Artwork

Content provided by Daniel Miessler : infosec | technology | humans. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daniel Miessler : infosec | technology | humans or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Unsupervised Learning: Episode 42

 
Share
 

Archived series ("HTTP Redirect" status)

Replaced by: danielmiessler.com

When? This feed was archived on December 02, 2016 14:24 (8y ago). Last successful fetch was on November 16, 2016 14:19 (8y ago)

Why? HTTP Redirect status. The feed permanently redirected to another series.

What now? If you were subscribed to this series when it was replaced, you will now be subscribed to the replacement series. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 165966813 series 1313226
Content provided by Daniel Miessler : infosec | technology | humans. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daniel Miessler : infosec | technology | humans or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

[ Subscribe to the Podcast: iTunes | Android | RSS ]

InfoSec news and articles

  • Dropbox hacked
    • 68 million accounts
    • Back in 2012
  • Malware infected all Eddie Bauer stores in U.S. and Canada
    • All 350 stores in North America
  • Wicked iPhone vulnerability called Trident (3 0days)
    • All you need to do is follow a link, and you’re jailbroken and compromised
    • Spyware put out by NSO group out of Israel
    • Allows them to intercept calls, texts, etc.
    • Could have been in the wild since iOS7
    • The crazy thing is that this is just what we know about?
    • Patch immediately if you haven’t
  • Locky ransomware targets hospitals in wave of attacks
  • St. Jude Hack
    • Pacemaker issues including crashing the device and draining the battery
    • MuddyWaters does the marketing and shorts the stock
    • MedCon is the hacker group that finds the vulns and shares the profits
  • WiKey technology can detect keystrokes
    • Multiple antennas
    • 97% accurate in lab, with real-world more like 77%
  • Cisco patches 0day flaw exposed by Equation Group
  • CrowdStrike integrates ML-based engine into VirusTotal
  • France and Germany calling for European Decryption Law
  • Multiple vulnerabilities found by IOActive in BHU routers
    • Accepts any session ID
    • SSH resets to known root password on reboot
  • Possible to use DNSSEC for DDOS attacks
  • Top 5 ways to compromise networks (Praetorian)
    • weak domain user passwords
    • name resolution attacks like (WPAD)
    • local admin attacks (pass the hash)
    • cleartext passwords in memory (mimikatz)
    • insufficient network segmentation
  • Pokemon institute shows some grim insider threat stats
    • 62% of users report having access to data they shouldn’t
    • 43% of businesses need more than a month to detect people accessing stuff they’re not supposed to
    • SANS says only 9% are happy with their insider threat controls
    • Mimecast says 45% of executives say malicious insiders is the email risks they’re least ready for
  • The Grugq says the Equation Group insider threat option is lame

Technology news and articles

  • Alphabet launching ridesbaring service
  • Tesla teasing product announcement (solar roof)
  • Instapaper joins Pinterest
  • Pokémon on major decline
  • Volkswagen’s 2019 electric car supposed to get 300 miles on a 15-minute charge
  • JIRA now allowing you to convert tickets into job postings on Upwork’s marketplace
  • Dice is a ticketmaster competitor
  • Amazon piloting teams with 30 hour workweeks
  • Philips Hue motion sensors for the house
    • Dirty network for dirty devices
  • Zuckerberg demoing his own personal Jarvis for the house

Apple news and articles

  • No home button in 2017 iPhone
  • Microphones a big problem for tech like Siri, Alexa, Google Now
    • This is a major obstacle to seamless AI
  • Apple buys Glimpse for heath record transfer
    • Apple Pay for health information?
  • Apple may be building micro-LED technology for 2017 and beyond

Miscellaneous news and articles

  • Polyworld: Using Evolution to Design Artificial Intelligence

Exploring ideas

  • Security Matrices: Linking Attack Surfaces, Threats, and Vulnerabilities
    • Examples include IoT and Gaming
  • Unbranded Future Vision
  • Unsubscribe Risk
  • The relationship between XSS and CSRF

InfoSec tools

  • Dawnscanner: Ruby Auditing Tool
  • Yauso: Web App Assessment Tool
  • Needle: Open Source Framework for Testing iOS apps
  • PSHTT: HTTPS Best Practices Scanner

InfoSec projects

Tech projects

InfoSec papers

InfoSec reports

InfoSec talks

InfoSec initiatives

Announcements

  • I’ve learned the difference between copy editing and proofreading. Proofreading is fixing what you’ve written in terms of basic mistakes. Copy Editing is fixing deeper issues like structure, readability, etc.

Summary and recommendations

Recommended content

Inspiration

  • There’s nothing so useless as doing efficiently that which should not be done at all. ~ Peter Druker
  • Schrodinger’s Backup: The condition of any backup is unknown until a restore is attempted.

Fin

  • Ok, that’s it for this episode
  • Thank you for listening
  • If you like the show, please recommend it to your friends and share it, blog about it, share it on social media, and leave a review on iTunes
  • See you next time

Show notes

  • https://www.youtube.com/watch?v=_m97_kL4ox0
  • https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

--

:: Unsupervised Learning: Episode 42 appeared originally on danielmiessler.com.
:: Subscribe to Unsupervised Learning---my weekly show where I select my favorite news and ideas in infosec, technology, and humanity, and talk about why they matter.

  continue reading

One episode

Artwork
iconShare
 

Archived series ("HTTP Redirect" status)

Replaced by: danielmiessler.com

When? This feed was archived on December 02, 2016 14:24 (8y ago). Last successful fetch was on November 16, 2016 14:19 (8y ago)

Why? HTTP Redirect status. The feed permanently redirected to another series.

What now? If you were subscribed to this series when it was replaced, you will now be subscribed to the replacement series. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 165966813 series 1313226
Content provided by Daniel Miessler : infosec | technology | humans. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daniel Miessler : infosec | technology | humans or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

[ Subscribe to the Podcast: iTunes | Android | RSS ]

InfoSec news and articles

  • Dropbox hacked
    • 68 million accounts
    • Back in 2012
  • Malware infected all Eddie Bauer stores in U.S. and Canada
    • All 350 stores in North America
  • Wicked iPhone vulnerability called Trident (3 0days)
    • All you need to do is follow a link, and you’re jailbroken and compromised
    • Spyware put out by NSO group out of Israel
    • Allows them to intercept calls, texts, etc.
    • Could have been in the wild since iOS7
    • The crazy thing is that this is just what we know about?
    • Patch immediately if you haven’t
  • Locky ransomware targets hospitals in wave of attacks
  • St. Jude Hack
    • Pacemaker issues including crashing the device and draining the battery
    • MuddyWaters does the marketing and shorts the stock
    • MedCon is the hacker group that finds the vulns and shares the profits
  • WiKey technology can detect keystrokes
    • Multiple antennas
    • 97% accurate in lab, with real-world more like 77%
  • Cisco patches 0day flaw exposed by Equation Group
  • CrowdStrike integrates ML-based engine into VirusTotal
  • France and Germany calling for European Decryption Law
  • Multiple vulnerabilities found by IOActive in BHU routers
    • Accepts any session ID
    • SSH resets to known root password on reboot
  • Possible to use DNSSEC for DDOS attacks
  • Top 5 ways to compromise networks (Praetorian)
    • weak domain user passwords
    • name resolution attacks like (WPAD)
    • local admin attacks (pass the hash)
    • cleartext passwords in memory (mimikatz)
    • insufficient network segmentation
  • Pokemon institute shows some grim insider threat stats
    • 62% of users report having access to data they shouldn’t
    • 43% of businesses need more than a month to detect people accessing stuff they’re not supposed to
    • SANS says only 9% are happy with their insider threat controls
    • Mimecast says 45% of executives say malicious insiders is the email risks they’re least ready for
  • The Grugq says the Equation Group insider threat option is lame

Technology news and articles

  • Alphabet launching ridesbaring service
  • Tesla teasing product announcement (solar roof)
  • Instapaper joins Pinterest
  • Pokémon on major decline
  • Volkswagen’s 2019 electric car supposed to get 300 miles on a 15-minute charge
  • JIRA now allowing you to convert tickets into job postings on Upwork’s marketplace
  • Dice is a ticketmaster competitor
  • Amazon piloting teams with 30 hour workweeks
  • Philips Hue motion sensors for the house
    • Dirty network for dirty devices
  • Zuckerberg demoing his own personal Jarvis for the house

Apple news and articles

  • No home button in 2017 iPhone
  • Microphones a big problem for tech like Siri, Alexa, Google Now
    • This is a major obstacle to seamless AI
  • Apple buys Glimpse for heath record transfer
    • Apple Pay for health information?
  • Apple may be building micro-LED technology for 2017 and beyond

Miscellaneous news and articles

  • Polyworld: Using Evolution to Design Artificial Intelligence

Exploring ideas

  • Security Matrices: Linking Attack Surfaces, Threats, and Vulnerabilities
    • Examples include IoT and Gaming
  • Unbranded Future Vision
  • Unsubscribe Risk
  • The relationship between XSS and CSRF

InfoSec tools

  • Dawnscanner: Ruby Auditing Tool
  • Yauso: Web App Assessment Tool
  • Needle: Open Source Framework for Testing iOS apps
  • PSHTT: HTTPS Best Practices Scanner

InfoSec projects

Tech projects

InfoSec papers

InfoSec reports

InfoSec talks

InfoSec initiatives

Announcements

  • I’ve learned the difference between copy editing and proofreading. Proofreading is fixing what you’ve written in terms of basic mistakes. Copy Editing is fixing deeper issues like structure, readability, etc.

Summary and recommendations

Recommended content

Inspiration

  • There’s nothing so useless as doing efficiently that which should not be done at all. ~ Peter Druker
  • Schrodinger’s Backup: The condition of any backup is unknown until a restore is attempted.

Fin

  • Ok, that’s it for this episode
  • Thank you for listening
  • If you like the show, please recommend it to your friends and share it, blog about it, share it on social media, and leave a review on iTunes
  • See you next time

Show notes

  • https://www.youtube.com/watch?v=_m97_kL4ox0
  • https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

--

:: Unsupervised Learning: Episode 42 appeared originally on danielmiessler.com.
:: Subscribe to Unsupervised Learning---my weekly show where I select my favorite news and ideas in infosec, technology, and humanity, and talk about why they matter.

  continue reading

One episode

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide