- Unsupervised Learning
- Posts
- Take 1 Security Podcast: Episode 10
Take 1 Security Podcast: Episode 10
Play Podcast
START CONTENT
There was another SQL Injection bug found in SEO by Yoast
It required admins to click a malicious link
Was patched quickly
It’s the plugins that make WordPress vulnerable
Attackers are targeting gamers for ransomware
Virlock is one version of ransomware that not only locks the screen, but infects files
It’s also polymorphic, so it changes itself every time it runs
TeslaCrypt goes after gamers, which seems super smart because they are often addicted
The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition
I get asked a lot about what to do about this kind of stuff
Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them
Assume the worst, even though it’s probably not that bad
US industrial systems attacked 245 times between October 2013 and September 2014
Most attacks were against Critical Manufacturing and Energy
Biggest vectors were spear phishing and port scanning
CloudFlare aims to defeat DDoS with Virtual DNS
They want to proxy DNS before it hits customer name server
The CIA supposedly tried to hack Apple hardware
The article has come under extreme scrutiny
Going to be on the Security Weekly podcast with Pau
Hillary Clinton’s email account dram
OpenSSL is getting an audit
Bout time
Wikimedia is suing the NSA over surveillance
Spoofing the boss is the best way to phish someone, evidently
Had a great time at CactusCon in Phoenix
Did a talk with Jason and saw Dave’s keynote
Dave’s keynote was about struggling with the basics, not APT
He asked when a major breach was NOT a dumb mistake
Someone’s looking to make a Snowden Phone
Looks like I’ll be on the Security Weekly podcast with Paul
Going to talk about IoT security and my our OWASP project
END CONTENT
Play Podcast
Notes
Comments welcome on content and format, as usual.