Get the podcast on Apple Podcasts
×

DanielMiessler

Take 1 Security Podcast: Episode 11

By Daniel Miessler in Information Security
Created/Updated: December 17, 2019

take-1-itunes

Play Podcast

START CONTENT

  • Twitch, a game streaming service owned by Amazon, was hacked last week
    • Passwords, emails, usernames, addresses, phone numbers, dates of birth
    • Amazon bought them last year for almost 1 billion dollars
  • Bar Mitzvah attack on TLS
    • Requires that you can sniff traffic
    • Basically an RC4 problem
    • Solution is to remove it from your supported algorithms
  • GitHub Has been hit by a massive DDoS attack
    • Apparently from China
  • CSRF vulnerability found in a wind turbine
    • Allowed you to pull usernames and passwords
    • Also allowed the password to be changed for the default user, which had admin access
  • CSRF vulnerability exposes Hilton customer accounts
    • There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username
  • Snowden says IT workers now the targets of spies
    • They’re not going after their information, but to use them for access to networks
  • Premera hacked on same day as Blue Cross (January 29th)
    • Same story: encryption, know your network, etc.
    • Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed
    • More speculation around these attacks is that they’re data gathering for larger attacks on government networks
  • Apple Acquires FoundationDB
    • Fast NoSQL database probably to be used for its increasing entry into the services market
  • Researchers use heat to breach air-gapped systems
    • Everyone knows that an airgap is the best defense
    • Ben-Gurion University came out with BitWhisper
    • Now bidirectional using malware on both systems that controlled heat creation and detection
    • Only 8-bits per hour
  • BioCatch, Zumigo, Alibaba release tools to identify users
    • I used to work with a technology called BioPass
    • Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points
    • Really cool tech, needs to be used with the right authentication level
  • Korea investing 5B in IoT and Smart Cars
  • Bring Your Own IoT
    • Recording audio and video are getting increasingly easy
    • Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas
    • Some people will say that we already have this risk, but they key is the ease with which it can be done

END CONTENT

Play Podcast

Notes

  1. I skipped a week due to travel in Asia.
I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next.
Every Monday I send out a list of the best content I've found in the last week to around 50,000 people.
It'll save you tons of time.

Choose a subscription

6 Months Free
Weekly Newsletter
Slack Community Access
Book Club Access
Newsletter Archives
Essays, Tutorials, Podcasts
Bi-weekly newsletter
Subscribe


DanielMiessler
© Daniel Miessler 1999-2021

X
Curation and Analysis as a Service
I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next.

Every Monday I send out a list of the best content I've found in the last week to around 50,000 people.
It'll save you tons of time.