Unsupervised Learning: Episode 42

August 31, 2016

[ Subscribe to the Podcast: iTunes | Android]

InfoSec news and articles

  • Dropbox hacked

    • 68 million accounts

    • Back in 2012

  • Malware infected all Eddie Bauer stores in U.S. and Canada

    • All 350 stores in North America

  • Wicked iPhone vulnerability called Trident (3 0days)

    • All you need to do is follow a link, and you’re jailbroken and compromised

    • Spyware put out by NSO group out of Israel

    • Allows them to intercept calls, texts, etc.

    • Could have been in the wild since iOS7

    • The crazy thing is that this is just what we know about?

    • Patch immediately if you haven’t

  • Locky ransomware targets hospitals in wave of attacks

  • St. Jude Hack

    • Pacemaker issues including crashing the device and draining the battery

    • MuddyWaters does the marketing and shorts the stock

    • MedCon is the hacker group that finds the vulns and shares the profits

  • WiKey technology can detect keystrokes

    • Multiple antennas

    • 97% accurate in lab, with real-world more like 77%

  • Cisco patches 0day flaw exposed by Equation Group

  • CrowdStrike integrates ML-based engine into VirusTotal

  • France and Germany calling for European Decryption Law

  • Multiple vulnerabilities found by IOActive in BHU routers

    • Accepts any session ID

    • SSH resets to known root password on reboot

  • Possible to use DNSSEC for DDOS attacks

  • Top 5 ways to compromise networks (Praetorian)

    • weak domain user passwords

    • name resolution attacks like (WPAD)

    • local admin attacks (pass the hash)

    • cleartext passwords in memory (mimikatz)

    • insufficient network segmentation

  • Pokemon institute shows some grim insider threat stats

    • 62% of users report having access to data they shouldn’t

    • 43% of businesses need more than a month to detect people accessing stuff they’re not supposed to

    • SANS says only 9% are happy with their insider threat controls

    • Mimecast says 45% of executives say malicious insiders is the email risks they’re least ready for

  • The Grugq says the Equation Group insider threat option is lame

Technology news and articles

  • Alphabet launching ridesbaring service

  • Tesla teasing product announcement (solar roof)

  • Instapaper joins Pinterest

  • Pokémon on major decline

  • Volkswagen’s 2019 electric car supposed to get 300 miles on a 15-minute charge

  • JIRA now allowing you to convert tickets into job postings on Upwork’s marketplace

  • Dice is a ticketmaster competitor

  • Amazon piloting teams with 30 hour workweeks

  • Philips Hue motion sensors for the house

    • Dirty network for dirty devices

  • Zuckerberg demoing his own personal Jarvis for the house

Apple news and articles

  • No home button in 2017 iPhone

  • Microphones a big problem for tech like Siri, Alexa, Google Now

    • This is a major obstacle to seamless AI

  • Apple buys Glimpse for heath record transfer

    • Apple Pay for health information?

  • Apple may be building micro-LED technology for 2017 and beyond

Miscellaneous news and articles

  • Polyworld: Using Evolution to Design Artificial Intelligence

Exploring ideas

  • Security Matrices: Linking Attack Surfaces, Threats, and Vulnerabilities

    • Examples include IoT and Gaming

  • Unbranded Future Vision

  • Unsubscribe Risk

  • The relationship between XSS and CSRF

InfoSec tools

  • Dawnscanner: Ruby Auditing Tool

  • Yauso: Web App Assessment Tool

  • Needle: Open Source Framework for Testing iOS apps

  • PSHTT: HTTPS Best Practices Scanner

InfoSec projects

  • APTNotes: https://github.com/aptnotes/data

Tech projects

  • Hipku: http://hipku.gabrielmartin.net/#55-152-139-25

InfoSec papers

    InfoSec reports

    • Ponemon AppSec Report Analysis: https://danielmiessler.com/blog/security-report-analysis-ponemon-f5-application-security-report/

    InfoSec talks

    • Blackhat 2016 Videos: https://www.youtube.com/user/BlackHatOfficialYT

    InfoSec initiatives

      Announcements

      • I’ve learned the difference between copy editing and proofreading. Proofreading is fixing what you’ve written in terms of basic mistakes. Copy Editing is fixing deeper issues like structure, readability, etc.

      Summary and recommendations

        Recommended content

        • Total Cost of Asshole: http://www.slideshare.net/dberkholz/assholes-are-killing-your-project

        • For targets of assholes:

          • 48 percent decreased their effort

          • 47% worked less

          • 38% dropped their quality

          • 66% declined in performance

          • 80% lost time worrying

          • 63% lost time avoiding

          • 78% became less committed

          • 25% quit, and 20% of witnesses quit as well

        Inspiration

        • There’s nothing so useless as doing efficiently that which should not be done at all. ~ Peter Druker

        • Schrodinger’s Backup: The condition of any backup is unknown until a restore is attempted.

        Fin

        • Ok, that’s it for this episode

        • Thank you for listening

        • If you like the show, please recommend it to your friends and share it, blog about it, share it on social media, and leave a review on iTunes

        • See you next time

        Show notes

        • https://www.youtube.com/watch?v=_m97_kL4ox0

        • https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/

        Notes

        1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

        No related posts.