Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

Reboot It! Podcase

Content provided by Bill Gardner. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bill Gardner or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

7y ago 1:10:54

MP3•Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on October 20, 2018 18:33 (5+ y ago). Last successful fetch was on June 13, 2018 01:37 (6y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

Upcoming Conferences

BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

DerbyCon 7.0 “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

CFP closes Sept 1

http://securewv.com/

Stories

Booz Allen Hamilton Leaves U.S. Government Files On Unprotected Amazon Server

http://www.ibtimes.com/booz-allen-hamilton-leaves-us-government-files-unprotected-amazon-server-2545935

Silk Road Founder Ross Ulbricht Loses Appeal In Trial Connected To Dark Web

http://www.ibtimes.com/silk-road-founder-ross-ulbricht-loses-appeal-trial-connected-dark-web-2546059

2017 Has Already Racked Up 1,200 Breaches--On Pace for Worst Year Ever

https://www.infosecurity-magazine.com/news/2017-has-already-racked-up-1200/

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

http://www.theregister.co.uk/2017/05/30/shadow_brokers_subscription_service/

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems.

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions or gain root shell.

https://www.cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/

Comcast Wi-Fi serving self-promotional ads via JavaScript injection

Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast's decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.

https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

Google debuts a new way to follow your footsteps around the web

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

https://nakedsecurity.sophos.com/2017/05/25/google-debuts-a-new-way-to-follow-your-footsteps-around-the-web/

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

74 episodes

#Tech #Rick Hayes