Play Podcast START CONTENT * Twitch, a game streaming service owned by Amazon, was hacked last week * Passwords, emails, usernames, addresses, phone numbers, dates of birth * Amazon bought them last year for almost 1 billion dollars * Bar Mitzvah attack on TLS * Requires that you can sniff traffic * Basically an RC4 problem * Solution is to remove it from your supported algorithms * GitHub Has been hit by a massive DDoS attack * Apparently from China * CSRF vulnerability found in a wind turbine * Allowed you to pull usernames and passwords * Also allowed the password to be changed for the default user, which had admin access * CSRF vulnerability exposes Hilton customer accounts * There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username * Snowden says IT workers now the targets of spies * They’re not going after their information, but to use them for access to networks * Premera hacked on same day as Blue Cross (January 29th) * Same story: encryption, know your network, etc. * Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed * More speculation around these attacks is that they’re data gathering for larger attacks on government networks * Apple Acquires FoundationDB * Fast NoSQL database probably to be used for its increasing entry into the services market * Researchers use heat to breach air-gapped systems * Everyone knows that an airgap is the best defense * Ben-Gurion University came out with BitWhisper * Now bidirectional using malware on both systems that controlled heat creation and detection * Only 8-bits per hour * BioCatch, Zumigo, Alibaba release tools to identify users * I used to work with a technology called BioPass * Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points * Really cool tech, needs to be used with the right authentication level * Korea investing 5B in IoT and Smart Cars * Bring Your Own IoT * Recording audio and video are getting increasingly easy * Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas * Some people will say that we already have this risk, but they key is the ease with which it can be done END CONTENT Play Podcast Notes * I skipped a week due to travel in Asia.
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
Play Podcast START CONTENT * Twitch, a game streaming service owned by Amazon, was hacked last week * Passwords, emails, usernames, addresses, phone numbers, dates of birth * Amazon bought them last year for almost 1 billion dollars * Bar Mitzvah attack on TLS * Requires that you can sniff traffic * Basically an RC4 problem * Solution is to remove it from your supported algorithms * GitHub Has been hit by a massive DDoS attack * Apparently from China * CSRF vulnerability found in a wind turbine * Allowed you to pull usernames and passwords * Also allowed the password to be changed for the default user, which had admin access * CSRF vulnerability exposes Hilton customer accounts * There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username * Snowden says IT workers now the targets of spies * They’re not going after their information, but to use them for access to networks * Premera hacked on same day as Blue Cross (January 29th) * Same story: encryption, know your network, etc. * Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed * More speculation around these attacks is that they’re data gathering for larger attacks on government networks * Apple Acquires FoundationDB * Fast NoSQL database probably to be used for its increasing entry into the services market * Researchers use heat to breach air-gapped systems * Everyone knows that an airgap is the best defense * Ben-Gurion University came out with BitWhisper * Now bidirectional using malware on both systems that controlled heat creation and detection * Only 8-bits per hour * BioCatch, Zumigo, Alibaba release tools to identify users * I used to work with a technology called BioPass * Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points * Really cool tech, needs to be used with the right authentication level * Korea investing 5B in IoT and Smart Cars * Bring Your Own IoT * Recording audio and video are getting increasingly easy * Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas * Some people will say that we already have this risk, but they key is the ease with which it can be done END CONTENT Play Podcast Notes * I skipped a week due to travel in Asia.
Become a Member: https://danielmiessler.com/upgrade
See omnystudio.com/listener for privacy information.
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
Dansk
Danmark