Securit13 Podcast
Первый украинский подкаст об информационной безопасности

White House blasts Russia for NotPetya cyberattack https://edition.cnn.com/2018/02/15/politics/white-house-russia-notpetya/index.html 
Memcached servers can be hijacked for massive DDoS attacks https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html 
Memcrashed - Major amplification attacks from UDP port 11211 https://blog.cloudflare.com/memcr ashed-major-amplification-attacks-from-port-11211/
GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED https://www.wired.com/story/github-ddos-memcached/amp 
NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ 
У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника https://cyberpolice.gov.ua/news/u-xarkovi-zasudzheno-pidozryuvanogo-za-prodazh-kliyentskoyi-bazy-poshtovogo-pereviznyka-6604/ 
Speculative Execution Bounty Launch https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/ 
Frequently Asked Questions about Microsoft Bug Bounty Programs https://technet.microsoft.com/en-us/security/dn425055.aspx 
AMD allegedly has its own Spectre-like security flaws https://www.cnet.com/google-amp/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/ 
​Linus Torvalds slams CTS Labs over AMD vulnerability report http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/ 
Intel: Our next chips won't have data leak flaws we told you totally not to worry about https://www.theregister.co.uk/2018/03/15/intel_spectre_mitigation/ 
Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake https://arstechnica.com/gadgets/2018/02/intel-ships-hopefully-stable-microcode-for-skylake-kaby-lake-coffee-lake/ 
Samba settings SNAFU lets any user change admin passwords https://www.theregister.co.uk/2018/03/14/samba_password_bug/ 
Zero-day vulnerability in Telegram https://securelist.com/zero-day-vulnerability-in-telegram/83800/ 
Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges https://thehackernews.com/2018/03/text-editors-extensibility.html 
В Исландии похитили 600 серверов для добычи Bitcoin https://www.ixbt.com/news/2018/03/06/v-islandii-pohitili-600-serverov-dlja-dobychi-bitcoin.html 
CBM - Car Backdoor Maker https://www.kitploit.com/2018/03/cbm-car-backdoor-maker.html 
Let's Encrypt updates certificate automation, adds splats https://www.theregister.co.uk/2018/03/14/lets_encrypt_updates_certificate_automation_adds_splats/ 
CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS http://www.theregister.co.uk/2018/03/13/phantom_secure_ceo_arrested/ 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 94_1.mp3
Category:Technology -- posted at: 10:00am CEST
Comments[0]

К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно.

Intro / Outro Ninja by Indikings http://freemusicarchive.org/music/Indikings/Back_In_Space/indikings_ninja 

Breaking the x86 Instruction Set https://www.youtube.com/watch?v=KrksBdWcZgQ 
DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set https://www.youtube.com/watch?v=ajccZ7LdvoQ 
17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud https://www.youtube.com/watch?v=a9sGk7FtnYk 
Clémentine Maurice https://cmaurice.fr/ 
PinMe: Tracking a Smartphone User around the World https://arxiv.org/pdf/1802.01468.pdf 
Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle 
Books:
Intel® 64 and IA-32 Architectures Software Developer’s Manual https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf 
Intel® 64 and IA-32 Architectures Optimization Reference Manual https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 93.mp3
Category:Technology -- posted at: 12:04am CEST
Comments[0]

Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы?

Intro / Outro The Yellow Flying Cog by Flying Species http://freemusicarchive.org/music/Flying_Species/Cogs/4_-_The_Yellow_Flying_Cog

Google's AI Built Its Own AI That Outperforms Any Made by Humans https://www.sciencealert.com/google-s-ai-built-it-s-own-ai-that-outperforms-any-made-by-humans
On the security, privacy, and safety challenges of AI http://www.ml4aad.org/automl/
Why Zuckerberg and Musk Are Fighting About the Robot Future https://www.theatlantic.com/technology/archive/2017/07/musk-vs-zuck/535077/
Elon Musk says we need to regulate AI before it becomes a danger to humanity https://www.theverge.com/2017/7/17/15980954/elon-musk-ai-regulation-existential-threat
Live grilling in Mark's backyard https://www.facebook.com/zuck/videos/10103911836230631/
OpenSOC: An Open Commitment to Security https://blogs.cisco.com/security/opensoc-an-open-commitment-to-security
http://opensoc.github.io/
https://ru.wikipedia.org/wiki/Гордиевский,_Олег_Антонович
https://en.wikipedia.org/wiki/Stanislav_Petrov
Banned In Germany: Kids' Doll Is Labeled An Espionage Device https://www.npr.org/sections/thetwo-way/2017/02/17/515775874/banned-in-germany-kids-doll-is-labeled-an-espionage-device
CCS 2017 http://ieeexplore.ieee.org/document/8055659/
GDPR (General Data Protection Regulation) https://www.eugdpr.org/
Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек?
И наоборот, может ли AI определять "плохое" поведение людей https://snap.stanford.edu/www2017tutorial/
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-fredrikson-privacy.pdf
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures https://www.semanticscholar.org/paper/Model-Inversion-Attacks-that-Exploit-Confidence-In-Fredrikson-Jha/02bc27c39eaaa6b85d336be81b15ca19f112a950
David Wagner keynote https://ccs2017.sigsac.org/keynote.html
AI может "to hack back": https://www.rescam.org

Blindsight by Peter Watts https://en.wikipedia.org/wiki/Blindsight_(Watts_novel)
Далекая Радуга by Братья Стругацкие http://strugacki.ru/book_12.html
WarGames (1983) https://www.imdb.com/title/tt0086567/
Introduction to Artificial Intelligence for Security Professionals https://www.amazon.com/Introduction-Artificial-Intelligence-Security-Professionals-ebook/dp/B07654CFFQ
http://defense.ballastsecurity.net/static/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_2.mp3
Category:Technology -- posted at: 10:49pm CEST
Comments[0]

1