Tuesday, March 19, 2019

7 Minute Security

7MS #352: Recap of Rad Red Team Training

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series. TLDR and TLDL (too long don't listen): go take this training. Please. Now. The end. 🙂 If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including: Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit),...

7MS #351: Turn Windows Logging up to 11

Today's episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and enter code 7MS when completing your signup. In today's episode, I talk about how the level of Windows server/client logging out of the box is...not really awesome. I then look at how we can create a GPO that turns logging "up to 11" using some free tools and cheat sheets. If you want to simulate this in your own lab by building out an Active Directory environment, check out part 1 of a Webinar series we've been working on called...

Brakeing Down Security

2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra

Shout-out to Thomas…     Tried to meetup while at SEA comic-con Patreon Log-MD Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?) 4 podcasts? SpecterOps Training / workshopCon  - https://www.workshopcon.com/events Zach Ruble- @sendrublez C2 infra using Public WebApps TARCE - Teaching Assistant RCE(?)...

2019-009- Log-MD story, Noid, communicating with Devs and security people-part1

Log-MD story (quick one) (you’ll like this one, Mr. Boettcher)     SeaSec East meetup     "Gabe"   https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/   New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G”   Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please...

Crypto-Gram

Crypto-Gram February 15, 2019

In this issue: Evaluating the GCHQ Exceptional Access Proposal Public-Interest Tech at the RSA Conference Blockchain and Trust from the February 15, 2019 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage

Crypto-Gram January 15, 2019

In this issue: New Attack Against Electrum Bitcoin Wallets Machine Learning to Detect Software Vulnerabilities Using a Fake Hand to Defeat Hand-Vein Biometrics from the January 15, 2019 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage

Cyber Security Interviews

#62 – Chad Loder: Just Because It’s Basic, Doesn’t Mean It’s Easy

Chad Loder is the CEO and co-founder of Habitu8, a Los Angeles-based cyber security startup that’s transforming the security awareness industry away from its traditional “training-centric” approach to an approach that is based on measurable risk reduction through influencing and measuring key employee behaviors. Prior to Habitu8, Chad was co-founder and VP of Engineering at… The post #62 – Chad Loder: Just Because It’s Basic, Doesn’t Mean It’s Easy appeared first on Cyber Security Interviews.

#61 – Yonathan Klijnsma: If They Get Compromised, You Get Compromised

Yonathan Klijnsma is a threat researcher at RiskIQ, leading threat response and analysis efforts with the help of RiskIQ’s expansive data set. Both his work and hobbies focus on threat intelligence in the form of profiling threat actors as well as analyzing and taking apart the means by which digital crime groups work. Outside of… The post #61 – Yonathan Klijnsma: If They Get Compromised, You Get Compromised appeared first on Cyber Security Interviews.

Darknet Diaries

Ep 34: For Your Eyes Only

Nude selfies. This episode is all about nude selfies. What happens if you take one and give it to a vengeful boyfriend. What happens when a hacker knows you have them and wants to steal them from your phone. What happens is not good. This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. Visit molekule.com to use check out code "DARKNET" to get a discount.For references, sources, and links check out the show notes at...

Ep 33: RockYou

In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today.This episode was sponsored by CuriosityStream. A streaming service showing non-fiction and documtnaries. Visit https://curiositystream.com/darknet and use promo code "darknet".This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.To see more show notes visit darknetdiaries.com/episode/33.Learn more about your ad choices. Visit megaphone.fm/adchoices

Defensive Security

Defensive Security Podcast Episode 234

https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/https://www.securityweek.com/russian-state-sponsored-hackers-are-fastest-crowdstrikehttps://www.zdnet.com/article/icann-there-is-an-ongoing-and-significant-risk-to-dns-infrastructure/https://www.infosecurity-magazine.com/news/password-managers-no-more-secure-1/https://www.zdnet.com/article/microsoft-do-these-things-now-to-protect-your-network/

Defensive Security Podcast Episode 233

https://www.securityweek.com/hackers-using-rdp-are-increasingly-using-network-tunneling-bypass-protections https://www.zdnet.com/article/trojan-malware-is-back-and-its-the-biggest-hacking-threat-to-your-business/ https://www.csoonline.com/article/3336923/security/phishing-has-become-the-root-of-most-cyber-evil.html https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825 https://www.dlapiper.com/~/media/files/insights/publications/2019/02/dla-piper-gdpr-data-breach-survey-february-2019.pdf

Down The Security Rabbithole

DtSR Episode 338 – Failure of Risk Management

This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone...  Highlights from this week's show include... Phil talks up "The failure of risk management" We discuss the realities of risk management Raf asks "How do we make more informed risk decisions?" Raf and Phil talk through thread models and why they're relevant ...and so much more   Guest Phil Beyer - https://www.linkedin.com/in/pjbeyer/

DtSR Episode 337 – Insights on Cyber Talent

This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics... Highlights from this week's show include... Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent We discuss the difference between a good leader, and just a good manager and why those aren't the same We discuss the pay gap, why it's still a thing, and what's to be done about...

Open Source Security

Episode 137.5 – Holy cow Beto was in the cDc, this is awesome!

Josh and Kurt talk about Beto being in the Cult of the Dead Cow (cDc). This is a pretty big deal in a very good way. We hit on some history, why it's a great thing, what we can probably expect from opponents. There's even some advice at the end how we can all help. We need more politicians with backgrounds like this.

Episode 137 – When the IoT attacks!

Josh and Kurt talk about when devices attack! It's not quite that exciting, but there have been a slew of news about physical devices causing problems for humans. We end on the note that we're getting closer to a point when lawyers and regulators will start to pay attention. We're not there yet, so we still have a horrible insecure future on the horizon.

Episode 136 – How people feel is more important than being right

Josh and Kurt talk about github blocking the Deepfakes repository. There's a far bigger discussion about how people feel, and sometimes security fails to understand that making people feel happy or safer is more important than being right.

OWASP 24/7

What is Chaos Engineering, an Interview with Casey Rosenthal

"Chaos engineering is an empirical practice of setting up experiments to figure out where your system is vulnerable so that you can know that ahead of time and proactively fix some of these vulnerabilities in your system." -- Casey Rosenthal In this broadcast, I speak with Casey Rosenthal about the beginnings of Chaos Engineering and Netflix and how the concept has morphed into a cross-industry community, sharing ideas through local chaos conferences.

Ladies of London Hacking Society w/ Eliza-May Austin

The Ladies of London Hacking Society was created by Eliza-May Austin in an act of frustration.Having nowhere to turn to meet other women within the security industry in the UK,Eliza-May fired off an online post lamenting the lack of local community support for technical security-based women. Her story is a common one. The post seemed to resonate with the local community. In a short time, she had close to 500 women join her London Meetup Group, focusing on sharing technical skills and industry stories.

Purple Squad Security

Episode 51 – Fireside Chat with Chris Foulon

Chris Foulon stops by for a fireside chat to talk about breaking into Infosec.  For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda.  It’s a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con.  I hope you enjoy! Some links of interest: Chris’ LinkedIn: https://www.linkedin.com/in/christophefoulon/ Chris’ Twitter: @chris_foulon We have a new store!  Come...

Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus

It’s that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let’s just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere.  Enjoy! Some links of interest: Exploring Information Security Podcast: https://www.timothydeblock.com/eis/ Tactical Edge: https://tacticaledge.co/index_en.html Tactical Edge Twitter: @Tactical3dge Kyle’s Twitter: @chaoticflaws Ed’s Twitter:...

Risky Business

Risky Business #534 — Manning back in clink, automotive industry under attack

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news: Chelsea Manning back in jail Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently. Huawei politics get messy EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam) Much, much more This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech. Links to everything that we discussed are below and you...

Risky Business #533 — Ghidra release, NSA discontinues metadata program and more

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news: The NSA isn’t that interested in phone metadata anymore More Chinese mass surveillance data leaks Chelsea Manning, David House subpoenaed over Wikileaks Quadriga cold wallets were actually empty at time of founder’s death NSA deployed “rm -rf / shark” at Internet Research Agency HackerOne follows Bugcrowd into pentesting NSA releases Ghidra Much, much more! This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how...

SANS ISC

ISC StormCast for Wednesday, March 20th 2019

Cloudflare Releases Proxy Detection Tools https://blog.cloudflare.com/monsters-in-the-middleboxes/Business Email Compromise Moving to

ISC StormCast for Monday, March 18th 2019

Putty Updates https://www.chiark.greenend.org.uk/~sgtatham/putty/Fujitsu Wireless Keyboard Vulnerabilities https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txtSigned Malware Goes Undetected

ISC StormCast for Sunday, March 17th 2019

Binary Analysis With Jupyter and Radare2 https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/IMAP Brute Forcing against

Security Now

SN 705: SPOILER

0-day exploit bidding warNSA releases Ghidra v9Firefox's adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA semi-solution to Windows updates crashing systemsDetailed news of the Marriott/Starwood breach, a bit of miscellany fromSPOILER: Another new and different consequence of speculation on Intel machines.We invite you to read our show notes at https://www.grc.com/sn/SN-705-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC...

SN 704: Careers in Bug Hunting

The increasing feasibility of making a sustainable career out of hunting for software bugsA newly available improvement in Spectre mitigation performance and who can try it nowAdobe's ColdFusion emergency and patch,More problems with A/V and self-signed certsA Docker vulnerability being exploited in the wildThe end of CoinhiveA new major Wireshark releaseA nifty web browser website screenshot hackContinuing troubles with the over-privileged Thunderbolt interfaceBot-based credential stuffing attacksWe invite you to read our show notes at https://www.grc.com/sn/SN-704-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the...

Security Weekly

You’re Killing Me Smalls – Paul’s Security Weekly #597

This week, we welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! In the Security News, New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common? In the final segment, we air a pre recorded interview with Carsten Willems, Co-Founder and CEO at VMRay, discussing malware sandboxing!...

The Evil Empire – Enterprise Security Weekly #129

This week, we interview Gururaj Pandurangi, Founder and CEO at Cloudneeti, to discuss Continuous Cloud Assurance! Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj has 20 years of professional experience, a good portion of it as an early adopter of cloud technologies and building global scale cloud products like Windows Live, Bing platform, Consumer Identity and Federations. Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019: - Venafi - XM Cyber - Onapsis Paul Asadoorian and Matt Alderman...

Shared Security

Equifax and Marriott Data Breach Updates, Facial Recognition at the Airport, Citrix Password Spraying Attack

This is your Shared Security Weekly Blaze for March 18th 2019 with your host, Tom Eston. In this week’s episode: Equifax and Marriott data breach updates, facial recognition coming to 20 US airports, and the Citrix password spraying attack. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com...

Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program

This is your Shared Security Weekly Blaze for March 11th 2019 with your host, Tom Eston. In this week’s episode: a new Google Chrome Zero-Day, how Facebook uses your phone number, and the shutdown of the NSA’s phone data collection program. Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout....

Smashing Security

119: Hijacked homes, porn passports, and ransomware regret

A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This...

118: The ‘s’ in IoT stands for security

Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up! All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White. Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes. Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl...

Sophos

Ep. 023 – Facebook promises and Google Chrome patches

This week, the Naked Security Podcast tries to figure out where Mark Zuckerberg's new "Facebook Privacy Promise" is going, and digs into both the technical and community aspects of a recent Chrome zero-day bug. With Anna Brading, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/study-throws-security-shade-on-freelance https://nakedsecurity.sophos.com/zuck-says-facebook-is-becoming-more-privacy-focused https://nakedsecurity.sophos.com/serious-chrome-zero-day-google-says-update Music by: https://purple-planet.com/

Ep. 022 – Plaintext passwords, cryptocoin criminality and the Momo monstrosity

The Naked Security podcast explains why storing plaintext passwords is an unnecessary evil, investigates a cryptocurrency spat between a software maker and a disgruntled user, and tells you some earnest but unpopular truths about how to keep your children safe online. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/millions-of-utilities-customers-passwords-stored-in-plain-text https://nakedsecurity.sophos.com/disgruntled-dev-blames-crypto-wallet-for-losing-cryptocoins https://nakedsecurity.sophos.com/the-momo-challenge-urban-legend https://nakedsecurity.sophos.com/the-momo-challenge-why-its-time-to-stop-the-hype Related links: https://nakedsecurity.sophos.com/serious-security-how-to-store-your-users-passwords-safely https://nakedsecurity.sophos.com/the-passwordless-web-explained Music by: https://purple-planet.com/

Ep. 021 – Leaked calls, a virus on the loose and passwords on display

The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and asked whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week's stories: https://nakedsecurity.sophos.com/milions-of-private-medical-calls-exposed https://nakedsecurity.sophos.com/2019/02/20/virus-attack-hackers-unleash https://nakedsecurity.sophos.com/2019/02/21/password-managers-leaking-data Music by: https://purple-planet.com/

Southern Fried Security

Episode 100: Episode 208 – All Good Things…

It's been 9 years and over 210 different content items since we started this thing in January of 2010.  As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content.  We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that. All of...

Episode 99: Episode 207 – On the Front Porch with Yvette and Brandon

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released.  "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here:  https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

The CyberJungle

The CyberJungle Episode406: * Around The Corner: Life After Google, by George Gilder * DarkWeb: XYRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare...

Jan 7, 2019: * Around The Corner: Life After Google, by George Gilder * DarkWeb: XYRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec * Hacking attacks on your router: Why the worst is yet to come * It’s time for Apple to stop playing it safe * Meet the new Diet iPhone: Could a fresh formula boost Apple's bottom line?. See Show Notes/Links for Episode 406 at http://www.thecyberjungle.com

The CyberJungle Episode405: * SANS Netword Security: EXCLUSIVE-Tim Medin, Founder of Red Siege * PFIC2018: EXCLUSIVE-Joe McManus, CISO Automox * 0day: Embedded vids in MSFTOffice...

Oct 31, 2018: * SANS Netword Security: EXCLUSIVE-Tim Medin, Founder of Red Siege * PFIC2018: EXCLUSIVE-Joe McManus, CISO Automox * 0day: Embedded vids in MSFTOffice docs can hide malware * Deloitte: CEO and Board Risk Management Survey * DarkWeb: Laptop-Carrying Fed Infects Gov Network. See Show Notes/Links for Episode 405 at http://www.thecyberjungle.com

The CyberWire

Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence–no hacking or sabotage required. Gnostiplayers are back. AI...

In today’s podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huawei’s strategy in the face of Five Eye--and especially US--sanctions: the US doesn’t like us because we’re a threat to their ability to conduct untrammeled surveillance. Corruption, neglect, and replacement of experts by politically reliable operators seem to have...

ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday

Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework. The original research can be found here: https://blogs.akamai.com/sitr/2019/01/thinkphp-exploit-actively-exploited-in-the-wild.html   The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data...

The Silver Bullet

Show 150: Filippo Valsorda discusses programming languages and the dynamic world of cryptography

Listen as Gary and Filippo discuss programming languages and the role they play in software security, getting started in cryptography, open source security, blockchain and cryptocurrency, and more.

Show 149: Brittany Postnikoff discusses the maker culture and the problems with robots

Listen as Gary and Brittany discuss the maker culture, including embedded security for new technologies such as 3D printers and hands-on electronics, the problems with robots, from movement to the ethics of human-robot interactions, and more.

The Social-Engineer

Ep. 107 – All Your Bias Are Belong to Us with Paolo Gaudiano

Biases – we all have them.  Are they useful? What do they tell us about ourselves or corp culture? And most importantly, how can a social engineer use them. Join us with Paolo Gaudiano in this excellent podcast. July 09, 2018 Contents Download Get Involved Download Ep. 107 – All Your Bias Are Belong to Us with Paolo Gaudiano Get Involved Got a great idea for an upcoming podcast? Send us a quick message on the contact form! Enjoy the Outtro Music? Thanks to Clutch for allowing us to use Son of Virginia as our new SEPodcast Theme Music And check out a schedule for all our training...

Ep. 106 – Going Between the Dog and the Wolf with Amy Herman

Do you want to be between the dog and the wolf?  Before you answer you may want to listen to this amazing podcast with Amy Herman. June 11, 2018 Contents Download Get Involved Download Ep. 106 – Going Between the Dog and the Wolf with Amy Herman Get Involved Got a great idea for an upcoming podcast? Send us a quick message on the contact form! Enjoy the Outtro Music? Thanks to Clutch for allowing us to use Son of Virginia as our new SEPodcast Theme Music And check out a schedule for all our training at Social-Engineer.Com Check out the Innocent Lives Foundation to help unmask online child...

Threatpost

Podcast: RSA Conference 2019 Preview

The Threatpost team talks about the biggest cybersecurity stories, trends and research we'll see at RSA this year.

Threatpost News Wrap Podcast For Feb. 22

From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week's biggest news stories.

Troy Hunt Weekly

Weekly Update 130

Presently sponsored by: Twilio: Passwords are no longer enough. Two-factor authentication improves security, implement fast with 'Twilio's Authy API.'Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when looking at the video from the day I was meant to fly in, maybe being stuck in LA wasn't such a bad thing after all:As of 1:30 p.m., all runways are closed, but the terminal & concourses are open. Airlines have cancelled flights for early afternoon/evening. Conditions on Peña Blvd. are poor; visibility is extremely low, conditions are icy....

Weekly Update 129

Presently sponsored by: Twilio: If you only offer 2FA via SMS, your customers are at risk. Learn about our Authy API and how to better protect your user accounts.Heaps of stuff going on this week with all sorts of different bits and pieces. I bought a massive new stash of HIBP stickers (1ok oughta last... a few weeks?), I'll be giving them out at a heap of upcoming events, I was on the Darknet Diaries podcast (which is epic!) plus there's more insights into the ShareThis data breach and the ginormous verifications.io incident. Oh - and Udemy is still...

Unsupervised Learning

Unsupervised Learning: No. 169

Multiple governments have now blacklisted Huawei, which Huawei seems very confused by. The best explanation I've heard so far about why this move makes sense for western countries came from Rob Joyce of NSA. He basically said that just like Kaspersky in Russia, the reason you can't trust Huawei is that it's a Chinese company, and even if they're not already infiltrated by the Chinese government, they can be at any moment without anyone...

Unsupervised Learning: No. 167

This is a description of cyberwar that sounds quite realistic to me, and it's based around the thousand-cuts idea. Ring Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. An independent security researcher found the Dow Jones Watchlist database sitting open on the internet. Schneier talks here about how easy it is to...

Unsupervised Learning: No. 165

OpenAI text spoofing, Twitter DMs, Chinese tracking database, Ponemon Cyber Risk Score, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show.