Securit13 Podcast
Первый украинский подкаст об информационной безопасности

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Yanick Fratantonio http://www.s3.eurecom.fr/~yanick/ 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 104.mp3
Category:Technology -- posted at: 12:20pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Serhii Korolenko about #UISGCON14 #CTF

https://www.hackthis.co.uk 
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 
Passing Security By - Serhii Korolenko https://www.youtube.com/watch?v=rDOYUCy9phA 
Serhii Korolenko - XSS from zer0 to Hero (Workshop) https://www.youtube.com/watch?v=mKqc9u_BRLM 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 106.mp3
Category:Technology -- posted at: 4:30pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Alexander Færøy

Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave 

https://www.news.com.au/technology/innovation/motoring/tech-billionaire-elon-musk-smokes-marijuana-and-drinks-whiskey-on-podcast/news-story/b228f58547f797e012c26074b959435e 
Windows 10 to get disposable sandboxes for dodgy apps https://arstechnica.com/staff/2018/08/windows-10-to-get-disposable-sandboxes-for-dodgy-apps/ 
Mongo Lock Attack Ransoming Deleted MongoDB Databases https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/ 
Open .Git Directories Leave 390K Websites Vulnerable https://threatpost.com/open-git-directories-leave-390k-websites-vulnerable/137299/ 
Tesla’s new bug bounty protects hackers — and your warranty https://techcrunch.com/2018/09/06/teslas-new-bug-bounty-protects-hackers-and-your-warranty/ 
How Bitcoin's hidden footprint is impacting water use https://www.thesourcemagazine.org/how-bitcoins-footprint-is-impacting-water-use/ 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 105.mp3
Category:Technology -- posted at: 3:58pm CET
Comments[0]

Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими

Direct download: special.mp3
Category:Technology -- posted at: 3:51pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури https://ssu.gov.ua/ua/news/1/category/2/view/5037#.MkS7rpun.dpbs 
Ukraine claims it blocked VPNFilter attack at chemical plant https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/ 
Speculative Buffer Overflows: Attacks and Defenses (pdf) https://people.csail.mit.edu/vlk/spectre11.pdf 
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/ 
Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users https://thehackernews.com/2018/07/google-chrome-site-isolation.html 
Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу https://www.cisco.com/c/dam/global/uk_ua/assets/pdfs/Final_Files_Cisco_2018_ACR_Web.pdf?dtid=oemzzz000186&ccid=cc000160&ecid=10432&oid=anrsc005679 
Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/ 
GitHub to Pythonistas: Let us save you from vulnerable code https://www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from_vulnerable_code/ 
Microsoft seeks regulation of facial recognition technology https://www.reuters.com/article/us-microsoft-facial-recognition/microsoft-seeks-regulation-of-facial-recognition-technology-idUSKBN1K32F0 
Two-factor auth totally locks down Office 365? You may want to check all your services... https://www.theregister.co.uk/2018/07/13/2fa_o365_bypass_attacks/ 
The Tale of SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 
Facebook fined for data breaches in Cambridge Analytica scandal https://amp.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal 
Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres https://www.theregister.co.uk/2018/07/09/gas_station_hack/ 
2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10864&cat=SIRT_1&actp=LIST 
Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10089 
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ 
Ammyy Admin compromised with malware again; World Cup used as cover https://www.welivesecurity.com/2018/07/11/ammyy-admin-compromised-malware-world-cup-cover/ 
https://regmedia.co.uk/2018/07/13/burkdoll_affidavit.pdf 
US: Government Has Planted Spy Phones With Suspects https://www.hrw.org/news/2018/07/13/us-government-has-planted-spy-phones-suspects 
The 111 Million Record Pemiblanc Credential Stuffing List https://www.troyhunt.com/the-111-million-pemiblanc-credential-stuffing-list/ 
June’s Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors https://blog.checkpoint.com/2018/07/05/junes-most-wanted-malware-banking-trojans-crypto-mining/ 
Did CrowdStrike really miss the mark? https://medium.com/@rsatter/did-crowdstrike-really-miss-the-mark-ecedf0e09dd7 

Securit13 Patreon https://www.patreon.com/securit13 

Direct download: 103.mp3
Category:Technology -- posted at: 12:05pm CET
Comments[0]

В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель.

6688 http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=62236 
Github Gentoo organization hacked - resolved https://gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html
Apple corrects the record on reported iPhone vulnerability https://www.cyberscoop.com/iphone-brute-force-passcode-matthew-hickey/
Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature https://motherboard.vice.com/en_us/article/bj34wa/cops-unlock-iphones-without-a-warrant-apple-usb-restricted-mode
Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles https://www.theregister.co.uk/2018/06/28/facebook_data_abuse_bug_bounty/
Former NSA contractor Reality Winner accepts guilty plea for leaking classified report https://www.cyberscoop.com/former-nsa-contractor-reality-winner-accepts-guilty-plea-leaking-classified-report/
Firefox is adding 'Have I Been Pwned' alerts https://www.cyberscoop.com/firefox-is-adding-haveibeenpwned-alerts/
«Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google https://thebell.io/gryaznyj-sekret-gmail-pisma-polzovatelej-chitayut-ne-tolko-sotrudniki-google/
"Stylish" browser extension steals all your internet history https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Brave browser adds private tabs with Tor for 'enhanced privacy protection' https://www.cyberscoop.com/brave-browser-adds-tor-tabs/
Fusion https://wiki.mozilla.org/Security/Fusion
Alter attack https://alter-attack.net/
ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/
A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod https://www.theregister.co.uk/2018/06/27/notpetya_anniversary/
New RAMpage attack affects all Android phones released since 2012 [Update] https://www.androidcentral.com/rampage-attack-discovered
Thanatos Ransomware Decryptor Released by the Cisco Talos Group https://www.bleepingcomputer.com/news/security/thanatos-ransomware-decryptor-released-by-the-cisco-talos-group/ 
First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million https://www.justice.gov/opa/pr/first-nationwide-undercover-operation-targeting-darknet-vendors-results-arrests-more-35
The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp/0451497899/
UISGCON14 https://14.uisgcon.org/ 
Securit13 Patreon https://www.patreon.com/securit13 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

 

Direct download: 102.mp3
Category:Technology -- posted at: 7:00am CET
Comments[0]

SecurityBsides Odessa CTF is open!
https://odessa.securitybsides.org.ua/#ctf 
All who wants to support BSides Odessa you can do it here 
https://bsidesodessa.ticketforevent.com/ 

SecurityBSides Kharkiv
https://kharkiv.securitybsides.org.ua 

The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies.
https://motherboard.vice.com/en_us/article/wnxgwq/guccifer-20-is-likely-a-russian-government-attempt-to-cover-up-their-own-hack 

The security firm halted the work after questions were asked in the European Parliament about its software.
https://www.bbc.com/news/technology-44501506 

She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave
http://montrealgazette.com/news/local-news/mcgill-music-student-awarded-350000-after-girlfriend-stalls-career 

Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done?
https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ 
https://www.ieee-security.org/TC/SP2018/program.html 
https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ 
https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ 
https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ 
https://fpcentral.tbb.torproject.org 

Apple is going after another way sites track you for ads.
https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ 
https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ 

Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end
https://www.cnbc.com/2018/06/12/you-think-its-your-friend-calling-but-its-actually-this-growing-phone-scam.html 


Support us on Patreon https://patreon.com/securit13 

Direct download: 101.mp3
Category:Technology -- posted at: 1:35pm CET
Comments[0]

Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей.

https://www.youtube.com/watch?v=5QBOmr_ZyLo 
DEFCON 25 Nissan Leaf security

https://www.troyhunt.com/controlling-vehicle-features-of-nissan/ 
Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

https://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf 
Tpyota unintended acceleration bug

http://esd.cs.ucr.edu/webres/can20.pdf 
CAN bus specs (BOSCH)

https://www.bmw.co.uk/bmw-ownership/connecteddrive 
BMW ConnectedDrive

https://www.macworld.co.uk/news/apple/apple-car-release-date-3425394/ 
Apple iCar release date rumours, features & images

https://www.nvidia.com/en-us/self-driving-cars/ 
NVIDIA Self-driving cars

https://hackaday.com/2017/06/19/intel-discontinues-joule-galileo-and-edison-product-lines/ 
Intel Discontinues Joule, Galileo, And Edison Product Lines

https://techmaker.ua 
TWIC who wants to participate as an AppSec mentor on Techmaker email to info@techmaker.ua

https://mobiliuz.com/ 
Connected cars

Books
Thinking, Fast and Slow, Daniel Kahneman ISBN 9785170800537 https://www.amazon.co.uk/Thinking-medlenno-reshay-bystro-Russian/dp/5170800533/ref=sr_1_1 
Franchesca, Dorje Batuu ISBN 978-617-679-485-1 https://www.yakaboo.ua/ua/francheska-povelitel-ka-traektorij.html 

 

Securit13 Patreon https://www.patreon.com/securit13

Direct download: 100.mp3
Category:Technology -- posted at: 12:44pm CET
Comments[0]

16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/
07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/
07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/
Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957
EFAIL https://efail.de/
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf
ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496
Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/
Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/
Memcached https://memcached.org/
7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/
Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/
Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/
Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/
DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151

Securit13 Patreon https://www.patreon.com/securit13

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

Direct download: 99.mp3
Category:Technology -- posted at: 8:30am CET
Comments[0]

Мы немного поговорили про конференции, организованные, будущие и посещенные.

#BSidesKyiv 2018 https://www.facebook.com/pg/BSidesUkraine/
Video https://www.youtube.com/channel/UCOSf0249iC28paeqYY5nRSQ
22.05.2018 WWCode Security event https://www.facebook.com/events/243552549527834/
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/
07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/
Jack Daniel https://twitter.com/jack_daniel/status/992135632616124416
GiSec https://www.gisec.ae/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 98.mp3
Category:Technology -- posted at: 11:30am CET
Comments[0]

Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие.

General Data Protection Regulation https://www.eugdpr.org/
How Europe's New Privacy Law Will Change the Web, and More https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/amp
Some more information:
GDPR - A Practical Guide For Developers - Bozho's tech blog https://techblog.bozho.net/gdpr-practical-guide-developers/
America should borrow from Europe’s data-privacy law https://www.economist.com/news/leaders/21739961-gdprs-premise-consumers-should-be-charge-their-own-personal-data-right
Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
Iran hit by global cyber attack that left U.S. flag on screens https://flipboard.com/@flipboard/-iran-hit-by-global-cyber-attack-that-le/f-9fa77d2247%2Freuters.com
FIDO Alliance and W3C have a plan to kill the password https://techcrunch.com/2018/04/10/fido-alliance-and-w3c-have-a-plan-to-kill-the-password/amp/
Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions https://motherboard.vice.com/en_us/article/3kjpyn/john-mcafee-100k-twitter-promote-cryptocurrency-paid

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 97.mp3
Category:Technology -- posted at: 9:13am CET
Comments[0]

Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки)))

Everything You Need to Know About Facebook and Cambridge Analytica https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/amp
Cambridge Analytica whistleblower Christopher Wylie appears before MPs https://www.youtube.com/watch?v=X5g6IJm7YJQ
Fact Check: Your Call and SMS History http://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history/
https://www.facebook.com/settings?tab=applications (FB removed "Apps others use")
Total Meltdown? https://blog.frizk.net/2018/03/total-meltdown.html?m=1
It's baaack – WannaCry nasty soars through Boeing's computers http://www.theregister.co.uk/2018/03/28/wannacry_boeing/
Egg on Cisco's face: Three critical software bugs to fix over Easter http://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/
Guccifer 2.0 Was Always Sloppy https://motherboard.vice.com/amp/en_us/article/a3ygmp/guccifer-2-russian-military-intelligence-gru-vpn
Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale https://www.bleepingcomputer.com/news/security/rapid-20-ransomware-released-will-not-encrypt-data-on-pcs-with-russian-locale/
Academics Discover New CPU Side-Channel Attack Named BranchScope https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-side-channel-attack-named-branchscope/
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems https://arxiv.org/pdf/1510.07563.pdf
Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 https://krebsonsecurity.com/2018/03/adrian-lamo-homeless-hacker-who-turned-in-chelsea-manning-dead-at-37/
https://github.com/fulldecent/system-bus-radio
Microsoft May Ban Users For Offensive Language Starting In May https://www.bleepingcomputer.com/news/microsoft/microsoft-may-ban-users-for-offensive-language-starting-in-may/
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 https://www.drupal.org/sa-core-2018-002
NOTICE OF DATA BREACH https://content.myfitnesspal.com/security-information/notice.html
Durov refuses to hand over Telegram encryption keys to FSB http://searchsecurity.techtarget.com/news/252437323/Dorov-refuses-to-hand-over-Telegram-encryption-keys-to-FSB
Signalling Security in Telecom SS7/Diameter/5G — ENISA https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 96.mp3
Category:Technology -- posted at: 7:05am CET
Comments[0]

Adam Doupé http://www.adamdoupe.com/
Adam on twitter https://twitter.com/adamdoupe
Adam on youtube https://www.youtube.com/channel/UCWA6pfcx4Ok4xsIA7Mkr39w
Series of live hacking of CTF challenges on YouTube https://www.youtube.com/playlist?list=PLK06XT3hFPziMAZj8QuoqC8iVaEbrlZWh
Book
    The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787

Direct download: 95.mp3
Category:Technology -- posted at: 8:01pm CET
Comments[0]

Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами.

Intro / Outro Extraction de la pierre de folie by Cuicuitte http://freemusicarchive.org/music/Cuicuitte/LAntville/Cuicuitte_-_LAntville_-_09_Extraction_de_la_pierre_de_folie 

#BsidesKyiv 2018 https://securitybsides.org.ua/ 
Shedule https://securitybsides.org.ua/#schedule 
Tickets https://securitybsides.ticketforevent.com/ 
Radar2 http://www.radare.org/r/ 
Vero - True Social https://www.vero.co/ 
How To Get Started With Vero - True Social https://www.forbes.com/sites/anthonykarcz/2018/02/23/how-to-get-started-with-vero-true-social/#2b54ae3d2889 
Here's how to delete your Vero account https://mashable.com/2018/02/27/how-to-delete-vero-account/#J8IkV29ZoOqy 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 94_2.mp3
Category:Technology -- posted at: 3:36pm CET
Comments[0]

White House blasts Russia for NotPetya cyberattack https://edition.cnn.com/2018/02/15/politics/white-house-russia-notpetya/index.html 
Memcached servers can be hijacked for massive DDoS attacks https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html 
Memcrashed - Major amplification attacks from UDP port 11211 https://blog.cloudflare.com/memcr ashed-major-amplification-attacks-from-port-11211/
GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED https://www.wired.com/story/github-ddos-memcached/amp 
NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ 
У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника https://cyberpolice.gov.ua/news/u-xarkovi-zasudzheno-pidozryuvanogo-za-prodazh-kliyentskoyi-bazy-poshtovogo-pereviznyka-6604/ 
Speculative Execution Bounty Launch https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/ 
Frequently Asked Questions about Microsoft Bug Bounty Programs https://technet.microsoft.com/en-us/security/dn425055.aspx 
AMD allegedly has its own Spectre-like security flaws https://www.cnet.com/google-amp/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/ 
​Linus Torvalds slams CTS Labs over AMD vulnerability report http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/ 
Intel: Our next chips won't have data leak flaws we told you totally not to worry about https://www.theregister.co.uk/2018/03/15/intel_spectre_mitigation/ 
Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake https://arstechnica.com/gadgets/2018/02/intel-ships-hopefully-stable-microcode-for-skylake-kaby-lake-coffee-lake/ 
Samba settings SNAFU lets any user change admin passwords https://www.theregister.co.uk/2018/03/14/samba_password_bug/ 
Zero-day vulnerability in Telegram https://securelist.com/zero-day-vulnerability-in-telegram/83800/ 
Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges https://thehackernews.com/2018/03/text-editors-extensibility.html 
В Исландии похитили 600 серверов для добычи Bitcoin https://www.ixbt.com/news/2018/03/06/v-islandii-pohitili-600-serverov-dlja-dobychi-bitcoin.html 
CBM - Car Backdoor Maker https://www.kitploit.com/2018/03/cbm-car-backdoor-maker.html 
Let's Encrypt updates certificate automation, adds splats https://www.theregister.co.uk/2018/03/14/lets_encrypt_updates_certificate_automation_adds_splats/ 
CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS http://www.theregister.co.uk/2018/03/13/phantom_secure_ceo_arrested/ 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 94_1.mp3
Category:Technology -- posted at: 10:00am CET
Comments[0]

К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно.

Intro / Outro Ninja by Indikings http://freemusicarchive.org/music/Indikings/Back_In_Space/indikings_ninja 

Breaking the x86 Instruction Set https://www.youtube.com/watch?v=KrksBdWcZgQ 
DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set https://www.youtube.com/watch?v=ajccZ7LdvoQ 
17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud https://www.youtube.com/watch?v=a9sGk7FtnYk 
Clémentine Maurice https://cmaurice.fr/ 
PinMe: Tracking a Smartphone User around the World https://arxiv.org/pdf/1802.01468.pdf 
Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle 
Books:
Intel® 64 and IA-32 Architectures Software Developer’s Manual https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf 
Intel® 64 and IA-32 Architectures Optimization Reference Manual https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 93.mp3
Category:Technology -- posted at: 12:04am CET
Comments[0]

Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы?

Intro / Outro The Yellow Flying Cog by Flying Species http://freemusicarchive.org/music/Flying_Species/Cogs/4_-_The_Yellow_Flying_Cog

Google's AI Built Its Own AI That Outperforms Any Made by Humans https://www.sciencealert.com/google-s-ai-built-it-s-own-ai-that-outperforms-any-made-by-humans
On the security, privacy, and safety challenges of AI http://www.ml4aad.org/automl/
Why Zuckerberg and Musk Are Fighting About the Robot Future https://www.theatlantic.com/technology/archive/2017/07/musk-vs-zuck/535077/
Elon Musk says we need to regulate AI before it becomes a danger to humanity https://www.theverge.com/2017/7/17/15980954/elon-musk-ai-regulation-existential-threat
Live grilling in Mark's backyard https://www.facebook.com/zuck/videos/10103911836230631/
OpenSOC: An Open Commitment to Security https://blogs.cisco.com/security/opensoc-an-open-commitment-to-security
http://opensoc.github.io/
https://ru.wikipedia.org/wiki/Гордиевский,_Олег_Антонович
https://en.wikipedia.org/wiki/Stanislav_Petrov
Banned In Germany: Kids' Doll Is Labeled An Espionage Device https://www.npr.org/sections/thetwo-way/2017/02/17/515775874/banned-in-germany-kids-doll-is-labeled-an-espionage-device
CCS 2017 http://ieeexplore.ieee.org/document/8055659/
GDPR (General Data Protection Regulation) https://www.eugdpr.org/
Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек?
И наоборот, может ли AI определять "плохое" поведение людей https://snap.stanford.edu/www2017tutorial/
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-fredrikson-privacy.pdf
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures https://www.semanticscholar.org/paper/Model-Inversion-Attacks-that-Exploit-Confidence-In-Fredrikson-Jha/02bc27c39eaaa6b85d336be81b15ca19f112a950
David Wagner keynote https://ccs2017.sigsac.org/keynote.html
AI может "to hack back": https://www.rescam.org

Blindsight by Peter Watts https://en.wikipedia.org/wiki/Blindsight_(Watts_novel)
Далекая Радуга by Братья Стругацкие http://strugacki.ru/book_12.html
WarGames (1983) https://www.imdb.com/title/tt0086567/
Introduction to Artificial Intelligence for Security Professionals https://www.amazon.com/Introduction-Artificial-Intelligence-Security-Professionals-ebook/dp/B07654CFFQ
http://defense.ballastsecurity.net/static/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_2.mp3
Category:Technology -- posted at: 10:49pm CET
Comments[0]

BSides Kyiv 21.04.2018 https://securitybsides.org.ua/, cfp https://securitybsides.org.ua/#cfp
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Security hole in AMD CPUs' hidden secure processor revealed ahead of patches https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield https://www.theverge.com/platform/amp/2018/1/3/16844630/intel-processor-security-flaw-bug-kernel-windows-linux?__twitter_impression=true
Intel Releases New Technology Specifications to Protect Against ROP attacks https://software.intel.com/en-us/blogs/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks
A Simple Explanation of the Differences Between Meltdown and Spectre https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
blizzard: agent rpc auth mechanism vulnerable to dns rebinding https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=2
https://twitter.com/secwrks/status/955554405364981761
I’m harvesting credit card numbers and passwords from your site. Here’s how. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Part 2: How to stop me harvesting credit card numbers and passwords from your site https://hackernoon.com/part-2-how-to-stop-me-harvesting-credit-card-numbers-and-passwords-from-your-site-844f739659b9
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Australia probes sale of secret papers in filing cabinets https://apnews.com/2897f5d8449c413796efe03b9202a1ca
Strava's heatmap revealed military bases, but it also showed nothing is anonymous online http://www.abc.net.au/news/science/2018-02-04/strava-heatmap-online-anonymity-is-almost-impossible/9380326
Now even YouTube serves ads with CPU-draining cryptocurrency miners https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/
Uber ignores security bug that makes its two-factor authentication useless http://www.zdnet.com/google-amp/article/uber-security-flaw-two-factor-login-bypass/
British hacker arrested for cyberattacks against Pokemon, Google, and Skype. https://www.scmagazine.com/british-hacker-arrested-for-selling-malware-and-launching-cyberattacks-against-pokemon-google-and-skype/article/738288/
Ay MaMi https://objective-see.com/blog/blog_0x26.html
Hospital Pays $55K Ransomware Demand Despite Having Backups https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/
СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення - https://ssu.gov.ua/ua/news/1/category/2/view/4273#.T1a7701Q.dpbs
Satellite derived time and position blackett review https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/676675/satellite-derived-time-and-position-blackett-review.pdf
Dutch agencies provide crucial intel about Russia's interference in US-elections https://www.volkskrant.nl/media/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~a4561913/


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_1.mp3
Category:Technology -- posted at: 6:51pm CET
Comments[0]

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017)

К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить?

Intro / Outro Clouds of Tenderness by Lobo Loco http://freemusicarchive.org/music/Lobo_Loco/BOB/Clouds_of_Tenderness_ID_792

Russian-controlled telecom hijacks financial services’ Internet traffic https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
Resource Certification (RPKI) https://www.ripe.net/manage-ips-and-asns/resource-management/certification
The Resource Public Key Infrastructure (RPKI) to Router Protocol https://tools.ietf.org/html/rfc6810
BGPsec Protocol Specification https://tools.ietf.org/html/rfc8205
[ipv6-wg] Belgian limits on CGN/NAT? https://www.ripe.net/ripe/mail/archives/ipv6-wg/2016-November/003004.html
Доклад по интернет-блокировкам на Генассамблее ООН: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf, туда же заодно и http://www.ohchr.org/Documents/Issues/Opinion/A.66.290.pdf
Доклад на ENOG, расшифровка в составе сессии: https://habrahabr.ru/company/qrator/blog/342846/ , презентация: https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.key, https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.pdf, запись выступления: https://youtu.be/4MhCXbjSox8
Москва — Пєтушкі by Венедикт Єрофєєв https://uk.wikipedia.org/wiki/Москва_—_Пєтушкі  http://www.moskva-petushki.ru/

Связаться с Алексеем можно по адресу alex.semenyaka@gmail.com или https://www.facebook.com/alex.semenyaka

Direct download: 90_2.mp3
Category:Technology -- posted at: 3:20pm CET
Comments[0]

Intro / Outro Sleepy in the Garden by Lobo Loco https://freemusicarchive.org/music/download/7b5af5facd7ab75f565ca518647fb28f56f1dc08


Malvertising https://en.wikipedia.org/wiki/Malvertising
Malvertising: When Online Ads Attack (2015) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malvertising-when-online-ads-attack
Juniper Acquires Cyphort (2015) https://www.cyphort.com/press-release/cyphort-labs-issues-special-report-on-the-rise-in-malvertising-cyber-attacks/
Malvertising and crypto threats have rocketed in 2017 https://www.htbridge.com/blog/malvertising-and-crypto-threats-have-rocketed-in-2017.html
Malvertising Campaign Redirects Browsers To Terror Exploit Kit https://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-exploit-kit/128596/
Malvertising on Equifax, TransUnion tied to third party script (updated) https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
New Malvertising Campaign Exploits Home Routers, Changes DNS Servers https://www.pindrop.com/blog/new-malvertising-campaign-exploits-home-routers-changes-dns-entries/
Expired domain names and malvertising https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/
Russian Influence Reached 126 Million Through Facebook Alone https://www.nytimes.com/2017/10/30/technology/facebook-google-russia.html
Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference https://www.npr.org/sections/alltechconsidered/2017/10/30/560836775/facebooks-advertising-tools-complicate-efforts-to-stop-russian-interference
Ad network takes steps to reduce fraud https://www.csoonline.com/article/3195998/security/ad-network-takes-steps-to-reduce-fraud.html
Will Crypto Browser Mining Replace The Ad Industry https://www.cryptoglue.com/2017/09/22/will-crypto-browser-mining-replace-the-ad-industry/
For $1000, anyone can purchase online ads to track your location and app use http://www.washington.edu/news/2017/10/18/for-1000-anyone-can-purchase-online-ads-to-track-your-location-and-app-use/
I never signed up for this! Privacy implications of email tracking https://senglehardt.com/papers/pets18_email_tracking.pdf
The Future of Ad Blocking: An Analytical Framework and New Techniques https://arxiv.org/pdf/1705.08568.pdf

https://brave.com
https://cliqz.com/en/
https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack&hl=en
https://recon.meddle.mobi
https://play.google.com/store/apps/details?id=edu.cmu.mcom.ppa&hl=en
https://fdvt.org

Direct download: 89_2.mp3
Category:Technology -- posted at: 8:48am CET
Comments[0]

Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально.

Intro / Outro State of Mind by Audiobinger http://freemusicarchive.org/music/Audiobinger/~/State_of_Mind

BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року https://engage2demand.cisco.com/LP=7258
2016 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
The Black Swan by Nassim Nicholas Taleb https://www.amazon.com/Black-Swan-Improbable-Robustness-Fragility/dp/081297381X
Связаться с Владимиром можно по адресу voilibma@cisco.com или https://www.facebook.com/vladimir.ilibman

Direct download: 88_2.mp3
Category:Technology -- posted at: 10:31pm CET
Comments[0]

Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь!

Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/
NSA-leaking Shadow Brokers just dumped its most damaging release yet https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/
New ransomware, old techniques: Petya adds worm capabilities https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
The MeDoc Connection http://blog.talosintelligence.com/2017/07/the-medoc-connection.html
Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html
Equifax website hack exposes data for ~143 million US consumers https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/
We have broken SHA-1 in practice http://shattered.io/
ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/53847a/camera-dildo-svakom-siime-eye-hacked-livestream
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Блокування веб-русурсів в Україні
МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру” http://life.pravda.com.ua/society/2017/12/29/228234/
Мінінформ оприлюднить доповнення до списку заборонених сайтів http://www.pravda.com.ua/news/2017/12/29/7167028/
#FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 91.mp3
Category:Technology -- posted at: 8:06pm CET
Comments[0]

Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите!

00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport
00:07:26 Apple и все все все
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
As Apple fixes macOS root password hole, here's what went wrong http://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/
https://forums.developer.apple.com/thread/79235
https://twitter.com/fristle/status/935670476214378496
Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1 https://support.apple.com/en-us/HT208317
MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out https://9to5mac.com/2017/12/07/homekit-vulnerability/
00:12:50 John McAfee https://twitter.com/officialmcafee/status/935900326007328768/photo/1
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin https://www.darkreading.com/cloud/bitcoin-miner-nicehash-hacked-possibly-losing-$62-million-in-bitcoin/d/d-id/1330585
Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными https://forklog.com/sajt-blokchejn-proekta-confido-nedostupen-vse-profili-komandy-proekta-okazalis-poddelnymi/
00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine http://securityaffairs.co/wordpress/66475/hacking/cve-2017-11937-malware-protection-engine.html
00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
00:18:28 Intel Management Engine pwned by buffer overflow https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/
00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts http://securityaffairs.co/wordpress/66432/hacking/keylogger.html
Websites use your CPU to mine cryptocurrency even when you close your browser https://arstechnica.com/information-technology/2017/11/sneakier-more-persistent-drive-by-cryptomining-comes-to-a-browser-near-you/
00:19:09 Android flaw lets attack code slip into signed apps https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/
00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters http://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 90_1.mp3
Category:Technology -- posted at: 12:20pm CET
Comments[0]

Немного самых громких новостей последних недель вам в ленту. Тут и кролик, и Алиса, и сладкие истории на ночь.

ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
Certificate expiry monitoring, KeyChest for HTTPS, TLS, Letsencrypt expiry and server status https://keychest.net/roca
Estonia government locks down ID smartcards: Refresh or else https://www.theregister.co.uk/2017/11/03/estonian_e_id_lockdown/
Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html
BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Bad Rabbit: Not-Petya is back with improved ransomware https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/
The Shadow Internet – Comae Technologies https://blog.comae.io/the-shadow-internet-d42b7195a118
Fake WhatsApp app in official Google Play Store downloaded by over a million Android users http://securityaffairs.co/wordpress/65159/malware/fake-whatsapp-app.html
Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address http://securityaffairs.co/wordpress/65168/hacking/tor-tormoil-vulnerability.html
Oracle Security Alert CVE-2017-10151 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
Dangerous liaisons https://securelist.com/dangerous-liaisons/82803/
Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe http://www.theregister.co.uk/2017/11/03/equifax_share_trade_investigation/

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 89_1.mp3
Category:Technology -- posted at: 9:06pm CET
Comments[0]

И снова вместо 300 секунд наши неугомонные ведущие обсуждают новости и события. Присоединяйтесь!

A new Mirai-Like IoT Botnet is growing in a new mysterious campaign http://securityaffairs.co/wordpress/64565/malware/new-iot-botnet-growing.html
Google launched Google Play Security Reward bug bounty program to protect apps in Play Store http://securityaffairs.co/wordpress/64545/mobile-2/google-play-security-reward.html
Equifax website borked again, this time to redirect to fake Flash update https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/?amp=1
New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock https://thehackernews.com/2017/10/android-ransomware-pin.html
PUBLIC SECURITY ALERT: New Facebook attack - watch out for phishy messages that say you’re a “Trusted Contact” - Access Now https://www.accessnow.org/public-security-alert-new-facebook-attack/
KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/
YouTube sin-bins account of KRACK WPA2 researcher https://www.theregister.co.uk/2017/10/19/youtube_krack_down/
Malware hidden in vid app is so nasty, victims should wipe their Macs https://www.theregister.co.uk/2017/10/20/mac_os_reinstall_eltima_elmedia_malware/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 88_1.mp3
Category:Technology -- posted at: 8:46am CET
Comments[0]

Intro / Outro Art Of Escapism - The Sands of Windhoek http://freemusicarchive.org/music/Artofescapism/Midnight_Caravan/The_Sands_of_Windhoek

В связи с повышением количества атак на цепь поставок (Supply chain), в том числе и обновления, программного обеспечения, наши ведушие Андрей, Алиса, Алексей и Тарас решили разобраться что же это такое и с чем его едят, рассмотреть примеры и варианты, а так же возможные пути защиты и предотвращения.

Supply chain https://en.wikipedia.org/wiki/Supply_chain
What Is a 'Supply Chain Attack?' https://motherboard.vice.com/en_us/article/d3y48v/what-is-a-supply-chain-attack
CCleanup: A Vast Number of Machines at Risk http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Java security plagued by crappy docs, complex APIs, bad advice https://www.theregister.co.uk/2017/09/29/java_security_plagued_stack_overflow/
Apple Mac fans told: Something smells EFI in your firmware https://www.theregister.co.uk/2017/09/29/mac_firmware_insecurity/
Reflections on Trusting Trust https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Direct download: 87_2.mp3
Category:Technology -- posted at: 4:38pm CET
Comments[0]

В качестве возвращения и начала нового сезона осень-зима 2017-2018, Андрей и Алиса кратенько прошлись по последним новостям

Взлом сайтів в доменій зоні *.gov.ua та помилка у CERT-UA https://goo.gl/A6kJve
4G/5G Wireless Networks as Vulnerable as WiFi and putting SmartCities at Risk http://securityaffairs.co/wordpress/64098/hacking/4g5g-wireless-networks-flaws.html
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold https://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/
FIN7 hacking group is switched to new techniques to evade detection http://securityaffairs.co/wordpress/64083/apt/fin7-new-techniques.html
VPN logs helped unmask alleged 'net stalker, say feds http://www.theregister.co.uk/2017/10/08/vpn_logs_helped_unmask_alleged_net_stalker_say_feds/
Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim http://www.theregister.co.uk/2017/10/05/anonymous_report_russian_spies_used_kaspersky_lab_software_to_steal_nsa_secrets/
Sri Lanka police arrest two men over cyber theft at the Taiwan Bank http://securityaffairs.co/wordpress/64034/cyber-crime/taiwan-bank-cyber-heist.html
Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter https://thehackernews.com/2017/10/cortana-for-skype.html
Warning: Millions Of P0rnHub Users Hit With Malvertising Attack https://thehackernews.com/2017/10/online-malvertising-attack.html
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach https://thehackernews.com/2017/10/disqus-comment-system-hacked.html
The iPhone's Constant Password Popups Are a Hacker's Dream https://motherboard.vice.com/en_us/article/ne7gxz/ios-iphone-password-phishing-app-popups

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 87_1.mp3
Category:Technology -- posted at: 5:39pm CET
Comments[0]

Intro / Outro Finest Cockles by Blah Blah Blah http://freemusicarchive.org/music/Blah_Blah_Blah/MOONRAKER_5317_1904/Finest_Cockles

Интервью с Максимом Тульевым о блокировках и будущем украинского интернета

Direct download: 83.mp3
Category:Technology -- posted at: 8:15am CET
Comments[0]

Intro / Outro I Do Believe I've Had Enough by Zephaniah And The 18 Wheelers http://freemusicarchive.org/music/Zephaniah_And_The_18_Wheelers/Live_On_WFMUs_Honky_Tonk_Radio_Girl_Program_with_Becky_11316/Zephaniah_And_The_18_Wheelers_02_I_Do_Believe_Ive_Had_Enough

Big 4 of the top security and privacy conferences: S&P ("Oakland"), NDSS, CCS and USENIX Security.

Наука не делается самостоятельно, a нужно учиться у передовых исследований, как они интегрируются с практикой, понимать их уровень, и себя показывать. По-этому, для того кто первый с украинским affiliation опубликует статью на этих конференциях - с меня можно пообещать "коньяк" :)

The Network and Distributed System Security Symposium (NDSS) 2017 by Internet Society - http://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017

> From the keynote speech by J. Alex Halderman:
"Want to Know if the Election was Hacked? Look at the Ballots" - https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba
"Securing Digital Democracy" course - https://www.coursera.org/learn/digital-democracy
Video - https://www.youtube.com/watch?v=Snoo6CXiyWU&feature=youtu.be


> Web Security section:
"(Cross-)Browser Fingerprinting via OS and Hardware Level Features" by Yinzhi Cao et al. - https://www.internetsociety.org/doc/cross-browser-fingerprinting-os-and-hardware-level-features
Websites to test your browser and device fingerprint:
https://panopticlick.eff.org
https://amiunique.org
http://uniquemachine.org (now, cross-browser!)
"Fake Co-visitation Injection Attacks to Recommender Systems" by Guolei Yang et al. - https://www.internetsociety.org/doc/fake-co-visitation-injection-attacks-recommender-systems

> User Authentication section:
"Cracking Android Pattern Lock in Five Attempts" by Guixin Ye at el. - https://www.internetsociety.org/doc/cracking-android-pattern-lock-five-attempts
"Towards Implicit Visual Memory-Based Authentication" by  - https://www.internetsociety.org/doc/towards-implicit-visual-memory-based-authentication

> TLS et al. (several papers on Diffie-Hellman and more)
"The Security Impact of HTTPS Interception" by Zakir Durumeric et al. - https://www.internetsociety.org/doc/security-impact-https-interception
"WireGuard: Next Generation Kernel Network Tunnel" by Claude Castelluccia et al. - https://www.internetsociety.org/doc/wireguard-next-generation-kernel-network-tunnel  (by a single author, Jason Donenfeld!)
More on WireGuard:
https://fosdem.org/2017/schedule/event/wireguard/
https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-2016
https://www.wireguard.io

> On Tor:
"The Effect of DNS on Tor's Anonymity" by Benjamin Greschbach et al. - https://www.internetsociety.org/doc/e-effect-dns-tors-anonymity
"Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection" by Aaron Johnson et al.  - https://www.internetsociety.org/doc/avoding-man-wire-improving-tors-security-trust-aware-path-selection  (more on proper path selection for Tor, possible attacks on Astoria).

> Malware:
"Dial One for Scam: A Large-Scale Analysis of Technical Support Scams" - наша статья, получившая Distinguished Paper Award!
https://www.internetsociety.org/doc/dial-one-scam-large-scale-analysis-technical-support-scams
"MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models" by Enrico Mariconti et al. - https://www.internetsociety.org/doc/mamadroid-detecting-android-malware-building-markov-chains-behavioral-models
"A Broad View of the Ecosystem of Socially Engineered Exploit Documents" by Stevens Le Blond et al. - https://www.internetsociety.org/doc/broad-view-ecosystem-socially-engineered-exploit-document s (можно проводить много интересных исследований на базе данных из VirusTotal).

... and much more interesting works on SGX, virtualization, and binary reassembly, etc.

Plus, a DNS Privacy Workshop program - https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme

Direct download: 82.mp3
Category:Technology -- posted at: 8:13am CET
Comments[0]

Intro / Outro Semme Automatic Stay the Course https://www.jamendo.com/track/1421989/stay-the-course

00:00:34 Слухи про блокировки в интернетах ДО их официальной блокировки
00:04:52 Давайте поговорим про фищинг
00:07:40 Google Docs users hit with sophisticated phishing attack https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam
00:08:44 Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/
00:09:47 Получили письмо из налоговой?
00:11:08 __blank в Edge
Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit https://www.scmagazine.com/researcher-pwns-charles-darwin-to-demonstrate-microsoft-edge-exploit/article/652807/
00:13:16 Захист від фішингу від Британської податкової
00:14:27 https://en.wikipedia.org/wiki/Phishing
00:24:45 В Тернополе в торговом центре мужчина при свидетелях открыл банкомат и похитил оттуда полмиллиона (видео) https://www.unian.net/incidents/1893219-v-ternopole-v-torgovom-torgovom-tsentre-mujchina-pri-svidetelyah-otkryil-bankomat-i-pohitil-ottuda-polmilliona-video.html
00:29:06 Prevent & report phishing attacks https://support.google.com/websearch/answer/106318?hl=en
00:31:53 Киберполиция Украины помогла ликвидировать киберсеть "Аваланш" (Avalanche), которая с 2009 года использовалась для распространения вредоносных программ, спама и фишинга - ITC.ua http://itc.ua/news/kiberpolitsiya-ukrainyi-likvidirovali-kiberset-avalansh-avalanche-kotoraya-s-2009-goda-ispolzovalas-dlya-rasprostraneniya-vredonosnyih-programm-i-spama-a-takzhe-fishinga-i-otmyivaniya-deneg/

Direct download: 81.mp3
Category:Technology -- posted at: 12:28am CET
Comments[0]

Intro / Outro Lady We Knew by Cullah http://freemusicarchive.org/music/MC_Cullah/Cullahmity/03_-_Lady_We_Knew
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/camera-dildo-svakom-siime-eye-hacked-livestream?utm_source=mbtwitter
Teampass http://teampass.net/
Squid: Optimising Web Delivery http://www.squid-cache.org/
SNORT https://www.snort.org/
Suricata https://suricata-ids.org/
pfSense https://www.pfsense.org/
Life and death for Windows: Vista support ends as Creators Update starts to roll out https://www.geekwire.com/2017/microsoft-makes-april-11-a-day-of-life-and-death-for-versions-of-windows-and-office/

Direct download: 80.mp3
Category:Technology -- posted at: 8:05pm CET
Comments[2]

Intro / Outro Just Wait by Drake Stafford http://freemusicarchive.org/music/Drake_Stafford/SUNDAY/JUST_WAIT_-_DRAKE_STAFFORD
Identity management system https://en.wikipedia.org/wiki/Identity_management_systems
Dashlane https://www.dashlane.com
TeamPass http://teampass.net/
Microsoft built a special government-approved version of Windows 10 for China https://thenextweb.com/microsoft/2016/03/28/microsoft-windows-10-china/

Direct download: 79.mp3
Category:Technology -- posted at: 1:55am CET
Comments[0]

Intro / Outro StrangeZero - Burnin Star  https://www.jamendo.com/track/1378740/burnin-star
00:03:12 Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/
Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak https://www.reddit.com/r/netsec/comments/5y1pag/vault_7_megathread_technical_analysis_commentary/
00:06:10 Интервью с Евгением Пилянкевичем. Связаться с Евгением можно по почте eugene@cossacklabs.com или в твиттере @9gunpi
Acra https://www.cossacklabs.com/acra/
Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead https://www.amazon.com/Work-Rules-Insights-Inside-Transform/dp/1455554790/ref=asap_bc?ie=UTF8
A Graduate Course in Applied Cryptography https://crypto.stanford.edu/~dabo/cryptobook/

Direct download: 78.mp3
Category:Technology -- posted at: 1:19pm CET
Comments[0]

Intro / Outro Brady Harris  - Welcome Me Back https://www.jamendo.com/track/1381589/welcome-me-back
00:01:24 Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Pragmatic thoughts on #CloudBleed https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/
00:11:14 We have broken SHA-1 in practice http://shattered.io/
00:19:26 KasperskyOS 11-11: в России разработана уникальная операционная система https://hi-tech.mail.ru/news/kaspersky-os-11-11/
00:23:15 Microsoft forced to issue emergency Flash fix after delaying Windows patches http://www.theverge.com/2017/2/22/14696358/microsoft-security-fix-adobe-flash-february-2017-patch-tuesday
00:30:08 China just made VPNs illegal https://www.engadget.com/2017/01/23/china-vpn-illegal-internet-censorship-government-approval/
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf
00:35:14 Security experts now warn AGAINST changing online passwords often as it leaves Brits vulnerable to hackers https://www.thesun.co.uk/news/2865824/security-experts-now-warn-against-changing-online-passwords-often-as-it-leaves-brits-vulnerable-to-hackers/

Direct download: 77.mp3
Category:Technology -- posted at: 5:19pm CET
Comments[0]

Intro / Outro DDmyzik- Gypsy Swing https://www.jamendo.com/track/1369034/gypsy-swing
 
Про будущее Астории, Tor-client Cipollino:
 
Полная статье по Technical Support Scam:
(о други проектах лаборатории можно узнать на http://pragsec.com)
 
The full paper about web shells:
и немного визуализации на картах можно найти тут:
 
Про PrivacyMeter: 
 
Про браузерные дополнения:
1) Our study "Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions"
- на днях появится на http://www.cyber-investigator.org/about/
2) WOT extension:
3) Other spying extensions:
 
Detecting browser extensions:
1) https://extensions.inrialpes.fr (based on web accessible resources)
2) Our study on fingerprinting browser extensions based on their functional side effects and on-page changes
- скоро появится на http://www.cyber-investigator.org/about/
 
Занимательные сервисы для обучения:
 
Книги по алгоритмам:
Кнут и Кормен
Седжвик Р. Фундаментальные алгоритмы на C++
 
Прошариться в философию:
 
Кстати, именно по поводу Фейсбук и Tor: 
facebookcorewwwi.onion
 
И на внеклассное чтение, нашумевшее про "data science" и "big data" касательно "personalized/targeted agitation" :) 
Direct download: 76.mp3
Category:Technology -- posted at: 8:17pm CET
Comments[0]

Intro / Outro Muciojad - Before I sleep https://www.jamendo.com/track/1406716/before-i-sleep
00:00:44 Best company name ever! Share capital £1, name priceless… https://nakedsecurity.sophos.com/2017/01/06/best-company-name-ever-share-capital-1-name-priceless/
00:04:07 Bug Bounty anniversary promotion: bigger bounties in January and February https://github.com/blog/2302-bug-bounty-anniversary-promotion-bigger-bounties-in-january-and-february
00:05:13 Немного истории о расскрытии уязвимостей
Disclosing vulnerabilities to protect users https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Charlie Miller and Apple. iPhone Security Bug Lets Innocent-Looking Apps Go Bad http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/#5fd06fe62336
Legal woes http://martin.swende.se/blog/IP-issues.html
Fatal flaw found in PricewaterhouseCoopers SAP security software http://www.theregister.co.uk/2016/12/09/fatal_flaw_in_pricewaterhousecoopers_sap_software/ 
00:29:23 MongoDB hackers now sacking ElasticSearch http://www.theregister.co.uk/2017/01/13/elasticsearch_mongodb/
00:30:46 WordPress plugs eight holes in latest release http://www.theregister.co.uk/2017/01/13/wordpress_plugs_eight_holes_in_latest_release/
00:31:17 Peace-sign selfie fools menaced by fingerprint-harvesting tech http://www.theregister.co.uk/2017/01/12/fingerprint_photographs/
00:32:21 We already have a contender for the "Best PR Description" aware for 2017 https://github.com/rapid7/metasploit-framework/pull/7815
00:33:20 ISC squishes BIND packet-of-death bugs http://www.theregister.co.uk/2017/01/13/isc_fixes_bind_denialofservice_vuls/
00:34:01 Docker swings door shut on privilege escalation bug http://www.theregister.co.uk/2017/01/12/docker_container_escape_vuln_patched/
00:34:23 GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug http://www.theregister.co.uk/2017/01/11/godaddy_pulls_unvalidated_digital_certs/
00:34:45 Who is Anna-Senpai, the Mirai Worm Author? https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
00:35:23 Windows 10 anniversary update: Security and privacy, hope and change? http://www.welivesecurity.com/2017/01/12/windows-10-anniversary-update-security-privacy/

Direct download: 75.mp3
Category:Technology -- posted at: 3:24pm CET
Comments[0]

Intro / Outro Freaky girl by Yung Vikk https://www.jamendo.com/track/1334898/freaky-girl

Antivirus tools are a useless box-ticking exercise says Google security chap http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/

Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan http://news.softpedia.com/news/medical-equipment-crashes-during-heart-procedure-because-of-antivirus-scan-503642.shtml

USE OF FANCY BEAR ANDROID MALWARE IN TRACKING OF UKRAINIAN FIELD ARTILLERY UNITS (pdf) https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf

Cuckoo Sandbox https://cuckoosandbox.org/

How to Stay Safe Online v0.0.2 https://www.xmind.net/m/8tR8

Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/

 

Direct download: 74.mp3
Category:Technology -- posted at: 6:49am CET
Comments[1]

Intro / Outro BeenCalledWorse-DueTime (produced by Expo) by Tab https://www.jamendo.com/track/1338032/beencalledworse-duetime-produced-by-expo

Hofling hospital experiment https://en.wikipedia.org/wiki/Hofling_hospital_experiment

Security scare: Kate Middleton nurse reveals medical details to DJ impersonating the Queen in radio prank call http://www.mirror.co.uk/news/uk-news/kate-middleton-nurse-reveals-medical-1473720?service=responsive

“Успешный” дедушка из Москвы https://www.facebook.com/photo.php?fbid=10208638914708436&set=a.2961938685656.2129723.1177252976&type=3&theater

https://www.instagram.com/borisbork/

Осторожно! Появились мошенники, которые выманивают деньги представляясь работниками "Ощадбанка" http://7dniv.info/lang-ru/society/81796-oberezhno-ziavilis-shahraii-iak-vimaniuiut-koshti-predstavliaiuchis-pracvnikami-oschadbanku.html

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms (pdf) https://vvdveen.com/publications/drammer.pdf

Рассуждения на тему стандартизации и укрепления законодательной базы

Direct download: 71.mp3
Category:Technology -- posted at: 1:11pm CET
Comments[0]

Intro / Outro The last ones by Jahzzar http://freemusicarchive.org/music/Jahzzar/Smoke_Factory/The_last_ones

00:01:00 UISGCON12. Afterworlds. https://12.uisgcon.org/

https://www.facebook.com/rekun.photo/photos/?tab=album&album_id=730563853779312

Видео докладов https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI

00:01:54 No Name Podcast https://nonamepodcast.podbean.com/

00:02:14 Интервью с Сергеем Смитиенко.

00:12:34 Hundreds of thousands of TalkTalk and Post Office broadband users are knocked off the internet by cyber-attack that seizes control of their routers http://www.dailymail.co.uk/news/article-3991714/Hundreds-thousands-TalkTalk-Post-Office-broadband-users-knocked-internet-cyber-attack-seizes-control-routers.html

00:16:43 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/

Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? (pdf) http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf

How it takes just six seconds to hack a credit card (video) https://www.youtube.com/watch?v=uwvjZGKwKvY

00:34:23 Хакери атакували українське казначейство http://znaj.ua/news/regions/80081/hakeri-atakuvali-ukrayinske-kaznachejstvo.html

00:43:52 Утверждена Доктрина информационной безопасности России http://kremlin.ru/acts/news/53418

00:51:54 Связаться с Сергеем можно через facebook https://www.facebook.com/sergey.smitienko

00:53:34 Полтавський суд відпустив кіберзлочинця, якого 4 роки шукали правоохоронці 30 країн світу http://poltava.to/news/40979/

00:56:04 СМИ сообщили о краже 2 млрд руб. со счетов в ЦБ http://www.rbc.ru/finances/03/12/2016/584238709a7947256285e2ff

00:56:59 The UK now wields unprecedented surveillance powers — here’s what it means http://www.theverge.com/2016/11/23/13718768/uk-surveillance-laws-explained-investigatory-powers-bill

00:58:06 FBI’s New Hacking Powers Take Effect This Week http://fortune.com/2016/11/30/rule-41/

01:01:06 [tor-talk] Javascript exploit https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

Security vulnerabilities fixed in Firefox 50.0.1 https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/

01:03:03 Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/

01:04:02 Android, Qualcomm move on insecure GPS almanac downloads http://www.theregister.co.uk/2016/12/07/android_qualcomm_move_on_insecure_gps_almanac_downloads/

01:08:11 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/ (повторение мать заикания)

01:09:16 Clarkson stung after bank prank http://news.bbc.co.uk/2/hi/7174760.stm

01:12:28 Printer security is so bad HP Inc will sell you services to fix it http://www.theregister.co.uk/2016/12/06/printer_security_sucks_so_bad_hp_has_opened_a_pain_outsourcing_unit/

 

Книги:

Donald E. Knuth The Art of Computer Programming https://www.amazon.com/Computer-Programming-Volumes-1-4A-Boxed/dp/0321751043

Peter Watts Blindsight https://www.amazon.com/Blindsight-Peter-Watts/dp/0765319640/ref=sr_1_1?s=books&ie=UTF8&qid=1483619160&sr=1-1&keywords=Blindsight

Cixin Liu The Three-Body Problem https://www.amazon.com/Three-Body-Problem-Cixin-Liu/dp/0765382032/ref=sr_1_1?s=books&ie=UTF8&qid=1483619237&sr=1-1&keywords=The+Three-Body+Problem

Neal Stephenson Cryptonomicon https://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/0060512806/ref=sr_1_1?s=books&ie=UTF8&qid=1483619337&sr=1-1&keywords=Cryptonomicon

Direct download: 73.mp3
Category:Technology -- posted at: 1:28am CET
Comments[0]

Intro / Outro Hirokazu Sato - Tomorrow Song 佐藤弘和 https://www.youtube.com/watch?v=JyjuqiKEgrw

Константин Корсун про то, чего стоит ожидать на #UISGCON12

Сайт конференции https://12.uisgcon.org/

Программа конференции https://12.uisgcon.org/program

Direct download: 72.mp3
Category:Technology -- posted at: 7:16am CET
Comments[2]

 

Последний розыгрыш билетов на UISGCON 12!

Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Email - securit13podcast@gmail.com

 

Direct download: 4_2016-11-23.mp3
Category:general -- posted at: 10:57pm CET
Comments[0]

Intro / Outro Touhou Project / Bad Apple (Nika Lenina Ukrainian Orchestra Version) https://www.youtube.com/watch?v=-5WdPSAwdPY

Funtenna project https://github.com/funtenna/funtenna_2015/blob/master/us-15-Cui-EmanateLikeABoss.pdf

A Monitor Darkly https://recon.cx/2016/resources/slides/RECON-0xA-A_Monitor_Darkly.pdf

Compromising emanations: eavesdropping risks of computer displays https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

Direct download: 70.mp3
Category:Technology -- posted at: 4:14am CET
Comments[0]

Второй розыгрыш билетов на UISGCON 12!

Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Email - securit13podcast@gmail.com

Direct download: 3_2016-11-16.mp3
Category:general -- posted at: 6:01am CET
Comments[0]

Special - Подарунок вiд Secrit13 та UISGCON

Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Електрична адреса - securit13podcast@gmail.com

Direct download: 2_2016-11-09.mp3
Category:general -- posted at: 12:36am CET
Comments[0]

Подарунок вiд Secrit13 та UISGCON

YouTube канал - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 1_2016-11-05.mp3
Category:general -- posted at: 8:37am CET
Comments[0]

Intro / Outro Insecurity (Treatment) by fourstones Ft: Ms. Vybe

http://dig.ccmixter.org/files/victor/8194  

00:02:19 ISIS using encrypted apps for communications; former intel officials blame Snowden https://goo.gl/ujfnWQ

Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks https://goo.gl/58455L

Encrypted messages: Does the government need a way in? https://goo.gl/wFLskc

Telegram Messenger Blocks 78 Islamic State-Related Channels https://goo.gl/8vBPgY

Russian bill requires encryption backdoors in all messenger apps https://goo.gl/2wWcHH

France calls for worldwide help to fight messaging encryption https://goo.gl/KXP1iW

Encryption under fire in Europe as France and Germany call for decrypt law https://goo.gl/DulsCG

France, Germany Call for European Decryption Law https://goo.gl/yL8LKG

German Intelligence Plans 12% Budget Increase for Communications Monitoring https://goo.gl/OQi2gx

Telegram app complicates job of French anti-terror police https://goo.gl/pJmY95

Terror investigators grapple with Telegram app https://goo.gl/9kVIun

00:38:57 СМИ узнали о возможном запрете на иностранное шифрование для банков https://goo.gl/oQPFgr

00:42:21 Bellingcat vs Fancy Bear: how hackers tried to halt the MH17 investigation https://goo.gl/3cndtZ

00:47:05 Critical DoS Flaw found in OpenSSL — How It Works https://goo.gl/uGYF9C

00:47:36 FBI probes hacks targeting phones of Democratic Party officials -sources https://goo.gl/yBng7w

00:47:58 How Russia Wants to Undermine the U.S. Election https://goo.gl/FXE2cR

00:48:30 ISIL-Linked Hacker Sentenced to 20 Years in Prison https://goo.gl/p9uQWi

00:49:09 Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor https://goo.gl/f2RIyi

00:50:14 KrebsOnSecurity Hit With Record DDoS https://goo.gl/7KDoxb

00:52:17 US elections and the hacking of e-voting machines https://goo.gl/08EwJG

00:52:44 Apple Weakened iOS 10 Backup Encryption; Now It can be cracked 2,500 times faster https://goo.gl/wqRP4t

00:53:43 Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab https://goo.gl/CqwEYJ

00:56:50 Oh, It's On Sale! USB Kill to Destroy any Computer within Seconds https://goo.gl/aKvV3S

00:57:56 ФАС просит доработать правила регулирования мессенджеров https://goo.gl/0ZM75s

00:59:43 The FBI recommends you cover your laptop's webcam, for good reason https://goo.gl/h9ELsC

01:02:45 "Газпром" запретил своим сотрудникам ловить покемонов на работе http://www.interfax.ru/russia/527351

Direct download: 69.mp3
Category:Technology -- posted at: 7:19pm CET
Comments[0]

Intro / Outro Who Knows by sLow_starteR Ft: Tigoolio http://dig.ccmixter.org/files/sLow_starteR/38883

Интервью с Владимиром Таратушкой (vladimir@hackit-ukraine.com)

HackIt Ukrain http://hackit-ukraine.com

Рекомендуемая книга Теодор Драйзер - Финансист https://www.booklya.ua/book/finansist-116954/

Direct download: 68_5.mp3
Category:Technology -- posted at: 10:46pm CET
Comments[0]

Intro / Outro Christophe Deremy - Fairy Tail https://www.youtube.com/watch?v=X1Z9ODzO_zQ

00:02:40 Patch your vBulletin forum – or get popped goo.gl/14hvEC

Millions of Steam game keys stolen after hacker breaches gaming site https://goo.gl/TT8Ftz

GTAGaming Hack Blamed on Old vBulletin Software https://goo.gl/9LHbRS

00:09:40 Hackers Can Use Smart Sockets to Shut Down Critical Systems https://goo.gl/P7MxPV

00:11:46 DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise https://arxiv.org/abs/1608.03431

00:15:00 Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable https://goo.gl/jvZRCt

00:16:12 Cisco Begins Patching Equation Group ASA Zero Da https://goo.gl/ZAzguD

00:17:20 Researchers announce Linux kernel “network snooping” bug https://goo.gl/XQRN2h

00:23:36 IPhone Users Urged to Update Software After Security Flaws Are Found https://t.co/8mWfs6aril  

00:26:22 This PC monitor hack can manipulate pixels for malicious effect https://goo.gl/9OT0Y4

00:29:07 Gotta Spam ‘em All - Pokémon GO Spam https://goo.gl/yc4vfF

00:30:35 Кибеаполиция про PokemonGo https://goo.gl/LyXQJO

00:31:42 Сторінка Нацгвардії у TWITTER зламана https://goo.gl/EhEfPg

00:32:24 “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking https://goo.gl/GPNNYW

Microsoft Windows UEFI Secure Boot — Insecure by Design? https://goo.gl/4q18oi

https://rol.im/securegoldenkeyboot/

00:34:52 Equation: The Death Star of Malware Galaxy https://goo.gl/deMaf3

00:39:26 PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55 - https://github.com/Fire30/PS4-3.55-Code-Execution-PoC

00:40:07 Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs https://lkml.org/lkml/2016/8/15/445

00:41:10 Заява РНБО у зв’язку з ситуацією, що склалася навколо запуску системи електронного декларування https://goo.gl/5Q7FNv

00:42:15 Власти РФ отказались вводить уголовную ответственность за оборот биткоинов http://www.interfax.ru/business/523262

00:46:23 DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work https://goo.gl/Qo5XX6

00:47:53 Major Events and Hacktivism #OpOlympicHacking https://goo.gl/nrhxoy

00:47:59 Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316] https://goo.gl/zuN6LX

00:49:18 Key Fob Hack Allows Attackers To Unlock Millions Of Cars https://goo.gl/4VdOQ4

00:50:25 SQL Injection Vulnerability in Ninja Forms https://goo.gl/McUkFh

00:51:14 Немного об интересной рассылке

00:53:22 Resource: List of Car hacking tools, Car security tools and Car security resources https://goo.gl/ySXapK

00:54:09 WildfireDecryptor tool https://goo.gl/jFgr4V

Direct download: 68.mp3
Category:Technology -- posted at: 7:14am CET
Comments[0]

Intro / Outro Broken Remote (Channel Changer Mix) by Vidian http://dig.ccmixter.org/files/Vidian/7613

00:01:07 Кто ты, слушатель Securit13? http://goo.gl/forms/9h2AI5CA9HmYO7q32

00:01:17 Интервью с Владимиром Гарбузом, организатором BSides Odessa про BSides Odessa 27.08.2016 https://www.securitybsides.org.ua/

00:17:49 Всеукраинская битва хакеров и форум по кибербезопасности HackIT http://hackit-ukraine.com/

00:20:02 пара слов о DefCon

DEF CON Media Server https://goo.gl/ywymlX

Shellphish https://github.com/shellphish

Direct download: 67.mp3
Category:Technology -- posted at: 9:03am CET
Comments[0]

Intro / Outro Police Academy Theme https://www.youtube.com/watch?v=wA-NRyWoYII

Интервью с Алексеем Барановским об отборе в киберполицию

Рекоммендованные книги:

Гарри Гаррисон “Стальная крыса” https://goo.gl/DzYuo9

Gray Hat Hacking The Ethical Hacker's Handbook https://goo.gl/zmJecK

Теоретичні основи моделювання та аналізу систем захисту інформації Антонюк А.О., Жора В.В. http://goo.gl/Pf664T

Безпека інформаційно-комунікаційних систем Новиков О. М., Грайворонський M. B. http://goo.gl/HKKYQw

Direct download: 66.mp3
Category:Technology -- posted at: 9:16am CET
Comments[0]

Intro / Outro DZIDZIO - MARSIK https://www.youtube.com/watch?v=oOaVy5hClc0

00:01:54 Стан професії 2016: дослідження Української групи інформаційної безпеки. https://www.surveymonkey.com/r/ZCLPWBJ

Кто ты, слушатель Securit13? http://goo.gl/forms/9h2AI5CA9HmYO7q32

00:02:30 Добавляем произвольный телефон в личном кабинете оператора мобильной связи Киевстар (Украина) https://t.co/JvI10SWw05

00:06:35 Cisco gives you two nasty bugs to fix before the weekend http://goo.gl/E4db1c

00:08:18 Crypto flaw made it easy for attackers to snoop on Juniper customers http://goo.gl/hJgbES

00:09:00 Хакеры из Кабардино-Балкарии, укравшие 1 млн фунтов с английских счетов, сели в тюрьму http://goo.gl/JSLpVe

00:11:43 Стримить или не стримить, вот в чем вопрос...

00:12:35 Residents Are Pissed That Their Neighborhood Has Become A Pokémon Go Hot Spot https://goo.gl/BrNcJb

Pokemon Go: privacy and security concerns you should be aware of https://goo.gl/lP4e9V

Pokemon Go Away: Russians See CIA Plot, ‘Satanism’ In Viral App http://goo.gl/77GkIL

Fake Pokemon GO Android App Locks Your Screen, Clicks on Ads in the Background http://goo.gl/wlPbCH

NY state: Don’t play Pokemon Go while driving or walking http://goo.gl/2M0PH6

00:19:08 Riffle: A new anonymity system to rival Tor https://goo.gl/LiFZfS

Riffle: MIT Creates New Anonymity Network Which Is More Secure Than TOR http://goo.gl/chDdEs

How to stay anonymous online http://goo.gl/t8nQej

00:24:21 Nmap Announce: Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts,  and more! http://seclists.org/nmap-announce/2016/3

00:24:57 Чужими руками: кто защитит чиновников в интернете http://goo.gl/Fwqq5a

00:29:19 How the NSA Converts Spoken Words Into Searchable Text https://goo.gl/96wzjA

00:30:54 Microsoft wins email privacy battle against US government https://goo.gl/pb0k06

00:31:12 Drupal issues major security fixes for flaw probably used in Panama Papers breach http://goo.gl/vd7sl1

00:33:34 McDonald's No Longer Offering Free Porn In The US http://goo.gl/HC1rEW

00:34:34 cuteRansomware Uses Google Docs as C&C Server http://goo.gl/X7b0Nj

00:35:35 Ransomware makes its debut on the small screen: FLocker infects smart TVs http://goo.gl/J836Iv

00:36:12 New HIPAA Guidance Tackles Ransomware Epidemic In Healthcare http://goo.gl/krSrsB

http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf

00:36:39 New Delilah Trojan Used to Blackmail Employees, Recruit Insiders http://goo.gl/itqnwG

00:38:29 BAE Systems partners with SWIFT to bolster hacker intel http://goo.gl/N3SQsC

00:39:49 С 1 августа платежная система Visa вводит в Украине принцип нулевой ответственности клиента за действия мошенников http://goo.gl/lm8b0B

00:42:32 20-year-old Windows bug lets printers install malware—patch now http://goo.gl/OZXUhN

00:42:43 Ubuntu Forums hack exposes 2 million users http://goo.gl/sJk9oP

NZ school servers hacked http://goo.gl/jGuOEz

Polish telecom suffers major data breach following hack http://goo.gl/8zcFhz

00:43:48 My Experience With the Great Firewall of China http://goo.gl/1EzqRu

00:44:56 Erdogan says his government is in control after bloody coup attempt in Turkey https://goo.gl/Zh34VB

Twitter, Facebook & YouTube blocked in #Turkey at 10:50PM after apparent military uprising in #Turkey https://goo.gl/R5Gdsu

00:46:30 OpenSSH has user enumeration bug http://goo.gl/HU2bNA

Direct download: 65.mp3
Category:Technology -- posted at: 11:50pm CET
Comments[0]

Intro / Outro Wired (cdk Dub and Bass mix) by cdk (c) http://dig.ccmixter.org/files/cdk/34152

00:02:51 Стан професії 2016: дослідження Української групи інформаційної безпеки. https://www.surveymonkey.com/r/ZCLPWBJ

00:03:46 Кто ты, слушатель Securit13? http://goo.gl/forms/9h2AI5CA9HmYO7q32

00:04:11 «Пакет Яровой» принят. И это очень плохо https://goo.gl/fDPjE2

СБУ советует украинцам до 1 августа удалить свои аккаунты из российских соцсетей (список) http://goo.gl/76Qyuh

СБУ закликає українців видалитися з російських соцмереж (видео) https://goo.gl/K4xZXz

00:14:44 В Украине появился мобильный кошелек для покупки и продажи биткоинов за гривну http://ain.ua/2016/06/30/657198

00:16:21 Ashley Madison gives infidelity a new look https://t.co/tg7uaHLey5

00:18:17 Teenager admits Mumsnet password cyber attack charges  https://t.co/2eMXutNxr7

00:19:36 Here's how fake telephone tech support scams work http://goo.gl/SzzkKs

00:21:18 What does Brexit mean for data protection & privacy? https://goo.gl/CmYbvJ

Will Brexit impact GDPR and data protection rules? http://goo.gl/vXjBmy

00:22:40 SCADA malware caught infecting European energy company http://goo.gl/VDgw7W

Word up: BlackEnergy SCADA hackers change tactics http://goo.gl/Is5G4u

00:24:37 Через сутки вознаграждение за блок Bitcoin упадет вдвое https://geektimes.ru/post/278228/

00:27:42 BMW ConnectedDrive - (Update) VIN Session Vulnerability http://goo.gl/ugyQ5b

BMW - (Token) Client Side Cross Site Scripting Vulnerability http://goo.gl/60xDAT

00:29:27 sesto https://github.com/cossacklabs/sesto

00:30:12 Харьковчанин, обладающий патентом на создание автоматизированной системы такси, обвинил Uber в нарушении интеллектуальных прав http://goo.gl/Awr0Oe

00:34:00 Taiwan banks suspend cash withdrawal at ATMs due to malware theft http://goo.gl/3H8bxb  

Direct download: 64.mp3
Category:Technology -- posted at: 11:34pm CET
Comments[0]

Intro / Outro Sooner or later by Urmymuse http://dig.ccmixter.org/files/urmymuse/45496

00:02:03 Привет, Тарас!

00:04:00 Microsoft collaborates on software for the legal marijuana industry http://goo.gl/ZnOmYF

Marijuana and Microsoft: Why This is Huge for Legalized Pot http://goo.gl/5kj8rr

00:05:11 Cyberspace is officially a war zone – NATO http://goo.gl/mgnBWk

00:08:28 Security Advisory for Adobe Flash Player https://goo.gl/CwGnZ5

00:10:55 Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says http://goo.gl/3JjKCZ

00:16:33 Gartner’s Top 10 Security Predictions 2016 http://goo.gl/pmCFDx

00:26:21 Facebook Messenger был уязвим к атаке, требующей базовые знания HTML https://goo.gl/EwxvT1

00:27:32 Flaw in Juniper's JunOS router software could cause DDoS flood http://goo.gl/FLFwMj

Cisco Issues Hight Alert on IPv6 Vulnerability, Says It Affects Both Cisco and Other Products http://goo.gl/3MHzyN

00:28:18 Cisco Won’t Patch Critical RV Wireless Router Vulnerability Until Q3 https://goo.gl/IF9Dup

00:30:08 North Korean Hackers Stole F-15 Wing Designs, Seoul Says http://goo.gl/NUWWB0

00:32:01 Hacker faces 25 years in prison for giving ISIS a US kill list https://t.co/Zr9xs8VG99

00:33:19 Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says http://goo.gl/XfA0fj

00:35:24 В Украине создали Национальный координационный центр кибербезопасности http://goo.gl/lTGh0m

00:37:28 Forget Game of Thrones as Android ransomware infects TVs http://goo.gl/FRohuK

00:39:03 An IT Worker at the Panama Papers Law Firm Has Been Arrested https://goo.gl/WjDiS1

00:39:52 Twitter: Passwords Leaked for Millions of Accounts http://goo.gl/LucP4h

00:40:35 uTorrent Forums Hacked, Passwords Compromised https://goo.gl/t5mMb3

00:41:14 Let's Encrypt lets 7,600 users... see each other's email addresses http://goo.gl/Jli9xZ

00:42:03 The web attacks that refuse to die https://t.co/EOEVPCr3QG

00:42:55 Inferring Internet Security Posture by Country through Port Scanning (pdf) https://goo.gl/4mZucp

00:43:31 Should multilingual websites use HTTPS by default | Million Dollar Blog (к моменту публикации, статья и все ссылки на нее были удалены)

00:44:58 FBI: Email Scams Take $3.1 Billion Toll on Businesses https://goo.gl/mjaTm7

00:46:03 How a college student tricked 17k coders into running his sketchy script http://goo.gl/Zr74XV

00:48:01 DAO теряет миллионы долларов в час из-за ошибки в своём коде и тянет Ethereum за собой https://goo.gl/a0arWL

00:52:32 Telegram bug allows attackers to crash devices, jack up phone bills https://goo.gl/YhgEDl

00:53:28 BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions http://goo.gl/OhBV7T

00:55:03 Acer Ecommerce Site Spills Credit Card Information of Thousands https://goo.gl/rpiKhp

00:57:20 Никифоров: регулирование трафика в мессенджерах и соцсетях технически невозможно http://tass.ru/pmef-2016/article/3368668

00:58:29 Hacking the Mitsubishi Outlander PHEV hybrid https://goo.gl/Yqm7Zm

00:59:36 Help Make Open Source Secure https://goo.gl/DwZkHw

Direct download: 63.mp3
Category:Technology -- posted at: 8:01am CET
Comments[0]

Intro / Outro We are Connected (the Chemma Chi  Remix) by SackJo22 http://dig.ccmixter.org/files/SackJo22/48168

00:01:39 GCHQ joins Twitter https://twitter.com/GCHQ

00:02:42 Интервью с Андреем Кузьменко. Связаться с Андреем можно в LinkedIn https://goo.gl/nYXCwT  или по почте andrii.kuzmenko@ua.ibm.com

00:05:53 Your car can be held for ransom http://goo.gl/k3CPOE

Car hacking news: Ransomware threat could reach auto dealerships http://goo.gl/Hwr3Ep

Ransomware cyberattacker did not pretend to be Car-Part.com employee http://goo.gl/yDWS21

Visa USA | Visa Everywhere | Innovation | Connected Car https://goo.gl/dPqFfw

Ditch the Wallet and Pay With Your Car http://goo.gl/yrvQgw

https://security.love/Pastejacking/

00:10:38 Hospital pays ransom, ransomware demands more money http://goo.gl/MIfeas

00:10:47 Observations and thoughts on the LinkedIn data breach https://goo.gl/BlUfgW

00:19:48 Heart surgery stalled for nearly 5 mins as anti-virus scan crashes computers https://goo.gl/duIz16

00:33:19 Pornhub said to be compromised, shell access available for $1,000 http://goo.gl/X2jbUz

00:37:04 У Києві поліція затримала кіберзлодіїв, які обкрадали банкомати з допомогою вірусу http://goo.gl/It8mYn

00:51:33 Symantec antivirus bug allows utter exploitation of memory http://goo.gl/yAehKc

00:56:02 Книга от гостя On the Road by Jack Kerouac http://goo.gl/HSO7fs

00:58:05 CVE-2016-4117: Flash Zero-Day Exploited in the Wild https://goo.gl/QMhPHS

01:00:08 Взломан украинский реестр недвижимости http://goo.gl/SHFyEB

01:01:40 Ukrainian hacker pleads guilty to insider trading in US http://goo.gl/dtf8jy

01:02:16 Observations and thoughts on the LinkedIn data breach https://goo.gl/BlUfgW

01:04:06 SWIFT Warns of Second Bank Attack via PDF Malware https://goo.gl/2x9DFX

U.S. banks scrutinize SWIFT security after hacks: reports http://goo.gl/iCuJZS

Exclusive: UK banks ordered to review cyber security after SWIFT heist http://goo.gl/EVkOvU

01:05:23 Hacker fans give Mr. Robot website free security checkup http://goo.gl/pgMRmI

01:06:13 TeslaCrypt shuts down and Releases Master Decryption Key http://goo.gl/mvdBF1

01:06:54 You really shouldn't download 'WhatsApp Gold' http://goo.gl/Ku3Buc

01:07:45 Google Set to Kill SSLv3, RC4 in SMTP, Gmail in June https://goo.gl/7JcYAY

Видео запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 61.mp3
Category:Technology -- posted at: 1:41am CET
Comments[4]

Intro / Outro Awaken by TheDICE http://dig.ccmixter.org/files/TheDICE/48157

00:01:00 Вышел Phrack №69 http://phrack.org/issues/69/1.html

00:02:50 Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution http://goo.gl/7aEobb

Server-jacking exploits for ImageMagick are so trivial, you'll scream http://goo.gl/5AMmiM  

Public Exploits Available for ImageMagick Vulnerabilities https://goo.gl/nlyEJL

00:08:48 Hacking Slack accounts: As easy as searching GitHub http://goo.gl/8bVCce

00:14:32 Vulnerability disclosure for Pornhub https://hackerone.com/pornhub

00:17:31 10-Year-Old Hacks Instagram; Wins $10K From Facebook http://goo.gl/icLLlO

00:21:02 Student gets conditional 18-month sentence in CRA Heartbleed breach http://goo.gl/AAXyGi

00:23:28 Anonymous attack Greek central bank, warns others http://goo.gl/tsdAlD

00:24:53 Wi-Fi network named 'mobile detonation device' grounds plane http://goo.gl/fyDhDY

00:26:54 Car Hackers Could Face Life In Prison. That's Insane! http://goo.gl/Cozzpo

00:30:01 Adobe, Microsoft Push Critical Updates http://goo.gl/cSskJK

00:30:59 How the Pwnedlist Got Pwned http://goo.gl/M2Ds4s

00:31:58 Here's how many US surveillance requests were rejected in 2015 http://goo.gl/FXrYIt

00:38:09 Twitter Bars Intelligence Agencies From Using Analytics Service http://goo.gl/3iFn15

00:39:47 Apple Stole My Music. No, Seriously. https://goo.gl/DKhcRT

00:42:28 Walmart confirms police report, says card readers compromised in Virginia http://goo.gl/4r0Dya

00:44:30 The Bitcoin affair: Craig Wright promises extraordinary proof http://www.bbc.com/news/technology-36193006

00:45:36 Another Day, Another Hack: Tens of Millions of Neopets Accounts http://goo.gl/gFK6oR

Direct download: 60.mp3
Category:Technology -- posted at: 11:29am CET
Comments[0]

Intro / Outro Pentatonix - Daft Punk https://www.youtube.com/watch?v=3MteSlpxCpo

00:02:56 Bangladesh Bank hackers compromised SWIFT software, warning issued http://goo.gl/yU10EM

00:06:58 The Vigilante Who Hacked Hacking Team Explains How He Did It https://goo.gl/35FfAZ

00:13:00 Millions Of Naughty America Porn Accounts Can Be Yours For A Mere $300 http://goo.gl/WQwqM5

00:17:30 Lip Kit Website Glitch Personal Customer Info Exposed http://goo.gl/iTvRoR

00:17:46 How a Hacker Found The Personal Information of All Mexican Voters http://goo.gl/KXZJzO

00:20:25 When a nation is hacked: Understanding the ginormous Philippines data breach https://goo.gl/wIbSqV

00:21:27 ‘Blackhole’ Exploit Kit Author Gets 7 Years http://goo.gl/vSD1qT

British Authorities Order Hacker Lauri Love to hand Over Encryption Keys https://goo.gl/qo8Qws

Creators of  SpyEye Virus Sentenced to 24 Years in Prison http://goo.gl/78LvzC

Matthew Keys Sentenced to Two Years for Aiding Anonymous http://goo.gl/qPpydf

00:24:23 Privacy tools - encryption against surveillance https://www.privacytools.io/

00:25:14 2016 DBIR: Understand Your Cybersecurity Threats | Verizon Enterprise Solutions http://goo.gl/SJ35cc

00:28:32 How to decrypt Petya Ransomware for Free https://goo.gl/LIATAS

Reversing the petya ransomware with constraint solvers http://goo.gl/adQzl1

00:29:09 How cybercriminals earned $100,000 just by sending a DDoS threat email http://goo.gl/1Zx9LG

00:30:02 Apple stops patching QuickTime for Windows despite 2 active vulnerabilities http://goo.gl/C2ayFB

Adobe warns that uninstalling vulnerable QuickTime for Windows can break Creative Cloud http://goo.gl/pQXfYD

00:31:11 В браузер Opera добавили бесплатный и безлимитный VPN-клиент https://t.co/PgKwPkLOkh

00:32:17 SMS phishing attackers continue to pursue Apple users http://goo.gl/nUs2mj

00:33:22 iOS 'date bug' can be exploited over Wi-Fi using NTP http://goo.gl/uzU0SC

00:34:21 Закрыт крупный ботнет из Linux-серверов http://goo.gl/AhWo9l

00:36:08 Almost half of dropped USB sticks will get plugged in https://goo.gl/Cn8NLY

00:40:19 Printers at German Universities Mysteriously Churn Out Anti-Semitic Fliers http://goo.gl/pzSr5e

00:40:45 How I Hacked Facebook, and Found Someone's Backdoor Script http://goo.gl/dx5GHb

00:42:34 2015 Google Android Security Report https://goo.gl/GmoC9W

Direct download: 59.mp3
Category:Technology -- posted at: 5:52pm CET
Comments[1]

Intro / Outro Vivienne Mort - ГГПТКН https://www.youtube.com/watch?v=mf7lFcOraVw

00:02:13 The FBI Drops Its Case Against Apple After Finding a Way Into That iPhone http://goo.gl/M96YTK

iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage http://goo.gl/6j2wSl

00:05:54 Apple's fruitless rootless security broken by code that fits in a tweet http://goo.gl/5d0aI7

00:09:37 About the Panama Papers http://goo.gl/LmVx8I

00:14:39 Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens http://goo.gl/9rXh38

00:15:13 Megabreach: 55 MILLION voters' details leaked in Philippines http://goo.gl/kh4Amj

00:18:00 Costa Rica launches investigation after reports hackers ‘rigged’ 2014 election http://goo.gl/GZm656

00:21:04 BlaBlaCar & Uber

00:23:59 Why Hospitals Are the Perfect Targets for Ransomware http://goo.gl/4Yvtjk

1,400+ Vulnerabilities Identified in Medical Supply System https://goo.gl/adrm0n

00:28:52 Meet the new ransomware that knows where you live http://goo.gl/BvMp09

00:30:27 Certified Ethical Hacker website caught spreading crypto ransomware http://goo.gl/b1f46Y

00:33:11 Sources: Trump Hotels Breached Again http://goo.gl/hd3MCj

00:34:33 Adobe Patches Flash Player Zero-Day Threat http://goo.gl/wKtVoX

Mindless Flash masses saved as exploit kit devs go astray with 0day http://goo.gl/bXA6A2

00:35:36 FBI: $2.3 Billion Lost to CEO Email Scams http://goo.gl/tCdANU

00:36:13 Uber Will Pay $10,000 ‘Bug Bounties’ to Friendly Hackers http://goo.gl/E9O7pN

00:36:53 How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript http://goo.gl/W1ZBQw

00:39:39 No Password Required! 135 Million Modems Open to Remote Factory Reset http://goo.gl/vKWE69

00:40:07 Karamba Security https://www.karambasecurity.com/

00:44:15 WordPress pushes free default SSL for hosted sites http://goo.gl/MJ03Mg

00:45:31 Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc http://goo.gl/uusxvY

00:46:55 How Pirates And Hackers Worked Together To Steal Millions Of Dollars In Diamonds http://goo.gl/KcuOSv

00:48:15 DNS root server attack was not aimed at root servers – infosec bods http://goo.gl/sUzudU

Видео запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 58.mp3
Category:Technology -- posted at: 8:50pm CET
Comments[0]

В этом эпизоде Виктор Жора рассказал о тонкостях установления кибер *бинго* стратегии Украины.

Intro / Outro Somewhere by spinmeister http://dig.ccmixter.org/files/spinmeister/53428

Про рішення Ради національної безпеки і оборони України від 27 січня 2016 року "Про Стратегію кібербезпеки України" http://www.president.gov.ua/documents/962016-19836

Киберполиция Украины https://vk.com/club104704813

Direct download: 57_5.mp3
Category:Technology -- posted at: 7:30am CET
Comments[0]

Intro / Outro Lies apemix by apeskinny http://dig.ccmixter.org/files/jellyman3/15118

00:01:31 OpenNews: Внеплановое обновление Java SE 8u77 с устранением опасной уязвимости http://goo.gl/gNiz0f

00:02:06 Bangladesh gets FBI help on bank heist, cyber expert missing http://goo.gl/2uPYn2

00:03:04 Researchers find hole in SIP, Apple’s newest protection feature http://goo.gl/R9Kj7X

00:04:20 The Law is Clear: The FBI Cannot Make Apple Rewrite its OS https://goo.gl/7mqZER

The Most Embarrassing Fact Checks Apple Gave the FBI http://goo.gl/Y8Z29K

Government Calls Apple’s iPhone Arguments in San Bernardino Case a ‘Diversion’ http://goo.gl/pmPDs5

Former cyber czar says NSA could crack the San Bernadino shooter’s phone http://goo.gl/33X4jK

Israeli biz fingered as the FBI's iPhone cracker http://goo.gl/eUkOET

00:07:15 Report: Apple designing its own servers to avoid snooping http://goo.gl/phr5So

00:08:56 How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware (pdf) http://www.thirdio.com/rowhammer.pdf

00:10:41 AMD to fix slippery hypervisor-busting bug in its CPU microcode http://goo.gl/QRS8Pb

00:12:34 Хакеры атаковали сотни российских банков от имени Центробанка https://goo.gl/1WNQY9

00:16:04 Crooks Steal, Sell Verizon Enterprise Customer Data https://goo.gl/iDawba

00:18:39 Cossack Labs / Building secure end-to-end webchat with Themis https://goo.gl/iI9MZe

0fc - Anonymous web chat server, built on top of Themis/WebThemis https://goo.gl/8ZbCk3

00:19:45 Ransomware Petya encrypts hard drives https://goo.gl/4rfWCJ

00:23:09 95% of HTTPS servers vulnerable to trivial MITM attacks http://goo.gl/5fEpFT

00:25:40  http://vncroulette.com/

00:30:19 A Few Thoughts on Cryptographic Engineering: Attack of the Week: Apple iMessage http://goo.gl/WJlPIA

00:31:38 https://securitybsides.org.ua/

00:33:00 Порошенко затвердив Стратегію кібербезпеки країни http://goo.gl/MZQwQ1

00:34:31 In the FBI’s Crypto War, Apps May Be the Next Target http://goo.gl/E0aoCQ

00:34:48 How your drunk tweets can be used to show where you live http://gizmo.do/rGwyvpk

00:36:17 Secure email: ProtonMail is free encrypted email. https://protonmail.com/

00:38:53 Amex warns of breach, cardholders should protect data http://goo.gl/EFBdRP

00:39:16 http://rootaccesspodcast.com/

Direct download: 57.mp3
Category:general -- posted at: 9:38am CET
Comments[0]

Intro / Outro Texasradiofish - It's a Good Day http://dig.ccmixter.org/files/texasradiofish/53328

00:00:58 Skype co-founder launches ultra-private messaging, with video http://goo.gl/7Kx4ZJ

ChaCha (pdf) https://cr.yp.to/chacha/chacha-20080128.pdf

00:02:27 Top iPhone Hackers Ask Court to Protect Apple From the FBI http://goo.gl/4y1Ydp

John McAfee better prepare to eat a shoe because he doesn’t know how iPhones work http://goo.gl/gaqx1M

John McAfee tells Ars he’s fighting a lonely battle, but he’s not lying http://goo.gl/qI2CHQ

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent https://t.co/t2JHOLK8iU

00:10:33 Exim < 4.86.2 Local Root Privilege Escalation http://seclists.org/fulldisclosure/2016/Mar/32

00:11:24 Hacker 'Guccifer' extradited to US http://goo.gl/EJxEsG

00:12:27 Romanian ATM hacker exploits vulnerability in FENCE, escapes jail http://goo.gl/JGHKH6

00:13:41 ATM Hackers Have Reached Whole New Level https://goo.gl/78f6yC

You'd Never Spot These Hidden Card Skimmers That Are on the Rise http://goo.gl/zMxiZn

00:15:23 Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid http://goo.gl/YH4WhG

Hackers did indeed cause Ukrainian power outage, US report concludes http://goo.gl/QYLGeY

“Прикарпаттяобленерго”: The “First” Attack On Infrastructure https://goo.gl/JL9iVt

00:17:51 IS Documents Identify Thousands Of Jihadis http://goo.gl/gGgHMC

00:18:53 The NSA Hacked Into the U.S. Military by Digging Through Its Trash http://goo.gl/iNYzk7

00:19:49 Pentagon invites hackers to come give it a try http://goo.gl/ceRgvM

00:21:09 Seagate Phish Exposes All Employee W-2’s http://goo.gl/TcR89h

00:21:27 New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer http://goo.gl/7PnbIU

00:23:01 Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI http://goo.gl/t5c6Lb

00:23:58 Hacker Says He Can Hijack a $35K Police Drone a Mile Away http://goo.gl/zAE1fX

00:24:49 More than 11 million HTTPS websites imperiled by new decryption attack http://goo.gl/0YEKSd

00:27:38 Accessibility Clickjacking - A Skycure Discovered Vulnerability https://www.youtube.com/watch?v=4cSRq7_Z26s

“Accessibility Clickjacking” - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices https://goo.gl/iNxYKV

00:29:37 Google open sources vendor security review tool https://goo.gl/u8546U

00:33:02 Subgraph OS — Secure Linux Operating System for Non-Technical Users http://goo.gl/UUL5yk

Видео запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 56.mp3
Category:Technology -- posted at: 3:53am CET
Comments[0]

Intro / Outro Get Money by Blake http://dig.ccmixter.org/files/blakeht/27438 

В этом эпизоде Павел Кравченко рассказал о bitcoin, blockchain и децентрализованных аукционах.

Третье поколение электронных аукционов как разгром государственной монополии http://goo.gl/XQChJP

Мануал по приєднанню платформи до аукціона https://goo.gl/lG4Q9l

РАСПРЕДЕЛЁННАЯ СИСТЕМА BLOCKCHAIN-АУКЦИОНА https://goo.gl/vjZs5f

The World’s First State Auction on the Blockchain Being Tested in Ukraine http://goo.gl/QJzdoB

The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers http://goo.gl/291tKp

Безумно просто http://goo.gl/Seyw0I

Связаться с Павлом можно по скайпу ideateam_macuser

Видео запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 55_5.mp3
Category:Technology -- posted at: 12:47pm CET
Comments[0]

Intro / Outro Степ - Бум-Бум - все в нас є https://www.youtube.com/watch?v=UjG-W9-pHiE

00:01:45 Apple, The FBI And iPhone Encryption: A Look At What's At Stake http://goo.gl/UyYXbd

Why You Should Care About Apple’s Fight With the FBI http://goo.gl/7n6Ckc

Judge Forces Apple to Help Unlock Terror Shooter's iPhone https://goo.gl/pg8pnB

No, A Judge Did Not Just Order Apple To Break Encryption On San Bernardino Shooter's iPhone, But To Create A New Backdoor | Techdirt https://goo.gl/ed5sT5

The FBI’s attack on Apple could force Congress to rule on encryption http://goo.gl/809jtw

Customer Letter - Apple https://www.apple.com/customer-letter/

Judge Demands that Apple Backdoor an iPhone https://goo.gl/FNxUeu

Why Tim Cook is wrong about the iPhone 'back door': A privacy advocate's view http://reg.cx/2jWm

Encryption is under attack. https://www.google.com/takeaction/issue/encryption/

Not a Slippery Slope, but a Jump off the Cliff https://goo.gl/2M7xj7

Apple vs the FBI - a plain English guide - BBC News http://goo.gl/tFfDPI

Why Apple — and Not Google — Is in the FBI’s Crosshairs http://goo.gl/3Z84g5

Here’s how often Apple, Google, and others handed over data when the US government asked for it http://goo.gl/r7Spl6

Bill Gates sides with FBI on demand for Apple backdoor to shooter's iPhone http://goo.gl/e4q37f

Encryption isn’t at stake, the FBI knows Apple already has the desired key http://goo.gl/0j3Zgq

00:26:29 Extremely severe bug leaves dizzying number of software and devices vulnerable http://goo.gl/nMeSox

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow https://goo.gl/yub5ku

Критическая уязвимость в glibc опасна для всех Linux https://goo.gl/wvjjTd

00:34:22 Hospital paid hackers $17,000 to unlock data held for ransom http://goo.gl/unoxFI

00:40:24 Execute My Packet https://goo.gl/3hgfjm

00:46:29 Beware of hacked ISOs if you downloaded Linux Mint on February 20th! http://blog.linuxmint.com/?p=2994

00:48:54 Google Wants to Save News Sites From Cyberattacks—For Free http://goo.gl/PGDIti

00:51:39 Joomla Joins WordPress As TeslaCrypt Ransomware Target https://goo.gl/P31WBG

00:53:27 Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles https://goo.gl/3isFBv

00:59:51 This is Why People Fear the ‘Internet of Things’ https://goo.gl/yRlVS9

01:12:45 Teacher’s sex tape stolen from hacked Dropbox, posted on school site https://goo.gl/7WZSCP

01:17:49 Man admits he stole nude celebrity pics from Apple and Gmail accounts http://goo.gl/vCPeF1

01:18:07 Tor: 'Mystery' spike in hidden addresses http://goo.gl/qt4M5g

RicochetSecurityAssessment (pdf) https://goo.gl/gLNyvU

01:19:27 Adi Shamir anniversary keynote on “Financial Cryptography: Past, Present, and Future” http://goo.gl/tCmnY3

01:25:26 Volksverschlüsselung https://goo.gl/MXTikt

01:31:42 Интервью с Владимиром Гарбузом

Сайт конференции http://securitybsides.org.ua/

The Web Application Hacker's Handbook http://goo.gl/8aK5P2

Связаться с Владимиром можно по скайпу vigarbuz

Direct download: 55.mp3
Category:Technology -- posted at: 8:55pm CET
Comments[0]

Alice, Victor Zhora and Kostiantyn Korsun talked with Kenneth Geers about his book Cyber war in perspective (pdf) https://goo.gl/RjPuqU, how can Ukraine to be a leader in cyber security, conflicts in Ukraine and Syria with perspective on cyber space and other questions.

Kennet's twitter is @KennethGeers

Intro / Outro Grapes - I dunno http://dig.ccmixter.org/files/grapes/16626

Видео-запись интервью на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 54-2.mp3
Category:Technology -- posted at: 3:43am CET
Comments[0]

Intro / Outro Alex - Drive http://dig.ccmixter.org/files/AlexBeroza/43098

0:01:54 Чтобы превратить iPhone в "кирпич", достаточно сменить системную дату на 1 января 1970 года - ITC.ua http://goo.gl/TblQCe

0:04:23 There's a lot of vulnerable OS X applications out there. https://goo.gl/OLWEiy

VLC unsigned updates over http https://goo.gl/OIevQP

0:09:09 Fake Flash Player Update Infects Macs with Scareware https://goo.gl/5uhPXG

0:10:09 Nexus Security Bulletin - February 2016 http://goo.gl/lDS1ZV

Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android http://goo.gl/zESjhg

Google plugs Android vulns http://goo.gl/eX6Lbm

0:10:47 Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware http://goo.gl/OrTlUv

0:12:02 Every version of Windows hit by 'critical' security vulnerability http://goo.gl/gYVDPY

0:12:52 Опубликованы новые подробности о том, как троян BlackEnergy атакует Украину https://goo.gl/5GbPmR

Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж http://goo.gl/FRXKUd

0:18:47 Hackers mirror 250GB of NASA files on the web http://goo.gl/2RXmr4

OpNasaDrones Zine #Anonsec http://pastebin.com/pm1WLXQj

0:24:12 Privilege Escalation + Remote Code Execution in Apache Jetspeed 2.2.0 - 2.3.0 https://vimeo.com/154475767

Default settings in Apache may decloak Tor hidden services http://goo.gl/hlaHrJ

0:26:02 Brit spies want rights to wiretap and snoop on US companies' servers http://goo.gl/VZC7Ve

0:26:52 Smart toys spring dumb vulns. Again. This time: Cuddly bears, watches http://goo.gl/y3w72D

Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks http://goo.gl/XVTPk9

0:30:30 Big Question: What does the Julian Assange case have to do with human rights? http://goo.gl/QWO1mk

The Working Group on Arbitrary Detention Deems the deprivation of liberty of Mr. Julian Assange as arbitrary http://goo.gl/ptB4eH

0:31:08 New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform https://goo.gl/y8s2OS

Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal http://goo.gl/wf8uEr

0:32:27 OpenSSL fixes bug, gets dissed by German gov: That's so random ... not http://goo.gl/EYiOtp

OpenSSL study https://goo.gl/yf08LN

0:34:41 White House seeks its first ever chief information security officer http://goo.gl/5uRDdL

0:35:39 Safeway Self-Checkout Skimmer Close Up http://goo.gl/zBUZaJ

0:36:39 Взломать PayPal за 73 секунды https://habrahabr.ru/company/pt/blog/276459/

0:37:46 AST-2016-001: BEAST vulnerability in HTTP server http://seclists.org/fulldisclosure/2016/Feb/9

0:38:44 For Cyberattackers, Time Is The Enemy http://goo.gl/DFrKim

0:39:29 Mysterious spike in WordPress hacks silently delivers ransomware to visitors http://goo.gl/jvKRO9

0:40:13 KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass http://goo.gl/KGgQQq

0:40:48 Samsung warns customers not to discuss personal information in front of smart TVs http://goo.gl/AcCP7g

0:41:21 Twitter Says There’s No “Magical Algorithm” to Find Terrorists https://goo.gl/u6FDhg

Combating Violent Extremism | Twitter Blogs https://goo.gl/SdFZHO

0:42:06 Malware Museum! https://archive.org/details/malwaremuseum

Roll up, roll up to the Malware Museum! Run classic DOS viruses in your web browser http://goo.gl/sVkJSN 

О сколько нам открытий чудных готовит Office Microsoft https://habrahabr.ru/post/264313/

Видео-запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 54-1.mp3
Category:Technology -- posted at: 3:38pm CET
Comments[0]

Intro/ Outro Time (cdk Give Me Some Dubstep Extended Mix) http://dig.ccmixter.org/files/cdk/50693

0:00:51 Продовжено роботу групи з вивчення причин тимчасового збою в роботі систем енергопостачальних компаній, що мали місце 23 грудня 2015 року http://goo.gl/ZJyUrh
Повна новина http://goo.gl/jgX1Ez
Атака на энергетические объекты 19-20 января 2016 года. Постфактум https://goo.gl/QUuEbA
Techie on the ground disputes BlackEnergy Ukraine power outage story http://goo.gl/TEP9Lg
Steinitz: Israel’s Electric Authority hit by ‘severe’ cyber-attack http://goo.gl/EennWL
0:07:48 Secret SSH backdoor in Fortinet hardware found in more products http://goo.gl/dLlF7J
Fortinet SSH vulnerability more widespread than thought http://goo.gl/4eVqOn
0:14:15 NSA Helped British Spies Find Security Holes In Juniper Firewalls https://goo.gl/euULKA
0:17:28 В ядре Linux обнаружена уязвимость, позволяющая поднять привилегии в системе http://goo.gl/B8f4DC
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728) http://goo.gl/kjXogr
0:20:41 Canada Cuts Off Some Intelligence Sharing With U.S. Out of Fear for Canadians’ Privacy https://t.co/pGBHQl3we9?ssr=true
0:21:15 Get Safe online https://goo.gl/cZWzud
0:23:32 IT-cпецагенты: кого и как отобрали в украинскую киберполицию http://goo.gl/4vL4Wh
0:26:16 Critical Yahoo Mail Flaw Patched, $10K Bounty Paid https://goo.gl/jvOgi9
0:27:31 Lenovo used 12345678 as hard-coded password in SHAREit for Windows https://goo.gl/pu1Qrc
0:31:28 Here's what an Ashley Madison blackmail letter looks like https://goo.gl/aNbw8G
0:33:33 HD Moore Leaves Rapid7 https://goo.gl/vS0ZY8
0:34:01 OpenSSL to Patch Two Vulnerabilities This Week https://goo.gl/EFu7n6
0:37:49 PayPal Remote Code Execution Vulnerability http://goo.gl/w7wYd6 
And the tool used for that. https://github.com/frohoff/ysoserial
0:39:08 Oracle's finally killing its terrible Java browser plugin http://goo.gl/WAQXcu
0:40:36 Kali Linux, Rolling Edition Released – 2016.1 https://www.kali.org/releases/kali-linux-rolling-edition-2016-1/
0:46:50 Crash Safari Code | JerryGamblin.com http://goo.gl/ph75ar
https://twitter.com/mikko/status/691600741832720384
0:47:38 СБУ задержала группу хакеров при попытке воровства 15 млн грн http://goo.gl/zBYhMC
0:49:21 iSIGHT and FireEye: Ushering in a New Era of Intelligence-Led Security https://goo.gl/px28H0
0:49:59 Toyota Russia Customers Data http://pasted.co/6fe1aa50
0:52:06 Oracle drops 248 - count 'em - 248 patches, to fix ... something http://goo.gl/zWqXMK
0:56:42 Skype Now Hides Your Internet Address http://goo.gl/3iCJqM
0:58:08 NSA Hacker Chief Explains How to Keep Him Out of Your System http://goo.gl/Fp5vgX
1:00:03 Reversing Apple’s syslogd bug https://goo.gl/gNZ9cE
1:00:33 Прикольный баг был в 1Password https://twitter.com/1password/status/688510701359476738
1:01:01 As promised @googlechrome indeed doesn't recognise @VERISIGN certificates as trusted anymore. https://pbs.twimg.com/media/CZIm_eXVIAA0Oxo.jpg
1:02:44 White Paper: A Guide to DDoS Mitigation & Testing http://goo.gl/bGeVuL
1:03:01 Remote access to the car or practical aspects of the ELM 327 security http://goo.gl/AkTzpA 

Видео-запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Direct download: 53.mp3
Category:Technology -- posted at: 9:12pm CET
Comments[2]

Intro / Outro BRUTTO - Просперо (Piano Cover) https://www.youtube.com/watch?v=NwsISaGo_PU
00:03:31 Интервью с Виктором Жорой об атаке на объекты электроэнергетики Украины
Причиною вчорашнього знеструмлення половини Івано-Франківщини була хакерська атака http://goo.gl/yxFlrD
СБУ попередила спробу російських спецслужб вивести з ладу об'єкти енергетики України http://goo.gl/px5umB
First known hacker-caused power outage signals troubling escalation http://goo.gl/KxqQsf
Хакери погрожують українським енергомережам. За кібератакою на обленерго читається російський почерк http://goo.gl/PG3Gxk
США підозрюють Росію у причетності до кібератак на електромережі України http://goo.gl/GPtka5
Malware 'clearly' behind Ukraine power outage, SANS utility expert says http://goo.gl/s4DGoc
iSIGHT Partners: Sandworm Team and the Ukrainian Power Authority Attacks http://www.isightpartners.com/?p=5305
Троян BlackEnergy используется в кибератаках на СМИ и промышленные объекты Украины http://goo.gl/bUKvOG
BlackEnergy Disrupt Matrix - SOC Prime https://goo.gl/rIJuD X
Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered https://goo.gl/KAuM5i
BlackEnergy .XLS Dropper http://bit.ly/1JQV1fa
Штаб: У "Борисполі" попередили ймовірну хакерську атаку з боку РФ http://goo.gl/TZUvVG
Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (pdf) http://goo.gl/cv4mzk
Cyber war in perspective (pdf) https://goo.gl/RjPuqU
00:58:41 Казусы наших 1с
01:01:15 Герб мининформполитики http://goo.gl/R9ETMK
01:02:02 Суд дозволив прокуратурі обшукати український офіс Google http://goo.gl/9E83F2
01:04:04 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 http://goo.gl/o7UiyH
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls http://goo.gl/p17WSL
Fortinet says backdoor found in FortiOS is "a management authentication issue" http://goo.gl/b0m1tU
01:07:03 Facebook spars with researcher who says he found “Instagram’s Million Dollar Bug” https://goo.gl/SfUpSB
01:08:43 iOS 9.3 brings multi-user mode to iPads, along with more features and fixes http://goo.gl/Gjl9bl
01:11:10 How Nvidia breaks Chrome Incognito https://goo.gl/fZRwuQ
Nvidia: Chrome 'Incognito' Porn Leakage Is on Apple, Not Us http://goo.gl/g3dk0Q
01:14:11 Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 https://goo.gl/Mbd8eY
Evil OpenSSH servers can steal your private login keys to other systems – patch now http://goo.gl/GUaBfa
How To Fix OpenSSH's Client Bug CVE-0216-0777 and CVE-0216-0778 by Disabling UseRoaming https://goo.gl/pkVRra
01:15:29 Microsoft Gives Details About Its Controversial Disk Encryption https://goo.gl/bTCfJr
01:17:21 Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key https://goo.gl/Rikium
01:18:11 Microsoft ends support for Windows 8, IE8 through 10: What does this mean for you? http://goo.gl/tLKJiM
01:18:40 The Tor Project Is Starting a Bug Bounty Program http://goo.gl/FKaraF
01:18:55 Linode: back at last after ten days of hell http://goo.gl/0pCRSF
Linode Blog » Security Notification and Linode Manager Password Reset https://goo.gl/A2ee0q
01:19:21 Cisco admins gear up for a late night – hardcoded password in wireless points nuked http://goo.gl/W8XfvK
01:19:29 Про ДДоС говнокод.ру через JS в посте на хабре https://goo.gl/QNxvWG
01:21:21 TrendMicro node.js HTTP server listening on localhost can execute commands https://goo.gl/u8yMDh
01:23:37 Debug code cracked case in hunt for mystery Silverlight zero day http://goo.gl/oW4B5d
01:24:44 Software bug granted early release to more than 3,200 US prisoners http://goo.gl/1ke6sV
01:25:32 Massive bug at online gaming platform exposes users' sensitive data http://goo.gl/YS7Ja0
01:26:19 Turkish carder scores record 332-year jail term http://goo.gl/7gGxpe    
01:26:50 Vulnerability allows to permanently delete any skype account by support request http://goo.gl/fbF6y1
01:29:28 French say 'Non, merci' to encryption backdoors http://goo.gl/W4mh04
01:30:13 Database leak exposes 3.3 million Hello Kitty fans http://goo.gl/10lH0a
01:30:23 250 Hyatt hotels hacked via PoS malware http://goo.gl/Vobx0i
01:30:42 Trustwave failed to spot casino hackers right under its nose – lawsuit http://goo.gl/4CpA7i
01:31:51 Stranger talks to a kid through this hacked baby monitor http://goo.gl/KK9Xey
01:32:38 Holiday hack challenge https://holidayhackchallenge.com/
Security weekly #444 http://goo.gl/PdY9C3
01:41:07 drduh/OS-X-Security-and-Privacy-Guide https://goo.gl/TihhlC

Direct download: 52.mp3
Category:Technology -- posted at: 1:43pm CET
Comments[1]

Intro / Outro Run The Jewels - A Christmas F*cking Miracle https://www.youtube.com/watch?v=OQ5rI461KNE

0:02:41 Bitcoin's Creator Satoshi Nakamoto Is Probably This Unknown Australian Genius http://goo.gl/uDsciu

Satoshi Nakamoto Not Eligible For Nobel Prize - CCN: Financial Bitcoin & Cryptocurrency News https://t.co/bPqMWsznSK?ssr=true

Time To Call A Hoax? Inconsistencies On 'Probable' Bitcoin Creator's PhD And Supercomputers Revealed http://goo.gl/6oYsmQ

0:06:16 If you are using TrueCrypt you should stop.  Hashcat is now optimized to crack TrueCrypt volumes. http://ow.ly/VGS0O

0:07:03 How the AM hack changed the victims’ lives https://t.co/YFWfXHranh?ssr=true

0:08:14 Hacker Confirms PlayStation 4 Jailbreak! Exploit Could Open Doors for Pirated Games http://goo.gl/hWsbNr

Hacking the PS4, part 2 https://cturt.github.io/ps4-2.html

0:09:16 Unauthorized code in Juniper ScreenOS allows for administrative access https://goo.gl/DYccDI

0:11:40 Back to 28: Grub2 Authentication 0-Day http://goo.gl/YPWQfV

Критическая уязвимость в загрузчике Grub2 позволяет обходить защиту паролем http://habrahabr.ru/company/pt/blog/273389/

0:12:46 DDoS on DNS http://goo.gl/PpwO0P

Корневые DNS-серверы пережили необычную DDoS-атаку https://goo.gl/oEyQv3

0:16:08 MacKeeper data breach https://goo.gl/pKhzXI

0:20:20 Critical Remote Root Zero-Day In FireEye Appliances https://t.co/eB1h1ERkKc?ssr=true 

0:24:08 PCI security standards council revises date for migrating off vulnerable SSL and early TLS encryption (pdf) https://goo.gl/t7cWWX

Let's Encrypt says get your free digital security certificates here http://ow.ly/VvsGR

Let's Encrypt! Get started. https://goo.gl/obXu3I

Certificates for US sanctioned countries https://t.co/YuzRxyoLa5?ssr=true

0:25:55 MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela http://goo.gl/7U7MZD

0:28:35 No root for you! Google slams door on Symantec certs http://goo.gl/QzuuqY

0:29:38 Donald Trump thinks he can call Bill Gates to 'close up' the internet https://t.co/IRSagBPu2S?ssr=true

0:33:45 Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel https://goo.gl/nRwG8l

0:35:09 A Different Kind of POP: The Joomla Unserialize Vulnerability https://goo.gl/qhTwbx

0:38:08 A 2008 book by Craig S. Wright contains plagiarism https://goo.gl/WvNluk

0:42:36 Google Search starts indexing HTTPS pages by default https://t.co/0q3PP17SVj?ssr=true

0:43:10 Kazakhstan Announces Plan to Spy on Encrypted Internet Traffic https://t.co/3pyRc5pZFG?ssr=true

0:51:45 Troy Hunt: When children are breached – inside the massive VTech hack http://goo.gl/mnbU6p

Hacker Obtained Childrens' Headshots and Chatlogs From Toymaker VTech http://goo.gl/YDd9N7

VTech Hacker Explains Why He Hacked the Toy Company http://goo.gl/6uvFbm

0:52:46 First ever EU rules on cybersecurity https://t.co/Htj7dFDbZx?ssr=true

0:56:36 I included emoji in my password and now I can't log in to my Account on Yosemite http://goo.gl/w1IOi1

0:59:15 Хакера з України, підозрюваного в крадіжці 80 млн, затримали в Кракові http://goo.gl/jDXfcG

0:59:51 Неудачное обновление ПО SAP в Deutsche Post DHL https://t.co/IH2qJS2mFH?ssr=true

1:06:45 Tails 1.8 is out https://goo.gl/AZPeLh

1:06:50 What a nice holiday gift. https://pbs.twimg.com/media/CWJnwrRU8AAT3zo.jpg

1:07:21 Python Extension · rapid7/metasploit-framework Wiki · GitHub https://goo.gl/8uggx6

1:07:58 Craig S. Wright - "The IT Regulatory and Standards Compliance Handbook" Contains Plagiarism http://goo.gl/gKtVMw

1:08:14 The Happiness Advantage: The Seven Principles of Positive Psychology That Fuel Success and Performance at Work http://goo.gl/LUH5T 

Direct download: 51.mp3
Category:Technology -- posted at: 6:03pm CET
Comments[1]

Intro / Outro Naughty By Nature Ft. Kate Nauta - Name Game https://www.youtube.com/watch?v=OY5YZFpwKVk

0:02:03 Kaspersky Antivirus Certificate handling path traversal https://goo.gl/90KDvl

0:03:40 CVE-2015-6357: FirePWNER Exploit for Cisco FireSIGHT Management Center SSL Validation Vulnerability http://goo.gl/ZlyXbH

0:05:23 Dell ships laptops with rouge CA Lenovo style  http://goo.gl/VqaRDS

Dell apologizes for HTTPS certificate fiasco, provides removal tool http://goo.gl/3QMaSP

0:06:08 Amazon suffers potential password leak, unknown number of accounts affected http://goo.gl/NO2TrV

Amazon data breach rumours spread as passwords are reset on some accounts https://goo.gl/Xv7NAA

0:06:33 At 11:59pm EST on Sunday, the NSA will stop in-house phone metadata collection http://goo.gl/vTM9NN

The secret message hidden in every HTTP/2 connection: HTTP Verb "PRISM" http://goo.gl/gs6ECH

0:06:44 Казахстан внедряет свой CA для прослушивания всего TLS-трафика http://habrahabr.ru/post/272207/

0:09:34 Комментарий Евгения Шульги о прослушивании TLS-трафика

0:17:50 Интервью с Полом Алдерсоном

Daniel H. Pink - Drive http://www.danpink.com/books/drive/

The Anatomy of Peace: Resolving the Heart of Conflict http://goo.gl/9nOinT

0:21:15 Интервью с Алексеем Старовым

Concise. A Cybersecurity Education Directory. https://www.concise-courses.com

Топовые конференции по security http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm

"Security Engineering" by Ross Anderson http://www.cl.cam.ac.uk/~rja14/book.html

Примеры интересных академических статей:

http://www.securitee.org/files/cloudpiercer_ccs2015.pdf

https://technet.microsoft.com/en-us/security/hh972393.aspx

http://www.mpi-sws.org/~gummadi/papers/glasnost.pdf

http://www3.cs.stonybrook.edu/~phillipa/CSE534/2009-reset.pdf

http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf

http://www3.cs.stonybrook.edu/~phillipa/CSE534/howsecure.pdf

http://www3.cs.stonybrook.edu/~phillipa/CSE534/holdon.pdf

0:25:24 Интервью с Кеннетом Гирсом

0:30:56 Интервью с Сергеем Харюком

0:35:32 Интервью с Гийомом Лове

0:42:50 Интервью с Александром

0:44:30 Интервью с Олегом Кучеровым

0:50:24 Интервью с Евгенией Брошеван и Вадимом Чакряном

Hackup learning network http://hackup.net.ua/

Вадим Чакрян - С чего начать свой путь этичного хакера? http://goo.gl/gmM9gX

Direct download: 50.mp3
Category:Technology -- posted at: 6:25am CET
Comments[0]

Intro / Outro Wang Rong Rollin - Chick Chick https://www.youtube.com/watch?v=mxzgwJ8tSE0

02:40 Here’s a Spy Firm’s Price List for Secret Hacker Techniques http://goo.gl/ahgdl8

04:30 Google Is Fixing a Dangerous Gmail Bug That Could Let Others Impersonate You http://goo.gl/gA6cgo

05:48 http://securityreactions.tumblr.com/post/133077996442/showing-to-client-an-exploit-that-worked-yesterday

05:59 Hacker fakes German minister's fingerprints using photos of her hands http://goo.gl/Aw1TOc

09:43 Основатель Bitcoin Foundation Ukraine доказал в суде незаконность изъятия техники при обыске у него дома http://goo.gl/qaNS6K

12:41 Hacker Group Anonymous Announces 'Biggest Operation' Against ISIS After Paris Attacks https://t.co/ZUZQjOsRZS?ssr=true

15:44 Кабмин "завернул" законопроект НКРСИ "Об электронных коммуникациях" - InternetUA http://goo.gl/mXjBYg

16:35 FBI denies paying $1 million to unmask Tor users http://goo.gl/2Ru3CP

17:06 Nmap 7 Released https://nmap.org/7/

18:35 Cyberattacks are again used in a hybrid warfare. Now in Bulgaria. http://goo.gl/2iIaxf

24:59 The way we bank now...in some places https://goo.gl/7qlCmX

27:53 Why tech firms pay hackers to hack them http://goo.gl/Xk1AJf

29:18 The media link the PlayStation 4 to terrorist attacks in Paris https://goo.gl/oFsKe2

Direct download: 49.mp3
Category:Technology -- posted at: 1:54pm CET
Comments[3]

Intro / Outro Був’є – Стіна https://www.youtube.com/watch?v=4EWcKr5ei7Y

CloudFlare is a free global CDN and DNS provider that can speed up and protect any site online https://www.cloudflare.com/dnssec/

Op-ed: (How) did they break Diffie-Hellman? http://goo.gl/nB7pXy

Ransomware Now Gunning for Your Web Sites https://t.co/FQYuhUM813?ssr=true

Linux Ransomware Debut Fails on Predictable Encryption Key http://goo.gl/OO4lD3

Let me tell you about Wireshark 2.0 https://goo.gl/AvMyNe

Windows 3.1 Is Still Alive, And It Just Killed a French Airport https://goo.gl/mevwFB

Oracle now keeps all EU data within EU borders to avoid Safe Harbour problems http://goo.gl/fjI3oi

Halloween security breach https://goo.gl/V4ZgFN

Updates to Chrome platform support http://goo.gl/MgIpTW

Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege https://goo.gl/66lgfl

The Secret Service Agent Who Collared Cybercrooks by Selling Them Fake IDs http://www.wired.com/2013/07/open-market/

Direct download: 48.mp3
Category:Technology -- posted at: 12:17pm CET
Comments[0]

Intro / Outro Dubioza kolektiv - Free.mp3 (The Pirate Bay Song) https://www.youtube.com/watch?v=EuQLMXyGQOE

KeePass https://goo.gl/VtKzFW

Freedome https://www.f-secure.com/en/web/home_global/freedome

Take 5 minutes and up your opsec game with Tor Messenger http://goo.gl/KmwjSS

Короткая история времени http://www.bookland.com/ukr/books/3341669

Hackers gonna hack, but why? Maybe Freud has the answer http://goo.gl/wBLMbz (публикация и твитт удалены)

OWASP-UKRAINE LVIV MEETUP http://goo.gl/7uSdFS

Hack-it https://www.youtube.com/watch?v=sbrAZ-lC3U8

Во Львовской ОГА уволили пользовавшегося почтой mail.ru чиновника http://goo.gl/rlejON

В правительстве решили отделить свой Интернет от провайдеров http://goo.gl/0PQddZ

Somebody Just Claimed a $1 Million Bounty for Hacking the iPhone http://goo.gl/UdBg63

TalkTalk Hackers Demanded £80K in Bitcoin http://goo.gl/vTbOcw

A 15-year-old boy Arrested in connection with #TalkTalk Cyber Attack http://goo.gl/PPkonk

TalkTalk breach: CEO dismisses encryption, 15-year-old arrested https://goo.gl/m7uOui

TalkTalk, Script Kids & The Quest for ‘OG’ https://t.co/fh05AUvYkx?ssr=true

13 million plaintext passwords leak from free webhosting firm http://goo.gl/IpNUjA

FireEye's CEO partly blamed a slowdown in Chinese hacking for its poor results, and the stock is getting crushed http://goo.gl/WmXkfQ

ProtonMail Paid Hackers $6000 Ransom in Bitcoin to Stop DDoS Attacks https://goo.gl/3HpeZh

This 11-year-old is selling cryptographically secure passwords for $2 each http://goo.gl/2lysWZ

In the UK, Web browsing history must now be stored for a year http://goo.gl/1a4CmJ

Programmers: Stop Calling Yourselves Engineers http://goo.gl/oRslTV

https://github.com/Rootkitsmm/Win10Pcap-Exploit

Direct download: 47.mp3
Category:Technology -- posted at: 12:51am CET
Comments[0]

Intro / Outro Пустельник - Піккардійська терція https://www.youtube.com/watch?v=1Jd8Y8xvbjA

Linux for kids http://qimo4kids.com/download/

Интервью с Дмитрием Пономеревым о Lockpicking

Lockpicking wiki http://www.lockwiki.com/index.php/Lockpicking

Одни из лучших образовательных видео, чувак реально доходчиво объясняет и адекватное качество картинки, а не пиксели: https://www.youtube.com/user/bosnianbill

Например:

Building Your First Lock Pick Kit https://www.youtube.com/watch?v=nYOTJh7NV68

Improve Your Lock Picking Skills (for Beginners) https://www.youtube.com/watch?v=fI7Lx-73lU0

Building Your First Lock Pick Kit https://www.youtube.com/watch?v=nYOTJh7NV68

How to Detect and Beat Spool Pins (for Beginners) https://www.youtube.com/watch?v=d3H2rK-3FaQ

Вендоры:

http://www.sparrowslockpicks.com/

https://www.southord.com/

https://www.thinkpeterson.com/

https://www.youtube.com/watch?v=UOlJHiY4NJg

https://www.youtube.com/watch?v=xFEa_j3D97E  (тут называется Raking, но по-идее,это zipping )

SPP https://www.youtube.com/watch?v=M0m7y5S1mFU

А вот это raking с bogota rake https://www.youtube.com/watch?v=PK_Qu67xEUY

Связаться с Дмитрием можно в твиттере @ze_punker или написать письмо на dmytro.ponomarov@gmail.com

1Password хранит данные в незашифрованном виде - «Хакер» https://goo.gl/Fd7eUq

CIA boss has his personal email account hacked... and yes, it's on AOL https://t.co/rHDmCMeWCF?ssr=true

Wikileaks claims release of CIA boss John Brennan's emails - BBC News http://goo.gl/wZxeHt

Teen Who Hacked CIA Director’s Email Tells How He Did It http://goo.gl/YprcpO

HTTPS certs now simple, automated and FREEEE! https://letsencrypt.org/howitworks/

Chinese used hacking team software http://t.co/uyRoQ0Plbl?ssr=true

Apple tells judge it's "impossible" to unlock a device running iOS 8 or higher https://goo.gl/P2nDLF

КМУ про винагороду кіберполіції http://goo.gl/7zjrwG

A network error routed traffic for the UK's nuclear weapons agency through Russia http://goo.gl/yf4D23

Direct download: 46.mp3
Category:Technology -- posted at: 3:56pm CET
Comments[3]

Intro / Outro Mt Eden DnB and Imogen Heap - The walk https://www.youtube.com/watch?v=bzxI0BbEVdA&list=PL9CDAF3A7B5B6D344&index=46

Yahoo wants to kill passwords with revamped Mail app http://goo.gl/YlFZkK

Two-Factor Authentication - Duo Security https://www.duosecurity.com/

Интернет-омбудсмен увидел вред для РФ от вложений в IT-специалистов http://goo.gl/sy7lX6

UISGCon 11 CFP https://11.uisgcon.org/ua/call-papers

Интервью с Евгением Пилянкевичем о проекте Themis https://cossacklabs.com/themis.html

Блог https://www.cossacklabs.com/blog.html и твиттер https://twitter.com/cossacklabs компании

Даниэль Канеман “Думай медленно... решай быстро” https://goo.gl/jciKEV

John McAfee Launches Presidential Bid With Surprisingly Low Key Video http://goo.gl/oDcswO

China arrests hacking suspects on behalf of the US http://t.co/TR6LKmv1OV?ssr=true

Створення кіберполіції https://goo.gl/nldK6s

Вимоги до інспекторів та спецагентів http://goo.gl/OqtcFY

What’s in a Boarding Pass Barcode? A Lot http://goo.gl/e4kFpj

Migrate to KeePassX https://goo.gl/oCGjty

Everything Amazon announced at AWS re:Invent 2015 http://goo.gl/rjv8Xw

Happy to see @awscloud Inspector (https://goo.gl/opOQfD) & @googlecloud scanner (http://goo.gl/gllwyV) as another security tool for dev
How is NSA breaking so much crypto? https://goo.gl/KJB3lR

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (pdf) https://goo.gl/FIAj5y

OS X 10.11 El Capitan: Bugs, bugs, and more bugs http://goo.gl/uXs0sJ

Microsoft Working on Fix for Office Bugs in OS X El Capitan http://goo.gl/qFtkuQ

Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash http://goo.gl/JZiDGy

13 new vulnerabilities? You should disable or uninstall Adobe Flash http://goo.gl/hv5H9b

Adobe releases patch for major Flash vulnerability – here’s how to download it https://goo.gl/K8e4EX

Dow Jones Hacked, Affecting Thousands http://goo.gl/UrJGxV

WSJ hacked (pdf) http://s.wsj.net/message/dowjonesletter-20151009.pdf

How I Hacked Hotmail https://goo.gl/A9xtqS

Exclusive: Uber checks connections between hacker and Lyft http://goo.gl/qsC6xv

Alleged Ukrainian Hacker Extradited to US http://goo.gl/5yrosV

European Court of Justice invalidates European Commission’s Safe Harbor decision https://goo.gl/H21pFY

IRS Can’t Update Woefully Out-of-Date Windows Servers Because It Can’t Find Some of Them http://goo.gl/CCMxHH

Russia ‘very targeted’ in its cyber attacks (video) http://t.co/vtaWmODkQ8?ssr=true

Злоумышленники атакуют компании через Cisco WebVPN http://goo.gl/OERSMR

VulDB: Cisco ASA SSL VPN cross site scripting [CVE-2014-3393] http://www.scip.ch/en/?vuldb.67752

Rusky antivirus company FIRE BOMBED for research blogs http://goo.gl/uUXgHM

App Store removes root certificate-based ad blockers over privacy concerns http://goo.gl/y8pJ14

Lessons From the Summer of Epic Car Hacks http://goo.gl/XOgYSO

Direct download: 45.mp3
Category:Technology -- posted at: 2:22pm CET
Comments[0]

Intro / Outro Гуцул Калiпсо - Звiзда https://www.youtube.com/watch?v=5NDIJLOS3VM

Интервью с Игорем Блюменталем. Связаться можно с помощью facebook или twitter

Bugsheet. Bug Bounties & Disclosure Programs http://bugsheet.com/directory

Cobalt https://cobalt.io/programs

Hackerone https://hackerone.com/

Первая всеукраинская олимпиада и форум по кибербезопасности http://www.hackit-ukraine.com/

SYNful Knock - A Cisco router implant - Part I https://goo.gl/yQKUw6

IoT vigilante Linux.Wifatch 'malware' may be patching up security flaws http://goo.gl/omNGX8

You should traceroute bad.horse right now http://goo.gl/KGM4vV and https://twitter.com/mikko/status/648227292821487616

President Obama says the U.S. and China have agreed to broad anti-hacking principles http://bloom.bg/1Muxe2a

Analysis: China-US hacking accord is tall on rhetoric, short on substance http://goo.gl/4E0X1J

The Cost of Mobile Ads on 50 News Websites http://goo.gl/TXz8F5

Patreon was warned of serious website flaw 5 days before it was hacked http://goo.gl/ePXgR6

Лeybase.io https://keybase.io/

ARIN IPv4 Free Pool Reaches Zero https://www.arin.net/announcements/2015/20150924.html

Russian police investigate Apple for ‘propagating homosexuality’ https://goo.gl/wQUy1K

Symantec caught issuing rogue Google.com certificates http://goo.gl/14dMaQ

Symantec employees fired for issuing rogue HTTPS certificate for Google http://t.co/PV7FDxXPG7

ZERODIUM iOS 9 BOUNTY https://www.zerodium.com/ios9.html

Hello? HELLO? Major Skype outage hits UK, Australia and Japan http://goo.gl/eVlnRK

Недокументированная фича Mail.ru http://blog.yurganov.com/all/neetichny-mail-ru/

AVG can sell your browsing and search history to advertisers (Wired UK) http://goo.gl/M5wp1N

BitPay Hacked, 5 000 Bitcoins Stolen https://goo.gl/hdR9bE

Cyber-attacks and underground activities in Port of Antwerp https://goo.gl/LH56hl

Direct download: 44.mp3
Category:Technology -- posted at: 1:53am CET
Comments[0]

Intro / Outro DJ Orkidea - Beautiful https://goo.gl/xba4Cx

Да здравствует UISGCon 11! https://11.uisgcon.org/

Мосгорсуд взыскал с Google 50 тысяч рублей за чтение личной переписки http://ria.ru/incidents/20150916/1255277367.html

iOS Ad-Blocking Apps Top Apple Inc.'s App Store Paid List Shortly After iOS 9 Launch http://goo.gl/eSmnFl

Ex-Ashley Madison CTO Threatens Libel Suit http://goo.gl/ZuA7C2

Ashley Madison passwords like “thisiswrong” tap cheaters’ guilt and denial http://goo.gl/tqDfpz

Researcher discloses zero-day vulnerability in FireEye http://goo.gl/XNp3o6

FireEye, Kaspersky hit with zero-day flaw claims http://goo.gl/lyQgij

FireEye 0day details (as much of them as legally possible) https://t.co/lFXTwFagA5?ssr=true

Stagefrightened? http://goo.gl/jPwBb2

Android 5.x Lockscreen Bypass (CVE-2015-3860) http://goo.gl/VboNqC

iOS 8.4.1 AirDrop Exploit Demo https://www.youtube.com/watch?v=j3JODDmk2Hs

FBI: $1.2B Lost to Business Email Scams http://goo.gl/DX4IYH

BitPay Hacked, 5 000 Bitcoins Stolen - CCN: Financial Bitcoin & Cryptocurrency News https://goo.gl/Ce4gZC

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill http://goo.gl/nDagjA

В России заблокируют PornHub http://lenta.ru/news/2015/09/07/pornhub/

ЮРИДИЧНІ ОСОБИ, до яких застосовуються обмежувальні заходи (санкції) (pdf) http://goo.gl/IYRv3R

What is Privacy For? Protecting Our Kids Online. http://goo.gl/L2LdY2

Raising Kids with Privacy Awareness https://goo.gl/Tr1hGV

Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals http://goo.gl/yKPNY2

Уязвимость на сайте ПриватБанка позволяла просматривать историю платежей любого пользователя http://www.securitylab.ru/news/474561.php

Яндекс.Навигатор уличили в записи разговоров владельца https://nplus1.ru/news/2015/09/08/yandex-is-watching

LinkedIn Sockpuppets Are Targeting Security Researchers https://goo.gl/C3uBas

SUCEFUL: Next Generation ATM Malware https://goo.gl/yiSZ4x

Криворукие «хакеры» ФСБ «Киберберкут» разродились очередным фейком http://goo.gl/cEnK0t

Mail.ru https://www.facebook.com/denmajor/posts/963953843669871

А что вы ищите на github? https://goo.gl/2oEAbd

Global State of Information Security Survey 2015 http://goo.gl/phL4ZT

First-ever monthly Android security updates start to roll out http://t.co/IBwgPlb4xc?ssr=true

Хакерские группы взламывают спутниковые каналы, чтобы замести следы http://geektimes.ru/post/262230/

Netflix releases reflected XSS audit tool for biz http://goo.gl/PHlsz7

Что искала СБУ в Днепропетровском офисе LUXOFT http://ain.ua/2015/09/07/602178

Malicious Firmware Found Preinstalled on Xiaomi, Huawei, Lenovo Phones https://goo.gl/Plxsn0

Direct download: 43.mp3
Category:Technology -- posted at: 8:41am CET
Comments[0]

Intro / Outro ELEPHANT - Moon https://soundcloud.com/user-612343039/elephant-moon

A New Encryption Standard of Ukraine: The Kalyna Block Cipher https://eprint.iacr.org/2015/650

Держспецзв'язку впроваджує нові стандарти криптографічного захисту інформації http://goo.gl/0Rj22Y

База патентів України. Спосіб шифрування двійкових блоків даних http://goo.gl/vvmZ78

A Meet-in-the-Middle Attack on Reduced-Round Kalyna-b=2b (pdf) https://eprint.iacr.org/2015/762.pdf

Быстродействие http://ko.com.ua/files/u125/kalyna_1.jpg

Kupyna http://www.slideshare.net/oliynykov/kupyna

Who Hacked Ashley Madison? http://t.co/zKb5r3dbcZ?ssr=true

Exposed Ashley Madison members targeted by scammers and extortionists http://t.co/V6OuEBttWk?ssr=true

Troy Hunt: Here’s what Ashley Madison members have told me http://goo.gl/HS768U

Ashley Madison execs hacked competitors, wrote screenplay http://t.co/dy0n9S0sVf?ssr=true

Ashley Madison faces proposed class-action suit over half-deleted data http://t.co/DVQB60hPHt?ssr=true

Lessons learned from cracking 4,000 Ashley Madison passwords http://t.co/EORxGUPt5h?ssr=true

AshleyMadison: $500K Bounty for Hackers http://goo.gl/cfDhw8

Ashley Madison: 'Suicides' over website hack - BBC News http://www.bbc.com/news/technology-34044506

Leaked AshleyMadison Emails Suggest Execs Hacked Competitors http://goo.gl/LplHVQ

Almost None of the Women in the Ashley Madison Database Ever Used the Site http://goo.gl/4ixcF3

Ashley Madison dump, Troy Hunt and The Grugq http://risky.biz/RB379

Netflix Is Dumping Anti-Virus, Presages Death Of An Industry http://goo.gl/awkK60

ЗМІ дізналися про загрози Касперського мочити компанію-конкурента http://goo.gl/rZwh8X

Холодильники Samsung могут быть использованы для кражи паролей Gmail http://goo.gl/YzSJIW

Linux Foundation releases PARANOID internal infosec guide http://goo.gl/J3DNsq

Improving Security for Bugzilla https://goo.gl/PU9p7G

Електронні петиції https://petition.president.gov.ua/

Uber hires two security researchers to improve car technology http://goo.gl/q162Er

Direct download: 42.mp3
Category:Technology -- posted at: 12:17pm CET
Comments[0]

Intro / Outro Frontline - Pillar  https://www.youtube.com/watch?v=jTEkfsGnRTA

Ashley Madison Emails By Category http://pastebin.com/bM2QHCDx

How to search through the leaked Ashley Madison data http://goo.gl/rZTe2A

Hackers Finally Post Stolen Ashley Madison Data http://goo.gl/nek1WJ

Hackers Dump More Ashley Madison Data http://goo.gl/tTqVhN

Aug 20 2015: New message and torrent! https://goo.gl/X5I0ST

Ashley Madison Hackers Speak Out: 'Nobody Was Watching' http://goo.gl/yNwDZO

I found my husband in the Ashley Madison leak http://goo.gl/Zgl6vl

Как дрозды становятся дятлами https://goo.gl/S86uSd

Oracle Deletes CSO’s Screed Against Hackers Who Report Bugs http://goo.gl/E06xim

Oracle CSO is right https://blogs.securiteam.com/index.php/archives/2545

My Personal Take On Mary Ann's Blog https://www.linkedin.com/pulse/my-personal-take-mary-anns-blog-mark-litchfield

No, You Really Can’t http://pastebin.com/raw.php?i=urN8Vyv1

Oracle blog. Those Who Can’t Do, Audit https://goo.gl/HUHUSt

Researchers find way to steal Windows Active Directory credentials from the Internet (SMB protocol) http://goo.gl/YgEBv7

EXCLUSIVE-Ex-employees: Russian antivirus firm faked malware to harm rivals http://goo.gl/S8VWAt

Web.com Hacked! Credit Card information of 93,000 Customers Compromised http://goo.gl/3uQtpD

ICANN hacked, emails and passwords stolen http://goo.gl/d7F9Tw

Tech Firm Ubiquiti Suffers $46M Cyberheist (8.1 вернули, 6.8 зарезервировано) http://goo.gl/gDhZVQ

BitTorrent clients can be made to participate in high-volume DoS attacks http://goo.gl/yqKE3U

Domain Administrator in 17 seconds http://goo.gl/ttB3Hd

Заклеивание веб-камеры или как мой муж сошел с ума http://goo.gl/N9GBXI

The Lifecycle of a Revolution (Keynote) http://t.co/Yd2NVLfi8k?ssr=true

В Одеській ОДА виявили, що інформація з комп’ютерів йде в "ДНР" http://goo.gl/gxVP7Z

Сайт Львівської обладміністрації зламали з території Криму http://goo.gl/lUUNyO

LogEnteries https://en.wikipedia.org/wiki/Logentries

Loggly https://en.wikipedia.org/wiki/Loggly

Loggly Main Dashboard http://take.ms/6jD0C

AWS CloudFormation https://aws.amazon.com/ru/cloudformation/

Understanding AWS Security https://www.youtube.com/watch?v=rei30obkaBc

A lot of security topics  AWS videos are here: https://goo.gl/0aYsDx

Blog post about port knocking http://goo.gl/cXX96a

Не вошедшее:

Empire is a pure PowerShell post-exploitation agent http://www.powershellempire.com/

cve-2015-???? poc ~ os x 10.10.5 kernel local privilege escalation https://github.com/kpwn/tpwn

Share your terminal as a web application https://github.com/yudai/gotty

Alibi routing software and data https://alibi.cs.umd.edu/

Direct download: 41.mp3
Category:Technology -- posted at: 11:57am CET
Comments[0]

Intro / Outro The Weeknd - Wicked Games https://www.youtube.com/watch?v=O1OTWCd40bc&feature=youtu.be

Hackers Can Disable a Sniper Rifle—Or Change Its Target http://goo.gl/7W5zT7

This Hacker’s Tiny Device Unlocks Cars And Opens Garages http://goo.gl/hxfF5J

This Gadget Hacks GM Cars to Locate, Unlock, and Start Them http://goo.gl/NjHmHZ

Researchers Hacked a Model S, But Tesla’s Already Released a Patch http://goo.gl/kQApZx

New vulnerability can put Android phones into permanent vegetative state http://goo.gl/4esGxa

 Can they hear you now? Hacking Team & SS7 http://goo.gl/88eNnk

Researchers look sideways to crack SIM card AES-128 encryption http://goo.gl/CSKRdH

Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op’ http://goo.gl/rYvzQz

Windows 10 is spying on you - at least that's what this developer thinks http://goo.gl/Hv9hTl

Disable KeyLogger Windows 10 https://goo.gl/Jb7Yym

fix windows 10 https://fix10.isleaked.com/

Windows 10 updates to be automatic and mandatory for Home users http://goo.gl/nxvsbs

Researchers claim they’ve developed a better, faster Tor http://goo.gl/39CPkJ

950 million Android phones can be hijacked by malicious text messages http://goo.gl/KsWnjJ

First Known Exploit of Apple DYLD_PRINT_TO_FILE Vulnerability Discovered in the Wild http://goo.gl/sRsU0Z

Ashley Madison invites red-faced cheats to bolt stable door for free http://goo.gl/NP4pB6

Захист урядового порталу від Ddos-атак коштуватиме півмільйона http://goo.gl/QlC4T5

Mt.Gox Bitcoin Exchange CEO Arrested by Japanese Police https://goo.gl/p0VaXq

Chinese VPN Service as Attack Platform? http://goo.gl/crRbYx

再探Stagefright漏洞——POC与EXP http://drops.wooyun.org/papers/7557

Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware http://goo.gl/SSpJS1

Exclusive: Visa application portal closed following SC Magazine investigation http://goo.gl/k7jK8Q

Rapid7 Inc (NASDAQ:RPD) https://www.google.com/finance?cid=26424354816105

What amateurs can learn from security pros about staying safe online http://goo.gl/LUySXn

Телеком-регулятор проголосовал за лишение абонентов мобильной связи анонимности http://goo.gl/iCNnYP

Внимание! Крутое мошенничество с картами «ПриватБанка»! http://goo.gl/X5DOsN

Direct download: 40.mp3
Category:Technology -- posted at: 8:16am CET
Comments[0]

Intro / Outro Hollywood Undead - Young https://www.youtube.com/watch?v=R_HHm9ki3JI

ВРУ рассмотрит законопроект о защите киберпространства http://goo.gl/H9fral

Предложения «ГО ИСАКА КИЕВ» к проекту закона Украины об основах кибербезопасности http://goo.gl/mfwlC8

Канадский опыт http://goo.gl/vsjVIS и http://goo.gl/ErQ8Qf

Hackers Remotely Kill a Jeep on the Highway—With Me in It http://goo.gl/tOXRvF

When Charlie Miller tells you to install an update for your Jeep, you really should go and install that update. https://goo.gl/aD7zOM

Patch Your Chrysler Now Against a Wireless Hacking Attack http://goo.gl/4HzhhS

Online Cheating Site AshleyMadison Hacked http://goo.gl/5E0GKb

#AshleyMadisonHack ... the website is now down https://twitter.com/kennethgeers/status/624091409193107456

Paying $20 to delete your Ashley Madison profile was probably a bad idea http://arstechnica.com/?p=523501

Mr.Robot

Firefox blacklists Flash player due to unpatched 0-day vulnerabilities http://goo.gl/VCpfQs

Adobe: We REALLY are taking Flash security seriously – honest http://goo.gl/vKB3Se

Third Hacking Team Flash Zero-Day Found http://goo.gl/zC2Ure

Project Zero. One Perfect Bug: Exploiting Type Confusion in Flash http://goo.gl/Ad9Lvl

RIPv1 Used in DDoS Reflection Attacks - AT&T ThreatTraq Bits (video) https://goo.gl/PkuGpl

Threat Advisory: RIPv1 Reflection DDoS (pdf) https://goo.gl/JLsqOJ

OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability http://bit.ly/1eorJW7

MS15-067 http://bit.ly/1eosKxc

MS urges Skype users to change their passwords http://bit.ly/1eorYQQ

Bye bye Darkode http://www.justice.gov/node/577356

How to Crack RC4 Encryption in WPA-TKIP and TLS http://goo.gl/jDDQT4

Free Tool Looks for HackingTeam Malware https://goo.gl/6MQKG2

Owners of OPM breached data tobe granted life time credit monitoring https://wp.me/p3AjUX-tBc

Wow, another NSA leak: Network security code appears on GitHub http://goo.gl/zQbsoL (Анализ на хабре http://habrahabr.ru/company/pt/blog/263305/)

Direct download: 39.mp3
Category:Technology -- posted at: 2:33pm CET
Comments[0]

Intro / Outro Сен-тропе - у селові https://www.youtube.com/watch?v=L-UBXr5_m38

Интервью с Василием Гузием о тонкостях поимки кибер преступников

В Украине арестовали пятерых хакеров, причастных к краже не менее 2 млн евро у крупнейших мировых банков http://goo.gl/7ItU5t

Депутаты дошли до интернета: законопроект о киберпространстве http://goo.gl/VV3ja3

MasterCard to trial pay-by-face for online purchasing https://goo.gl/0TFCL0

Spy Tech Company 'Hacking Team' Gets Hacked http://goo.gl/qE4fde

Information related to the attacks on HackingTeam on July 6, 2015 http://goo.gl/k0OJO2

Hacking Team Breach Shows a Global Spying Firm Run Amok http://goo.gl/5jbqH7

Hacking Team Asks Customers to Stop Using Its Software After Hack http://goo.gl/pAo3Z3

The FBI Spent $775K on Hacking Team's Spy Tools Since 2011 http://goo.gl/lCal2y

UK police forces wanted to buy Hacking Team spyware http://goo.gl/f6JfcU

Adobe Flash exploit that was leaked by Hacking Team goes wild http://goo.gl/B5DvC3

Hacking Team leak, Flash 0day, exploit payloads and more http://goo.gl/SyOPoJ

Days after Hacking Team breach, nobody fired, no customers lost http://goo.gl/FMD0BO

OPM shuts down background investigation portal because of vulnerability http://goo.gl/MBg0Mq

433,000 Ford cars to be recalled because of software bug http://goo.gl/ox6Y8g

Samsung announces fix for major Galaxy keyboard security flaw http://goo.gl/RzvFdC

Adventures in Automotive Networks and Control Units (pdf) http://goo.gl/prKf8U

NSA can track everyone's phone calls again -- for a while http://goo.gl/AWL3SG

Your VPN Probably Isn’t Private http://goo.gl/46A4JX

Snow https://github.com/zrm/snow

Critical OpenSSL bug allows attackers to impersonate any trusted server http://goo.gl/mGMYQc

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know https://goo.gl/BpntHO

Google unveils independent “fork” of OpenSSL called “BoringSSL” http://goo.gl/OCULBM

В Україні через тиждень запускають захищений мобільний зв'язок http://goo.gl/bEFm8f

Система криптографически защищенной мобильной связи TACITUS http://goo.gl/pLwjNX

Meet the hackers who break into Microsoft and Apple to steal insider info http://goo.gl/PIq4SN

'Hackers' give orders to German missile battery http://goo.gl/nalXaK

Украина вошла в рейтинг стран с наибольшим количеством DDoS-атак http://goo.gl/yegWGp

David Cameron is going to try and ban encryption in Britain http://goo.gl/DLhQ7a

7 things to do when your business is hacked http://goo.gl/sp3qSC

Kali Linux 2.0 Release Day Scheduled https://goo.gl/nPFiIf

Новий Голова Держспецзв’язку Леонід Євдоченко http://goo.gl/w3cU8E

Apple to introduce two-factor authentication option in iOS 9 and OS X El Capitan http://goo.gl/uDjbMu

Security-конференция dec0de в Одессе https://goo.gl/Laq74T

Apple to introduce two-factor authentication option in iOS 9 and OS X El Capitan http://goo.gl/uDjbMu

Windows 10 will share your Wi-Fi key with your friends' friends http://goo.gl/89aVAD

Cisco To Buy Cloud Security Company OpenDNS for $635M In Cash http://goo.gl/UXacwj

US-CERT Alerts of Phishing Campaigns Targeting OPM Hack Victims http://goo.gl/RWc620

Information security news and discussion https://www.reddit.com/r/netsec

Two keys to rule them all: Cisco warns of default SSH keys on appliances http://goo.gl/TbMvDo

Amazon Releases S2N TLS Crypto Implementation to Open Source https://goo.gl/wwxiHT

RWMC https://github.com/giMini/RWMC

To determine HackingTeam infection https://goo.gl/6KlVKE

Direct download: 38.mp3
Category:general -- posted at: 11:19am CET
Comments[0]

Intro / Outro Jam & Spoon Featuring Rea Garvey-Set Me Free https://www.youtube.com/watch?v=5O5pcVMEvD0&feature=youtu.be

ВРУ рассмотрит законопроект о защите киберпространства http://goo.gl/H9fral

Министерство IT http://dou.ua/forums/topic/14019/

В Украине арестовали пятерых хакеров, причастных к краже не менее 2 млн евро у крупнейших мировых банков http://goo.gl/7ItU5t

Operation Lotus Blossom https://goo.gl/iOwf73

HP Releases Details, Exploit Code for Unpatched IE Flaws http://goo.gl/EffgRD

Analysis and Exploitation of an ESET Vulnerability http://goo.gl/iP1im6

IETF официально вывел из обихода протокол SSLv3 http://goo.gl/D9XnaW

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards http://goo.gl/sLArHD

Secret Service agent who stole $820K from Silk Road pleads guilty http://goo.gl/2CAx2n

This Radio Bug Can Steal Laptop Crypto Keys, Fits Inside a Pita http://goo.gl/Aaso0P

Polish airline LOT was grounded after 'IT attack' took hold http://goo.gl/9rfqoI

Polish plane IT attack? Apparently not, just a simple DDoS http://goo.gl/TdGKej

All Airlines Have the Security Hole That Grounded Polish Planes http://goo.gl/xem9an

Zero-Day Exploits for Stealing OS X and iOS Passwords http://goo.gl/bg49Ru

 CIA Backed Firm Finds Stolen Government Passwords Throughout Web http://goo.gl/fH65oM

Роскомнадзор заблокировал страницу «архива интернета» за экстремизм http://lenta.ru/news/2015/06/25/rkn/

Drupal Fixes Critical OpenID Bug https://goo.gl/Xaxvix

Canada government websites taken down in cyber attack http://goo.gl/cs5FZF

US and British Spies Targeted Antivirus Companies http://goo.gl/x4ua46

Adobe Releases Emergency Patch for Flash Zero-Day Vulnerability http://goo.gl/yazDfC

Sony Hack: WikiLeaks Releases New Batch of 270,000 Documents https://goo.gl/Osj2l5

Чудо-скрипт https://twitter.com/fel1x/status/613420320104558592

HP Security Research OSINT (OpenSource Intelligence) articles of interest http://goo.gl/gjBN6g

Crooks Use Hacked Routers to Aid Cyberheists http://goo.gl/vQ9o67

Transparently Routing Traffic Through Tor https://goo.gl/W9d7x4

https://github.com/sapran/tor-vpn

Using Metasploit socks proxy auxilliary module over a Meterpretee session http://goo.gl/rpNXNU

Meterpreter Paranoid Mode https://goo.gl/15F6n9

Encryption software for files in the cloud https://www.boxcryptor.com

Direct download: 37.mp3
Category:Technology -- posted at: 10:22am CET
Comments[0]

Intro / Outro ЯрмаК - Вставай (TS Prod.)  https://www.youtube.com/watch?v=gO8U8UXVlA4

Интервью с Алексеем Старовым о Tor-клиенте Astoria.

Measuring and mitigating AS-level adversaries against Tor (pdf) http://arxiv.org/pdf/1505.05173.pdf

Center for Applied Internet Data Analysis https://www.caida.org/home/

Связаться с Алексеем можно по e-mail ostarov@cs.stonybrook.edu

Direct download: 36.5.mp3
Category:Technology -- posted at: 7:03pm CET
Comments[0]

Intro / Outro Андрій Хливнюк "Спи собі сама" https://www.youtube.com/watch?v=dGIefvnHfEc

Kaspersky Finds New Nation-State Attack—In Its Own Network http://goo.gl/nA9Mlw

Threatbutt http://threatbutt.com

Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates http://goo.gl/yPhJi0

China might be building vast database of federal worker info, experts say http://goo.gl/P8HnWG

TV5 Monde attack 'by Russia-based hackers' http://goo.gl/1DOu5P

Serious iOS bug lets hackers create fake login screens to steal Apple credentials http://goo.gl/tNSMR0

LastPass Security Notice https://goo.gl/aaYL1p

Tesla Motors начала платить за найденные уязвимости https://bugcrowd.com/tesla

Assume your GitHub account is hacked, users with weak crypto keys told http://goo.gl/EvGHJ5

You Can Be Prosecuted for Clearing Your Browser History http://goo.gl/alSB8y

Sourceforge Hijacks the Nmap Sourceforge Account http://seclists.org/nmap-dev/2015/q2/194

This Hacked Kids' Toy Opens Garage Doors in Seconds http://goo.gl/hSBOU0

Edward Snowden: “I should have come forward sooner.” https://goo.gl/j0FxzC

Сноуден обвинил Россию в нарушении неприкосновенности частной жизни http://snob.ru/selected/entry/93509

Украинец убедил нигерийского спамера выслать ему 600 долларов https://goo.gl/0xsgWg

Держспецзв’язку видала позитивний експертний висновок на Симетричний блоковий шифр AES http://goo.gl/A1T4oq

The Senate Finally Passes NSA Surveillance Reform http://goo.gl/Z1Gq6W

Интернет-вруны: В сети появился список кремлевских троллей и пропутинских организаций https://goo.gl/ceVuTs

У Бельгії комісія подала до суду на Facebook http://goo.gl/y968ib

Report: Hack of government employee records discovered by product demo http://goo.gl/mk5e6s

Технологический практикум «Облака без лишних слов» http://4partners.com.ua/clouds2015

Вебинары Positive Technologies: образовательная программа "Практическая безопасность" http://www.ptsecurity.ru/lab/webinars/

Yahoo to face class action lawsuit over email spying claims https://goo.gl/OAdyIJ

Facebook will encrypt the emails it sends to you with PGP http://goo.gl/hlq9nx

Microsoft Plans to Add Secure Shell (SSH) to Windows http://goo.gl/f4hPps

 

Direct download: 36.mp3
Category:Technology -- posted at: 9:00pm CET
Comments[0]

Intro/outro - Фантом 2 - Двоє https://www.youtube.com/watch?v=7qWDckvlFp0

The Complete Guide for Hidden Services And Staying Anonymous http://wp.me/p3Y90y-3p

Risky Business #367 -- Tor Project lead Roger Dingledine http://risky.biz/RB367

Astoria — Advanced Tor Client Designed to Avoid NSA Attacks http://bit.ly/1KuKipo

Anonymous peer-to-peer instant messaging https://ricochet.im/

Top encryption researcher moves to Switzerland to escape government interference http://bit.ly/1dtuNRe

HideMyAss story: How misbehaving at school made one man a multimillionaire http://bbc.in/1KuJzo5

Russia warns Google, Twitter and Facebook on law violations http://reut.rs/1KuKIvW

Президент РФ подписал указ о создании государственного сегмента интернета http://bit.ly/1KuLtoX

Some notes about Wassenaar http://bit.ly/1Atxah3

Cisco Systems поставляла оборудование для Минобороны РФ, ФСБ и Роскомоса в обход санкций http://goo.gl/wc6XjX

Билеты на финал Лиги Европы от Приватбанка

The founder of the Silk Road drug marketplace has been sentenced to life in prison without parole http://goo.gl/6eU24u

Aaron Swartz stood up for freedom and fairness http://goo.gl/JFcPx9

Верховный суд обязал банки возвращать клиентам украденные с карточек деньги http://news.finance.ua/ru/news/~/351321

Активисты раскрыли способ "накрутки" голосов при отборе в общественный совет НАБ http://bit.ly/1dxbiqO

NSA (doesn’t) shut down surveillance program http://thehill.com/node/242774

Senate blocks the bill: Senate blocks NSA surveillance reform bill http://bit.ly/1KuK55J

Китайцы придумали, как отслеживать людей в метро через акселерометры смартфонов http://geektimes.ru/post/251018/

Official Kali Linux Docker Images https://www.kali.org/?p=1224

ООН причислил шифрование и анонимность в интернете к правам человека http://geektimes.ru/post/251202/

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it http://wp.me/p120rT-1ddb

Infosec Hype Tracker https://twitter.com/InfosecHype

pcre -- multiple vulnerabilities http://t.co/QActfSVase

Malicious Minecraft apps affect 600,000 Android Users http://bit.ly/1FT08sL

Annoying bug causes iPhone Messages to crash http://dailym.ai/1PMOswq

Hola VPN turns 10M users into exit nodes https://t.co/FwK3NMtoRa

These two Diablo III players stole virtual armor and gold — and got prosecuted IRL http://fus.in/1edYyWi

Real-world, physical crypto-lockers http://on.fb.me/1KuJIYA

Security Firm Redefines APT: African Phishing Threat http://krebsonsecurity.com/?p=30967

Direct download: 35.mp3
Category:Technology -- posted at: 9:17am CET
Comments[0]

Intro / outro - Christian Kane - LA Song

https://www.youtube.com/watch?v=IGQVn2sxCuI

Интервью с Тарасом Бобало

Связаться с Тарасом можно с помощью email madspeedy@gmail.com и skype madspeedy

Virtualized Environment Neglected Operations Manipulation (VENOM) http://venom.crowdstrike.com/

Heartbleed, eat your heart out: VENOM vuln poisons countless VMs http://www.theregister.co.uk/2015/05/13/heartbleed_eat_your_heart_out_venom_vuln_poisons_countless_vms/

PCI DSS 3.1 (pdf) https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf

UISGCON 10 CTF https://ctf.uisgcon.org/

HTTP/2 http://www.rfc-editor.org/rfc/rfc7540.txt

Patch Tuesday Facelift End of an Era https://threatpost.com/patch-tuesday-facelift-end-of-an-era/112640

GAUNTLT http://gauntlt.org/

Премьер-министр Сингапура написал решатель Судоку на C++ и выложил исходный код программы в открытый доступ http://itc.ua/news/premer-ministr-singapura-napisal-reshatel-sudoku-na-c-vyilozhil-ishodnyiy-kod-programmyi-v-otkryityiy-dostup/

Super secretive malware wipes hard drive to prevent analysis http://arstechnica.com/security/2015/05/super-secretive-malware-wipes-hard-drive-to-prevent-analysis/ 

WordPress Vulnerability Puts Millions of Websites At Risk http://thehackernews.com/2015/05/wordPress-vulnerability.html

 Киевский трамвай наехал на Google-мобиль http://kiev.unian.net/1076877-kievskiy-tramvay-naehal-na-google-mobil-foto.html

Self-Driving Trucks Are Going to Hit Us Like a Human-Driven Truck https://medium.com/basic-income/self-driving-trucks-are-going-to-hit-us-like-a-human-driven-truck-b8507d9c5961

Security Product Liability Protections Emerge http://www.darkreading.com/vulnerabilities---threats/security-product-liability-protections-emerge/d/d-id/1320274

France passes new surveillance law in wake of Charlie Hebdo attack http://www.theguardian.com/world/2015/may/05/france-passes-new-surveillance-law-in-wake-of-charlie-hebdo-attack

Microsoft Launches Visual Studio Code, A Free Cross-Platform Code Editor For OS X, Linux And Windows http://techcrunch.com/2015/04/29/microsoft-shocks-the-world-with-visual-studio-code-a-free-code-editor-for-os-x-linux-and-windows/#.97r8gf:47VB

Sublime Text https://www.sublimetext.com/

Mad Max: Fury Road https://www.youtube.com/watch?v=hEJnMQG9ev8

Goodbye! We'll be back!

Direct download: 34.mp3
Category:Technology -- posted at: 8:51am CET
Comments[0]

44Con http://44con.com/

Dai Davis http://www.chambersandpartners.com/uk/person/356834/dai-davis

Jerry Gamblin http://jerrygamblin.com/

Kevin Williams http://44con.com/cybersecurity/speakers/2015/kevin-williams.html

https://www.cyberstreetwise.com/

https://www.getsafeonline.org/

https://www.gov.uk/

Leslie Forbes https://www.linkedin.com/in/forbes

 

Direct download: 44Con.mp3
Category:Technology -- posted at: 1:02am CET
Comments[0]

Intro / Outro The Guild: I'm the One That's Cool https://www.youtube.com/watch?v=jFhgupR565Q

Интервью с Евгением Цигикало, специалистом по сигнализации в сетях связи

Б.Гольтдштейн Сигнализация в сетях связи http://www.ozon.ru/context/detail/id/4760814/

http://www.3gpp.org/

44con http://44con.com/

BE SECURE http://besecure.com.ua/

Hackers Could Commandeer New Planes Through Passenger Wi-Fi http://www.wired.com/2015/04/hackers-commandeer-new-planes-passenger-wi-fi/

RSA Conference 2015 http://www.rsaconference.com/

How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html

Hacker Implants NFC Chip In His Hand To Hack Android Phones http://thehackernews.com/2015/04/nfc-chip-hack-android.html?utm_source=dlvr.it&utm_medium=twitter

CCSP https://www.isc2.org/ccsp-faqs/default.aspx

Twitter перевёл неамериканские аккаунты в ирландский дата-центр https://support.twitter.com/articles/20172527

Wi-Fi software security bug could leave Android, Windows, Linux open to attack http://arstechnica.com/security/2015/04/22/wi-fi-software-security-bug-could-leave-android-windows-linux-open-to-attack/

iOS bug sends iPhones into endless crash cycle when exposed to rogue Wi-Fi https://docs.google.com/document/d/1kL2T2Z0AOMeX-jXKy7Q_1m-bHfunIY8wYyh6XSauhk0/edit

Fukushima nuke plant owner told to upgrade from Windows XP http://www.theregister.co.uk/2015/04/23/fukushima_nuke_plant_owner_told_to_upgrade_from_windows_xp/

Hackers used a surprisingly simple method to access Tesla's website and Twitter account http://www.businessinsider.com/how-the-tesla-hack-happened-2015-4

«ПриватБанк» и «Ощадбанк» запускают в Украине BankID — систему верификации пользователя на госсайтах http://ain.ua/2015/04/20/576138

Direct download: 33.mp3
Category:Technology -- posted at: 12:50am CET
Comments[0]

Intro / Outro Skylar Grey - White Suburban

FORTINET Security Day 2015 http://www.pcweek.ua/themes/detail.php?ID=149082

iForum http://2015.iforum.ua/

Introducing CSX skills-based CYBERsecurity training and performance-baced certifications http://goo.gl/nB0GHu

СТАЛЕВИЙ БУБЕН - IX (2015-04-04) http://www.steeldrum.org.ua/ua/fotolalereji/stalevyj-buben-ix-20140404.html#prettyPhoto

С Днем рождения, Владимир!

2015 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015-insider_en_xg.pdf

Risky Business #362 http://risky.biz/RB362

IBM to release 20 years worth of cyberthreat data http://www.rcrwireless.com/20150416/big-data-analytics/ibm-to-release-20-years-worth-of-cyber-threat-data 

IBM® X-Force Exchange https://exchange.xforce.ibmcloud.com/ 

Wikileaks Publishes Hacked Sony Emails, Documents http://yro.slashdot.org/story/15/04/17/0246219/wikileaks-publishes-hacked-sony-emails-documents?utm_source=slashdot&utm_medium=twitter

VeraCrypt 1.0f-2 http://www.opennet.ru/opennews/art.shtml?num=41996

French TV station TV5Monde hit by Islamic State hack http://news.yahoo.com/french-tv5monde-hit-pro-islamic-state-hackers-222158856.html

The 4 stages of crypto ransomware http://www.slideshare.net/slideshow/embed_code/47068990

Find it in twitter https://twitter.com/recover_service

Полиция Массачусетса заплатила выкуп в биткоинах, чтобы вернуть свои файлы http://geektimes.ru/post/248706/

Q&A about malicious ransomware software https://au.finance.yahoo.com/news/q-malicious-ransomware-software-040108255.html

How the U.S. thinks Russians hacked the White House http://edition.cnn.com/2015/04/07/politics/how-russians-hacked-the-wh/index.html

66% devices patched Heartbleed https://twitter.com/achillean/status/585898269605101568 but Most top corporates still Heartbleeding over the internet http://www.theregister.co.uk/2015/04/08/still_bleeding_one_year_laterheartbleed_2015_research/

YUBIKEY, YUBIHSM: SECRET WEAPONS TO GUARD SECRETS https://www.yubico.com/2015/04/yubikeyyubihsm-secret-weapons-to-guard-secrets/

What Your Passwords Say About Your Psychology http://www.worldcrunch.com/tech-science/what-your-passwords-say-about-your-psychology/computer-security-psychology-cigarette-secret-/c4s18560/#.VTE6fXV7h5R

Direct download: 32.mp3
Category:Technology -- posted at: 4:23am CET
Comments[0]

Intro / Outro Origa - Inner Universe https://www.youtube.com/watch?v=He2ggnGA53c

С Днем рождения, Сергей Борисович!

С Днем рождения, Алиса и Боб! https://en.wikipedia.org/wiki/Alice_and_Bob

Интервью с Виктором Жорой

Контакты: 

http://infosafe.ua/

https://www.facebook.com/infosafe

https://www.linkedin.com/company/infosafe-llc

Рекомендованные книги:

Момент истины

Крестный отец

Сталевий бубен http://www.steeldrum.org.ua/ua/

Fortinet Security Day 2015 http://4partners.com.ua/fortinet-security-day-2015

Information Security Day 2015 доклады

44Con http://44con.com/

Call for paper R0-Conf #3 https://forum.reverse4you.org/showthread.php?t=1949

PCI Recognizes PTES as a reference framework for Conducting Penetration Tests! (pdf) https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf

Курс з основ інформаційної безпеки http://edx.prometheus.org.ua/courses/KPI/IS101/2014_T1/about

2015 Social Security Blogger Awards https://www.surveymonkey.com/s/securitybloggers

Cyberbullying Resource Center : For parents http://kids.kaspersky.com/cyberbullying/parents/home/

Все, що ви написали у "Фейсбук", залишається там – Влодимир Стиран http://openukraine.org/ua/news/990-vse-shho-vi-napisali-u-fejsbuk-zalishajetysya-tam--vlodimir-stiran

TrueCrypt Security Audit (pdf) https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf

This 'Killer USB' can make your Computer explode http://thehackernews.com/2015/03/killer-usb-explode-computer.html

Is your VirtualBox reading your E-Mail? https://hsmr.cc/palinopsia/

Rooting SIM cards https://srlabs.de/rooting-sim-cards/

Кабмин разрешил НКРСИ проверить 4 телекомоператора, в том числе "МТС Украина" и "Киевстар" http://interfax.com.ua/news/economic/257802.html

China's attack against GitHub http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub

App Submissions On Google Play Now Reviewed By Staff, Will Include Age-Based Ratings http://techcrunch.com/2015/03/17/app-submissions-on-google-play-now-reviewed-by-staff-will-include-age-based-ratings/

Cisco recommends Adblock & Ghostery to combat malvertising http://www.cbronline.com/news/cybersecurity/data/cisco-recommends-adblock-ghostery-to-combat-malvertising-4539903

Cisco IP Phones Vulnerable To Remote Eavesdropping http://thehackernews.com/2015/03/cisco-ip-phones-hacking.html

How Hackers Could Delete Any YouTube Video With Just One Click http://thehackernews.com/2015/04/hack-delete-youtube-video.html

Federal Agents Accused of Stealing Bitcoins During Silk Road Investigation http://www.nbcnews.com/tech/tech-news/dea-agents-charged-stealing-bitcoins-selling-info-silk-road-leaders-n332681

OSINT Tools … Recommendations List http://www.subliminalhacking.net/2012/12/27/osint-tools-recommendations-list/

Stop using tail -f (mostly) http://www.brianstorti.com/stop-using-tail/?utm_content=buffer13c97&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Direct download: 31.mp3
Category:Technology -- posted at: 3:17pm CET
Comments[0]

Intro: Кар - Мэн - Лондон гуд-бай https://www.youtube.com/watch?v=Uyisn3MTmJQ

The Company Securing Your Internet Has Close Ties to Russian Spies http://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies

A practical guide to making up a sensation https://eugene.kaspersky.com/2015/03/20/a-practical-guide-to-making-up-a-sensation/

H4cked off: Is Eugene Kaspersky 'in bed' (or the sauna) with the Russian government? Derr, of course he is http://www.computing.co.uk/ctg/feature/2400777/is-eugene-kaspersky-in-bed-or-the-sauna-with-the-russian-government-derr-of-course-he-is

Exploiting the DRAM rowhammer bug to gain kernel privileges http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

The Rowhammer Bug http://www.rowhammer.com/

Risky Business #357 -- Mark Dowd talks Rowhammer http://risky.biz/RB357

Black Box Can Brute Force Crack iPhone PIN Passcodes  http://www.forbes.com/sites/thomasbrewster/2015/03/16/300-device-can-pop-open-old-iphones-with-ease/

New BIOS implant, vulnerability discovery tool to debut at CanSecWest https://threatpost.com/new-bios-implant-vulnerability-discovery-tool-to-debut-at-cansecwest/111710

Mobile Android, iOS apps still vulnerable to FREAK attacks https://threatpost.com/mobile-android-ios-apps-still-vulnerable-to-freak-attacks/111695

RC4 must die http://www.isg.rhul.ac.uk/tls/RC4mustdie.html

uTorrent Installs Bitcoin Miner http://anonhq.com/utorrent-installs-bitcoin-miner-bad-pc/

OpenSSL Audit https://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.html

Webnic Registrar Blamed for Hijack of Lenovo http://krebsonsecurity.com/2015/02/webnic-registrar-blamed-for-hijack-of-lenovo-google-domains/

Bogus SSL certificate for Windows Live could allow man-in-the-middle hacks http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/

Yahoo Mail launches on-demand passwords, end-to-end encryption coming by year's end http://www.techspot.com/news/60064-yahoo-mail-launches-demand-passwords-end-end-encryption.html

Yahoo exec goes mano a mano with NSA director over crypto backdoors http://arstechnica.com/tech-policy/2015/02/yahoo-exec-goes-mano-a-mano-with-nsa-director-over-crypo-backdoors/

Adobe web services vulnerability disclosure program https://hackerone.com/adobe

Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities http://thehackernews.com/2015/03/yahoo-bug-bounty.html

Cyber terror test tasks hackers with saving London from hacked battleship http://m.v3.co.uk/v3-uk/news/2399541/cyber-terror-test-tasks-hackers-with-saving-london-from-hacked-battleship

Banning Tor unwise and infeasible, MPs told http://www.bbc.com/news/technology-31816410

Drupal Patches Critical Password-Reset Vulnerability http://thehackernews.com/2015/03/hacking-drupal-website.html

GPG Suite Beta 6 https://gpgtools.org/

Интервью с представителем департамента по борьбе с кибер. преступностью Украины Василием Гузием

Форма связи http://cybercrime.gov.ua/ua/feedback-ua

Outro: Петр Сказкив - Буревій https://youtu.be/DlvL1O9QFMc?t=1m54s

Direct download: 30.mp3
Category:Technology -- posted at: 12:22am CET
Comments[0]

Intro/Outro: Etherwood - Begin By Letting Go

'FREAK' in Android and iOS http://thehackernews.com/2015/03/freak-openssl-vulnerability.html

'FREAK' in Windows http://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html

Вопрос от слушателя по мотивам очередного pre-load in Android http://thehackernews.com/2015/03/Xiaomi-Mi-4-malware.html

Cyber BINGO

Truecrypt audit http://blog.cryptographyengineering.com/2015/02/another-update-on-truecrypt-audit.html

Dropbox Accesses All The Files in Your PC (Not Just Sync Folder) and Steals Everything http://www.e-siber.com/guvenlik/dropbox-accesses-all-the-files-in-your-pc-not-just-sync-folder-and-steals-everything/?utm_content=bufferec71c&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer

Dropbox Is Probably Not Stealing All Your Files https://one.darrenpmeyer.com/blog/dropbox-is-problably-not-stealing-all-your-files.html

Seagate NAS Remote Code Execution Vulnerability https://beyondbinary.io/advisory/seagate-nas-rce/

How the NSA’s Firmware Hacking Works http://www.wired.com/2015/02/nsa-firmware-hacking/

Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys http://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/

How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It http://www.forbes.com/sites/thomasbrewster/2015/02/24/blockchain-and-darknet-hacks-lead-to-epic-bitcoin-losses/

Github Hacking for fun and... sensitive data search! http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html

Hillary Rodham Clinton and her emails http://www.washingtonpost.com/politics/state-department-reviewing-whether-clinton-e-mail-violated-security-rules/2015/03/05/16d1547e-c378-11e4-9271-610273846239_story.html

Spies Just by Watching Your Phone’s Power Use http://www.wired.com/2015/02/powerspy-phone-tracking/

Lenovo.com has been hacked http://www.theverge.com/2015/2/25/8110201/lenovo-com-has-been-hacked-apparently-by-lizard-squad

Google is More Protected from Unwanted Software http://googleonlinesecurity.blogspot.com/2015/02/more-protection-from-unwanted-software.html

Cloud based web app security scanner released by GOOGLE http://www.latesthackingnews.com/2015/02/21/cloud-based-web-app-security-scanner-released-by-google/#

Most vulnerable operating systems and applications in 2014 http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/ 

Blogger porn content policy https://support.google.com/blogger/answer/6177281?hl=en

Internet is for PORN!! https://www.youtube.com/watch?v=eWEjvCRPrCo&feature=youtu.be

Direct download: 29.mp3
Category:Technology -- posted at: 3:15am CET
Comments[0]

Intro/Outro: La Fouine - Controle Abusif

CTF движение в Украине и мире – интервью с Николаем Ильиным @MykolaIlin

Рейтинги команд CTF https://ctftime.org и успехи dcua https://ctftime.org/team/762

Популярность CTF-соревнований в Украине и мире

Принципы проведения CTF http://captf.com/maxims.html

Типы соревнований, тактика и стратегия участия в CTF http://felicity.iiit.ac.in/contest/break_in/ http://ructf.org/e/2014/ http://ictf.cs.ucsb.edu/ http://www.phdays.com/ctf/king/ http://c2.cnews.ru/news/top/crc_opublikovany_rezultaty_onlajnkvesta https://ctftime.org/event/list/upcoming https://www.reddit.com/r/securityctf http://captf.com/calendar/ https://time.xctf.org.cn/ctfs/event/list/upcoming

Для связи с Николаем используйте Twitter или пишите на mykola.ilin@defcon.org.ua

Ten Million (Logins and) Passwords https://xato.net/passwords/ten-million-passwords/ https://www.reddit.com/r/10millionpasswords/comments/2w07mf/a_list_of_flaws_in_the_data_set/

Author: https://xato.net/about/#.VOioXELpb8F

Online Check: http://peersm.com/findmyass

Lenovo caught installing adware on new computers http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/ http://news.lenovo.com/article_display.cfm?article_id=1929 https://github.com/hannob/superfishy

Кража миллиардов из 100 финансовых организаций по всему миру http://www.kaspersky.ru/about/news/virus/2015/ugroza-na-milliard http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/

Anunak vs Carbanak FAQ https://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/

Microsoft Pushes Patches for Dozens of Flaws http://krebsonsecurity.com/2015/02/microsoft-pushes-patches-for-dozens-of-flaws/

Bypassing Windows Security by modifying 1 Bit Only http://thehackernews.com/2015/02/bypassing-windows-security.html

Universal XSS in IE 11 http://thehackernews.com/2015/02/internet-explorer-xss.html

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware http://top.rbc.ru/politics/17/02/2015/54e257fe9a7947e06164f582

Решили как-то за блогерами следить http://jurliga.ligazakon.ua/news/2015/2/13/124332.htm

но потом передумали http://www.pravda.com.ua/rus/news/2015/02/16/7058739/

Рада ликвидировала Нацкомиссию по вопросам морали http://news.liga.net/news/politics/5053048-rada_likvidirovala_natskomissiyu_po_voprosam_morali.htm

Отчет об уязвимости моб.интернета от Positive Technologies (pdf) http://www.ptsecurity.com/download/Vulnerabilities_of_Mobile_Internet.pdf

The great SIM heist https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

SSL is officially declared dead https://pciguru.wordpress.com/2015/02/07/ssl-is-officially-declared-dead/

GnuPG 2.1.2 released https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html

Facebook SCAM Alert: Get FREE $200 Amazon Gift Card! http://www.hacker9.com/free-amazon-gift-card-facebook.html

Spat leads to partial leak of Rig Exploit Kit http://threatpost.com/spat-leads-to-partial-leak-of-rig-exploit-kit/111029

Forbes.com compromised by Chinese cyber spies targeting US firms http://www.net-security.org/secworld.php?id=17938

Direct download: 28.mp3
Category:Technology -- posted at: 1:54pm CET
Comments[0]

Intro/Outro: Mad Heads – Молода кров

GnuPG donations https://www.gnupg.org/donate/

Support Risky.Biz https://www.patreon.com/riskybusiness

GPG Tools https://gpgtools.org

GPG encrypted loopback disks http://patrick.uiterwijk.org/2013/02/25/gpg-encrypted-loopback-disks/

Mofilla, Tor & Privacy https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/

Anthem hack http://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/

World's Biggest Data Breaches infographic http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

The Pirate Bay & CloudFlare CDN http://n4gm.com/thepiratebay-using-cloudflare-cdn/

Tsarev & Kolomoyskiy https://www.youtube.com/watch?v=9H4Eb9UI5xg

BlackPhone https://blackphone.ch

Kyivstar cell network blackout in Eastern Ukraine https://www.facebook.com/peter.chernyshov/posts/10205651506638154 https://www.facebook.com/peter.chernyshov/posts/10205679729343704

SS7 security concerns http://www.zdnet.com/article/invasive-phone-tracking-new-ss7-research-blows-the-lid-off-personal-security/

Had Russian blackhats pwned Sony? http://www.forbes.com/sites/thomasbrewster/2015/02/04/russians-hacked-sony-too-claims-us-firm/

Tech journalism in Ukraine http://biz.liga.net/all/it/stati/2924651-proslushat-kazhdogo-reyting-nadezhnosti-mobilnykh-messendzherov-.htm

RetroShare http://retroshare.sourceforge.net Signal https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8 Silent Circle https://silentcircle.com

Extradition aspects http://arstechnica.com/tech-policy/2015/01/dutch-judge-allows-alleged-sophisticated-russian-hacker-to-be-sent-to-us/

Snare on MacOS X bootkitting http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Cisco Annual Security Report http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html

Source 114 vs Verizon Business. Who wins? https://pbs.twimg.com/media/B81r299IUAEu2qT.jpg:large http://www.verizonenterprise.com/DBIR/2014/

Fear the known: why AV companies publish security reports?

Binary Risk Analysis https://binary.protect.io https://binary.protect.io/workcard.pdf

2 factor authentication vs 2 step verification

Yubikey https://www.yubico.com/products/yubikey-hardware/yubikey-2/

Army cyber defenders open source code in new GitHub project http://www.army.mil/article/141734

CERT-UA 2014 report http://cert.gov.ua/?p=2019

Direct download: 27.mp3
Category:Technology -- posted at: 4:28pm CET
Comments[0]

 

  1. Sony Hack

    1. Хронология событий http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/

    2. Мнение Дейва Атила http://seclists.org/dailydave/2014/q4/70

    3. Сомнение в причастности Северной Кореи http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/

    4. США подтвердило проведение мониторинга интернет активности Северной Кореи http://www.bloomberg.com/news/2015-01-19/u-s-spies-tapped-north-korean-computers-prior-to-sony-attack.html

  2. Lizard Kids атаковали Sony PlayStation и Microsoft xBox Networks

    1. http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-microsoft-xbox-networks/

    2. Арест учасников http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/ и http://krebsonsecurity.com/2015/01/another-lizard-arrested-lizard-lair-hacked/

  3. Взлом и приостановка биржи bitcoin

    1. http://www.esecurityplanet.com/network-security/bitcoin-exchange-bitstamp-hacked.html

    2. http://www.zdnet.com/article/bitstamp-exchange-reopens-doors-after-5m-hack/

    3. Анализ курса биткоинта (с небольшим графиком) после приостановки биржи http://www.coindesk.com/markets-weekly-questions-bitcoin-price-torrid-week/

  4. Атака на Tor

    1. http://cointelegraph.com/news/113174/the-tor-onion-is-under-attack-and-rapidly-disintegrating

    2. http://thehackernews.com/2014/12/tor-network-hacked.html
Direct download: 26.mp3
Category:general -- posted at: 5:39pm CET
Comments[0]

Эпизод 25: (туманное) Будущее (облачной) безопасности

Семейное счастье, яркие вулны, хаки и политические акции последнего времени, обачные инфраструктуры и их влияние на область ИБ, знания и инструменты безопасника будущего.

Ссылки на обсуждаемые материалы.

Intro/Outro: Крихітка Цахес – Пароль (http://www.kryhitka.com.ua)

Direct download: 25.mp3
Category:Technology -- posted at: 9:06pm CET
Comments[0]

Feature interview: Andrey "login" Loginov

Windows XPinction in 2014

Snowden leaks 

Anti DDoS in banking 

ØMQ/Saltstack firewall DDoS side effect

DNS amplification classics

Personal VPN on amazon EC2

Hadoop’ed Big Data swamp smelling like Redis

Data aggregation risks

Threat modeling fails

Quantum crypto progress

Outro: Alliance Ethnik - Respect (feat. Vinia Mojica) http://goo.gl/OI7Vn0

Direct download: 24.mp3
Category:Technology -- posted at: 8:07pm CET
Comments[0]

Интервью с Владимиром Кочетковым (https://twitter.com/kochetkov_v)

Тернистый путь специалиста по безопасности приложений: где учиться, чему учиться, к чему стремиться и многое другое.

Безопасность open source, аспекты безопасности использования разделяемых библиотек и frameworks.

Экзотическое поведение списков в Python (http://rsdn.ru/forum/security/4547724.flat)

О безопасности компиляторов (http://www.opennet.ru/opennews/art.shtml?num=29981https://www.veracode.com/blog/2009/08/trust-your-own-code-trust-your-own-compiler/)

Форум по безопасности для разработчиков на RSDN (http://rsdn.ru/forum/security)

Язык программирования Nemerle (http://vkochetkov.blogspot.ru/2011/06/nemerle.html)

The Tangled Web: A Guide to Securing Modern Web Applications (http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886)

Источники информации об исследованиях по безопасности кода:

http://seclab.cs.ucdavis.edu/

http://www.cs.dartmouth.edu/~sergey/

http://ceur-ws.org/

http://suif.stanford.edu/~livshits/work/griffin/lit.html

http://www.cs.utexas.edu/~shmat/courses/cs380s/

http://www.engpaper.com/research-paper-computer-science-web-application.htm

http://www.engpaper.com/research-paper-computer-science-network-security.htm

http://security.cs.berkeley.edu/

Outro: Веня Д'ркин - Нибелунг (http://drdom.ru/)

Direct download: 23.mp3
Category:Technology -- posted at: 6:39am CET
Comments[0]

Intro/Outro: 2Pac – Dear Mama (MelodyAngel Guitar Cover) - https://soundcloud.com/melodyangel/dearmamacover 

Призмы и линзы https://en.wikipedia.org/wiki/PRISM_(surveillance_program) (Meet Mr. Prism! http://i.imgur.com/znAbpIS.png)

Natural Language Processing & Нейронные сети

Безопасность облаков - своими руками http://security-ingvar-ua.blogspot.com/2013/05/cloudstack-iaas-insecure-password-reset.html

(не)безопасность open/closed-source ПО

Усиление Украинского законодательства в области защиты авторского права

No WebMoney – no honey

Тоска по Netflix & Spotify

UISGCON 9 CFP http://uisgcon.org/9/speakers/ 

Прогресс в области гомоморфной криптографии

Пару слов за PHDays

Direct download: 22.mp3
Category:Technology -- posted at: 12:12am CET
Comments[0]

Intro/Outro Malukah - Frozen Sleep - Halo 4 / Cortana Tribute (http://www.malukah.com/FREE/)

Latest Java o-day recap, still not fully patched (http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html)

Java 1.7u10 Security Settings fail (http://seclists.org/fulldisclosure/2013/Jan/241)

Good Morning, Your Mac Keeps A Log Of All Your Downloads(http://www.macgasm.net/2013/01/18/good-morning-your-mac-keeps-a-log-of-all-your-downloads/)

Google looks to ditch passwords for good with NFC-based replacement(http://www.zdnet.com/google-looks-to-ditch-passwords-for-good-with-nfc-based-replacement-7000010073/)

How to Secure SSH with Google Authenticator’s Two-Factor Authentication(http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/)

Red October (http://arstechnica.com/security/2013/01/why-red-october-malware-is-the-swiss-army-knife-of-espionage/)

Gozi Malware (http://www.csoonline.com/article/727438/gozi-malware-arrests-report-highlight-russian-cybercrime)

Google cached HP printers (http://www.wired.com/insights/elsewhere/whoops-google-indexes-more-than-86000-hp-public-printers-20130125/)

PHDays is coming (http://phdays.ru/)

PentestersLab (https://www.pentesterlab.com/), DVL (http://www.damnvulnerablelinux.org/), DVWA (http://www.dvwa.co.uk/), CFT365 (http://ctf365.com/), Hack.me (https://hack.me/)

PoewrShell 3 (http://blogs.technet.com/b/heyscriptingguy/archive/2012/09/06/powershell-3-0-is-now-available-for-download.aspx)

Direct download: 21.mp3
Category:Technology -- posted at: 3:25pm CET
Comments[0]

Intro/Outro: Ylvis - Someone Like Me [dubstep edit] (https://www.youtube.com/watch?v=DwDHiTQq49U)

Fail #1 - Безмолвный Карпик

Fail #2 - Неудавшееся обсуждение "бани трафика"

Криптоанализ в "облаках" - PoC извлечения приватных ключей RSA из соседней виртуальной машины (http://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/)

Смещение парадигмы защиты ИТ-систем в "облаках"

Курсы, связанные с безопасностью, доступные на Coursera (http://coursera.org)

Direct download: 20.mp3
Category:Technology -- posted at: 9:25pm CET
Comments[0]