Exploring the intersection of security, technology, and society—and what might be coming next...

[ Subscribe to the Podcast: iTunes | Android ]

InfoSec news

• Feds paid over 1M to get into San Bernardino iPhone
• Continued fallout from Panama papers
• 3.2 million servers vulnerable to JBoss attack which is being used in SamSam ransomware attacks
• MIT launches internal bug bounty platform | https://threatpost.com/mit-launches-experimental-bug-bounty-program/117618/
• NSA recommends out-of-band taps for logging | http://www.securityweek.com/out-band-taps-are-nsa-nightmare | doesn’t realize that people good enough to do this are often good enough to do other things as well?
• New MIT static analysis scanner finds web flaws in like a minute? | https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/117482/
• 9/11 commissioner urging release of report’s 28 secret pages; I’m guessing they’re about Saudi Arabia
• Congress tells US spy chief to reveal how many Americans were caught by PRISM
• China continuing to stop using western IT services in wake of Snowden fallout
• SecureWorks has an IPO
• Bug hunter hacks Facebook and finds evidence of someone already there | http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/
• Personal data of 93 million Mexicans exposed on AWS | http://www.databreaches.net/personal-info-of-93-4-million-mexicans-exposed-on-amazon/

InfoSec articles

• Building a home lab for becoming a malware hunter | Building a Home Lab to Become a Malware Hunter – A Beginner’s Guide
• Forrester malware analysis report analysis | https://danielmiessler.com/blog/security-report-analysis-forrester-automated-malware-analysis-q2-2016/
• ISIS Encryption | https://medium.com/@thegrugq/just-the-facts-isis-encryption-c70f258c0f7#.4bkee3x9h

Technology news and articles

• Microsoft is killing off Xbox 360 production after 10 years
• 24 cool facts about IoT | http://blog.calysto.com/iot/24-cool-iot-facts-to-celebrate-internet-of-things-day
• For a device to be labeled as IoT, according to The Internet of Things Global Standards (IoT-GSI) it must have seven design features: sensors, internet connectivity, processors, energy efficiency, cost effectiveness, quality and reliability, and security.
• According to CB Insights, the top two most active investors in the IoT space are corporate: Intel Capital and Qualcomm Ventures.
• Programmable Blockchains in Context | https://medium.com/@ConsenSys/programmable-blockchains-in-context-ethereum-s-future-cd8451eb421e#.dx0m66ic1
• Site that tells you when to buy and when not to buy Apple stuff | http://buyersguide.macrumors.com/#Mac
• Netflix has twice the subscribers of Comcast
• Bitcasa pulls out of consumer cloud storage | Bitcasa pulls out of consumer cloud storage

In other news

• US suicide rate jumps 24% from 1999 to 2014 | http://www.nytimes.com/2016/04/22/health/us-suicide-rate-surges-to-a-30-year-high.html?_r=0
• Injection of a protein into mice cures Alzheimers in one week
• Young people paying for college by being escorts and more | http://www.independent.co.uk/life-style/love-sex/student-sex-work-and-the-rise-of-sugar-babies-10394672.html

Exploring ideas

• Ethereum as a Public Interaction Platform | https://danielmiessler.com/blog/ethereum-as-a-validated-interaction-platform/
• Threat hunting is the new big trend in enterprise security
• Real vs. Fake Work | http://bengarvey.com/2016/04/24/real-work/

InfoSec Tools

• EyeWitness — Take screenshots of websites | https://github.com/ChrisTruncer/EyeWitness
• Data bricks — Complete solution for data scientists and engineers | https://databricks.com
• Machinae — Security Intelligence Collector | https://github.com/HurricaneLabs/machinae
• Inveigh — PowerShell MiTM tool | https://github.com/Kevin-Robertson/Inveigh
• Bettercap — MiTM framework | https://danielmiessler.com/study/bettercap/
• Responder — Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication | https://github.com/SpiderLabs/Responder
• Carbonator — automated Burp scope, spider, and scan from the command line | https://github.com/davevs/carbonator
• ALTDNS — Finding permutations of subdomains | https://github.com/infosec-au/altdns
• Gladius — Automated credentials from Responder | https://n0where.net/from-responder-to-credentials-gladius/

Projects

• PASTA threat modeling | https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf
• SecurityTools project to list all tools under each category? | https://github.com/danielmiessler/SecurityTools

Talks and papers

• TROOPERS CON — Attacking and Protecting Big Data Environments | http://www.securitytube.net/video/15800?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityTube+%28SecurityTube.Net%29

– TROOPERSCON – RAPID RADIO REVERSING | http://www.securitytube.net/video/15798?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityTube+%28SecurityTube.Net%29

Initiatives

• NRC CIP (North American Electric Reliability Corporation: Critical Infrastructure Protection) | http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx

Essays

• Announcements

• Presenting at BlackHat Arsenal in Vegas this year

• Speaking at SOURCE Boston on the KARMA risk rating methodology
• Writing a book!

Art and Inspiration

• If you’re not reading, you’re dying

Summary and Recommendations

• Don’t forget to read
• Mix in some fiction with your non-fiction

Fin

• Thank you for listening, see you next time
• And if you like the show, please recommend it to your friends and share it, blog about it, and share it on social media
• Thanks!

[ Subscribe to the Podcast: iTunes | Android ]

Notes

1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
2. Please let me know what you think of the new show concept.