Podcasts about universal plug

Support the Show:PatreonAcast+Other Podcasts:Beyond the Post YouTubeBeyond the Post PodcastShuffle PlaylistLinks:Canadian EV SpreadsheetTrue North EVsManitoba EV AssociationNews:GM Cruise is deadEV battery prices are plummetingEV battery prices are downYou can buy a Hyundai on AmazonSAE working on Universal Plug and ChargeCostco and Electrify America rolling of DC Fast ChargersOver 90% of EV drivers would buy another EVBYD next-gen blade batteryStellantis and Zeta working on Lithium-Sulfur BatteriesSub $30k TeslaModel Q rumorsCybercab detailsReduced costs at the Supercharger California excludes TeslaElon fires back on CaliforniaSupport this show http://supporter.acast.com/kilowatt. Support the show at https://plus.acast.com/s/kilowatt. Hosted on Acast. See acast.com/privacy for more information.

We take that little box that connects our home to the internet for granted. But in reality, it's often the only thing hiding our computers and vulnerable IoT devices from automated, remote attacks. This "internet background radiation" is ever present - a massive network of malicious or compromised devices, constantly scanning the internet for exposed and ill-protected systems. Today, we'll discuss routers, firewalls and other common aspects of home network security with the CEO of CrowdSec. He'll also explain how we can enable these devices to share information in a sort of global neighborhood watch program, distributing information about bad actors to better protect us all. Philippe Humeau graduated as an IT security engineer in 1999 in Cyber security. He then created his first company, dedicated to red team penetration testing and high-security hosting. After selling his first company, his eternal crushes for Cybersecurity led him to create CrowdSec in 2020. This open-source editor creates a participative IPS which generates a global, crowd-powered CTI. Further Info CrowdSec: https://crowdsec.net/ CrowdSec code repository: https://github.com/crowdsecurity/crowdsec Lulu reverse firewall: https://objective-see.org/products/lulu.html Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Amulet of Entropy!!:https://amuletofentropy.com/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:46: Update on Firefox Total Cookie Protection0:03:50: DEF CON coming soon0:04:47: Interview start0:06:49: What does a firewall do?0:10:18: Should I enable the firewall on my computer, too?0:14:18: What is Universal Plug and Play (uPnP?)0:16:04: What is Network Address Translation (NAT)?0:20:16: Hacker vs Cybercriminal?0:21:17: Internet Background Radiation0:26:19: Creating network silos0:29:28: Attacks from within0:32:15: Botnets and DDoS attacks0:35:37: What are the biggest network threats today?0:40:16: Who are the main threat actors?0:45:09: How does Crowdsec work?0:49:36: How quickly do agents share info?0:51:37: How does Crowdsec make money?0:53:03: Can you use Crowdsec on home routers?0:55:28: Are things getting better or worse?0:57:43: Top security tips?1:01:45: How do you poke a hole in a firewall?1:04:01: Setting up guest network1:07:48: Reverse firewalls1:09:07: Final word

Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab's report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization's activities – and criminal exposure – in the United States. The most remarkable aspect of the story is how thoroughly normalized hacking legal and lobbying opponents seems to have become, at least in parts of the US legal and investigative ecosystem. I suggest that instead of a long extradition battle, the US give the head of BellTroX a ticket to the US and a guaranteed income for the next few years as a witness against his customers.    In the news roundup, Nick Weaver tells the remarkable story of how Facebook funded an exploit aimed at taking down a particularly vile online abuser of young girls who was nearly invulnerable because he was using TAILS, the secure, thumb drive-based communication system (Vice, Gizmodo). This is a great story because it really doesn't fit into any of the stilted narratives into which most internet security stories are usually jammed.   Nick also notes Big Tech's pledge to do more to stop child abuse online. I suggest that only Dr. Evil would be impressed by the amounts of money being invested in the campaign.   Well, another week, another Zoom bomb.  Now the company is taking heat because it terminated several Tiananmen Square commemorative Zoom sessions after China complained (NYT, Zoom). David Kris and I don't think Zoom had much choice about cutting off the Chinese customers.  Terminating the US account holder who organized a session, however, was a bad move – and one that's since been corrected by the company.    Nate Jones and I square off again for Round 545 on content moderation, spurred this time by reports that Sen. Josh Hawley is drafting legislation inspired by the Trump Administration's Section 230 EO. Meanwhile several Republican senators are pushing the FCC to act on the order. Nate and I find rare bipartisan common ground on the idea that Congress should require social media companies to take down foreign government online messaging – and maybe work with the US government to stop it at the source.   David reports on a fairly (and deservedly) obscure EU cloud independence project. It seems to have been embraced by Microsoft, which I accuse of going full AT&T – embracing government regulation as a competitive differentiator. As if to prove my point, Microsoft announces that it's getting out of the business of doing facial recognition for the police – until it can persuade Congress to regulate its competitors.   Why are spies targeting vaccine research? Nate highlights the excellent Risky Biz newsletter analysis of what drives COVID-19 cyberespionage.  Nick flags the potential significance of ARM wrestling, as the UK chip designer ARM fights its JV partner for control of its Chinese joint venture. Nick also assigns a “moderate” threat label to the latest Universal Plug n Pwn exploit. It's only moderate because there are so many pwned IOT devices already in a position to DDOS targets of opportunity.   In quick hits, I note that Israel has halted its controversial use of intelligence capabilities to monitor the spread of the coronavirus, but the government reserves the right to revive monitoring if a second wave shows up (JPost, Yahoo). Poor Brewster Kahle is looking like an internet hippie who fell asleep at Woodstock and woke up at Altamont. The Internet Archive is ending its program of offering free, unrestricted copies of e-books, but the publishers who sued over that program may decide to keep suing until they've broken his entire “digital library” model, and maybe the Internet Archive as well (NYT, Ars Technica). That would be a shame. Finally, you can have a thousand talents, but honesty may not be one of them. Charles Lieber, the Harvard University professor arrested for lying about his lucrative China contracts, has now been indicted on false statement charges.  Download the 320th Episode (mp3).  You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The Wall Street Journal reports that the EU is preparing to file formal antitrust charges against Amazon for using third-party seller data to create competing products, Amazon places a one-year moratorium on police departments using its Rekognition service, and security researchers detail the CallStranger attack that uses a Universal Plug and Play network protocol exploit.  Support this show http://supporter.acast.com/dth.  See acast.com/privacy for privacy and opt-out information.

Teknikerna som går under samlingsnamnet UPnP (Universal Plug and Play) har orsakat säkerhetsproblem i många år. Senast i raden är den så kallade Call Stranger-sårbarheten som låter kriminella exfiltrera data ur företagsnätverk och förstärka överbelastningsattacker med hjälp av ovetande konsumenters nätverksprylar. I veckans podd diskuterar Tess och Nikka de återkommande problemen med UPnP och vilka åtgärder som bör vidtas. Se fullständiga shownotes på https://go.nikkasystems.com/podd072.

Ur veckans avsnitt: I veckans rafflande avsnitt lämnar vi ingen sten orörd då vi diskuterar trilskande SAN, lite mer om Dune 2 på Amiga, årets grisfest, Twitters ständigt pågående mentala trafikolycka, de första poddar vi lyssnade på och e-postklienter för Linux.  Och snöänglar. Länkar Illers snöängel Promise Vtrak E610F Ryzen threadripper Nvidia Geforce RTX Dead or alive 3 Jonathan Mann Jack says fuck you to Tweetbot Kalles klätterträd Skrotnisse Late night cocoa Första inkarnationen av The talk show CMD space Build and analyze Hypercritical The talk show-avsnitten på Mule radio Mike Monteiro Back to my Mac upphör att finnas Universal plug and play Thunderbird Mailspring Evolution Geary Hiri Ericsson på Github Exchange calendar-pluginet för Thunderbird Två nördar - en podcast. Fredrik Björeman och Joacim Melin diskuterar allt som gör livet värt att leva. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-135-vi-glomde-ju-bort-att-ta-reda-pa-grisen.html.

We look at your home router and explain the many steps you can take to make sure it is secure. How to Secure Your Home Router Episode #33: Cryptojacking, Russian Router Malware, and Parental Controls How to Remove Wi-Fi Networks from Your Mac and iOS Device SSID and Wireless Networking (https://www.lifewire.com/definition-of-service-set-identifier-816547) Universal Plug and Play (Wikipedia) (https://en.wikipedia.org/wiki/Universal_Plug_and_Play) MAC address (Wikipedia) (https://en.wikipedia.org/wiki/MAC_address) NetGear Orbi mesh wi-fi system Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections. In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them.  Chad Seaman is a senior CERT engineer at Akamai, and he's our guide.  The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to our sponsor Enveil, closing the last gap in data security.

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections. In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them.  Chad Seaman is a senior CERT engineer at Akamai, and he's our guide. 

Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys. A lean week in episode 319's Drunken security news, but at least the house was full with PDC staff. With Paul, Larry, Allison and Jack in-studio and John and Carlos via Skype to fill us in on all the fun. But first, make sure to not miss the other two segments from episode 319. First was 451 Research's Wendy Nather to talk with the team, and then Ethan Robish and John Strand came on to talk about a brand new distribution. If you like distributions like Samurai, Backtrack and others, you might be interested in this one. Titled ADHD (Active Defense Harbinger Distribution) this has been three years in the making and takes on offensive security with many of the tools you love. As for the stories of the week, Paul started off with a couple quick hits, including a joke about the Federal Reserve hack and bugs in hospital embedded devices. Then follow along as Jack goes a long way to make a joke about prime numbers, after one of the largest only-divisible-by-one-and-itselfs was discovered. The first story they dig into is one that Larry brought along, about SSL/TLS being broken. After some explanation on the Oracle padding issue and the use of the same key, John and Larry bring up Wright's Law (to be discussed in episode 320 on Tuesday). Larry wonders, who is working on fixing SSL and if there is someone with a fix today, it could take five years until it is fully implemented. Do you need anything more than six seconds? Apparently if you use Vine for Twitter, that's all you'll need. It's a new video sharing service, but all you get is six seconds of video. And what happens on Vine stays on Vine, right? Umm, no. What would you do if you were Adobe's CISO? Take the staff out to lunch? Quit? Or actually get things cleaned up. I guess at least they're not Sony. Congratulations to Allison who is Gold GCIA certified after her paper on digital watermarking to help prevent leaks. You can read the entire thing in the SANS Reading Room. Lastly, Larry drops an "I told you so" with regard to Universal Plug and Play (uPnP). As Larry wrote, now there is a single Packet UDP exploit for it, for almost every device - of which there are millions of devices connected to the internet based on HD Moore's scanning. Oh and if your company is looking for their next great employee (or if you get a referral bonus) contact Larry with the opportunity.

Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware. But with all that in the books, the conversation quickly turn to porn, smut and "sextortion." Yup, this was the first time that word had ever been uttered on the Paul's Security Weekly, which required a visit to Urban Dictionary. As Allison noted, you can now get your very own sextortion coffee mugs, bumper stickers and magnets. The article described talks about how someone hacks into girls' computers (password guessing?), finds risqué photos and then uses those to get the girls to either send more pictures or go on video. Another man was recently charged with a similar crime where he'd talk to boys in IRC, get them to reveal themselves in a video chat where he'd then grab screenshots and use that against the victims. Lessons learned? If you are going to take a nude picture of yourself, DON'T INCLUDE YOUR FACE! But if push comes to shove, profit off it. As Paul said, it worked for the Kardashians and the Hiltons. Did you know you're 182 times more likely to get malware on a news site than on a porn site? China hacked the New York Times! Or did they? Wait, China did it? How in the world did a country of one billion people hack the NY Times. Isn't that the same thing as my blog getting hacked by the kid down the street and saying "The United States did it!" Maybe it was someone in China, maybe it was someone hired by Chinese government officials maybe it was someone who does things the same way that Chinese hackers have done it in the past. But as Allison and Jack noted, it's good that the Times is being so public with the situation. As we begin adding more technology to embedded devices like televisions, we're not paying any additional attention to the security on them. Researchers are reporting having seen televisions and CCTV cameras pop up in their honeypots. Paul talked about fifty million Universal Plug and Play network devices being open to packet attack. As he noted: "This is not a shock to me at all. UPnP is horrible, there just had to be a flaw in there somewhere. HD Moore found some, and turns out there are millions of vulnerable devices on the Internet. I am so happy to see this research come to light, it needs to happen. Free tools exist to check for the vulnerabilities, and details are forthcoming." Speaking of forthcoming, the new version of Backtrack Linux is coming... Oracle now cares about fixing the flaws in Java. Really? What could have possibly spurred this on? Maybe when the US Department of Homeland Security is telling everyone to stop using it? Maybe when they say they're patching the flaws and then a few minutes later, someone already has a new vulnerability for it? Good to know that this is what it takes for Oracle to finally care about security. Now imagine if such a company were involved in things like databases? Oh wait. Wrapping this up with just a few more things. Paul talks about an XSS vulnerability in the VMware Management Interface. Free environment snapshots? Yes please! Allison brings up the new law making it more illegal to jailbreak your mobile device if the carrier says you can not. But what about if you buy an unlocked phone for full price? That's ok, right? Oh yeah, that grad student who was expelled from a Canadian university for telling them about their bad security practices? Well, it's actually a little worse. According to his expulsion letter, he was twice caught and admitted to using SQL injection to break into their informational systems. Yeah, that's a little more than just informing the school about their bad security practices, that's rubbing their nose in it. So lesson for the day, if you're paying someone thousands of dollars for a graduate degree, don't rub their nose in their bad security practices and expect to stick around. Did you hear that Security BSides Rhode Island tickets are now on sale? Get them at http://bsidesri.eventbrite.com