Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    Take 1 Security Podcast: Episode 10

    Take 1 Security Podcast: Episode 10

    FromUnsupervised Learning

    Start listeningView podcast show

    Take 1 Security Podcast: Episode 10

    FromUnsupervised Learning

    ratings:
    Length:
    22 minutes
    Released:
    Mar 16, 2015
    Format:
    Podcast episode

    Description



    Play Podcast

    START CONTENT


    * There was another SQL Injection bug found in SEO by Yoast


    * It required admins to click a malicious link
    * Was patched quickly
    * It’s the plugins that make WordPress vulnerable

    * Attackers are targeting gamers for ransomware


    * Virlock is one version of ransomware that not only locks the screen, but infects files
    * It’s also polymorphic, so it changes itself every time it runs
    * TeslaCrypt goes after gamers, which seems super smart because they are often addicted

    * The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition


    * I get asked a lot about what to do about this kind of stuff
    * Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them
    * Assume the worst, even though it’s probably not that bad

    * US industrial systems attacked 245 times between October 2013 and September 2014


    * Most attacks were against Critical Manufacturing and Energy
    * Biggest vectors were spear phishing and port scanning

    * CloudFlare aims to defeat DDoS with Virtual DNS


    * They want to proxy DNS before it hits customer name server

    * The CIA supposedly tried to hack Apple hardware


    * The article has come under extreme scrutiny

    * Going to be on the Security Weekly podcast with Pau
    * Hillary Clinton’s email account dram
    * OpenSSL is getting an audit


    * Bout time

    * Wikimedia is suing the NSA over surveillance
    * Spoofing the boss is the best way to phish someone, evidently
    * Had a great time at CactusCon in Phoenix


    * Did a talk with Jason and saw Dave’s keynote
    * Dave’s keynote was about struggling with the basics, not APT
    * He asked when a major breach was NOT a dumb mistake

    * Someone’s looking to make a Snowden Phone
    * Looks like I’ll be on the Security Weekly podcast with Paul


    * Going to talk about IoT security and my our OWASP project



    END CONTENT

    Play Podcast

    Notes


    * Comments welcome on content and format, as usual.
    Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
    Released:
    Mar 16, 2015
    Format:
    Podcast episode

    Titles in the series (100)

    Thinking about the intersection of security, technology, and society—and what might be coming next. Every Monday morning you get a curated 15-30 minute summary of the week's most important stories and why they matter. Plus regular essays and interviews that explore a single topic.