Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Intro/Outro: La Fouine - Controle Abusif

CTF движение в Украине и мире – интервью с Николаем Ильиным @MykolaIlin

Рейтинги команд CTF https://ctftime.org и успехи dcua https://ctftime.org/team/762

Популярность CTF-соревнований в Украине и мире

Принципы проведения CTF http://captf.com/maxims.html

Типы соревнований, тактика и стратегия участия в CTF http://felicity.iiit.ac.in/contest/break_in/ http://ructf.org/e/2014/ http://ictf.cs.ucsb.edu/ http://www.phdays.com/ctf/king/ http://c2.cnews.ru/news/top/crc_opublikovany_rezultaty_onlajnkvesta https://ctftime.org/event/list/upcoming https://www.reddit.com/r/securityctf http://captf.com/calendar/ https://time.xctf.org.cn/ctfs/event/list/upcoming

Для связи с Николаем используйте Twitter или пишите на mykola.ilin@defcon.org.ua

Ten Million (Logins and) Passwords https://xato.net/passwords/ten-million-passwords/ https://www.reddit.com/r/10millionpasswords/comments/2w07mf/a_list_of_flaws_in_the_data_set/

Author: https://xato.net/about/#.VOioXELpb8F

Online Check: http://peersm.com/findmyass

Lenovo caught installing adware on new computers http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/ http://news.lenovo.com/article_display.cfm?article_id=1929 https://github.com/hannob/superfishy

Кража миллиардов из 100 финансовых организаций по всему миру http://www.kaspersky.ru/about/news/virus/2015/ugroza-na-milliard http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/

Anunak vs Carbanak FAQ https://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/

Microsoft Pushes Patches for Dozens of Flaws http://krebsonsecurity.com/2015/02/microsoft-pushes-patches-for-dozens-of-flaws/

Bypassing Windows Security by modifying 1 Bit Only http://thehackernews.com/2015/02/bypassing-windows-security.html

Universal XSS in IE 11 http://thehackernews.com/2015/02/internet-explorer-xss.html

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware http://top.rbc.ru/politics/17/02/2015/54e257fe9a7947e06164f582

Решили как-то за блогерами следить http://jurliga.ligazakon.ua/news/2015/2/13/124332.htm

но потом передумали http://www.pravda.com.ua/rus/news/2015/02/16/7058739/

Рада ликвидировала Нацкомиссию по вопросам морали http://news.liga.net/news/politics/5053048-rada_likvidirovala_natskomissiyu_po_voprosam_morali.htm

Отчет об уязвимости моб.интернета от Positive Technologies (pdf) http://www.ptsecurity.com/download/Vulnerabilities_of_Mobile_Internet.pdf

The great SIM heist https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

SSL is officially declared dead https://pciguru.wordpress.com/2015/02/07/ssl-is-officially-declared-dead/

GnuPG 2.1.2 released https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html

Facebook SCAM Alert: Get FREE $200 Amazon Gift Card! http://www.hacker9.com/free-amazon-gift-card-facebook.html

Spat leads to partial leak of Rig Exploit Kit http://threatpost.com/spat-leads-to-partial-leak-of-rig-exploit-kit/111029

Forbes.com compromised by Chinese cyber spies targeting US firms http://www.net-security.org/secworld.php?id=17938

Direct download: 28.mp3
Category:Technology -- posted at: 1:54pm CET
Comments[0]

Intro/Outro: Mad Heads – Молода кров

GnuPG donations https://www.gnupg.org/donate/

Support Risky.Biz https://www.patreon.com/riskybusiness

GPG Tools https://gpgtools.org

GPG encrypted loopback disks http://patrick.uiterwijk.org/2013/02/25/gpg-encrypted-loopback-disks/

Mofilla, Tor & Privacy https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/

Anthem hack http://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/

World's Biggest Data Breaches infographic http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

The Pirate Bay & CloudFlare CDN http://n4gm.com/thepiratebay-using-cloudflare-cdn/

Tsarev & Kolomoyskiy https://www.youtube.com/watch?v=9H4Eb9UI5xg

BlackPhone https://blackphone.ch

Kyivstar cell network blackout in Eastern Ukraine https://www.facebook.com/peter.chernyshov/posts/10205651506638154 https://www.facebook.com/peter.chernyshov/posts/10205679729343704

SS7 security concerns http://www.zdnet.com/article/invasive-phone-tracking-new-ss7-research-blows-the-lid-off-personal-security/

Had Russian blackhats pwned Sony? http://www.forbes.com/sites/thomasbrewster/2015/02/04/russians-hacked-sony-too-claims-us-firm/

Tech journalism in Ukraine http://biz.liga.net/all/it/stati/2924651-proslushat-kazhdogo-reyting-nadezhnosti-mobilnykh-messendzherov-.htm

RetroShare http://retroshare.sourceforge.net Signal https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8 Silent Circle https://silentcircle.com

Extradition aspects http://arstechnica.com/tech-policy/2015/01/dutch-judge-allows-alleged-sophisticated-russian-hacker-to-be-sent-to-us/

Snare on MacOS X bootkitting http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Cisco Annual Security Report http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html

Source 114 vs Verizon Business. Who wins? https://pbs.twimg.com/media/B81r299IUAEu2qT.jpg:large http://www.verizonenterprise.com/DBIR/2014/

Fear the known: why AV companies publish security reports?

Binary Risk Analysis https://binary.protect.io https://binary.protect.io/workcard.pdf

2 factor authentication vs 2 step verification

Yubikey https://www.yubico.com/products/yubikey-hardware/yubikey-2/

Army cyber defenders open source code in new GitHub project http://www.army.mil/article/141734

CERT-UA 2014 report http://cert.gov.ua/?p=2019

Direct download: 27.mp3
Category:Technology -- posted at: 4:28pm CET
Comments[0]

1