Get the podcast on Apple Podcasts
Ă—

DanielMiessler

search
Login Become a Member Subscribe

Take 1 Security Podcast: Episode 11


Created/Updated: December 17, 2019

take-1-itunes

Play Podcast

START CONTENT

  • Twitch, a game streaming service owned by Amazon, was hacked last week
    • Passwords, emails, usernames, addresses, phone numbers, dates of birth
    • Amazon bought them last year for almost 1 billion dollars
  • Bar Mitzvah attack on TLS
    • Requires that you can sniff traffic
    • Basically an RC4 problem
    • Solution is to remove it from your supported algorithms
  • GitHub Has been hit by a massive DDoS attack
    • Apparently from China
  • CSRF vulnerability found in a wind turbine
    • Allowed you to pull usernames and passwords
    • Also allowed the password to be changed for the default user, which had admin access
  • CSRF vulnerability exposes Hilton customer accounts
    • There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username
  • Snowden says IT workers now the targets of spies
    • They’re not going after their information, but to use them for access to networks
  • Premera hacked on same day as Blue Cross (January 29th)
    • Same story: encryption, know your network, etc.
    • Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed
    • More speculation around these attacks is that they’re data gathering for larger attacks on government networks
  • Apple Acquires FoundationDB
    • Fast NoSQL database probably to be used for its increasing entry into the services market
  • Researchers use heat to breach air-gapped systems
    • Everyone knows that an airgap is the best defense
    • Ben-Gurion University came out with BitWhisper
    • Now bidirectional using malware on both systems that controlled heat creation and detection
    • Only 8-bits per hour
  • BioCatch, Zumigo, Alibaba release tools to identify users
    • I used to work with a technology called BioPass
    • Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points
    • Really cool tech, needs to be used with the right authentication level
  • Korea investing 5B in IoT and Smart Cars
  • Bring Your Own IoT
    • Recording audio and video are getting increasingly easy
    • Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas
    • Some people will say that we already have this risk, but they key is the ease with which it can be done

END CONTENT

Play Podcast

Notes

  1. I skipped a week due to travel in Asia.

Written By Daniel Miessler in Information Security

Daniel Miessler is a cybersecurity leader, writer, and founder of Unsupervised Learning. He writes about security, tech, and society and has been featured in the New York Times, WSJ, and the BBC.


Join the Unsupervised Learning Community
The premier networking community for smart and curious people interested in security, technology, and society.

I read 20+ hours a week about security, tech, and society to find the patterns that help you stay ahead. Add your best email to get the update every Monday morning……
Access to the UL Slack Community
Exclusive Member-Only Content
Access to the UL Book Club
Ad-free Newsletters
Full Podcast Feed Access
Show Archive Access
Book Summaries with Analysis
Public Essays, tutorials, and analysis
Public newsletters
Subscribe

DanielMiessler
© Daniel Miessler 1999-2022


Finding the Patterns in the Noise
I read 20+ hours a week about security, tech, and society to find the patterns that help you stay ahead. Add your best email to get the update every Monday morning…