана одна таинственная история, о которой поведал Александр на PHD и нам в подкасте. Видеозапись презентации можно посмотреть по ссылке. Второй доклад на довольно животрепещущую тему — атаки на сети мобильных операторов посредством протокола SS7. Такого рода угрозы изучались и проверялись на практике специалистами компании Positive Technologies — Сергеем Пузанковым и Дмитрием Курбатовым. Злоумышленник, попав в технологическую сеть, может совершить жуткие вещи, начиная от перенаправления SMS и заканчивая прослушиванием звонка из любого конца планеты. Видеозапись презентации можно посмотреть по ссылке. В качестве новостей мы предлагаем вам: Запустили новое зеркало корневого сервера DNS l-root (link)Cisco приобрела стартап за $175M (link)Новый стандарт Wi-Fi от Huawei(link)Comcast открыл внешний доступ к 50 000 клиентских Wi-Fi-маршрутизаторов (link)Обновление старых тем: Nokia и SK-Telecom объединили полосы, выделенные под FDD и TDD LTE и достигли скорости 3,78 Гбит/с (link) Google провёл успешные испытания предоставления доступа в Интернет с помощью аэростатов (link) Скачать файл подкаста. Добавить RSS в подкаст-плеер. Слайды традиционно под катом. Читать дальше
В своём подкасте мы не могли не осветить такое событие, как Positive Hack Days, прошедшее в Москве в конце мая. На нём от лица компании Pentestit с докладом выступал Александр Sinister — гость 8-го выпуска. Pentestit — компания молодая, даже очень молодая, не имеющая практически аналогов ни в России, ни даже за рубежом. Роман Романов — директор Pentestit — был в гостях подкаста полгода назад в 8-м выпуске вместе с Александром и рассказывал о своих лабораториях. В этот раз Максим Майоровский — руководитель отдела разработки лабораторий на проникновение Pentestit — продолжает рассказ о развитии компании и о том, как они готовили лабу для PHD. Александр расскажет в подкасте о форуме Positive Hack Days в целом, а также о двух докладах, затрагивающих сети связи. Один из них, с которым собственно он выступал, посвящен Intercepter-NG — мощному инструменту, позволяющему прослушивать трафик и организовывать атаки MITM в автоматическом режиме. С этим приложением связана одна таинственная история, о которой поведал Александр на PHD и нам в подкасте. Видеозапись презентации можно посмотреть по ссылке. Второй доклад на довольно животрепещущую тему — атаки на сети мобильных операторов посредством протокола SS7. Такого рода угрозы изучались и проверялись на практике специалистами компании Positive Technologies — Сергеем Пузанковым и Дмитрием Курбатовым. Злоумышленник, попав в технологическую сеть, может совершить жуткие вещи, начиная от перенаправления SMS и заканчивая прослушиванием звонка из любого конца планеты. Видеозапись презентации можно посмотреть по ссылке. В качестве новостей мы предлагаем вам: Запустили новое зеркало корневого сервера DNS l-root (link)Cisco приобрела стартап за $175M (link)Новый стандарт Wi-Fi от Huawei(link)Comcast открыл внешний доступ к 50 000 клиентских Wi-Fi-маршрутизаторов (link)Обновление старых тем: Nokia и SK-Telecom объединили полосы, выделенные под FDD и TDD LTE и достигли скорости 3,78 Гбит/с (link) Google провёл успешные испытания предоставления доступа в Интернет с помощью аэростатов (link) Скачать файл подкаста. Добавить RSS в подкаст-плеер. Слайды традиционно под катом. Url podcast:https://archive.org/download/linkmeup-V016/linkmeup-V016.mp3
В своём подкасте мы не могли не осветить такое событие, как Positive Hack Days, прошедшее в Москве в конце мая. На нём от лица компании Pentestit с докладом выступал Александр Sinister — гость 8-го выпуска. Pentestit — компания молодая, даже очень молодая, не имеющая практически аналогов ни в России, ни даже за рубежом. Роман Романов — директор Pentestit — был в гостях подкаста полгода назад в 8-м выпуске вместе с Александром и рассказывал о своих лабораториях. В этот раз Максим Майоровский — руководитель отдела разработки лабораторий на проникновение Pentestit — продолжает рассказ о развитии компании и о том, как они готовили лабу для PHD. Александр расскажет в подкасте о форуме Positive Hack Days в целом, а также о двух докладах, затрагивающих сети связи. Один из них, с которым собственно он выступал, посвящен Intercepter-NG — мощному инструменту, позволяющему прослушивать трафик и организовывать атаки MITM в автоматическом режиме. С этим приложением связана одна таинственная история, о которой поведал Александр на PHD и нам в подкасте. Видеозапись презентации можно посмотреть по ссылке. Второй доклад на довольно животрепещущую тему — атаки на сети мобильных операторов посредством протокола SS7. Такого рода угрозы изучались и проверялись на практике специалистами компании Positive Technologies — Сергеем Пузанковым и Дмитрием Курбатовым. Злоумышленник, попав в технологическую сеть, может совершить жуткие вещи, начиная от перенаправления SMS и заканчивая прослушиванием звонка из любого конца планеты. Видеозапись презентации можно посмотреть по ссылке. В качестве новостей мы предлагаем вам: Запустили новое зеркало корневого сервера DNS l-root (link)Cisco приобрела стартап за $175M (link)Новый стандарт Wi-Fi от Huawei(link)Comcast открыл внешний доступ к 50 000 клиентских Wi-Fi-маршрутизаторов (link)Обновление старых тем: Nokia и SK-Telecom объединили полосы, выделенные под FDD и TDD LTE и достигли скорости 3,78 Гбит/с (link) Google провёл успешные испытания предоставления доступа в Интернет с помощью аэростатов (link) Скачать файл подкаста. Добавить RSS в подкаст-плеер. Слайды традиционно под катом. Url podcast:https://archive.org/download/linkmeup-V016/linkmeup-V016.mp3
Das bekannteste Beispiel ist sicherlich die Via Appia in Italien, auf deren Verlauf heute die italienische Fernverkehrsstraße SS7 von Rom nach Brindisi führt.
Voici le droit de réponse de notre deuxième émission. Vous entendez ici SRG, Usul, Ss7, Asenka, Douglas Alves et Ender.
Vous entendez ici SRG, Usul, SS7,Asenka, Douglas Alves et Ender.
Qu'est qu'un Reversal ? Si on ouvre un dictionnaire anglais, le mot veut dire « inversion ». Dans le monde du jeu de combat, son arrivée par le biais de Street Fighter II', a révolutionné notre façon de jouer et est devenue un élément essentiel du GamePlay. Ici, elle représente le titre d'un Podcast qui a pour ligne éditoriale un sujet unique traité par des invités qui n'ont pas le même point de vue mais une vraie volonté d'échanger et de partager. Vous ne trouverez ici aucune date ou de sujet prédéterminé puisque nous souhaitons privilégier la qualité et l'originalité à quantité sur des sujets plus ou moins convenu. Reversal se veut aussi un partage avec nos auditeurs. N'hésitez pas à nous laisser vos commentaires et participer au droit de réponse Pour cette première émission, j'ai eu l'honneur de recevoir TKO et SS7 du Versus-Dojo, Frionel du friokugendojo et de BasGrosPoing, JacKc de gametronik.com, Pipomantis de barredevie.com et ShinSh de shinmugen.net. Tous ensemble nous allons essayer de répondre à cette question : L'Emulation est-elle un bourreau ou un sauveur de l'Arcade ?
![Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.](https://ivyfm.s3.amazonaws.com/i320/593902.jpg)
Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
"SS7 has been a walled garden for a long time: only big telcwould be interconnected tthe network. Due tderegulation and a push toward all-IP architecture, SS7 is opening up, notably with SIGTRAN (SS7 over IP) and NGN (Next Gen Networks) initiatives. SCTP is the protocol used tcarry all telecom signalling information on IP according tthe SIGTRAN protocol suite. It's the foundation, as TCP is the foundation for the web and email. SCTP is alsused for high-performance clusters, resources pooling and very high-speed file transfer. When you discover open SCTP ports, you discover a secret door tthis walled garden. As a walled garden, the internal security of the SS7 network is not as good as one might expect. SCTPscan is a tool tdexactly just that, and is released as open source. This presentation will explain how SCTPscan manages tscan without being detected by remote application, how discrepancies between RFC and implementation enable us tscan more efficiently and how we manage tscan without even being detect by systems like SANS - Dshield.org. Here we will have a look at INIT packet construction, stealth scanning and a beginning of SCTP fingerprinting. Then, we gon tdetail upper layer protocols that use SCTP and the potentials of the SIGTRAN protcol suite in term of security. We'll see the M2UA, M3UA, M2PA, IUA which are SIGTRAN-specific protocols, and alsthe more generic SS7 protocols such as ISUP, BICC, BSSAP, TCAP, SCCP and MTP. " "Philippe Langlois is a founder and Senior Security Consultant for Telecom Security Task Force, a research and consultancy outfit. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys in 1999 and led the R&D for this world-leading vulnerability assessment service. He founded Intrinsec, a pioneering network security company in 1995, as well as Worldnet, France's first public Internet service provider, in 1993. He has proven expertise in network security, from Internet tless well known networks - X25 and other legacy systems mostly used in banking, travel and finance. Philippe was alslead designer for Payline, one of the first e-commerce payment gateways on Internet. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop). Philippe Langlois is a regular contributor of french-speaking security portal vulnerabilite.com. and a writer for ITaudit, the magazine of the International Association of Internal Auditors. Samples of the missions he has been involved with are Penetration Testing contract on multi-million live users infrastructures such as Telecom operators GSM backbone, due diligence for M&A, security architecture audits, product security analysis and advisory."
Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio: Au sommaire de cette émission : TO BE COMPLETED (00:01:00)Retour des assises - la galère (00:01:20)Crowdstrike - Endpoint & Detection Response (00:10:27)Wavestone - Cybersécu et COMEX, convaincre avec efficacité (00:10:42)Juniper - Serious game (00:13:10)Début des news de la semaine (00:38:45) { "
© 2020-2025 Ivy Podcast Discovery LLC
