Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Intro / Outro StrangeZero - Burnin Star  https://www.jamendo.com/track/1378740/burnin-star
00:03:12 Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/
Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak https://www.reddit.com/r/netsec/comments/5y1pag/vault_7_megathread_technical_analysis_commentary/
00:06:10 Интервью с Евгением Пилянкевичем. Связаться с Евгением можно по почте eugene@cossacklabs.com или в твиттере @9gunpi
Acra https://www.cossacklabs.com/acra/
Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead https://www.amazon.com/Work-Rules-Insights-Inside-Transform/dp/1455554790/ref=asap_bc?ie=UTF8
A Graduate Course in Applied Cryptography https://crypto.stanford.edu/~dabo/cryptobook/

Direct download: 78.mp3
Category:Technology -- posted at: 1:19pm CET
Comments[0]

Intro / Outro Brady Harris  - Welcome Me Back https://www.jamendo.com/track/1381589/welcome-me-back
00:01:24 Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Pragmatic thoughts on #CloudBleed https://www.troyhunt.com/pragmatic-thoughts-on-cloudbleed/
00:11:14 We have broken SHA-1 in practice http://shattered.io/
00:19:26 KasperskyOS 11-11: в России разработана уникальная операционная система https://hi-tech.mail.ru/news/kaspersky-os-11-11/
00:23:15 Microsoft forced to issue emergency Flash fix after delaying Windows patches http://www.theverge.com/2017/2/22/14696358/microsoft-security-fix-adobe-flash-february-2017-patch-tuesday
00:30:08 China just made VPNs illegal https://www.engadget.com/2017/01/23/china-vpn-illegal-internet-censorship-government-approval/
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf
00:35:14 Security experts now warn AGAINST changing online passwords often as it leaves Brits vulnerable to hackers https://www.thesun.co.uk/news/2865824/security-experts-now-warn-against-changing-online-passwords-often-as-it-leaves-brits-vulnerable-to-hackers/

Direct download: 77.mp3
Category:Technology -- posted at: 5:19pm CET
Comments[0]

Intro / Outro DDmyzik- Gypsy Swing https://www.jamendo.com/track/1369034/gypsy-swing
 
Про будущее Астории, Tor-client Cipollino:
 
Полная статье по Technical Support Scam:
(о други проектах лаборатории можно узнать на http://pragsec.com)
 
The full paper about web shells:
и немного визуализации на картах можно найти тут:
 
Про PrivacyMeter: 
 
Про браузерные дополнения:
1) Our study "Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions"
- на днях появится на http://www.cyber-investigator.org/about/
2) WOT extension:
3) Other spying extensions:
 
Detecting browser extensions:
1) https://extensions.inrialpes.fr (based on web accessible resources)
2) Our study on fingerprinting browser extensions based on their functional side effects and on-page changes
- скоро появится на http://www.cyber-investigator.org/about/
 
Занимательные сервисы для обучения:
 
Книги по алгоритмам:
Кнут и Кормен
Седжвик Р. Фундаментальные алгоритмы на C++
 
Прошариться в философию:
 
Кстати, именно по поводу Фейсбук и Tor: 
facebookcorewwwi.onion
 
И на внеклассное чтение, нашумевшее про "data science" и "big data" касательно "personalized/targeted agitation" :) 
Direct download: 76.mp3
Category:Technology -- posted at: 8:17pm CET
Comments[0]

Intro / Outro Muciojad - Before I sleep https://www.jamendo.com/track/1406716/before-i-sleep
00:00:44 Best company name ever! Share capital £1, name priceless… https://nakedsecurity.sophos.com/2017/01/06/best-company-name-ever-share-capital-1-name-priceless/
00:04:07 Bug Bounty anniversary promotion: bigger bounties in January and February https://github.com/blog/2302-bug-bounty-anniversary-promotion-bigger-bounties-in-january-and-february
00:05:13 Немного истории о расскрытии уязвимостей
Disclosing vulnerabilities to protect users https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Charlie Miller and Apple. iPhone Security Bug Lets Innocent-Looking Apps Go Bad http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/#5fd06fe62336
Legal woes http://martin.swende.se/blog/IP-issues.html
Fatal flaw found in PricewaterhouseCoopers SAP security software http://www.theregister.co.uk/2016/12/09/fatal_flaw_in_pricewaterhousecoopers_sap_software/ 
00:29:23 MongoDB hackers now sacking ElasticSearch http://www.theregister.co.uk/2017/01/13/elasticsearch_mongodb/
00:30:46 WordPress plugs eight holes in latest release http://www.theregister.co.uk/2017/01/13/wordpress_plugs_eight_holes_in_latest_release/
00:31:17 Peace-sign selfie fools menaced by fingerprint-harvesting tech http://www.theregister.co.uk/2017/01/12/fingerprint_photographs/
00:32:21 We already have a contender for the "Best PR Description" aware for 2017 https://github.com/rapid7/metasploit-framework/pull/7815
00:33:20 ISC squishes BIND packet-of-death bugs http://www.theregister.co.uk/2017/01/13/isc_fixes_bind_denialofservice_vuls/
00:34:01 Docker swings door shut on privilege escalation bug http://www.theregister.co.uk/2017/01/12/docker_container_escape_vuln_patched/
00:34:23 GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug http://www.theregister.co.uk/2017/01/11/godaddy_pulls_unvalidated_digital_certs/
00:34:45 Who is Anna-Senpai, the Mirai Worm Author? https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
00:35:23 Windows 10 anniversary update: Security and privacy, hope and change? http://www.welivesecurity.com/2017/01/12/windows-10-anniversary-update-security-privacy/

Direct download: 75.mp3
Category:Technology -- posted at: 3:24pm CET
Comments[0]

Intro / Outro Freaky girl by Yung Vikk https://www.jamendo.com/track/1334898/freaky-girl

Antivirus tools are a useless box-ticking exercise says Google security chap http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/

Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan http://news.softpedia.com/news/medical-equipment-crashes-during-heart-procedure-because-of-antivirus-scan-503642.shtml

USE OF FANCY BEAR ANDROID MALWARE IN TRACKING OF UKRAINIAN FIELD ARTILLERY UNITS (pdf) https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf

Cuckoo Sandbox https://cuckoosandbox.org/

How to Stay Safe Online v0.0.2 https://www.xmind.net/m/8tR8

Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/

 

Direct download: 74.mp3
Category:Technology -- posted at: 6:49am CET
Comments[1]

Intro / Outro BeenCalledWorse-DueTime (produced by Expo) by Tab https://www.jamendo.com/track/1338032/beencalledworse-duetime-produced-by-expo

Hofling hospital experiment https://en.wikipedia.org/wiki/Hofling_hospital_experiment

Security scare: Kate Middleton nurse reveals medical details to DJ impersonating the Queen in radio prank call http://www.mirror.co.uk/news/uk-news/kate-middleton-nurse-reveals-medical-1473720?service=responsive

“Успешный” дедушка из Москвы https://www.facebook.com/photo.php?fbid=10208638914708436&set=a.2961938685656.2129723.1177252976&type=3&theater

https://www.instagram.com/borisbork/

Осторожно! Появились мошенники, которые выманивают деньги представляясь работниками "Ощадбанка" http://7dniv.info/lang-ru/society/81796-oberezhno-ziavilis-shahraii-iak-vimaniuiut-koshti-predstavliaiuchis-pracvnikami-oschadbanku.html

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms (pdf) https://vvdveen.com/publications/drammer.pdf

Рассуждения на тему стандартизации и укрепления законодательной базы

Direct download: 71.mp3
Category:Technology -- posted at: 1:11pm CET
Comments[0]

Intro / Outro The last ones by Jahzzar http://freemusicarchive.org/music/Jahzzar/Smoke_Factory/The_last_ones

00:01:00 UISGCON12. Afterworlds. https://12.uisgcon.org/

https://www.facebook.com/rekun.photo/photos/?tab=album&album_id=730563853779312

Видео докладов https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI

00:01:54 No Name Podcast https://nonamepodcast.podbean.com/

00:02:14 Интервью с Сергеем Смитиенко.

00:12:34 Hundreds of thousands of TalkTalk and Post Office broadband users are knocked off the internet by cyber-attack that seizes control of their routers http://www.dailymail.co.uk/news/article-3991714/Hundreds-thousands-TalkTalk-Post-Office-broadband-users-knocked-internet-cyber-attack-seizes-control-routers.html

00:16:43 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/

Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? (pdf) http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf

How it takes just six seconds to hack a credit card (video) https://www.youtube.com/watch?v=uwvjZGKwKvY

00:34:23 Хакери атакували українське казначейство http://znaj.ua/news/regions/80081/hakeri-atakuvali-ukrayinske-kaznachejstvo.html

00:43:52 Утверждена Доктрина информационной безопасности России http://kremlin.ru/acts/news/53418

00:51:54 Связаться с Сергеем можно через facebook https://www.facebook.com/sergey.smitienko

00:53:34 Полтавський суд відпустив кіберзлочинця, якого 4 роки шукали правоохоронці 30 країн світу http://poltava.to/news/40979/

00:56:04 СМИ сообщили о краже 2 млрд руб. со счетов в ЦБ http://www.rbc.ru/finances/03/12/2016/584238709a7947256285e2ff

00:56:59 The UK now wields unprecedented surveillance powers — here’s what it means http://www.theverge.com/2016/11/23/13718768/uk-surveillance-laws-explained-investigatory-powers-bill

00:58:06 FBI’s New Hacking Powers Take Effect This Week http://fortune.com/2016/11/30/rule-41/

01:01:06 [tor-talk] Javascript exploit https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html

Security vulnerabilities fixed in Firefox 50.0.1 https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/

01:03:03 Standards body warned SMS 2FA is insecure and nobody listened http://www.theregister.co.uk/2016/12/06/2fa_missed_warning/

01:04:02 Android, Qualcomm move on insecure GPS almanac downloads http://www.theregister.co.uk/2016/12/07/android_qualcomm_move_on_insecure_gps_almanac_downloads/

01:08:11 Six seconds to hack a credit card http://www.ncl.ac.uk/press/news/2016/12/cyberattack/ (повторение мать заикания)

01:09:16 Clarkson stung after bank prank http://news.bbc.co.uk/2/hi/7174760.stm

01:12:28 Printer security is so bad HP Inc will sell you services to fix it http://www.theregister.co.uk/2016/12/06/printer_security_sucks_so_bad_hp_has_opened_a_pain_outsourcing_unit/

 

Книги:

Donald E. Knuth The Art of Computer Programming https://www.amazon.com/Computer-Programming-Volumes-1-4A-Boxed/dp/0321751043

Peter Watts Blindsight https://www.amazon.com/Blindsight-Peter-Watts/dp/0765319640/ref=sr_1_1?s=books&ie=UTF8&qid=1483619160&sr=1-1&keywords=Blindsight

Cixin Liu The Three-Body Problem https://www.amazon.com/Three-Body-Problem-Cixin-Liu/dp/0765382032/ref=sr_1_1?s=books&ie=UTF8&qid=1483619237&sr=1-1&keywords=The+Three-Body+Problem

Neal Stephenson Cryptonomicon https://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/0060512806/ref=sr_1_1?s=books&ie=UTF8&qid=1483619337&sr=1-1&keywords=Cryptonomicon

Direct download: 73.mp3
Category:Technology -- posted at: 1:28am CET
Comments[0]

Intro / Outro Hirokazu Sato - Tomorrow Song 佐藤弘和 https://www.youtube.com/watch?v=JyjuqiKEgrw

Константин Корсун про то, чего стоит ожидать на #UISGCON12

Сайт конференции https://12.uisgcon.org/

Программа конференции https://12.uisgcon.org/program

Direct download: 72.mp3
Category:Technology -- posted at: 7:16am CET
Comments[2]

 

Последний розыгрыш билетов на UISGCON 12!

Канал на youtube - https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

Email - securit13podcast@gmail.com

 

Direct download: 4_2016-11-23.mp3
Category:general -- posted at: 10:57pm CET
Comments[0]

Intro / Outro Touhou Project / Bad Apple (Nika Lenina Ukrainian Orchestra Version) https://www.youtube.com/watch?v=-5WdPSAwdPY

Funtenna project https://github.com/funtenna/funtenna_2015/blob/master/us-15-Cui-EmanateLikeABoss.pdf

A Monitor Darkly https://recon.cx/2016/resources/slides/RECON-0xA-A_Monitor_Darkly.pdf

Compromising emanations: eavesdropping risks of computer displays https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.pdf

Direct download: 70.mp3
Category:Technology -- posted at: 4:14am CET
Comments[0]