T1SP: Episode 26

take1

[ Subscribe to the Podcast: iTunes | Android ]

News

  • [ ] Backdoor found in AMX devices that run corporate and government conference rooms

  • [ ] Autopwn every Android device on your network using BetterCap and addJavascritInterface

  • [ ] Cyber insurance challenged: a lawsuit for failing to cover a 500K loss in Houston

  • [ ] HD Moore is leaving Rapid 7 and going to build a venture capital firm around security startups

  • [ ] Severe vulnerabilities detected in FreeBSD (ICMPv6 error processing); patches released

  • [ ] France has rejected encryption backdoors

  • [ ] Bots will inflict 7.2 billion in fraud on digital advertisers in 2016

  • [ ] DDoS attack hits Irish lottery

  • [ ] Linux Kernel Bug Allows Local-to-Root Privilege Escalation

  • [ ] Twitter is being criticized for not disclosing information about who is targeting user accounts: https://threatpost.com/twitters-silence-deafening-on-state-sponsored-attacks/115937/

  • [ ] Facebook’s Android app now lets you connect through Tor for anonymity (how does that work when you log in as yourself?)

  • [ ] Github community super pissed at the company over support, bug fixes, etc.

  • [ ] Clinton’s email issues just got far worse: Hillary Clinton’s E-Mail Scandal: Far Graver than First Thought

  • [ ] We just crossed the 25th year that we’ve been in Iraq

  • [ ] NSA director (Admiral Michael Rogers) has come out against encryption backdoors; I hope he talks to the rest of the government : http://www.digitaltrends.com/computing/nsa-director-actually-says-encryption-backdoors-are-a-bad-idea/?&utm_term=DT%20Newsletter%20-%20Daily%20Subscribers

  • [ ] FireEye buys iSight Partners for $200 Million; they’re a CyberSecurity intelligence firm. So that’s Mandiant, FireEye, and now iSight; seems like a strong lineup

  • [ ] Someone found a critical bug in Yahoo Mail, and got 10K for it

  • [ ] MalwareBytes (antimalware scanner) raises another 50M: https://techcrunch.com/2016/01/21/security-startup-malwarebytes-raises-another-50m-from-fidelity/?ncid=rss

  • [ ] Attacks increasing on oil and gas companies, according to survey

Ideas, updates, and discussion

  • [ ] Fresno calculating your threat score: https://www.reddit.com/r/news/comments/40es9w/the_new_way_police_are_surveilling_you/

  • [ ] Why Apple assembles in China: not just wages — worker skill and scale

  • [ ] Future of AI, PAs, IoT, and Drones

  • [ ] The importance of OPSEC: http://np.reddit.com/r/OutOfTheLoop/comments/4215z7/what_did_geraldo_draw_in_the_sand_that_got_him/cz7k6uv …

  • [ ] I did a short post explaining why oil prices are so low: https://danielmiessler.com/blog/a-simplified-explanation-for-why-oil-prices-are-so-low/ …

  • [ ] Got in a Twitter argument (ugh) about how Shodan was not a baby cam monitor

  • [ ] People return things less when the return policy is wide open: The surprising psychology of shoppers and return policies: “One surprising finding: More leniency on time limits is associated with a reduction — not an increase — in returns.”

Tools, talks, and projects

  • [ ] A New Ontology of Unwanted Web Automation (talk and OWASP Project)

  • [ ] Kali has moved to a rolling release; there are instructions on how to update it on the site

  • [ ] Political Influence Project

  • [ ] Radare2: Reverse Engineering Framework

  • [ ] Backdoorme: Unix backdooring framework with a Metasploit-like interface

  • [ ] SHODAN SCADA EDITION: https://www.shodan.io/explore/category/industrial-control-systems

Announcements

  • [ ] Speaking at AppSec Cali on Tuesday at 3PM

  • [ ] If you like the podcast, please tell your friends about it;

  • [ ] If you have any suggestions or requests, I’d love to get any feedback

  • [ ] Thanks!

Miscellaneous

  • [ ] I did a post on the differences between BSD and System V Unix: https://danielmiessler.com/blog/the-differences-between-bsd-and-system-v-unix/ …

  • [ ] https://n0where.net/best-cybersecurity-tools/

  • [ ] Don’t forget to watch the L2Inc show on YouTube; it’s really strong

  • [ ] Awesome Security Talks Resource: https://github.com/PaulSec/awesome-sec-talks …

  • [ ] El chapo OPSEC: He then switched to a complex system of using BBM (Blackberry’s Instant Messaging) and Proxies. The way it worked was if you needed to contact The Boss, you would send a BBM text to an intermediary (who would spend his days at a public place with Wi-Fi) this intermediary (or “mirror”) would then transcribe the text to an I-Pad and then send that over a Wi-Fi network (not cellular networks which were monitored constantly by law enforcement). This WiFi text was then sent to another cut-out who would finally transcribe the message into a Blackberry BBM text and transmit it to Guzman. Although Guzman continued to use his Blackberry, it was almost impossible to analyze the traffic because it now only communicated with one other device. This “mirror” system is difficult to crack because the intermediaries or proxies, can constantly change their location by moving to new WiFi spots. (from Bruce Schneier’s blog)

[ Subscribe to the Podcast: iTunes | Android ]

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Related posts: