POPULARITY
Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core 0.21.0 vulnerabilities. This continues our previous discussion in Episode 4 on pre-0.21.0 Bitcoin Core Vulnerabilities. (0:00) - Introduction (1:07) - Background on Bitcoin peer-to-peer address relay (4:30) - Bitcoin Core's AddrMan (address manager) data structure (5:37) - Disclosure of remote crash due to addr message spam (8:51) - Address spamming observed on the network (10:57) - Bitcoin Core #22387 PR to fix addr message spam (13:46) - Background on Miniupnp, the UPnP library used by Bitcoin Core (15:18) - The bug in Miniupnpc (16:33) - Disclosure of the impact of an infinite loop bug in the miniupnp dependency (17:50) - Bitcoin Core #20421 PR to fix the infinite loop bug in the miniupnp dependency (18:46) - Lessons learned
On this episode of Ruff Talk VR we are joined by Guy Godin the creator of Virtual Desktop! Guy is one of our most requested guests so we were hyped for this one. Virtual Desktop is a staple for many PCVR players who play off of the Meta Quest headset. Listen as we get to know Guy, dive into the origins of Virtual Desktop, some upcoming features, his thoughts on the Apple Vision Pro, and more!Ruff Talk VR Discord: https://discord.gg/9JTdCccucSPatreon: https://www.patreon.com/rufftalkvrIf you enjoy the podcast be sure to rate us 5 stars and subscribe! Join our official subreddit at https://www.reddit.com/r/RuffTalkVR/Get 20% OFF @manscaped + Free Shipping with promo code RUFFTALKVR at MANSCAPED.com!Virtual Desktop Store Link: https://www.meta.com/experiences/2017050365004772/Store Description: Connect wirelessly to your computer(s) to watch movies, browse the web, play games on a giant virtual screen or stream PCVR games. Virtual Desktop is a highly optimized, native application developed for low latency, high quality streaming.• Computer must be wired with Gigabit Ethernet cable to a 5 GHz router• Supports most PCs and laptops running Windows 10 or 11, macOS Mojave or later• PCVR game streaming requires a VR Ready PC running Windows 10 or 11• Videos tab allows you to download or stream regular/180/360 videos directly from your computer• Supports Bluetooth mice, keyboards and gamepads• Supports 3D Side-by-Side / Over-Under content on screen• Lets you cycle through your monitors (if you have multiple physical monitors)• Includes a Microphone passthrough option• Supports remote connections over the internet (enable UPnP on your router)Support the show
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors? Segment Resources: https://github.com/evilsocket/opensnitch https://securityonionsolutions.com/software/ https://deer-run.com/users/hal/ https://archive.org/details/HalLinuxForensics In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw772
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors? Segment Resources: https://github.com/evilsocket/opensnitch https://securityonionsolutions.com/software/ https://deer-run.com/users/hal/ https://archive.org/details/HalLinuxForensics In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw772
In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw772
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors? Segment Resources: https://github.com/evilsocket/opensnitch https://securityonionsolutions.com/software/ https://deer-run.com/users/hal/ https://archive.org/details/HalLinuxForensics In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw772
In the Security News: VMware and Ransomware makes you want to run some where, double-free your OpenSSH, download the RIGHT software, you have Docker, I have root, we don't talk about CORS, to vulnerability or not to vulnerability, vulnerability risk scoring, a matter of perspective, very persistent Cisco attacks, running UPNP without all the protections, overflowing a buffer in your bootloader over HTTP, C can be memory safe (but developers will still screw it up), and lasers, microwaves, satellites and the Sun! All that, and more, on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw772
Malware… Authorities Arrest Developer of Malware Service - Was Your Credit Card or Other Personal Information Stolen? And How He Was Captured https://krebsonsecurity.com/2022/10/accused-raccoon-malware-developer-fled-ukraine-after-russian-invasion/ According to the U.S. Justice Department, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) stolen. Raccoon was essentially a Web-based control Crime-as-a-Service panel, where — for $200 a month — customers could get the latest version of the Raccoon Infostealer malware and interact with infected systems in real-time. Security experts say the passwords and other data stolen by Raccoon malware were often resold to groups engaged in deploying ransomware. U.S. authorities zeroed in on a mistake that the Raccoon developer made early on in his posts to the crime forums, connecting a Gmail account for a cybercrime forum identity used by the Raccoon developer ("Photix") to an Apple iCloud account belonging to Sokolovsky. Authorities soon tracked Sokolovsky's phone through Germany and eventually to The Netherlands, with his female companion helpfully documenting every step of the trip on her Instagram account. Check If You Were Compromised: https://raccoon.ic3.gov/home ++++++++ Former Uber Chief Found Guilty of Hiding Hack From Authorities. https://www.nytimes.com/2022/10/05/technology/uber-security-chief-joe-sullivan-verdict.html Joe Sullivan, the former Uber security chief, was found guilty by a jury in federal court on charges that he did not disclose a breach of customer and driver records to government regulators. The case — believed to be the first time a company executive faced criminal prosecution over a hack — could change how security professionals handle data breaches. Airbnb… Throwing the spotlight on hidden cameras in Airbnb https://www.welivesecurity.com/2022/11/01/spy-who-rented-to-me-hidden-cameras-airbnbs/ In recent years, some travelers have had their dream vacations ruined by one particularly creepy privacy risk – covert cameras in rental properties, which are often booked via platforms such as Airbnb. Ours is also a time when all sorts of surveillance gadgets are increasingly affordable; what's more, these gadgets are often tiny and/or designed to look like everyday objects – they are intended to be challenging to spot. Airbnb's policy on the matter is pretty unequivocal. Security cameras and noise-monitoring devices are allowed "as long as they are clearly disclosed in the listing description and don't infringe on another person's privacy." How to Find a Hidden Security Camera: Physically check the room: Look for cameras hiding in plain sight, perhaps in clocks, smoke detectors, speakers, or even light bulbs Use a flashlight: Camera lenses are made of glass, meaning they're reflective. So turn the lights down and shine a flashlight around the property. Check for night vision lights: Turning the lights down or off will also help you spot the tell-tale red or green LEDs, which may illuminate night vision cameras. Use an app: Researchers have been working on a mobile application that uses phones' Time-of-Flight (ToF) sensor to find spy cams hidden in everyday objects. Detect RF signals: A final tell-tale sign of a hidden camera is to monitor for radio frequencies (RF) that the camera may use to connect to a secret network. In addition, a hidden camera may interfere with your phone signal, so stop and investigate. Baby Monitors… Hacking baby monitors can be child's play: Here's how to stay safe https://www.welivesecurity.com/2022/11/07/hacking-baby-monitors-childs-play-how-stay-safe/ We've probably all read horror stories online: a parent is woken in the middle of the night by strange noises coming from their child's bedroom. They open the door, only to find a stranger "talking" to their baby through the monitor. While rare, such cases do happen from time to time. How to Stay Safer: Research your options well, and aim to go with a well-regarded manufacturer with a strong emphasis on security and good reviews. Install any updates to the device's software (or firmware) If possible, choose a model that does not allow remote communication via an app. If it does, turn off remote access, especially when not in use. I am setting up a solid and unique password and enabling two-factor authentication if possible. Review monitor logs regularly to check for any suspicious activity, such as individuals accessing it from a unique IP or at strange times. Secure your wireless router with a strong, unique password. Also, disable remote access to it and port forwarding or UPnP. Finally, make sure the router is kept updated with any firmware patches. Apple… Apple Tracks You Even With Its Own Privacy Protections on, Study Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558 For all of Apple's talk about how private your iPhone is, the company vacuums up a lot of data about you. But, of course, iPhones have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects highly detailed information on you with its apps even when you turn off tracking, an apparent direct contradiction of Apple's own description of how their privacy protection works. Security researchers at the software company Mysk looked at the data collected by several Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks. They found the analytics control and other privacy settings had no noticeable effect on Apple's data collection—the tracking remained the same whether iPhone Analytics was switched on or off. "The level of detail is shocking for a company like Apple," Mysk told Gizmodo. ++++++++ Apple clarifies security update policy: Only the latest OSes are fully patched. Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected. In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about. For example, apple currently provides security updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura. In addition, in the past, it has released security updates for older iOS versions for devices that can't install the latest upgrades. Most Macs still receive six or seven years of upgrades, plus another two years of security updates.
Our stripped-back show this week features the following news: Samsung Now Let's You Repair Your Phone LockBit Ransomware Targets Windows Defender We also have these explainers, tips, and tricks: What Is UPnP and Is It Dangerous? The Secrets of Amazon Prime Video Amazon Prime Video Troubleshooting Guide We finish the show with the following recommendation:OPPO Reno8 Pro reviewedThis week's show is hosted by Christian Cawley and features Ben Stegner and Gavin Phillips. Follow them on Twitter (@thegadgetmonkey, @stegnersaurus and @gavinspavin) for updates and even make suggestions for future topics.Don't forget to subscribe to the Really Useful Podcast on Apple Podcasts for more tech news and tips for technophobes!
With this episode, we kick off a new theme - Everyday Tech and home automation is a natural choice for a first episode. The earliest reference to a smart home we found was a short story by Ray Bradbury in 1950 called “There Will Come Soft Rains”. It was about a smart house going about its daily routine in the year 2026. It wakes the family, cooks a perfect breakfast, cleans the tables, and so on. The story does have a morbid undertone - but more of that later. From fiction to nerdiness. Intended for residential networks only, UPnP is a set of networking protocols that allows devices to discover each other and work together without active manual configuration. Sounds a bit like the United Nations of networking
New to writing firewall rules? Looking for an option to firewall rules? Stay tuned and I will show you an option in pfSense, Here are other videos in the series ... The post How to use UPnP with pfSense in your Smarthome first appeared on TechBytes With Ron Nutter.
Logitech's Lift is a vertical mouse that's easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin's crackdown ended their global ambitions, & Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737
Logitech's Lift is a vertical mouse that's easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin's crackdown ended their global ambitions, & Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737
This week on Paul's Security Weekly, an interview with Captain John Alfred retired from the Rhode Island State Police. Second up is a discussion with Tom Lonardo, John Alfred, and the hosts to talk about privacy in your organization, the GDPR, the CFA, and other topics in relation to the long arm of the law. In the Security News: Logitech's Lift is a vertical mouse that's easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin's crackdown ended their global ambitions, & Hackers can infect over 100 Lenovo models with unremovable malware. Are you patched? Show Notes: https://securityweekly.com/psw737 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week on Paul's Security Weekly, an interview with Captain John Alfred retired from the Rhode Island State Police. Second up is a discussion with Tom Lonardo, John Alfred, and the hosts to talk about privacy in your organization, the GDPR, the CFA, and other topics in relation to the long arm of the law. In the Security News: Logitech's Lift is a vertical mouse that's easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin's crackdown ended their global ambitions, & Hackers can infect over 100 Lenovo models with unremovable malware. Are you patched? Show Notes: https://securityweekly.com/psw737 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
On The Cloud Pod this week, Ryan is in the doghouse and he's been suspended (with full pay). Plus, we're comfortably numb with AWS Cloud NGFW, GCP suspends hosts for big savings, and Azure is once again shutting the Front Door on us. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
Qué tal mi gente bonita pasando por aquí Alex Ramirez trayendo mi más reciente podcast para ustedes de gran importancia a mi parecer, te gustaría saber qué persona y qué dispositivos tienes colgados en tu Red Wi-Fi, y qué velocidad de Internet te da tu compañía de tu preferencia? Pues en este podcast sabrás y aprenderás a verificar tu velocidad de Internet, no te lo pierdas! Fing ha ayudado a 40 millones de usuarios en todo el mundo a entender: • Quién está usando mi WiFi • ¿Alguien está robando mi WiFi y mi banda ancha? • ¿Me han hackeado? ¿Es segura mi red? • ¿Hay cámaras ocultas en el B&B en el que me estoy quedando? • ¿Por qué Netflix ha empezado a cargar? • ¿Mi proveedor de Internet me está dando la velocidad por la que pago? Fing es el escáner de red número 1: descubre todos los dispositivos conectados a tu WiFi y los identifica, gracias a nuestra tecnología patentada que también utilizan los fabricantes de routers y antivirus de todo el mundo. Gracias a las herramientas y funciones gratis de Fing podrás hacer lo siguiente: • Escanear redes con el escaneador de redes wifi de Fing y detectar todos los dispositivos conectados a cualquier red • Conseguir la detección más precisa de direcciones IP, direcciones MAC, nombres de dispositivos, modelos, proveedores y fabricantes • Realizar pruebas de velocidad de Internet y de wifi, además de análisis de velocidades de bajada, subida y latencia • Examine los cortes de Internet en su área, las calificaciones de ISP, las revisiones y las estadísticas de velocidad • Análisis de dispositivos avanzado de NetBIOS, UPnP, SNMP nombres de Bonjour, propiedades y tipos de dispositivos • Detectar intrusos en la red wifi. Te muestra dispositivos nuevos desconocidos con cada escaneo • Incluye escaneo de puertos, ping a dispositivos, traceroute, búsqueda de DNS y Wake on LAN • Regístrate para obtener seguridad de red y alertas de dispositivos en tu teléfono y correo electrónico Añade Fingbox para desbloquear la protección avanzada de red y las funciones de solución de problemas de casas inteligentes. • Cuando no estés en casa, sabrás en todo momento quién está • Ver todos los dispositivos que pasan cerca de tu casa • Bloquear automáticamente intrusos y dispositivos desconocidos antes de que se conecten a tu red • Configurar las funciones de control parental para programar el tiempo de uso e interrumpir el acceso a Internet • Analizar el uso del ancho de banda según el dispositivo para saber quién lo usa • Encontrar lugares con buena señal wifi • Automatizar pruebas de velocidad de red y obtener informes comparativos del rendimiento de los proveedores de Internet • Proteger tu red doméstica con la detección de puertos abiertos y analizar la vulnerabilidad de la red Puede encontrar todos los detalles sobre los términos de uso de las compras en la aplicación y el uso de la cuenta de Fing en https://www.fing.com/fing-terms-of-service. https://apps.apple.com/mx/app/fing-esc%C3%A1ner-de-red/id430921107
As Jon says, "Routers bad. Firewalls good." https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/ Hosts: Peter Lowe (@pgl) Jon Cohen (@jonnisec) Mike Sutton (@zenmike)
This Week in the Security News: UPnP strikes back, Lazarus, Samba, CISA, SMS Scams, secret pixels, OMB Zero Trust, and Wordle, along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn183
This Week in the Security News: UPnP strikes back, Lazarus, Samba, CISA, SMS Scams, secret pixels, OMB Zero Trust, and Wordle, along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn183 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: UPnP strikes back, Lazarus, Samba, CISA, SMS Scams, secret pixels, OMB Zero Trust, and Wordle, along with the Expert Commentary of Jason Wood on this edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn183 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Your GPU knows your secrets UPnP behind Eternal Silence router campaign DeFi platform hacked for $80 million Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, take the adversarial perspective. The way to know which vulnerabilities are exploitable is to…well, exploit them. This way, security teams get a concise attack vector pointing to the organization's weakest link. From here remediation requests handed to IT are focused, manageable, and based on true business impact. Find out more at pentera.io
[Referências] Campanha que abusa do UPnP - https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/?&web_view=true https://www.akamai.com/content/dam/site/en/documents/research-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf Vulnerabilidade no Samba - https://kb.cert.org/vuls/id/119678 Campanha do Gamaredon - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine Comprometimento da Securitas - https://www.safetydetectives.com/news/securitas-leak-report/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
Simple Cyber Defense Season 3 Episode 2 In this episode we go over the basics to home network security. How to scan your network for devices, diagram your home network, and use pfSense to create subnets. Support US: Donations - https://simplecyberdefense.com/Donate Connect with US: Facebook - https://www.facebook.com/SimpleCyberDefense/ Twitter - https://twitter.com/SimCyberDefense MeWe - https://mewe.com/join/simplecyberdefense Mastodon - https://mastodon.social/@SimpleCyberDefense Minds - https://mastodon.social/@SimpleCyberDefense LBRY - https://lbry.tv/@SimpleCyberDefense LinkedIn - https://www.linkedin.com/groups/12488483/ Rumble - https://rumble.com/c/c-406535 PeerTube - https://worldofvids.com/video-channels/simple_cyber_defenese/videos YouTube - https://www.youtube.com/channel/UCF1IvGkxa4qz-jsJg70884Q Intro: Film Glitch by Snowflake (c) copyright 2017 Licensed under a Creative Commons Attribution Noncommercial (3.0) license. http://dig.ccmixter.org/files/snowflake/56350 Ft: reusenoise Links: Command Prompt Command for identifying your IP address: ipconfig Scan your home network (Angry IP Scanner)- https://angryip.org/ Create a home network diagram - https://draw.io ASUS -RT-AC1900P - https://www.amazon.com/gp/product/B07KGKCX43/ pfSense - https://www.pfsense.org/ nmap scan command to scan your network: nmap -v -sn (IP Address) Using pfSense to create subnets - https://netosec.com/protect-home-network/ How to detect if UPnP is active on your network - https://www.grc.com/unpnp/unpnp.htm Internet Vulnerability Profiling - https://www.grc.com/x/ne.dll?bh0bkyd2 --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/simplecyberdefense/message Support this podcast: https://anchor.fm/simplecyberdefense/support
This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719
This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719
Time flows strangely in the era of the pandemic. Sometimes you go out on what seems like a four hour walk, and barely two hours have passed. Or you might sit down on the couch in what you thought was the morning and suddenly it's 4PM and you have no idea how that's even possible. Here on this podcast episode is a rare change up for Data Center Therapy; there's almost no mention of the datacenter! Instead, Matt “Bonjour” Yette and Matt “You have a Rendezvous with a uPnP problem?” Cozzolino melt away thirty-five minutes into what feels like a quick ten minute catch-up with a friend about their home automation adventures. The Matts talk about Home Assistant and HomeKit here, but this time, it comes loaded with stories about compromises (for the sake of home automation) and the “buyer beware!” security implications of the technologies they've played with. We promise: it's still a fun one. You, our curious listeners, also get to hear: Which robotic vacuums and mops have the Matts looked at (and bought?) How automating things can truly just shift around tasks that you do instead of eliminating them. What happened at a bank inside of a grocery store that made Cozzolino rethink what duties workers have nowadays? For the network propeller heads, you'll get to hear about some of the backend technologies and protocols (like mDNS, or the Avahi daemon on Linux) powering some of the newer devices and applications emerging. Gadget-loving listeners who love a good debate can rest soundly knowing the Z-wave versus Wi-fi tech battle continues unabated. Listen in for the latest on cutting-edge home tech with the Matts, and as always, be sure to like, share, and subscribe wherever finer podcasts are found. Stay safe, get automated (but stay secure!) and keep a lookout for our all-new episodes, DCT friends!
On this episode of Grumpy Old Bens we discuss when deepfakes are real, a new Zoom exploit, Twitch banning people for off-platform behavior, fonts are racist, UPnP, ID for social media, and much more! We hope you enjoy the show, please consider supporting us! SUBSCRIBE/DONATE: http://grumpyoldbens.com EXECUTIVE PRODUCERS:Cal of Lavender Blossoms – https://www.lavenderblossoms.org/Herb LambSirLeeMofo ASSOCIATE-EXECUTIVE PRODUCERS:Sir_EDank SteadyMutterBrewCityMikeDavid … Continue reading "Episode 150: Twitch Snitch"
On this episode of Grumpy Old Bens we discuss when deepfakes are real, a new Zoom exploit, Twitch banning people for off-platform behavior, fonts are racist, UPnP, ID for social media, and much more! We hope you enjoy the show, please consider supporting us! SUBSCRIBE/DONATE: http://grumpyoldbens.com EXECUTIVE PRODUCERS:Cal of Lavender Blossoms – https://www.lavenderblossoms.org/Herb LambSirLeeMofo ASSOCIATE-EXECUTIVE PRODUCERS:Sir_EDank SteadyMutterBrewCityMikeDavid … Continue reading "Episode 150: Twitch Snitch"
https://t.me/DekNet/168https://openconnectivity.orghttps://global.download.synology.com/download/Document/Software/WhitePaper/Firmware/DSM/All/enu/Synology_QuickConnect_White_Paper.pdfhttps://ds-manager.fundevs.eu
Science Go further, faster: https://arstechnica.com/science/2020/06/the-us-military-is-getting-serious-about-nuclear-thermal-propulsion/ The greatest technology: https://gizmodo.com/nasa-is-using-red-and-blue-3d-glasses-to-safely-drive-t-1842878893 Technology For the love of all things digital, turn of UPnP: https://arstechnica.com/information-technology/2020/06/upnp-flaw-exposes-millions-of-network-devices-to-attacks-over-the-internet/ Was this created on the PS5: https://www.polygon.com/2020/6/12/21289100/ps5-console-reveal-conspiracy-cgi-presenters-sony-playstation Other Cool/Weird Shit Won't reduce distracted driving: https://gizmodo.com/youll-soon-be-able-to-buy-that-distraction-free-rotary-1843903183 Cool kid: https://www.washingtonpost.com/lifestyle/2020/05/11/boy-5-steals-family-car-attempt-buy-lamborghini-then-man-with-lamborghini-shows-up-his-house/
Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655
Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655
Teknikerna som går under samlingsnamnet UPnP (Universal Plug and Play) har orsakat säkerhetsproblem i många år. Senast i raden är den så kallade Call Stranger-sårbarheten som låter kriminella exfiltrera data ur företagsnätverk och förstärka överbelastningsattacker med hjälp av ovetande konsumenters nätverksprylar. I veckans podd diskuterar Tess och Nikka de återkommande problemen med UPnP och vilka åtgärder som bör vidtas. Se fullständiga shownotes på https://go.nikkasystems.com/podd072.
In today's podcast we cover four crucial cyber and technology topics, including: 1. Indian government contractor, BEML, data exposed 2. CallStranger UPnP vulnerability affects thousands of networks 3. German COVID task force targeted 4. Singapore residents decry Government plan for wearable COVID tracersI'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Six digit vs four digit PIN (significantly more secure), maintaining Windows 10 OS (MS disk cleanup tools, CCleaner, skip Registry optimization), getting data from crashed computer (removed disk, use SATA to USB connector), using UPnP for port configuration (keeping it permanent), IHaveBeenPwned.com (great dark web scanner), Profiles in IT (Neil Ferguson, pioneering coronavirus modeler), dueling coronavirus models (Imperial College vs Oxford University), Wolfram Pysics Project (discovering the fundamental theory of physics), COBOL revealed (why does the financial world still depend on it). This show originally aired on Saturday, April 18, 2020, at 9:00 AM EST on WFED (1500 AM).
Six digit vs four digit PIN (significantly more secure), maintaining Windows 10 OS (MS disk cleanup tools, CCleaner, skip Registry optimization), getting data from crashed computer (removed disk, use SATA to USB connector), using UPnP for port configuration (keeping it permanent), IHaveBeenPwned.com (great dark web scanner), Profiles in IT (Neil Ferguson, pioneering coronavirus modeler), dueling coronavirus models (Imperial College vs Oxford University), Wolfram Pysics Project (discovering the fundamental theory of physics), COBOL revealed (why does the financial world still depend on it). This show originally aired on Saturday, April 18, 2020, at 9:00 AM EST on WFED (1500 AM).
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Cloudflare Releases Proxy Detection Tools https://blog.cloudflare.com/monsters-in-the-middleboxes/ Business Email Compromise Moving to SMS https://www.agari.com/email-security-blog/bec-goes-mobile/ JavaScript Requests Without Same Origin Policy Limitations https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy Discovering IPv6 Hosts With UPNP https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Cloudflare Releases Proxy Detection Tools https://blog.cloudflare.com/monsters-in-the-middleboxes/ Business Email Compromise Moving to SMS https://www.agari.com/email-security-blog/bec-goes-mobile/ JavaScript Requests Without Same Origin Policy Limitations https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy Discovering IPv6 Hosts With UPNP https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
Netzwerk-Lautsprecher sind praktisch: Stromkabel anschließen und los geht's -- theoretisch. In der Praxis sind die Geräte dann doch ganz schön verwirrend. Etliche Möglichkeiten gibt es, die Lautsprecher mit Ton zu versorgen, unter anderem UPNP, Spotify Connect, Chromecast Audio, Airplay -- und oft auch Bluetooth. Hannes Czerulla, Sven Hansen und Nico Jurran erklären, wo Probleme liegen, wie das Ganze in der Praxis funktioniert und welche Lautsprecher am besten klingen. Außerdem berichten sie über ihre privates Musik-Nutzungsverhalten in Badezimmer, Küche und Wohnzimmer. Mit dabei: Hannes Czerulla, Jan-Keno Janssen, Sven Hansen und Nico Jurran Die c't 24/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.
Netzwerk-Lautsprecher sind praktisch: Stromkabel anschließen und los geht's -- theoretisch. In der Praxis sind die Geräte dann doch ganz schön verwirrend. Etliche Möglichkeiten gibt es, die Lautsprecher mit Ton zu versorgen, unter anderem UPNP, Spotify Connect, Chromecast Audio, Airplay -- und oft auch Bluetooth. Hannes Czerulla, Sven Hansen und Nico Jurran erklären, wo Probleme liegen, wie das Ganze in der Praxis funktioniert und welche Lautsprecher am besten klingen. Außerdem berichten sie über ihre privates Musik-Nutzungsverhalten in Badezimmer, Küche und Wohnzimmer. Mit dabei: Hannes Czerulla, Jan-Keno Janssen, Sven Hansen und Nico Jurran Die c't 24/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.
Wes is joined by special guest Jim Salter to discuss Google's recent BGP outage and the future of HTTP. Plus the latest router botnet, why you should never go full UPnP, and the benefits of building your own home router. Special Guest: Jim Salter.
Netzwerk-Lautsprecher sind praktisch: Stromkabel anschließen und los geht's -- theoretisch. In der Praxis sind die Geräte dann doch ganz schön verwirrend. Etliche Möglichkeiten gibt es, die Lautsprecher mit Ton zu versorgen, unter anderem UPNP, Spotify Connect, Chromecast Audio, Airplay -- und oft auch Bluetooth. Hannes Czerulla, Sven Hansen und Nico Jurran erklären, wo Probleme liegen, wie das Ganze in der Praxis funktioniert und welche Lautsprecher am besten klingen. Außerdem berichten sie über ihre privates Musik-Nutzungsverhalten in Badezimmer, Küche und Wohnzimmer. Mit dabei: Hannes Czerulla, Jan-Keno Janssen, Sven Hansen und Nico Jurran Die c't 24/18 gibt's am Kiosk, im Browser und in der c't-App für iOS und Android. Alle früheren Episoden unseres Podcasts gibt es unter www.ct.de/uplink.
Router port configuration (using UPnP for Tablo remote), quantum computing and qubits (what does it mean), resetting atomic clocks using WWVB (tips and tricks), dark web scans (use HaveIBeenPwned, its free), Profiles in IT (Alex Hills, WiFi pioneer), novel app that tilted the election (Reach brought in new voters), Google to digitize 5M photos for NYT, App of the Week (Apple VoiceOver, accessibility for the blind). This show originally aired on Saturday, November 10, 2018, at 9:00 AM EST on WFED (1500 AM).
Router port configuration (using UPnP for Tablo remote), quantum computing and qubits (what does it mean), resetting atomic clocks using WWVB (tips and tricks), dark web scans (use HaveIBeenPwned, its free), Profiles in IT (Alex Hills, WiFi pioneer), novel app that tilted the election (Reach brought in new voters), Google to digitize 5M photos for NYT, App of the Week (Apple VoiceOver, accessibility for the blind). This show originally aired on Saturday, November 10, 2018, at 9:00 AM EST on WFED (1500 AM).
With Jeff Dorgay of TONEAudio. Naim's Uniti Atom could be the poster child of the modern hi-fi age: a small 40wpc integrated amplifier with probably the best volume control in the world that streams every which way: aptX Bluetooth, Apple AirPlay, Googlecast, UPnP and Roon; plus Internet radio and Tidal through Naim's own app. The Uniti Atom is the perfect platform from which to discuss how we stream music in the home and the perfect starting point for the seventh Darko.Audio podcast, the second with TONEAudio's Jeff Dorgay. The podcast ending I also had pre-planned: a hat tip for Nathan Fake's mind-blowing Dekmantel podcast that runs rings around his latest album, Providence. The Uniti Atom's Googlecast support brings SoundCloud into the audiophile picture where it rightly belongs. However, at 80 minutes, the seventh Darko.Audio podcast is also the longest (and probably best) episode to date. In between Naim and Nathan, Dorgay and I discuss how Spotify Connect works, the limitations of Apple AirPlay, the differences between Tidal and Qobuz, hifi review methodologies, "Musicality", Tidal's promotion of hip-hop / RnB, the LG V30 smartphone, our latest favourite gear and the importance of coloured finishes. More coverage at http://Darko.Audio and http://www.tonepublications.com/.
5/24/18 Satori Scanning; DHCP; UPnP DDoS; GDPR; Internet Weather | AT&T ThreatTraq
Hacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode130 Visit http://hacknaked.tv to get all the latest episodes!
Hacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode130 Visit http://hacknaked.tv to get all the latest episodes!
Your geeks start with some tips: dealing with a bad key on your keyboard, restoring the proper album art after iCloud Music Library has done its part, and dealing with a damaged SD card. Then it's on to some questions, like whether or not UPnP is dangerous for you or what […]
In this episode Mike talks about b8ta, a new IoT retail store concept, OIC and UPnP and the OnHub shell maker program. He also talks with Wendy Qi, cofounder of Sentri. You can find out more about Sentri at www.sentri.me You can find the Smart Home Show at www.thesmarthomeshow.com Follow Mike on Twitter at www.twiter.com/michaelwolf http://knit.audio/podcast-advertising (via Knit)
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Lets-Talk-About-SOAP.pdf Extras here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Extras.rar Let's Talk About SOAP, Baby. Let's Talk About UPNP Ricky "HeadlessZeke" Lawshae Security Researcher, HP TippingPoint Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability you can think of, and an all-around lack of good security practice about sums it up. In this talk, I will discuss this growing attack surface, demonstrate different methods for attacking/fuzzing it, and provide plenty of examples of the many dangers of insecure SOAP/ UPnP interfaces on embedded and "smart" devices along the way. Ricky "HeadlessZeke" Lawshae is a Security Researcher for DVLabs at HP TippingPoint with a medium-sized number of years' experience in professionally voiding warranties. He has spoken at the DEF CON, Recon, Insomni'hack, and Ruxcon security conferences, and is an active participant in the extensive Austin, TX hacker community. In his meager spare time, he enjoys picking locks, reading comic books, and drinking expensive beers. Twitter: @HeadlessZeke
This week Larry and Jack join Paul in studio, Carlos is on via Skype without a shirt and none other than Google-Image-Search-John-Strand joins us...from his car none the less! Jack recently gave a talk at B-Sides Cleveland and was approached by a listener on how exactly you should talk to high-level execs about security, the DBIR and more. Then, well, tangents... We talk about a recent article describing how to crack the passwords resulting from the Ashley Madison breach. Paul's prediction of UPnP being used for evil is in the news, this time the bad guys will turn all of your routers into a botnet, a bigger, better, faster botnet. Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode433 Security Weekly Web Site: http://securityweekly.com Hack Naked Gear: http://shop.securityweekly.com Follow us on Twitter: @securityweekly
This week, we talk about a recent article describing how to crack the passwords resulting from the Ashley Madison breach. Paul's prediction of UPnP being used for evil is in the news, this time the bad guys will turn all of your routers into a botnet, a bigger, better, faster botnet. Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode433 Security Weekly Web Site: http://securityweekly.com Hack Naked Gear: http://shop.securityweekly.com Follow us on Twitter: @securityweekly
Seguimos con Raspberry PI, en esta ocasión veremos en el capítulo de hoy Raspberry Pi como centro multimedia. Uno de los fines más habituales para este mini dispositivo.Si tienes alguna duda sobre Raspberry Pi o algún otro tema de tecnología puedes contactar con nosotros a través del formulario de contacto, en Twitter y en Facebook. También tenemos a tu disposición una lista de distribución.Como decíamos, una de las funcionalidades que la comunidad está exprimiendo más es su uso multimedia, y es que aunque parezca mentira cualquier versión de este dispositivo es capaz reproducir Full HD gracias a su aceleración por hardware para la decodificación de video. A continuación vamos a explicar qué y cómo darle dicho uso y disfrutar de un centro de entretenimiento completo y para todos los gustos. Ojo, esto no significa que haya diferentes alternativas pero hemos seleccionado lo que creemos que son las mejores opciones para exprimir tu Raspberry Pi. Allá vamos:Kodi: El cliente multimedia líder.Anteriormente conocido como XBMC(XBOX Media Center) es un software de mediacenter multiplataforma creado bajo licencia GNU/GPL(software libre). Está disponible para las plataformas Windows, Mac OS X, Linux, Andorid y IOS de forma nativa. Raspberry Pi en Linux permite ejecutarlo desde las primeras versiones y funciona francamente bien. Este software proporciona una interfaz preparada para utilizarlo desde el sofá de tu salón y todo gira en torno a eso: que tu experiencia reproduciendo contenido(y administrándolo) sea lo más amigable posible.Podemos crear listas de reproducción de Música, imágenes, series, películas, documentales, etc... y mediante Scrapers descargar automáticamente contenido visual para catalogar el contenido multimedia. También podemos utilizar mandos a distancia, utilizar multitud de skins para cambiarle la apariencia, emitir o reproducir vía UPNP e incluso puedes desarrollar tus propia interfaz web para consumir contenido o gestionar Kodi!Si a las funcionalidades básicas le añadimos la posibilidad de instalar addons para visionar(por ejemplo) contenido online nos encontramos con una plataforma difícil de superar ya que ha tenido una acogida especialmente buena por la comunidad.En fin, recomendamos su uso encarecidamente, si quieres descargar las diferentes versiones; puedes hacerlo desde aquí.Para implantarlo en nuestra Raspberry Pi, vamos a proponeros dos posibles configuraciones:Raspbian + Kodi: Es una opción bastante polivalente ya que además de usarlo como media center, sigues teniendo todas las posibilidades que te ofrece Raspbian como distribución Linux.Openelec: Está limitado a su uso como media center pero gracias a ello está más optimizado y se nota en el rendimiento. Ideal en el caso de que tengas claro que solo vas a usar tu Raspberry Pi como media center.Plex: El cliente/servidor multimedia que te sorprenderá.Ya hablamos en este blog de Plex media server para servir contenido multimedia. En este caso hablamos del cliente. Que te permite tener tu contenido multimedia centralizado y disfrutarlo en cualquier dispositivo con una interfaz realmente brillante. Está disponible en las plataformas Windows, Linux Mac Os X, Android e IOS per hay que tener en cuenta que esta vez es un producto comercial aunque empezó como un proyecto hobby. Es muy importante recordar que Plex requiere Plex Media Server arrancado(en un PC o Raspberry Pi 2 por ejemplo) y que la comunidad no está demasiado contenta con esta versión de Plex para Raspberry Pi. Aquí puedes encontrar Rasplex.Retro Pie. Una consola retro de bajo coste:Distribución basada en Raspbian que proporciona el software necesario para jugar a emuladores de consolas como NES, Master System, Super Nintendo, Mega Drive, entre otras... Todo ello mediante una distribución Linux orientada específicamente a ello lo cual nos da una interfaz cómo y amigable para utilizarlo para tal fin y además está totalmente optimizada con lo que ello conlleva en cuanto a rendimiento se refiere. Podremos emplear mandos como los de XBOX 360 o PS3.Si queréis más información es muy recomendable que visitéis el blog de RetroPie.Puedes decargarlo aquí.Moonlight. Jugar a juegos de Steam mediante Gamestreaming:Moonlight(antiguamente llamado Limelight) te permite jugar a tu colección completa de juegos de Steam desde tu PC a cualquiera de tus dispositivos compatibles haciendo streaming sin sacrificar la calidad de tu PC. Está disponible para Android, IOS, OSX, Windows y Linux(y por lo tanto también en Raspberry Pi 2 gracias a un port no oficial). Es muy interesante si dispones de un PC de sobremesa y quieres jugar a tus juegos en el salón con tu Raspberry usando por ejemplo el mando de Xbox 360. Como hemos dicho existe un port no oficial para Raspberry que puedes descargar aquí.Es muy importante dejar claro que para que Raspberry Pi pudiese tener un coste más bajo, la fundación Raspberry decidió no adquirir de origen las licencias Mpeg y VC1 y si se va a utilizar el dispositivo es conveniente adquirirlas en el siguiente sitio.Una recomendación a la hora de tener cualquier tipo de instalación es utilizar la tecnología PLC (Power Line Communications). Esta tecnología nos permite transmitir datos a través de nuestra red eléctrica. Es bastante útil cuando queremos comunicar cualquier dispositivo sin utilizar Wifi. Nos aporta más velocidad de transmisión y fiabilidad.A continuación te dejamos los enlaces de los que hacemos mención en este podcast:KodiRaspbianOpenElecRasplexMoonlightRecurso del díaNOOBSEs un software que te permite gestionar la instalación de diferentes sistemas operativos para tu Raspberry Pi. Propone un menú inicial que te da a elegir entre diferentes sistemas operativos como: Raspbian, RaspBMC, OpenElect, entre otros, además permite instalar los sistemas simultáneamente y así poder tener diferentes opciones y seleccionar el sistema al arrancar tu Raspberry Pi.Muchas gracias a todos por los comentarios y valoraciones que nos hacéis en iVoox, iTunes, Spreaker y Overcast nos dan mucho ánimo para seguir con este proyecto.
Followup Remove unwanted adware that displays pop-up ads and graphics on your Mac. Kao i drugi besplatni alat Adware Medic, Miki pronašao ovaj Adware removal guidehttp://www.thesafemac.com/arg-identification/ Odgovorili smo na email Dragana Vukićevića iz Čačka i pričali malo o hostinzima koje koristimo. Alekov Dreamshot referal link ili koristite APLUS2 kao promo kod (20-25$ popust na godišnje planove) DreamObjects = kopija Amazon S3 DreamPress - automatizovano održavanje WordPress blog instalacija Kakvu je to kafu na tviteru pominjao Marko Arment? Vesti Najavljen WWDC: i https://developer.apple.com/wwdc/ Siracusa se odjavio, neće više pisati prikaze OS X-a Preorder AppleWatcha je druga vest: i naš drug Kuo kaže da je verovatno bilo 2.3M: Alek je pričao na iOS meetupu u Domu Omladine : video predavanja Mac kao Media centar Može li SmartTV da zameni računar kao media centar? Posle kraće diskusije smo zaključili da je to gubljenje vremena, pa smo se osvrnuli i na to da li onda ima uopšte smisla kupovati Smart TV ili "običan". Danas čak i neki obični televizori imaju Ethernet port, neretko i mogućnost za WiFi, a to je sasvim dovoljno da probate DLNA i UPnP ako ih TV podržava Kakvi su naši setupi: Alek – Mac mini, Plex sa svojim klijentima za razne platforme i Subtitles.app, AirServer Joca – Mac mini, Kodi, koji ima ugrađen AirServer Miki – Mac mini sa iTunesom i dva eksterna diska, na jednom muzika, na drugom filmovi i serije, AppleTV u dnevnoj sobi, koristi iSubtitle za lepljenje titlova, iFlicks 2 za metadatu, Handbrake i Tošin Mpeg2Works za konverziju, ponekad koristi Beamer da na AppleTV strimuje film koji nije iskonvertovan Ogi – samo premesti HDMI kabl gde treba :) Šta još postoji, a mi ne koristimo Besplatni Universal Media Server Miki probao da iskompajlira ReadyMedia na PPC Macu, kažu da može i da radi TVMOBiLi Lista UPnP media servera BestDLNA media server iOS VLC GPlayer CineXPLayer VidON Infuse It's Playing AVPlayer FileBrowser ima ugrađen i plejer Pomenuli smo i ... ATP podcast epizoda u kojoj Siracusa kuka na AppleTV Konverzije Handbrake MPEG2 Works - kupujete (kvalitetno) domaće RipIt - DVD rip za Mac Don Melton's transcode script Muzika ID3Tag TriTag version 0.8 Renamer - batch rename fajlova na disku Doug Scripts for iTunes Zahvalnice Snimljeno 20.04.2015. uz veliku pomoć Velikog Maga zvučnih majstorija Ognjena Tomića u svečanoj sali Beogradskog Fonda za Političku Izuzetnost zahvaljujući ljubaznošću našeg slušaoca i prijatelja Nebojše Miljanovića Uvodna muzika by Vladimir Tošić. Logotip by Aleksandra Ilić. Artwork epizode by Saša Montiljo, Mreža, 2010.
Chet and Duck tackle the weeks news including UPnP, the Balmital botnet take down, Flash patches for Windows and OS X and the Lucky Thirteen SSL/TLS weakness.
Pogovor z razvijalcem appa Toshl, Mountain Lion bug, prostor v Surface Pro in težave z UPNP. Special Guests: Alan Rener and Matic Bitenc.
Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware. But with all that in the books, the conversation quickly turn to porn, smut and "sextortion." Yup, this was the first time that word had ever been uttered on the Paul's Security Weekly, which required a visit to Urban Dictionary. As Allison noted, you can now get your very own sextortion coffee mugs, bumper stickers and magnets. The article described talks about how someone hacks into girls' computers (password guessing?), finds risqué photos and then uses those to get the girls to either send more pictures or go on video. Another man was recently charged with a similar crime where he'd talk to boys in IRC, get them to reveal themselves in a video chat where he'd then grab screenshots and use that against the victims. Lessons learned? If you are going to take a nude picture of yourself, DON'T INCLUDE YOUR FACE! But if push comes to shove, profit off it. As Paul said, it worked for the Kardashians and the Hiltons. Did you know you're 182 times more likely to get malware on a news site than on a porn site? China hacked the New York Times! Or did they? Wait, China did it? How in the world did a country of one billion people hack the NY Times. Isn't that the same thing as my blog getting hacked by the kid down the street and saying "The United States did it!" Maybe it was someone in China, maybe it was someone hired by Chinese government officials maybe it was someone who does things the same way that Chinese hackers have done it in the past. But as Allison and Jack noted, it's good that the Times is being so public with the situation. As we begin adding more technology to embedded devices like televisions, we're not paying any additional attention to the security on them. Researchers are reporting having seen televisions and CCTV cameras pop up in their honeypots. Paul talked about fifty million Universal Plug and Play network devices being open to packet attack. As he noted: "This is not a shock to me at all. UPnP is horrible, there just had to be a flaw in there somewhere. HD Moore found some, and turns out there are millions of vulnerable devices on the Internet. I am so happy to see this research come to light, it needs to happen. Free tools exist to check for the vulnerabilities, and details are forthcoming." Speaking of forthcoming, the new version of Backtrack Linux is coming... Oracle now cares about fixing the flaws in Java. Really? What could have possibly spurred this on? Maybe when the US Department of Homeland Security is telling everyone to stop using it? Maybe when they say they're patching the flaws and then a few minutes later, someone already has a new vulnerability for it? Good to know that this is what it takes for Oracle to finally care about security. Now imagine if such a company were involved in things like databases? Oh wait. Wrapping this up with just a few more things. Paul talks about an XSS vulnerability in the VMware Management Interface. Free environment snapshots? Yes please! Allison brings up the new law making it more illegal to jailbreak your mobile device if the carrier says you can not. But what about if you buy an unlocked phone for full price? That's ok, right? Oh yeah, that grad student who was expelled from a Canadian university for telling them about their bad security practices? Well, it's actually a little worse. According to his expulsion letter, he was twice caught and admitted to using SQL injection to break into their informational systems. Yeah, that's a little more than just informing the school about their bad security practices, that's rubbing their nose in it. So lesson for the day, if you're paying someone thousands of dollars for a graduate degree, don't rub their nose in their bad security practices and expect to stick around. Did you hear that Security BSides Rhode Island tickets are now on sale? Get them at http://bsidesri.eventbrite.com
Episode 0x1E -- Absenteeism Insert Subtitle Here With Matt and James out this week, Dave, Ben and Wil are left to their own devices. I think you'll understand what I mean when you get to the end. Upcoming this week... Lots of News Breaches No Scadas, no Matt, No Jamie finishing it off with DERPs/Mailbag and Our new weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary The RCMP says they have no intention of using their Drones for surveilance purposes. Rapid7 white-paper says 81 million descrete publicly routable addresses responded to UPnP poll, as recently as last year. Sony fined many many quid India bars ZTE, Huawei and others from sensitive government projects Govt Sites Hacked Following Arrest of Alleged Jember Hacker FBI going after potential leakers of Stuxnet info Breaches - The never ending never ending story... USSC.gov Hacked : pwned Hackers in China Attacked The New York Times for Last 4 Months Errata / DERP of the week award Barracuda!!!! More Fishy Mailbag / Bizarro Land Hi all, Just came across this crazy story.GitHub's new search functionality has been temporarily disabled after users discovered they could search for juicy content that had been accidentally uploaded, such as private keys, known hosts, and bash history files. According to a couple of different accounts, some credentials and other sensitive data may already have been used to cause mischief.However, it's not all doom and gloom. Some doofus uploaded his home directory to GitHub, which in itself is mighty stupid. This immediately turned into something disturbing: his history contained mplayer commands aimed at playing videos of child pornography, with rather graphic titles. The details were summarily posted to Reddit, where an investigation ensued. GitHub has disabled the user's account, and it seems that a few people may have contacted his university.So, whilst it looks like GitHub's search features may have caused problems for a few users, it has also lead to the discover and outing of a paedophile. Reddit Thread Keep up the good work! -- Graham Sutherland Briefly - NO ARGUING OR DISCUSSION ALLOWED Red teaming at a CCDC Honey Spider Whisper Systems' Spring Break of Code FTC Reaches Settlement Over Cord Blood Bank's Data Breach Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: James and Dave at RSA e10+, also attending Shmoocon but not speaking In Closing We're thinking about doing a live podcast with audience participation - drop us a tweet or a line if you're interested Movie Review Under The Tuscan Scan everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! Seacrest Says: vote SEACREST!!!!!... I mean LiquidMatrix Creative Commons license: BY-NC-SA
Si parla di UPnP, cos'è e quali problemi presenta, come nascondere le app di default e di tunnel SSH.
Looking for an easy way to get photos from your Android to your desktop? Bethan and Spode take you through Intel’s Pair and Share app which makes it super simple.
Spode and Bethan take you through the features of ASUS’s new motherboard – the P8Z77-V. The Wi-Fi Go module makes it easy to stream media to UPnP devices and there’s the included Fan Xpert 2 utility to keep the noise … Continue reading →
Is there a quick and easy way to get content from one device to another? Thanks to the ASUS MyNet app you’ll find on all Transformers, yes. Bethan and Spode show you how to stream content from your Transformer to … Continue reading →
In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel Episode 256 Show Notes Episode 256 Part 2 Direct Audio Download Episode Hosts: Paul Asadoorian Carlos Perez "Intern Ian" Jack "I have senior moments" Daniel Darren "The Sound Man" Wigley Tune in to Paul's Security Weekly TV episodes on our Bliptv channel. Audio Feeds: Video Feeds:
Buying a laptop for college, VM Password advice, securing your online medical account, Facebook privacy, Profiles in IT (Anthony M Fadell, father of the Apple iPod), BART cuts wireless service to stop protest, World Wide Web turn 20 (Tim Berner-Lee launched the first website August 6, 1991 at CERN), IBM PC turns 20 (PC announced in Waldorf Astoria on August 12, 1981, cost $1,565, 4.77 MHz Intel 8088, 16 kB RAM), Perseid Meteor Shower (peak nights this weekend, images available via webcam for first time), DARPA lostes Mach 20 aircraft (reached speeds 20 times the speed of sound, telemetry failure after 13 minutes), and Black Hat Conference (held in Las Vegas, many security vulnerabilities discusses included certifcate authority system, UPNP on wireless routers, new phishing techniques). This show originally aired on Saturday, August 13, 2011, at 9:00 AM EST on WFED (1500 AM).
Buying a laptop for college, VM Password advice, securing your online medical account, Facebook privacy, Profiles in IT (Anthony M Fadell, father of the Apple iPod), BART cuts wireless service to stop protest, World Wide Web turn 20 (Tim Berner-Lee launched the first website August 6, 1991 at CERN), IBM PC turns 20 (PC announced in Waldorf Astoria on August 12, 1981, cost $1,565, 4.77 MHz Intel 8088, 16 kB RAM), Perseid Meteor Shower (peak nights this weekend, images available via webcam for first time), DARPA lostes Mach 20 aircraft (reached speeds 20 times the speed of sound, telemetry failure after 13 minutes), and Black Hat Conference (held in Las Vegas, many security vulnerabilities discusses included certifcate authority system, UPNP on wireless routers, new phishing techniques). This show originally aired on Saturday, August 13, 2011, at 9:00 AM EST on WFED (1500 AM).