40 min listen
Unavailable
Currently unavailable
DtSR Episode 175 - NewsCast for January 5th 2016
Currently unavailable
DtSR Episode 175 - NewsCast for January 5th 2016
ratings:
Length:
53 minutes
Released:
Jan 5, 2016
Format:
Podcast episode
Description
In this episode...
Juniper has a backdoor problem
2 separate issues, auth bypass & VPN weakness
backdoor discovered in Juniper devices
lots of speculation on who put it there, but it was meant to be disguised as ‘debug code’
enterprise implications - same as before (what's the bigger picture?)
https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/
Iranians broke into New York dam in 2013 and “had a look around”
no direct damage done
US has largest number of ICS connected to Internet
critical infrastructure is vulnerable, being probed
this is not a ‘government problem’ - every company has some ICS on their network
http://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/
Facebook announced it’s dumping Adobe Flash
is this a bigger deal than it sounds like
HTML5 has its own vulnerabilities and issues though… right?
*only* for videos, games still in Flash
Facebook will work with Adobe (really?) to improve security of Flash
http://www.scmagazine.com/facebook-ditches-flash-videos-to-boost-security/article/461040/
191 Million US voter records found ‘unprotected’ by a researcher
guy from Texas found the data on an unprotected database
“Vickery told Databreaches.net he was able to poke around the public-internet-facing database because it is poorly configured: no authentication or password is required to query all 300-plus gigabytes stored within.” ← What the hell?
legailty and ethics … again … but that aside is this REALLY an issue?
same person who discovered Hello Kitty leak.. interesting.
http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html
http://www.theregister.co.uk/2015/12/28/security_researcher_spots_191_millionrecord_us_voter_database_online/
PayPal rolls out the welcome mat for hackers
even if you have an OTP key fob, attackers can get into your account
apparently they use static identifier info, cannot be changed
this should probably trouble you
http://boingboing.net/2016/01/03/paypal-rolls-out-the-welcome-m.html
PCI Council extends encryption deadline
good thing, bad thing, or something else?
http://www.bankinfosecurity.com/interviews/pci-council-extends-encryption-deadline-i-3019
Juniper has a backdoor problem
2 separate issues, auth bypass & VPN weakness
backdoor discovered in Juniper devices
lots of speculation on who put it there, but it was meant to be disguised as ‘debug code’
enterprise implications - same as before (what's the bigger picture?)
https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/
Iranians broke into New York dam in 2013 and “had a look around”
no direct damage done
US has largest number of ICS connected to Internet
critical infrastructure is vulnerable, being probed
this is not a ‘government problem’ - every company has some ICS on their network
http://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/
Facebook announced it’s dumping Adobe Flash
is this a bigger deal than it sounds like
HTML5 has its own vulnerabilities and issues though… right?
*only* for videos, games still in Flash
Facebook will work with Adobe (really?) to improve security of Flash
http://www.scmagazine.com/facebook-ditches-flash-videos-to-boost-security/article/461040/
191 Million US voter records found ‘unprotected’ by a researcher
guy from Texas found the data on an unprotected database
“Vickery told Databreaches.net he was able to poke around the public-internet-facing database because it is poorly configured: no authentication or password is required to query all 300-plus gigabytes stored within.” ← What the hell?
legailty and ethics … again … but that aside is this REALLY an issue?
same person who discovered Hello Kitty leak.. interesting.
http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html
http://www.theregister.co.uk/2015/12/28/security_researcher_spots_191_millionrecord_us_voter_database_online/
PayPal rolls out the welcome mat for hackers
even if you have an OTP key fob, attackers can get into your account
apparently they use static identifier info, cannot be changed
this should probably trouble you
http://boingboing.net/2016/01/03/paypal-rolls-out-the-welcome-m.html
PCI Council extends encryption deadline
good thing, bad thing, or something else?
http://www.bankinfosecurity.com/interviews/pci-council-extends-encryption-deadline-i-3019
Released:
Jan 5, 2016
Format:
Podcast episode
Titles in the series (100)
DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2: Guest: Gabriel Bassett by Backpacking Light Magazine Podcasts