Securit13 Podcast

Latest Google+ flaw leads Chocolate Factory to shut down site early https://www.theregister.co.uk/2018/12/11/google_hacked_again/  Update now! Adobe issues emergency Flash update for a serious flaw https://www.komando.com/happening-now/518954/update-now-adobe-issues-emergency-flash-update-for-a-serious-flaw  Adobe Security Bulletin https://helpx.adobe.com/security/products/flash-player/apsb18-42.html  https://helpx.adobe.com/security/products/flash-player/apsb18-42.html  Australia passes new law to thwart strong encryption https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwart-strong-encryption/  GOOGLE TRACKS YOU EVEN IF LOCATION HISTORY'S OFF. HERE'S HOW TO STOP IT https://www.wired.com/story/google-location-tracking-turn-off/amp  https://www.facebook.com/photo.php?fbid=2147208615360926&set=a.222301541184986&type=3&permPage=1  Iranians indicted in Atlanta city government ransomware attack https://arstechnica.com/information-technology/2018/12/iranians-indict

Підвели підсумки 2018 року в інформаційній безпеці

Framework for Improving Critical Infrastructure Cybersecurity https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf  Доповідь Тараса про критичну інфраструктуру https://www.youtube.com/watch?v=vLy9i9OPcxU 

На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI  China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies  New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom https://www.bloomberg.com/amp/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom  Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story https://www.buzzfeednews.com/amphtml/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi  What Businessweek got wrong about Apple https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/  https://www.documentcloud.org/documents/4995748-Letter-20-October-208th-20version.html  Facebook has been hacked and 50 million people's accounts have been ex

UISGCON14 https://14.uisgcon.org/  SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/  Interview with Yanick Fratantonio http://www.s3.eurecom.fr/~yanick/  Securit13 Patreon https://www.patreon.com/securit13  Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

UISGCON14 https://14.uisgcon.org/  SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/  Interview with Serhii Korolenko about #UISGCON14 #CTF https://www.hackthis.co.uk  The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470  Passing Security By - Serhii Korolenko https://www.youtube.com/watch?v=rDOYUCy9phA  Serhii Korolenko - XSS from zer0 to Hero (Workshop) https://www.youtube.com/watch?v=mKqc9u_BRLM  Securit13 Patreon https://www.patreon.com/securit13  Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

UISGCON14 https://14.uisgcon.org/  SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/  Interview with Alexander Færøy Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave  https://www.news.com.au/technology/innovation/motoring/tech-billionaire-elon-musk-smokes-marijuana-and-drinks-whiskey-on-podcast/news-story/b228f58547f797e012c26074b959435e  Windows 10 to get disposable sandboxes for dodgy apps https://arstechnica.com/staff/2018/08/windows-10-to-get-disposable-sandboxes-for-dodgy-apps/  Mongo Lock Attack Ransoming Deleted MongoDB Databases https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/  Open .Git Directories Leave 390K Websites Vulnerable https://threatpost.com/open-git-directories-leave-390k-websites-vulnerable/137299/  Tesla’s new bug bounty protects hackers — and your warranty https://techcrunch.com/2018/09/06/teslas-new-bug-bounty-protects-hackers-and-your-warranty/  How Bitcoin's

Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими

UISGCON14 https://14.uisgcon.org/  На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури https://ssu.gov.ua/ua/news/1/category/2/view/5037#.MkS7rpun.dpbs  Ukraine claims it blocked VPNFilter attack at chemical plant https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/  Speculative Buffer Overflows: Attacks and Defenses (pdf) https://people.csail.mit.edu/vlk/spectre11.pdf  New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/  Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users https://thehackernews.com/2018/07/google-chrome-site-isolation.html  Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу https://www.cisco.com/c/dam/global/uk_ua/assets/pdfs/Final_Files_Cisco_2018_ACR_Web.pdf?dtid=oemzzz000186&ccid=cc000160&ecid=10432&oid=anrsc005679  Scam alert:

В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель. 6688 http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=62236  Github Gentoo organization hacked - resolved https://gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html Apple corrects the record on reported iPhone vulnerability https://www.cyberscoop.com/iphone-brute-force-passcode-matthew-hickey/ Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature https://motherboard.vice.com/en_us/article/bj34wa/cops-unlock-iphones-without-a-warrant-apple-usb-restricted-mode Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles https://www.theregister.co.uk/2018/06/28/facebook_data_abuse_bug_bounty/ Former NSA contractor Reality Winner accepts guilty plea for leaking classified report https://www.cyberscoop.com/former-nsa-contractor-reality-winner-accepts-guilty-plea-leaking-classified-report/

SecurityBsides Odessa CTF is open! https://odessa.securitybsides.org.ua/#ctf  All who wants to support BSides Odessa you can do it here  https://bsidesodessa.ticketforevent.com/  SecurityBSides Kharkiv https://kharkiv.securitybsides.org.ua  The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies. https://motherboard.vice.com/en_us/article/wnxgwq/guccifer-20-is-likely-a-russian-government-attempt-to-cover-up-their-own-hack  The security firm halted the work after questions were asked in the European Parliament about its software. https://www.bbc.com/news/technology-44501506  She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave http://montrealgazette.com/news/local-news/mcgill-music-student-awarded-350000-after-girlfriend-stalls-career  Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done? https://www.cnet.com/news/google-duplex-assistant-bot-

Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей. https://www.youtube.com/watch?v=5QBOmr_ZyLo  DEFCON 25 Nissan Leaf security https://www.troyhunt.com/controlling-vehicle-features-of-nissan/  Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs https://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf  Tpyota unintended acceleration bug http://esd.cs.ucr.edu/webres/can20.pdf  CAN bus specs (BOSCH) https://www.bmw.co.uk/bmw-ownership/connecteddrive  BMW ConnectedDrive https://www.macworld.co.uk/news/apple/apple-car-release-date-3425394/  Apple iCar release date rumours, features & images https://www.nvidia.com/en-us/self-driving-cars/  NVIDIA Self-driving cars https://hackaday.com/2017/06/19/intel-discontinues-joule-galileo-and-edison-product-lines/  Intel Discontinues Joule, Galileo, And Edison Product Lines https://techmaker.ua  TWIC who

16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957 EFAIL https://efail.de/ Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496 Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/ Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and

Мы немного поговорили про конференции, организованные, будущие и посещенные. #BSidesKyiv 2018 https://www.facebook.com/pg/BSidesUkraine/ Video https://www.youtube.com/channel/UCOSf0249iC28paeqYY5nRSQ 22.05.2018 WWCode Security event https://www.facebook.com/events/243552549527834/ 16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Jack Daniel https://twitter.com/jack_daniel/status/992135632616124416 GiSec https://www.gisec.ae/ Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие. General Data Protection Regulation https://www.eugdpr.org/ How Europe's New Privacy Law Will Change the Web, and More https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/amp Some more information: GDPR - A Practical Guide For Developers - Bozho's tech blog https://techblog.bozho.net/gdpr-practical-guide-developers/ America should borrow from Europe’s data-privacy law https://www.economist.com/news/leaders/21739961-gdprs-premise-consumers-should-be-charge-their-own-personal-data-right Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi Iran hit by global cyber attack that left U.S. flag on screens https://flipboard.com/@flipboard/-iran-hit-by-global-cyber-attack-that

Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки))) Everything You Need to Know About Facebook and Cambridge Analytica https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/amp Cambridge Analytica whistleblower Christopher Wylie appears before MPs https://www.youtube.com/watch?v=X5g6IJm7YJQ Fact Check: Your Call and SMS History http://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history/ https://www.facebook.com/settings?tab=applications (FB removed "Apps others use") Total Meltdown? https://blog.frizk.net/2018/03/total-meltdown.html?m=1 It's baaack – WannaCry nasty soars through Boeing's computers http://www.theregister.co.uk/2018/03/28/wannacry_boeing/ Egg on Cisco's face: Three critical software bugs to fix over Easter http://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/ Guccifer 2.0 Was Always Sloppy https://motherboard.vice.com/amp/en_us/article/a3ygmp/guccifer-2-russian-military-intelligence-gru-vpn Rapid 2.0

Adam Doupé http://www.adamdoupe.com/ Adam on twitter https://twitter.com/adamdoupe Adam on youtube https://www.youtube.com/channel/UCWA6pfcx4Ok4xsIA7Mkr39w Series of live hacking of CTF challenges on YouTube https://www.youtube.com/playlist?list=PLK06XT3hFPziMAZj8QuoqC8iVaEbrlZWh Book     The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787

Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами. Intro / Outro Extraction de la pierre de folie by Cuicuitte http://freemusicarchive.org/music/Cuicuitte/LAntville/Cuicuitte_-_LAntville_-_09_Extraction_de_la_pierre_de_folie  #BsidesKyiv 2018 https://securitybsides.org.ua/  Shedule https://securitybsides.org.ua/#schedule  Tickets https://securitybsides.ticketforevent.com/  Radar2 http://www.radare.org/r/  Vero - True Social https://www.vero.co/  How To Get Started With Vero - True Social https://www.forbes.com/sites/anthonykarcz/2018/02/23/how-to-get-started-with-vero-true-social/#2b54ae3d2889  Here's how to delete your Vero account https://mashable.com/2018/02/27/how-to-delete-vero-account/#J8IkV29ZoOqy  Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

White House blasts Russia for NotPetya cyberattack https://edition.cnn.com/2018/02/15/politics/white-house-russia-notpetya/index.html  Memcached servers can be hijacked for massive DDoS attacks https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html  Memcrashed - Major amplification attacks from UDP port 11211 https://blog.cloudflare.com/memcr ashed-major-amplification-attacks-from-port-11211/ GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED https://www.wired.com/story/github-ddos-memcached/amp  NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/  У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника https://cyberpolice.gov.ua/news/u-xarkovi-zasudzheno-pidozryuvanogo-za-prodazh-kliyentskoyi-bazy-poshtovogo-pereviznyka-6604/  Speculative Execution Bounty Launch https

К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно. Intro / Outro Ninja by Indikings http://freemusicarchive.org/music/Indikings/Back_In_Space/indikings_ninja  Breaking the x86 Instruction Set https://www.youtube.com/watch?v=KrksBdWcZgQ  DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set https://www.youtube.com/watch?v=ajccZ7LdvoQ  17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud https://www.youtube.com/watch?v=a9sGk7FtnYk  Clémentine Maurice https://cmaurice.fr/  PinMe: Tracking a Smartphone User around the World https://arxiv.org/pdf/1802.01468.pdf  Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle  Books: Intel® 64 and IA-32 Architectures Software Developer’s Manual https://software.intel.com/sites/default/files/managed/39/c5/3254