Wednesday, May 30, 2018

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs


https://darknetdiaries.com/

 

Jack Rhysider



Ok I think these topics should keep us busy for a while. Topics for discussion:



  1. Do hospitals have a free pass when being attacked? #OPJUSTINA
    1. https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/
    2. https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymous attacks your hospital

 

  1. The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?
    1. https://www.rapid7.com/db/vulnerabilities/telnet-default-account-admin-password-password
    2. http://census2012.sourceforge.net/paper.html



  1. In the 90's strong crypto was illegal online.
    1. https://en.wikipedia.org/wiki/Data_Encryption_Standard
    2. https://en.wikipedia.org/wiki/EFF_DES_cracker

 

  1. The NSA scrapes social media and regular OSINT techniques to figure out how to best attack a network.
  2. Manfred made a living hacking MMORPGs for the last 20 years. And he tried to do it as ethically as possible.
  3. When a single CA is breached, it breaks the security for the whole internet.
  4. Toy companies aren't securing children data
  5. What are options when you find a major security flaw in a home router but the vendor refuses to acknowledge it much less fix it? And there's no bug bounty.

Here is a new episode of Brakeing Down Security Podcast!

Tuesday, May 22, 2018

2018-017- threat models, vuln triage, useless scores, and analysis tools


Vuln mgmt tools CVE scores suck.

 

Threat modeling is good.

 

Forces  you to know your environment

 

https://en.wikipedia.org/wiki/Kanban

 

https://blog.jeremiahgrossman.com/2018/05/all-these-vulnerabilities-rarely-matter.html

 

https://twitter.com/lnxdork/status/998559649271025664

https://www.google.com/search?q=house+centipede&rlz=1C5CHFA_enUS759US759&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiypKyfpZjbAhWJjlkKHd0lASYQ_AUICigB&biw=1920&bih=983

https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

 

https://www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Tuesday, May 15, 2018

2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)


Converge Detroit


Jack Rhysider- Podcaster, DarkNet Diaries

https://darknetdiaries.com/

 

  1. Do hospitals have a free pass when being attacked? #OPJUSTINA
    1. https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/
    2. https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymous attacks your hospital

 

  1. The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?
    1. https://www.rapid7.com/db/vulnerabilities/telnet-default-account-admin-password-password
    2. http://census2012.sourceforge.net/paper.html

 

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Sunday, May 6, 2018

2018-015-Data labeling, data classification, and GDPR issues


GDPR will affect any information system that processes or will process people… like it or not.

 

Derby Tickets

    CTF and auction

Keynote

    Converge Detroit

I’ll be at nolacon too

Boettcher

    Recap BDIR #3

https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/

https://blog.networksgroup.com/data-loss-prevention-fundamentals



 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!