Take 1 Security Podcast: Episode 10


Play Podcast

  • There was another SQL Injection bug found in SEO by Yoast

    • It required admins to click a malicious link

    • Was patched quickly

    • It’s the plugins that make WordPress vulnerable

  • Attackers are targeting gamers for ransomware

    • Virlock is one version of ransomware that not only locks the screen, but infects files

    • It’s also polymorphic, so it changes itself every time it runs

    • TeslaCrypt goes after gamers, which seems super smart because they are often addicted

  • The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition

    • I get asked a lot about what to do about this kind of stuff

    • Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them

    • Assume the worst, even though it’s probably not that bad

  • US industrial systems attacked 245 times between October 2013 and September 2014

    • Most attacks were against Critical Manufacturing and Energy

    • Biggest vectors were spear phishing and port scanning

  • CloudFlare aims to defeat DDoS with Virtual DNS

    • They want to proxy DNS before it hits customer name server

  • The CIA supposedly tried to hack Apple hardware

    • The article has come under extreme scrutiny

  • Going to be on the Security Weekly podcast with Pau

  • Hillary Clinton’s email account dram

  • OpenSSL is getting an audit

    • Bout time

  • Wikimedia is suing the NSA over surveillance

  • Spoofing the boss is the best way to phish someone, evidently

  • Had a great time at CactusCon in Phoenix

    • Did a talk with Jason and saw Dave’s keynote

    • Dave’s keynote was about struggling with the basics, not APT

    • He asked when a major breach was NOT a dumb mistake

  • Someone’s looking to make a Snowden Phone

  • Looks like I’ll be on the Security Weekly podcast with Paul

    • Going to talk about IoT security and my our OWASP project


Play Podcast


  1. Comments welcome on content and format, as usual.

Related posts: