Securit13 Podcast

Intro / Outro Frontline - Pillar  https://www.youtube.com/watch?v=jTEkfsGnRTA Ashley Madison Emails By Category http://pastebin.com/bM2QHCDx How to search through the leaked Ashley Madison data http://goo.gl/rZTe2A Hackers Finally Post Stolen Ashley Madison Data http://goo.gl/nek1WJ Hackers Dump More Ashley Madison Data http://goo.gl/tTqVhN Aug 20 2015: New message and torrent! https://goo.gl/X5I0ST Ashley Madison Hackers Speak Out: 'Nobody Was Watching' http://goo.gl/yNwDZO I found my husband in the Ashley Madison leak http://goo.gl/Zgl6vl Как дрозды становятся дятлами https://goo.gl/S86uSd Oracle Deletes CSO’s Screed Against Hackers Who Report Bugs http://goo.gl/E06xim Oracle CSO is right https://blogs.securiteam.com/index.php/archives/2545 My Personal Take On Mary Ann's Blog https://www.linkedin.com/pulse/my-personal-take-mary-anns-blog-mark-litchfield No, You Really Can’t http://pastebin.com/raw.php?i=urN8Vyv1 Oracle blog. Those Who Can’t Do, Audit https://goo.gl/HUHUSt Researchers find way to steal Windo

Intro / Outro The Weeknd - Wicked Games https://www.youtube.com/watch?v=O1OTWCd40bc&feature=youtu.be Hackers Can Disable a Sniper Rifle—Or Change Its Target http://goo.gl/7W5zT7 This Hacker’s Tiny Device Unlocks Cars And Opens Garages http://goo.gl/hxfF5J This Gadget Hacks GM Cars to Locate, Unlock, and Start Them http://goo.gl/NjHmHZ Researchers Hacked a Model S, But Tesla’s Already Released a Patch http://goo.gl/kQApZx New vulnerability can put Android phones into permanent vegetative state http://goo.gl/4esGxa  Can they hear you now? Hacking Team & SS7 http://goo.gl/88eNnk Researchers look sideways to crack SIM card AES-128 encryption http://goo.gl/CSKRdH Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op’ http://goo.gl/rYvzQz Windows 10 is spying on you - at least that's what this developer thinks http://goo.gl/Hv9hTl Disable KeyLogger Windows 10 https://goo.gl/Jb7Yym fix windows 10 https://fix10.isleaked.com/ Windows 10 updates to be automatic and mandatory for Home users http

Intro / Outro Hollywood Undead - Young https://www.youtube.com/watch?v=R_HHm9ki3JI ВРУ рассмотрит законопроект о защите киберпространства http://goo.gl/H9fral Предложения «ГО ИСАКА КИЕВ» к проекту закона Украины об основах кибербезопасности http://goo.gl/mfwlC8 Канадский опыт http://goo.gl/vsjVIS и http://goo.gl/ErQ8Qf Hackers Remotely Kill a Jeep on the Highway—With Me in It http://goo.gl/tOXRvF When Charlie Miller tells you to install an update for your Jeep, you really should go and install that update. https://goo.gl/aD7zOM Patch Your Chrysler Now Against a Wireless Hacking Attack http://goo.gl/4HzhhS Online Cheating Site AshleyMadison Hacked http://goo.gl/5E0GKb #AshleyMadisonHack ... the website is now down https://twitter.com/kennethgeers/status/624091409193107456 Paying $20 to delete your Ashley Madison profile was probably a bad idea http://arstechnica.com/?p=523501 Mr.Robot Firefox blacklists Flash player due to unpatched 0-day vulnerabilities http://goo.gl/VCpfQs Adobe: We REALLY are taking Flash s

Intro / Outro Сен-тропе - у селові https://www.youtube.com/watch?v=L-UBXr5_m38 Интервью с Василием Гузием о тонкостях поимки кибер преступников В Украине арестовали пятерых хакеров, причастных к краже не менее 2 млн евро у крупнейших мировых банков http://goo.gl/7ItU5t Депутаты дошли до интернета: законопроект о киберпространстве http://goo.gl/VV3ja3 MasterCard to trial pay-by-face for online purchasing https://goo.gl/0TFCL0 Spy Tech Company 'Hacking Team' Gets Hacked http://goo.gl/qE4fde Information related to the attacks on HackingTeam on July 6, 2015 http://goo.gl/k0OJO2 Hacking Team Breach Shows a Global Spying Firm Run Amok http://goo.gl/5jbqH7 Hacking Team Asks Customers to Stop Using Its Software After Hack http://goo.gl/pAo3Z3 The FBI Spent $775K on Hacking Team's Spy Tools Since 2011 http://goo.gl/lCal2y UK police forces wanted to buy Hacking Team spyware http://goo.gl/f6JfcU Adobe Flash exploit that was leaked by Hacking Team goes wild http://goo.gl/B5DvC3 Hacking Team leak, Flash 0day, exploit pa

Intro / Outro Jam & Spoon Featuring Rea Garvey-Set Me Free https://www.youtube.com/watch?v=5O5pcVMEvD0&feature=youtu.be ВРУ рассмотрит законопроект о защите киберпространства http://goo.gl/H9fral Министерство IT http://dou.ua/forums/topic/14019/ В Украине арестовали пятерых хакеров, причастных к краже не менее 2 млн евро у крупнейших мировых банков http://goo.gl/7ItU5t Operation Lotus Blossom https://goo.gl/iOwf73 HP Releases Details, Exploit Code for Unpatched IE Flaws http://goo.gl/EffgRD Analysis and Exploitation of an ESET Vulnerability http://goo.gl/iP1im6 IETF официально вывел из обихода протокол SSLv3 http://goo.gl/D9XnaW Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards http://goo.gl/sLArHD Secret Service agent who stole $820K from Silk Road pleads guilty http://goo.gl/2CAx2n This Radio Bug Can Steal Laptop Crypto Keys, Fits Inside a Pita http://goo.gl/Aaso0P Polish airline LOT was grounded after 'IT attack' took hold http://goo.gl/9rfqoI Polish plane IT attack? Apparen

Intro / Outro ЯрмаК - Вставай (TS Prod.)  https://www.youtube.com/watch?v=gO8U8UXVlA4 Интервью с Алексеем Старовым о Tor-клиенте Astoria. Measuring and mitigating AS-level adversaries against Tor (pdf) http://arxiv.org/pdf/1505.05173.pdf Center for Applied Internet Data Analysis https://www.caida.org/home/ Связаться с Алексеем можно по e-mail ostarov@cs.stonybrook.edu

Intro / Outro Андрій Хливнюк "Спи собі сама" https://www.youtube.com/watch?v=dGIefvnHfEc Kaspersky Finds New Nation-State Attack—In Its Own Network http://goo.gl/nA9Mlw Threatbutt http://threatbutt.com Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates http://goo.gl/yPhJi0 China might be building vast database of federal worker info, experts say http://goo.gl/P8HnWG TV5 Monde attack 'by Russia-based hackers' http://goo.gl/1DOu5P Serious iOS bug lets hackers create fake login screens to steal Apple credentials http://goo.gl/tNSMR0 LastPass Security Notice https://goo.gl/aaYL1p Tesla Motors начала платить за найденные уязвимости https://bugcrowd.com/tesla Assume your GitHub account is hacked, users with weak crypto keys told http://goo.gl/EvGHJ5 You Can Be Prosecuted for Clearing Your Browser History http://goo.gl/alSB8y Sourceforge Hijacks the Nmap Sourceforge Account http://seclists.org/nmap-dev/2015/q2/194 This Hacked Kids' Toy Opens Garage Doors in Seconds http://goo.gl/hSBOU0 Edward

Intro/outro - Фантом 2 - Двоє https://www.youtube.com/watch?v=7qWDckvlFp0 The Complete Guide for Hidden Services And Staying Anonymous http://wp.me/p3Y90y-3p Risky Business #367 -- Tor Project lead Roger Dingledine http://risky.biz/RB367 Astoria — Advanced Tor Client Designed to Avoid NSA Attacks http://bit.ly/1KuKipo Anonymous peer-to-peer instant messaging https://ricochet.im/ Top encryption researcher moves to Switzerland to escape government interference http://bit.ly/1dtuNRe HideMyAss story: How misbehaving at school made one man a multimillionaire http://bbc.in/1KuJzo5 Russia warns Google, Twitter and Facebook on law violations http://reut.rs/1KuKIvW Президент РФ подписал указ о создании государственного сегмента интернета http://bit.ly/1KuLtoX Some notes about Wassenaar http://bit.ly/1Atxah3 Cisco Systems поставляла оборудование для Минобороны РФ, ФСБ и Роскомоса в обход санкций http://goo.gl/wc6XjX Билеты на финал Лиги Европы от Приватбанка The founder of the Silk Road drug marketplace has been senten

Intro / outro - Christian Kane - LA Song https://www.youtube.com/watch?v=IGQVn2sxCuI Интервью с Тарасом Бобало Связаться с Тарасом можно с помощью email madspeedy@gmail.com и skype madspeedy Virtualized Environment Neglected Operations Manipulation (VENOM) http://venom.crowdstrike.com/ Heartbleed, eat your heart out: VENOM vuln poisons countless VMs http://www.theregister.co.uk/2015/05/13/heartbleed_eat_your_heart_out_venom_vuln_poisons_countless_vms/ PCI DSS 3.1 (pdf) https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf UISGCON 10 CTF https://ctf.uisgcon.org/ HTTP/2 http://www.rfc-editor.org/rfc/rfc7540.txt Patch Tuesday Facelift End of an Era https://threatpost.com/patch-tuesday-facelift-end-of-an-era/112640 GAUNTLT http://gauntlt.org/ Премьер-министр Сингапура написал решатель Судоку на C++ и выложил исходный код программы в открытый доступ http://itc.ua/news/premer-ministr-singapura-napisal-reshatel-sudoku-na-c-vyilozhil-ishodnyiy-kod-programmyi-v-otkryityiy-dostup/ Super secretive malware wipe

44Con http://44con.com/ Dai Davis http://www.chambersandpartners.com/uk/person/356834/dai-davis Jerry Gamblin http://jerrygamblin.com/ Kevin Williams http://44con.com/cybersecurity/speakers/2015/kevin-williams.html https://www.cyberstreetwise.com/ https://www.getsafeonline.org/ https://www.gov.uk/ Leslie Forbes https://www.linkedin.com/in/forbes  

Intro / Outro The Guild: I'm the One That's Cool https://www.youtube.com/watch?v=jFhgupR565Q Интервью с Евгением Цигикало, специалистом по сигнализации в сетях связи Б.Гольтдштейн Сигнализация в сетях связи http://www.ozon.ru/context/detail/id/4760814/ http://www.3gpp.org/ 44con http://44con.com/ BE SECURE http://besecure.com.ua/ Hackers Could Commandeer New Planes Through Passenger Wi-Fi http://www.wired.com/2015/04/hackers-commandeer-new-planes-passenger-wi-fi/ RSA Conference 2015 http://www.rsaconference.com/ How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html Hacker Implants NFC Chip In His Hand To Hack Android Phones http://thehackernews.com/2015/04/nfc-chip-hack-android.html?utm_source=dlvr.it&utm_medium=twitter CCSP https://www.isc2.org/ccsp-faqs/default.aspx Twitter перевёл неамер

Intro / Outro Skylar Grey - White Suburban FORTINET Security Day 2015 http://www.pcweek.ua/themes/detail.php?ID=149082 iForum http://2015.iforum.ua/ Introducing CSX skills-based CYBERsecurity training and performance-baced certifications http://goo.gl/nB0GHu СТАЛЕВИЙ БУБЕН - IX (2015-04-04) http://www.steeldrum.org.ua/ua/fotolalereji/stalevyj-buben-ix-20140404.html#prettyPhoto С Днем рождения, Владимир! 2015 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015-insider_en_xg.pdf Risky Business #362 http://risky.biz/RB362 IBM to release 20 years worth of cyberthreat data http://www.rcrwireless.com/20150416/big-data-analytics/ibm-to-release-20-years-worth-of-cyber-threat-data  IBM® X-Force Exchange https://exchange.xforce.ibmcloud.com/  Wikileaks Publishes Hacked Sony Emails, Documents http://yro.slashdot.org/story/15/04/17/0246219/wikileaks-publishes-hacked-sony-emails-documents?utm_source=slashdot&utm_medium=twitter VeraCrypt 1.

Intro / Outro Origa - Inner Universe https://www.youtube.com/watch?v=He2ggnGA53c С Днем рождения, Сергей Борисович! С Днем рождения, Алиса и Боб! https://en.wikipedia.org/wiki/Alice_and_Bob Интервью с Виктором Жорой Контакты:  http://infosafe.ua/ https://www.facebook.com/infosafe https://www.linkedin.com/company/infosafe-llc Рекомендованные книги: Момент истины Крестный отец Сталевий бубен http://www.steeldrum.org.ua/ua/ Fortinet Security Day 2015 http://4partners.com.ua/fortinet-security-day-2015 Information Security Day 2015 доклады 44Con http://44con.com/ Call for paper R0-Conf #3 https://forum.reverse4you.org/showthread.php?t=1949 PCI Recognizes PTES as a reference framework for Conducting Penetration Tests! (pdf) https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf Курс з основ інформаційної безпеки http://edx.prometheus.org.ua/courses/KPI/IS101/2014_T1/about 2015 Social Security Blogger Awards https://www.surveymonkey.com/s/securitybloggers Cyberbullying Resource Ce

Intro: Кар - Мэн - Лондон гуд-бай https://www.youtube.com/watch?v=Uyisn3MTmJQ The Company Securing Your Internet Has Close Ties to Russian Spies http://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies A practical guide to making up a sensation https://eugene.kaspersky.com/2015/03/20/a-practical-guide-to-making-up-a-sensation/ H4cked off: Is Eugene Kaspersky 'in bed' (or the sauna) with the Russian government? Derr, of course he is http://www.computing.co.uk/ctg/feature/2400777/is-eugene-kaspersky-in-bed-or-the-sauna-with-the-russian-government-derr-of-course-he-is Exploiting the DRAM rowhammer bug to gain kernel privileges http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html The Rowhammer Bug http://www.rowhammer.com/ Risky Business #357 -- Mark Dowd talks Rowhammer http://risky.biz/RB357 Black Box Can Brute Force Crack iPhone PIN Passcodes  http://www.forbes.com/sites/thomasbrewster/2015/03/16/300-device-can-pop-open-old-iph

Intro/Outro: Etherwood - Begin By Letting Go 'FREAK' in Android and iOS http://thehackernews.com/2015/03/freak-openssl-vulnerability.html 'FREAK' in Windows http://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html Вопрос от слушателя по мотивам очередного pre-load in Android http://thehackernews.com/2015/03/Xiaomi-Mi-4-malware.html Cyber BINGO Truecrypt audit http://blog.cryptographyengineering.com/2015/02/another-update-on-truecrypt-audit.html Dropbox Accesses All The Files in Your PC (Not Just Sync Folder) and Steals Everything http://www.e-siber.com/guvenlik/dropbox-accesses-all-the-files-in-your-pc-not-just-sync-folder-and-steals-everything/?utm_content=bufferec71c&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer Dropbox Is Probably Not Stealing All Your Files https://one.darrenpmeyer.com/blog/dropbox-is-problably-not-stealing-all-your-files.html Seagate NAS Remote Code Execution Vulnerability https://beyondbinary.io/advisory/seagate-nas-rce/ How the NSA’s Firmware Hack

Intro/Outro: La Fouine - Controle Abusif CTF движение в Украине и мире – интервью с Николаем Ильиным @MykolaIlin Рейтинги команд CTF https://ctftime.org и успехи dcua https://ctftime.org/team/762 Популярность CTF-соревнований в Украине и мире Принципы проведения CTF http://captf.com/maxims.html Типы соревнований, тактика и стратегия участия в CTF http://felicity.iiit.ac.in/contest/break_in/ http://ructf.org/e/2014/ http://ictf.cs.ucsb.edu/ http://www.phdays.com/ctf/king/ http://c2.cnews.ru/news/top/crc_opublikovany_rezultaty_onlajnkvesta https://ctftime.org/event/list/upcoming https://www.reddit.com/r/securityctf http://captf.com/calendar/ https://time.xctf.org.cn/ctfs/event/list/upcoming Для связи с Николаем используйте Twitter или пишите на mykola.ilin@defcon.org.ua Ten Million (Logins and) Passwords https://xato.net/passwords/ten-million-passwords/ https://www.reddit.com/r/10millionpasswords/comments/2w07mf/a_list_of_flaws_in_the_data_set/ Author: https://xato.net/about/#.VOioXELpb8F Online Check: http://p

Intro/Outro: Mad Heads – Молода кров GnuPG donations https://www.gnupg.org/donate/ Support Risky.Biz https://www.patreon.com/riskybusiness GPG Tools https://gpgtools.org GPG encrypted loopback disks http://patrick.uiterwijk.org/2013/02/25/gpg-encrypted-loopback-disks/ Mofilla, Tor & Privacy https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/ Anthem hack http://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/ World's Biggest Data Breaches infographic http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ The Pirate Bay & CloudFlare CDN http://n4gm.com/thepiratebay-using-cloudflare-cdn/ Tsarev & Kolomoyskiy https://www.youtube.com/watch?v=9H4Eb9UI5xg BlackPhone https://blackphone.ch Kyivstar cell network blackout in Eastern Ukraine https://www.facebook.com/peter.chernyshov/posts/10205651506638154 https://www.facebook.com/peter.chernyshov/posts/10205679729343704 SS7 security concerns http://www.zdnet.com/article/invasiv

  Sony Hack Хронология событий http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/ Мнение Дейва Атила http://seclists.org/dailydave/2014/q4/70 Сомнение в причастности Северной Кореи http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/ США подтвердило проведение мониторинга интернет активности Северной Кореи http://www.bloomberg.com/news/2015-01-19/u-s-spies-tapped-north-korean-computers-prior-to-sony-attack.html Lizard Kids атаковали Sony PlayStation и Microsoft xBox Networks http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-microsoft-xbox-networks/ Арест учасников http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/ и http://krebsonsecurity.com/2015/01/another-lizard-arrested-lizard-lair-hacked/ Взлом и приостановка биржи bitcoin http://www.esecurityplanet.com/network-security/bitcoin-exchange-bitstamp-hacked.html http://www.zdnet.com/article/bitstamp-exchange-reopens-doors-after-5m-hack/

Семейное счастье, яркие вулны, хаки и политические акции последнего времени, обачные инфраструктуры и их влияние на область ИБ, знания и инструменты безопасника будущего. Ссылки на обсуждаемые материалы. SaltStack http://www.saltstack.com/community/ OpenStack https://www.openstack.org/ Apache CloudStack https://cloudstack.apache.org/ Securosis: The Future of Security https://securosis.com/blog/new-paper-the-future-of-security-the-trends-and-technologies-transforming-s Amazon AWS EC2 volume encryption (LUKS) and performance for database http://security-ingvar-ua.blogspot.com/2014/05/amazon-aws-ec2-volume-encryption-luks.html Intro/Outro: Крихітка Цахес – Пароль (http://www.kryhitka.com.ua)

Feature interview: Andrey "login" Loginov Windows XPinction in 2014 Snowden leaks  Anti DDoS in banking  ØMQ/Saltstack firewall DDoS side effect DNS amplification classics Personal VPN on amazon EC2 Hadoop’ed Big Data swamp smelling like Redis Data aggregation risks Threat modeling fails Quantum crypto progress Outro: Alliance Ethnik - Respect (feat. Vinia Mojica) http://goo.gl/OI7Vn0