Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Intro / Outro Vivienne Mort - ГГПТКН

00:02:13 The FBI Drops Its Case Against Apple After Finding a Way Into That iPhone

iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage

00:05:54 Apple's fruitless rootless security broken by code that fits in a tweet

00:09:37 About the Panama Papers

00:14:39 Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens

00:15:13 Megabreach: 55 MILLION voters' details leaked in Philippines

00:18:00 Costa Rica launches investigation after reports hackers ‘rigged’ 2014 election

00:21:04 BlaBlaCar & Uber

00:23:59 Why Hospitals Are the Perfect Targets for Ransomware

1,400+ Vulnerabilities Identified in Medical Supply System

00:28:52 Meet the new ransomware that knows where you live

00:30:27 Certified Ethical Hacker website caught spreading crypto ransomware

00:33:11 Sources: Trump Hotels Breached Again

00:34:33 Adobe Patches Flash Player Zero-Day Threat

Mindless Flash masses saved as exploit kit devs go astray with 0day

00:35:36 FBI: $2.3 Billion Lost to CEO Email Scams

00:36:13 Uber Will Pay $10,000 ‘Bug Bounties’ to Friendly Hackers

00:36:53 How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

00:39:39 No Password Required! 135 Million Modems Open to Remote Factory Reset

00:40:07 Karamba Security

00:44:15 WordPress pushes free default SSL for hosted sites

00:45:31 Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

00:46:55 How Pirates And Hackers Worked Together To Steal Millions Of Dollars In Diamonds

00:48:15 DNS root server attack was not aimed at root servers – infosec bods

Видео запись эпизода на нашем канале

Direct download: 58.mp3
Category:Technology -- posted at: 8:50pm CET

В этом эпизоде Виктор Жора рассказал о тонкостях установления кибер *бинго* стратегии Украины.

Intro / Outro Somewhere by spinmeister

Про рішення Ради національної безпеки і оборони України від 27 січня 2016 року "Про Стратегію кібербезпеки України"

Киберполиция Украины

Direct download: 57_5.mp3
Category:Technology -- posted at: 7:30am CET

Intro / Outro Lies apemix by apeskinny

00:01:31 OpenNews: Внеплановое обновление Java SE 8u77 с устранением опасной уязвимости

00:02:06 Bangladesh gets FBI help on bank heist, cyber expert missing

00:03:04 Researchers find hole in SIP, Apple’s newest protection feature

00:04:20 The Law is Clear: The FBI Cannot Make Apple Rewrite its OS

The Most Embarrassing Fact Checks Apple Gave the FBI

Government Calls Apple’s iPhone Arguments in San Bernardino Case a ‘Diversion’

Former cyber czar says NSA could crack the San Bernadino shooter’s phone

Israeli biz fingered as the FBI's iPhone cracker

00:07:15 Report: Apple designing its own servers to avoid snooping

00:08:56 How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware (pdf)

00:10:41 AMD to fix slippery hypervisor-busting bug in its CPU microcode

00:12:34 Хакеры атаковали сотни российских банков от имени Центробанка

00:16:04 Crooks Steal, Sell Verizon Enterprise Customer Data

00:18:39 Cossack Labs / Building secure end-to-end webchat with Themis

0fc - Anonymous web chat server, built on top of Themis/WebThemis

00:19:45 Ransomware Petya encrypts hard drives

00:23:09 95% of HTTPS servers vulnerable to trivial MITM attacks


00:30:19 A Few Thoughts on Cryptographic Engineering: Attack of the Week: Apple iMessage


00:33:00 Порошенко затвердив Стратегію кібербезпеки країни

00:34:31 In the FBI’s Crypto War, Apps May Be the Next Target

00:34:48 How your drunk tweets can be used to show where you live

00:36:17 Secure email: ProtonMail is free encrypted email.

00:38:53 Amex warns of breach, cardholders should protect data


Direct download: 57.mp3
Category:general -- posted at: 9:38am CET

Intro / Outro Texasradiofish - It's a Good Day

00:00:58 Skype co-founder launches ultra-private messaging, with video

ChaCha (pdf)

00:02:27 Top iPhone Hackers Ask Court to Protect Apple From the FBI

John McAfee better prepare to eat a shoe because he doesn’t know how iPhones work

John McAfee tells Ars he’s fighting a lonely battle, but he’s not lying

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent

00:10:33 Exim < 4.86.2 Local Root Privilege Escalation

00:11:24 Hacker 'Guccifer' extradited to US

00:12:27 Romanian ATM hacker exploits vulnerability in FENCE, escapes jail

00:13:41 ATM Hackers Have Reached Whole New Level

You'd Never Spot These Hidden Card Skimmers That Are on the Rise

00:15:23 Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid

Hackers did indeed cause Ukrainian power outage, US report concludes

“Прикарпаттяобленерго”: The “First” Attack On Infrastructure

00:17:51 IS Documents Identify Thousands Of Jihadis

00:18:53 The NSA Hacked Into the U.S. Military by Digging Through Its Trash

00:19:49 Pentagon invites hackers to come give it a try

00:21:09 Seagate Phish Exposes All Employee W-2’s

00:21:27 New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer

00:23:01 Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI

00:23:58 Hacker Says He Can Hijack a $35K Police Drone a Mile Away

00:24:49 More than 11 million HTTPS websites imperiled by new decryption attack

00:27:38 Accessibility Clickjacking - A Skycure Discovered Vulnerability

“Accessibility Clickjacking” - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices

00:29:37 Google open sources vendor security review tool

00:33:02 Subgraph OS — Secure Linux Operating System for Non-Technical Users

Видео запись эпизода на нашем канале

Direct download: 56.mp3
Category:Technology -- posted at: 3:53am CET

Intro / Outro Get Money by Blake 

В этом эпизоде Павел Кравченко рассказал о bitcoin, blockchain и децентрализованных аукционах.

Третье поколение электронных аукционов как разгром государственной монополии

Мануал по приєднанню платформи до аукціона


The World’s First State Auction on the Blockchain Being Tested in Ukraine

The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

Безумно просто

Связаться с Павлом можно по скайпу ideateam_macuser

Видео запись эпизода на нашем канале

Direct download: 55_5.mp3
Category:Technology -- posted at: 12:47pm CET

Intro / Outro Степ - Бум-Бум - все в нас є

00:01:45 Apple, The FBI And iPhone Encryption: A Look At What's At Stake

Why You Should Care About Apple’s Fight With the FBI

Judge Forces Apple to Help Unlock Terror Shooter's iPhone

No, A Judge Did Not Just Order Apple To Break Encryption On San Bernardino Shooter's iPhone, But To Create A New Backdoor | Techdirt

The FBI’s attack on Apple could force Congress to rule on encryption

Customer Letter - Apple

Judge Demands that Apple Backdoor an iPhone

Why Tim Cook is wrong about the iPhone 'back door': A privacy advocate's view

Encryption is under attack.

Not a Slippery Slope, but a Jump off the Cliff

Apple vs the FBI - a plain English guide - BBC News

Why Apple — and Not Google — Is in the FBI’s Crosshairs

Here’s how often Apple, Google, and others handed over data when the US government asked for it

Bill Gates sides with FBI on demand for Apple backdoor to shooter's iPhone

Encryption isn’t at stake, the FBI knows Apple already has the desired key

00:26:29 Extremely severe bug leaves dizzying number of software and devices vulnerable

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Критическая уязвимость в glibc опасна для всех Linux

00:34:22 Hospital paid hackers $17,000 to unlock data held for ransom

00:40:24 Execute My Packet

00:46:29 Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

00:48:54 Google Wants to Save News Sites From Cyberattacks—For Free

00:51:39 Joomla Joins WordPress As TeslaCrypt Ransomware Target

00:53:27 Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles

00:59:51 This is Why People Fear the ‘Internet of Things’

01:12:45 Teacher’s sex tape stolen from hacked Dropbox, posted on school site

01:17:49 Man admits he stole nude celebrity pics from Apple and Gmail accounts

01:18:07 Tor: 'Mystery' spike in hidden addresses

RicochetSecurityAssessment (pdf)

01:19:27 Adi Shamir anniversary keynote on “Financial Cryptography: Past, Present, and Future”

01:25:26 Volksverschlüsselung

01:31:42 Интервью с Владимиром Гарбузом

Сайт конференции

The Web Application Hacker's Handbook

Связаться с Владимиром можно по скайпу vigarbuz

Direct download: 55.mp3
Category:Technology -- posted at: 8:55pm CET

Alice, Victor Zhora and Kostiantyn Korsun talked with Kenneth Geers about his book Cyber war in perspective (pdf), how can Ukraine to be a leader in cyber security, conflicts in Ukraine and Syria with perspective on cyber space and other questions.

Kennet's twitter is @KennethGeers

Intro / Outro Grapes - I dunno

Видео-запись интервью на нашем канале

Direct download: 54-2.mp3
Category:Technology -- posted at: 3:43am CET

Intro / Outro Alex - Drive

0:01:54 Чтобы превратить iPhone в "кирпич", достаточно сменить системную дату на 1 января 1970 года -

0:04:23 There's a lot of vulnerable OS X applications out there.

VLC unsigned updates over http

0:09:09 Fake Flash Player Update Infects Macs with Scareware

0:10:09 Nexus Security Bulletin - February 2016

Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android

Google plugs Android vulns

0:10:47 Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware

0:12:02 Every version of Windows hit by 'critical' security vulnerability

0:12:52 Опубликованы новые подробности о том, как троян BlackEnergy атакует Украину

Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж

0:18:47 Hackers mirror 250GB of NASA files on the web

OpNasaDrones Zine #Anonsec

0:24:12 Privilege Escalation + Remote Code Execution in Apache Jetspeed 2.2.0 - 2.3.0

Default settings in Apache may decloak Tor hidden services

0:26:02 Brit spies want rights to wiretap and snoop on US companies' servers

0:26:52 Smart toys spring dumb vulns. Again. This time: Cuddly bears, watches

Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks

0:30:30 Big Question: What does the Julian Assange case have to do with human rights?

The Working Group on Arbitrary Detention Deems the deprivation of liberty of Mr. Julian Assange as arbitrary

0:31:08 New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform

Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal

0:32:27 OpenSSL fixes bug, gets dissed by German gov: That's so random ... not

OpenSSL study

0:34:41 White House seeks its first ever chief information security officer

0:35:39 Safeway Self-Checkout Skimmer Close Up

0:36:39 Взломать PayPal за 73 секунды

0:37:46 AST-2016-001: BEAST vulnerability in HTTP server

0:38:44 For Cyberattackers, Time Is The Enemy

0:39:29 Mysterious spike in WordPress hacks silently delivers ransomware to visitors

0:40:13 KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass

0:40:48 Samsung warns customers not to discuss personal information in front of smart TVs

0:41:21 Twitter Says There’s No “Magical Algorithm” to Find Terrorists

Combating Violent Extremism | Twitter Blogs

0:42:06 Malware Museum!

Roll up, roll up to the Malware Museum! Run classic DOS viruses in your web browser 

О сколько нам открытий чудных готовит Office Microsoft

Видео-запись эпизода на нашем канале

Direct download: 54-1.mp3
Category:Technology -- posted at: 3:38pm CET

Intro/ Outro Time (cdk Give Me Some Dubstep Extended Mix)

0:00:51 Продовжено роботу групи з вивчення причин тимчасового збою в роботі систем енергопостачальних компаній, що мали місце 23 грудня 2015 року
Повна новина
Атака на энергетические объекты 19-20 января 2016 года. Постфактум
Techie on the ground disputes BlackEnergy Ukraine power outage story
Steinitz: Israel’s Electric Authority hit by ‘severe’ cyber-attack
0:07:48 Secret SSH backdoor in Fortinet hardware found in more products
Fortinet SSH vulnerability more widespread than thought
0:14:15 NSA Helped British Spies Find Security Holes In Juniper Firewalls
0:17:28 В ядре Linux обнаружена уязвимость, позволяющая поднять привилегии в системе
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
0:20:41 Canada Cuts Off Some Intelligence Sharing With U.S. Out of Fear for Canadians’ Privacy
0:21:15 Get Safe online
0:23:32 IT-cпецагенты: кого и как отобрали в украинскую киберполицию
0:26:16 Critical Yahoo Mail Flaw Patched, $10K Bounty Paid
0:27:31 Lenovo used 12345678 as hard-coded password in SHAREit for Windows
0:31:28 Here's what an Ashley Madison blackmail letter looks like
0:33:33 HD Moore Leaves Rapid7
0:34:01 OpenSSL to Patch Two Vulnerabilities This Week
0:37:49 PayPal Remote Code Execution Vulnerability 
And the tool used for that.
0:39:08 Oracle's finally killing its terrible Java browser plugin
0:40:36 Kali Linux, Rolling Edition Released – 2016.1
0:46:50 Crash Safari Code |
0:47:38 СБУ задержала группу хакеров при попытке воровства 15 млн грн
0:49:21 iSIGHT and FireEye: Ushering in a New Era of Intelligence-Led Security
0:49:59 Toyota Russia Customers Data
0:52:06 Oracle drops 248 - count 'em - 248 patches, to fix ... something
0:56:42 Skype Now Hides Your Internet Address
0:58:08 NSA Hacker Chief Explains How to Keep Him Out of Your System
1:00:03 Reversing Apple’s syslogd bug
1:00:33 Прикольный баг был в 1Password
1:01:01 As promised @googlechrome indeed doesn't recognise @VERISIGN certificates as trusted anymore.
1:02:44 White Paper: A Guide to DDoS Mitigation & Testing
1:03:01 Remote access to the car or practical aspects of the ELM 327 security 

Видео-запись эпизода на нашем канале

Direct download: 53.mp3
Category:Technology -- posted at: 9:12pm CET

Intro / Outro BRUTTO - Просперо (Piano Cover)
00:03:31 Интервью с Виктором Жорой об атаке на объекты электроэнергетики Украины
Причиною вчорашнього знеструмлення половини Івано-Франківщини була хакерська атака
СБУ попередила спробу російських спецслужб вивести з ладу об'єкти енергетики України
First known hacker-caused power outage signals troubling escalation
Хакери погрожують українським енергомережам. За кібератакою на обленерго читається російський почерк
США підозрюють Росію у причетності до кібератак на електромережі України
Malware 'clearly' behind Ukraine power outage, SANS utility expert says
iSIGHT Partners: Sandworm Team and the Ukrainian Power Authority Attacks
Троян BlackEnergy используется в кибератаках на СМИ и промышленные объекты Украины
BlackEnergy Disrupt Matrix - SOC Prime X
Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered
BlackEnergy .XLS Dropper
Штаб: У "Борисполі" попередили ймовірну хакерську атаку з боку РФ
Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (pdf)
Cyber war in perspective (pdf)
00:58:41 Казусы наших 1с
01:01:15 Герб мининформполитики
01:02:02 Суд дозволив прокуратурі обшукати український офіс Google
01:04:04 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
Fortinet says backdoor found in FortiOS is "a management authentication issue"
01:07:03 Facebook spars with researcher who says he found “Instagram’s Million Dollar Bug”
01:08:43 iOS 9.3 brings multi-user mode to iPads, along with more features and fixes
01:11:10 How Nvidia breaks Chrome Incognito
Nvidia: Chrome 'Incognito' Porn Leakage Is on Apple, Not Us
01:14:11 Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
Evil OpenSSH servers can steal your private login keys to other systems – patch now
How To Fix OpenSSH's Client Bug CVE-0216-0777 and CVE-0216-0778 by Disabling UseRoaming
01:15:29 Microsoft Gives Details About Its Controversial Disk Encryption
01:17:21 Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
01:18:11 Microsoft ends support for Windows 8, IE8 through 10: What does this mean for you?
01:18:40 The Tor Project Is Starting a Bug Bounty Program
01:18:55 Linode: back at last after ten days of hell
Linode Blog » Security Notification and Linode Manager Password Reset
01:19:21 Cisco admins gear up for a late night – hardcoded password in wireless points nuked
01:19:29 Про ДДоС говнокод.ру через JS в посте на хабре
01:21:21 TrendMicro node.js HTTP server listening on localhost can execute commands
01:23:37 Debug code cracked case in hunt for mystery Silverlight zero day
01:24:44 Software bug granted early release to more than 3,200 US prisoners
01:25:32 Massive bug at online gaming platform exposes users' sensitive data
01:26:19 Turkish carder scores record 332-year jail term    
01:26:50 Vulnerability allows to permanently delete any skype account by support request
01:29:28 French say 'Non, merci' to encryption backdoors
01:30:13 Database leak exposes 3.3 million Hello Kitty fans
01:30:23 250 Hyatt hotels hacked via PoS malware
01:30:42 Trustwave failed to spot casino hackers right under its nose – lawsuit
01:31:51 Stranger talks to a kid through this hacked baby monitor
01:32:38 Holiday hack challenge
Security weekly #444
01:41:07 drduh/OS-X-Security-and-Privacy-Guide

Direct download: 52.mp3
Category:Technology -- posted at: 1:43pm CET