This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Jared Rimer. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jared Rimer or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to The technology blog and podcast and TSB
Listen to articles handpicked by our editors, and stay updated on top technology news from TechCrunch.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Podcast by Mark Phoenix and Ben Hutchings
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Technological and digital news from around the world.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
A weekly podcast on deploying and managing enterprise storage and data
…
continue reading
Enter the world of Mega64- video games, filmmaking, and every dumb thing in between- every Tuesday.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
The Security Box, podcast 195: What Are .env Files and why should I care?
Manage episode 423499232 series 2441665
Content provided by Jared Rimer. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jared Rimer or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Hello folks, welcome to podcast 195 of the security box. Let's start off with a set of questions that came out of something we did not cover as part of last week's box. If you listen via the podcast, please submit your guesses before the answers are revealed. I'll personally give you credit where credit is due, and we can work out what you will get upon correct answers. The questions are: What 8 companies, 1 of which was part of the big ticket master breach were attacked? What small time actor group took responsibility for these 8 company attacks?which two companies disputed the hack? Finally, what was the most recent company that came out with confirming they were part of the actors fiasco? We also are going to cover the news, the landscape, Lastpass' recent fiasco that can happen to anyone and more. Our topic this week will be the talking about environment files that are used to store secrets including keys, usernames and passwords. Apparently these files, known as .env files are wide open and can be taken for use. Enjoy the program and thanks so much for listening!
…
continue reading
Our Scam of the Week
Kelly, formerly Kelly Services has been targeting users who know the JRN's work. Kelly informed the JRN that this scam has been going around in this form for at least 5 months. The first report came from TSB's participant, Preston Gaylor. The second came from another subscriber who assists me in another capacity. Please read this blog post titled New scam from work provider, Kelly (formerly Kelly Services) for complete details on this. We link to the official web site where you too, can alert them about this scam. The representative informed me that they have over 500 copies of this and asked about the version that is going around. We'll be discussing this as part of the program, don't worry!Our Question
If you intend to play, please do not look at the answers given below. We also are linking to sources of further reading too.Our Question
What 8 companies, 1 of which was part of the big ticket master breach were attacked? What small time actor group took responsibility for these 8 company attacks?which two companies disputed the hack? Finally, what was the most recent company that came out with confirming they were part of the actors fiasco?The Answer: Skip if you intend to participate and win
Answer: Snowflake, Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Parts. Progressive and Mitsubishi disputed the threat actor’s claims while Advance Auto Parts recently came out with details of their breach.Sources from the blog:
- Live Nation confirms breach at Ticketmaster
- Advance auto parts confirms breach, numbers don’t match
- Snowflake’s breach may be bigger than we think, let’s add yet another company to the mix
Lastpass needs a break here, this can happen to anyone
This can happen to anyone. While people want to jump ship because of this most recent outage, I don't blame them. It turns out, it was because of their chrome extension that somehow went completely ape and could have sent a DDOS attack. I don't want to go that far, but it was a 12-hour outage if not longer. I recently had to sign in and I was successful, and this happened on Thursday, June 6, 2024. This can happen to anyone, lastpass had a bad extension causing havoc is the blog post that leads to the story. I believe this could happen to anyone.Other News
- This is crazy, more snowflake news: “We aren’t going to require MFA”
- 23andMe now being investigated for the 2023 breach
- Exposed tokens equals getting owned
- Google sends large check, google avoids jury trial Christie’s notifies people of ransomware attack, ransomhub takes them and Frontier telecom
- We thought TikTok was bad, News Break seems to be worse
What are .env files and why should I care?
Why should I care about .env files in the first place? Our main topic discusses this and it isn't a good thing if you don't. The JRN tried to take paragraphs that disclosed information which supports why it is a bad idea for this file to be in the open and we also tried to take data that showed what these files contain. Websites exposing over a million secrets, leaving visitors at risk is the blog from Cybernews that we'll take from to lead this discussion.Supporting the podcast
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.Internet Radio affiliates airing our program
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!311 episodes
Share
Manage episode 423499232 series 2441665
Content provided by Jared Rimer. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jared Rimer or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Hello folks, welcome to podcast 195 of the security box. Let's start off with a set of questions that came out of something we did not cover as part of last week's box. If you listen via the podcast, please submit your guesses before the answers are revealed. I'll personally give you credit where credit is due, and we can work out what you will get upon correct answers. The questions are: What 8 companies, 1 of which was part of the big ticket master breach were attacked? What small time actor group took responsibility for these 8 company attacks?which two companies disputed the hack? Finally, what was the most recent company that came out with confirming they were part of the actors fiasco? We also are going to cover the news, the landscape, Lastpass' recent fiasco that can happen to anyone and more. Our topic this week will be the talking about environment files that are used to store secrets including keys, usernames and passwords. Apparently these files, known as .env files are wide open and can be taken for use. Enjoy the program and thanks so much for listening!
…
continue reading
Our Scam of the Week
Kelly, formerly Kelly Services has been targeting users who know the JRN's work. Kelly informed the JRN that this scam has been going around in this form for at least 5 months. The first report came from TSB's participant, Preston Gaylor. The second came from another subscriber who assists me in another capacity. Please read this blog post titled New scam from work provider, Kelly (formerly Kelly Services) for complete details on this. We link to the official web site where you too, can alert them about this scam. The representative informed me that they have over 500 copies of this and asked about the version that is going around. We'll be discussing this as part of the program, don't worry!Our Question
If you intend to play, please do not look at the answers given below. We also are linking to sources of further reading too.Our Question
What 8 companies, 1 of which was part of the big ticket master breach were attacked? What small time actor group took responsibility for these 8 company attacks?which two companies disputed the hack? Finally, what was the most recent company that came out with confirming they were part of the actors fiasco?The Answer: Skip if you intend to participate and win
Answer: Snowflake, Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Parts. Progressive and Mitsubishi disputed the threat actor’s claims while Advance Auto Parts recently came out with details of their breach.Sources from the blog:
- Live Nation confirms breach at Ticketmaster
- Advance auto parts confirms breach, numbers don’t match
- Snowflake’s breach may be bigger than we think, let’s add yet another company to the mix
Lastpass needs a break here, this can happen to anyone
This can happen to anyone. While people want to jump ship because of this most recent outage, I don't blame them. It turns out, it was because of their chrome extension that somehow went completely ape and could have sent a DDOS attack. I don't want to go that far, but it was a 12-hour outage if not longer. I recently had to sign in and I was successful, and this happened on Thursday, June 6, 2024. This can happen to anyone, lastpass had a bad extension causing havoc is the blog post that leads to the story. I believe this could happen to anyone.Other News
- This is crazy, more snowflake news: “We aren’t going to require MFA”
- 23andMe now being investigated for the 2023 breach
- Exposed tokens equals getting owned
- Google sends large check, google avoids jury trial Christie’s notifies people of ransomware attack, ransomhub takes them and Frontier telecom
- We thought TikTok was bad, News Break seems to be worse
What are .env files and why should I care?
Why should I care about .env files in the first place? Our main topic discusses this and it isn't a good thing if you don't. The JRN tried to take paragraphs that disclosed information which supports why it is a bad idea for this file to be in the open and we also tried to take data that showed what these files contain. Websites exposing over a million secrets, leaving visitors at risk is the blog from Cybernews that we'll take from to lead this discussion.Supporting the podcast
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.Internet Radio affiliates airing our program
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!311 episodes
Alle episoder
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to The technology blog and podcast and TSB
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Listen to articles handpicked by our editors, and stay updated on top technology news from TechCrunch.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Podcast by Mark Phoenix and Ben Hutchings
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Technological and digital news from around the world.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
A weekly podcast on deploying and managing enterprise storage and data
…
continue reading
Enter the world of Mega64- video games, filmmaking, and every dumb thing in between- every Tuesday.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
