T1SP: Episode 27

February 2, 2016

[ Subscribe to the Podcast: iTunes | Android ]


  • [ ] Heavy surveillance around the Super Bowl

  • [ ] A new BlackEnergy spear phishing campaign is targeting more Ukrainian companies

  • [ ] Magneto, the popular e-commerce CMS, releases fixes to critical XSS issues

  • [ ] Someone has posted private files of America’s biggest police union

  • [ ] VirusTotal now supporting firmware scanning

  • [ ] Israeli generals targeted by Iranian cyber attack

  • [ ] NSA faces probe over Juniper backdoor

  • [ ] HSBC online banking attacked

  • [ ] Oracle killing the Java Browser Plugin

  • [ ] The CPanel system is being attacked; change your password

  • [ ] Firefox update fixes 44 critical issues

  • [ ] NSA collecting millions of faces from web images: https://www.reddit.com/r/news/comments/42nxyn/nsa_collecting_millions_of_faces_from_web_images/

  • [ ] CIA planned rendition operation to kidnap Edward Snowden

  • [ ] Georgia is evidently trying to introduce legislation to outlaw drones

  • [ ] Norse in major trouble: http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-imploding/

  • [ ] Obama pledges 4 Billion to Computer Science in US schools

  • [ ] NSA Chief Hacker explains how to avoid being hacked: http://techlog360.com/2016/01/nsa-chief-hacker-explains-how-to-avoid-nsa-spying/

  • [ ] Skype now hides your IP address from others

  • [ ] There was a big OpenSSL bug last week; update your boxes

  • [ ] Wells Fargo and Bank of America adding ApplePay support to ATMs

  • [ ] Tesla Model III supposedly coming out in 2017. 35K. 320KM per charge. Problem is they list the Model S as 60K, when it’s actually over 100K. So we’ll see where the price actually ends up

  • [ ] MIT dean to leave and start a new university: http://tech.mit.edu/V135/N38/ortiz.html | project-based learning, no majors, no lectures, no classrooms, no distinction between undergrad and grad

  • [ ] Intelligent people are genetically predisposed to be healthier

  • [ ] Cedexis raises another 22M in series B

Ideas, updates, and discussion

  • [ ] Why you should treat C-Players like A-Players

  • [ ] So it looks like Obama actually is coming for the guns. It also looks like Clinton is the biggest sellout to wall street imaginable. This has definitely given me pause regarding the benign nature of the Democratic party. Bernie help us.

  • [ ] Being a .1X Engineer: Let’s not build that feature, let’s not add that functionality, let’s not build that product yet, let’s not deploy that development tool, let’s not adopt this new technology, let’s not keep maintaining this functionality, let’s not automate this | it’s not about not doing these things; it’s about not having to | http://benjiweber.co.uk/blog/2016/01/25/why-i-strive-to-be-a-0-1x-engineer/

  • [ ] Al Quaeda vs. ISIS tactics: https://medium.com/@thegrugq/generation-jihadi-2-0-56de3bae5de#.a3d8leynx …

  • [ ] Red Teams are there to help blue teams: Going Purple : From full time breaker to part time fixer: 1 year later (my interpretation) If you aren’t improving defense and incident response, you’re not helping

Tools, talks, and projects

  • [ ] Some guy set up a Raspberry Pi to tweet out when his Comcast bandwidth fell below a certain threshold. These are fine Americans.

  • [ ] Had fun playing a few minutes of CTF with Jason, and we’re going to make our own

  • [ ] CLMystery: A command-line murder mystery | https://github.com/veltman/clmystery

  • [ ] RubyFu: http://rubyfu.net 

  • [ ] Using Slack to run a familyAnnouncements

  • [ ] Spoke at AppSec Cali 2016. Talk went well. I failed to hype it correctly and get people excited about the fact that I was releasing a free service, according to my buddy who was there. I also got tons of great feedback on additional features that people want. The next run (likely at Blackhat Arsenal) will have these improvements. Slides are here: http://www.slideshare.net/danielmiessler/adaptive-testing-methodology-atm

  • [ ] Added the SplashData 2016 password list to SecLists


  • [ ] Getting started with HomeKit: http://www.macrumors.com/guide/homekit-101-getting-started-beginners/

  • [ ] Google’s free deep learning course

  • [ ] Occasionally pick conference talks based on the speaker rather than the title of the talk

  • [ ] alias fucking="sudo"

  • [ ] alias isaid="sudo"

  • [ ] From @thegrugq: Give a man an 0day and he’ll have access for a day, teach a man to phish and he’ll have access for life.

  • [ ] Thanks for listening, and if you enjoy the podcast, please tell your friends about it. See you next time.

[ Subscribe to the Podcast: iTunes | Android]


  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.