Securit13 Podcast
Первый украинский подкаст об информационной безопасности

BSides Kyiv 21.04.2018 https://securitybsides.org.ua/, cfp https://securitybsides.org.ua/#cfp
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Security hole in AMD CPUs' hidden secure processor revealed ahead of patches https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield https://www.theverge.com/platform/amp/2018/1/3/16844630/intel-processor-security-flaw-bug-kernel-windows-linux?__twitter_impression=true
Intel Releases New Technology Specifications to Protect Against ROP attacks https://software.intel.com/en-us/blogs/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks
A Simple Explanation of the Differences Between Meltdown and Spectre https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
blizzard: agent rpc auth mechanism vulnerable to dns rebinding https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=2
https://twitter.com/secwrks/status/955554405364981761
I’m harvesting credit card numbers and passwords from your site. Here’s how. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Part 2: How to stop me harvesting credit card numbers and passwords from your site https://hackernoon.com/part-2-how-to-stop-me-harvesting-credit-card-numbers-and-passwords-from-your-site-844f739659b9
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Australia probes sale of secret papers in filing cabinets https://apnews.com/2897f5d8449c413796efe03b9202a1ca
Strava's heatmap revealed military bases, but it also showed nothing is anonymous online http://www.abc.net.au/news/science/2018-02-04/strava-heatmap-online-anonymity-is-almost-impossible/9380326
Now even YouTube serves ads with CPU-draining cryptocurrency miners https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/
Uber ignores security bug that makes its two-factor authentication useless http://www.zdnet.com/google-amp/article/uber-security-flaw-two-factor-login-bypass/
British hacker arrested for cyberattacks against Pokemon, Google, and Skype. https://www.scmagazine.com/british-hacker-arrested-for-selling-malware-and-launching-cyberattacks-against-pokemon-google-and-skype/article/738288/
Ay MaMi https://objective-see.com/blog/blog_0x26.html
Hospital Pays $55K Ransomware Demand Despite Having Backups https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/
СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення - https://ssu.gov.ua/ua/news/1/category/2/view/4273#.T1a7701Q.dpbs
Satellite derived time and position blackett review https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/676675/satellite-derived-time-and-position-blackett-review.pdf
Dutch agencies provide crucial intel about Russia's interference in US-elections https://www.volkskrant.nl/media/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~a4561913/


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_1.mp3
Category:Technology -- posted at: 6:51pm CET
Comments[0]

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017)

К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить?

Intro / Outro Clouds of Tenderness by Lobo Loco http://freemusicarchive.org/music/Lobo_Loco/BOB/Clouds_of_Tenderness_ID_792

Russian-controlled telecom hijacks financial services’ Internet traffic https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
Resource Certification (RPKI) https://www.ripe.net/manage-ips-and-asns/resource-management/certification
The Resource Public Key Infrastructure (RPKI) to Router Protocol https://tools.ietf.org/html/rfc6810
BGPsec Protocol Specification https://tools.ietf.org/html/rfc8205
[ipv6-wg] Belgian limits on CGN/NAT? https://www.ripe.net/ripe/mail/archives/ipv6-wg/2016-November/003004.html
Доклад по интернет-блокировкам на Генассамблее ООН: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf, туда же заодно и http://www.ohchr.org/Documents/Issues/Opinion/A.66.290.pdf
Доклад на ENOG, расшифровка в составе сессии: https://habrahabr.ru/company/qrator/blog/342846/ , презентация: https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.key, https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.pdf, запись выступления: https://youtu.be/4MhCXbjSox8
Москва — Пєтушкі by Венедикт Єрофєєв https://uk.wikipedia.org/wiki/Москва_—_Пєтушкі  http://www.moskva-petushki.ru/

Связаться с Алексеем можно по адресу alex.semenyaka@gmail.com или https://www.facebook.com/alex.semenyaka

Direct download: 90_2.mp3
Category:Technology -- posted at: 3:20pm CET
Comments[0]

Intro / Outro Sleepy in the Garden by Lobo Loco https://freemusicarchive.org/music/download/7b5af5facd7ab75f565ca518647fb28f56f1dc08


Malvertising https://en.wikipedia.org/wiki/Malvertising
Malvertising: When Online Ads Attack (2015) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malvertising-when-online-ads-attack
Juniper Acquires Cyphort (2015) https://www.cyphort.com/press-release/cyphort-labs-issues-special-report-on-the-rise-in-malvertising-cyber-attacks/
Malvertising and crypto threats have rocketed in 2017 https://www.htbridge.com/blog/malvertising-and-crypto-threats-have-rocketed-in-2017.html
Malvertising Campaign Redirects Browsers To Terror Exploit Kit https://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-exploit-kit/128596/
Malvertising on Equifax, TransUnion tied to third party script (updated) https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
New Malvertising Campaign Exploits Home Routers, Changes DNS Servers https://www.pindrop.com/blog/new-malvertising-campaign-exploits-home-routers-changes-dns-entries/
Expired domain names and malvertising https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/
Russian Influence Reached 126 Million Through Facebook Alone https://www.nytimes.com/2017/10/30/technology/facebook-google-russia.html
Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference https://www.npr.org/sections/alltechconsidered/2017/10/30/560836775/facebooks-advertising-tools-complicate-efforts-to-stop-russian-interference
Ad network takes steps to reduce fraud https://www.csoonline.com/article/3195998/security/ad-network-takes-steps-to-reduce-fraud.html
Will Crypto Browser Mining Replace The Ad Industry https://www.cryptoglue.com/2017/09/22/will-crypto-browser-mining-replace-the-ad-industry/
For $1000, anyone can purchase online ads to track your location and app use http://www.washington.edu/news/2017/10/18/for-1000-anyone-can-purchase-online-ads-to-track-your-location-and-app-use/
I never signed up for this! Privacy implications of email tracking https://senglehardt.com/papers/pets18_email_tracking.pdf
The Future of Ad Blocking: An Analytical Framework and New Techniques https://arxiv.org/pdf/1705.08568.pdf

https://brave.com
https://cliqz.com/en/
https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack&hl=en
https://recon.meddle.mobi
https://play.google.com/store/apps/details?id=edu.cmu.mcom.ppa&hl=en
https://fdvt.org

Direct download: 89_2.mp3
Category:Technology -- posted at: 8:48am CET
Comments[0]

Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально.

Intro / Outro State of Mind by Audiobinger http://freemusicarchive.org/music/Audiobinger/~/State_of_Mind

BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року https://engage2demand.cisco.com/LP=7258
2016 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
The Black Swan by Nassim Nicholas Taleb https://www.amazon.com/Black-Swan-Improbable-Robustness-Fragility/dp/081297381X
Связаться с Владимиром можно по адресу voilibma@cisco.com или https://www.facebook.com/vladimir.ilibman

Direct download: 88_2.mp3
Category:Technology -- posted at: 10:31pm CET
Comments[0]

1