Securit13 Podcast (Technology)
Первый украинский подкаст об информационной безопасности

Latest Google+ flaw leads Chocolate Factory to shut down site early 
Update now! Adobe issues emergency Flash update for a serious flaw 
Adobe Security Bulletin 
Australia passes new law to thwart strong encryption 
Iranians indicted in Atlanta city government ransomware attack 
Hackers breach and steal password data for 100 million users 
Microsoft is building its own Chrome browser to replace Edge 
New Report: Unknown Data Scraper Breach 
Exploit Code for the Kubernetes Flaw Is Now Available 

Direct download: 109.mp3
Category:Technology -- posted at: 5:02pm CET

Підвели підсумки 2018 року в інформаційній безпеці

Direct download: 110.mp3
Category:Technology -- posted at: 7:57pm CET

Framework for Improving Critical Infrastructure Cybersecurity 
Доповідь Тараса про критичну інфраструктуру 

Direct download: 108.mp3
Category:Technology -- posted at: 8:04am CET

На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі 
China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies 
New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom 
Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story 
What Businessweek got wrong about Apple 
Facebook has been hacked and 50 million people's accounts have been exposed 
Google+ to shut down after coverup of data-exposing bug 
Here’s how Google is revamping Gmail and Android security 
Google's Project Zero thwarts another major bug in Facebook's WhatsApp 
Microsoft killing off the old Skype client… for real this time 
A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet 
How to Stop Google From Tracking Your Location 
U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations 

Direct download: 107.mp3
Category:Technology -- posted at: 1:35pm CET

Interview with Yanick Fratantonio 

Securit13 Patreon 
Keygen Music [2+ hour Mix] 

Direct download: 104.mp3
Category:Technology -- posted at: 12:20pm CET

Interview with Serhii Korolenko about #UISGCON14 #CTF 
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 
Passing Security By - Serhii Korolenko 
Serhii Korolenko - XSS from zer0 to Hero (Workshop) 

Securit13 Patreon 
Keygen Music [2+ hour Mix] 

Direct download: 106.mp3
Category:Technology -- posted at: 4:30pm CET

Interview with Alexander Færøy

Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave 
Windows 10 to get disposable sandboxes for dodgy apps 
Mongo Lock Attack Ransoming Deleted MongoDB Databases 
Open .Git Directories Leave 390K Websites Vulnerable 
Tesla’s new bug bounty protects hackers — and your warranty 
How Bitcoin's hidden footprint is impacting water use 

Securit13 Patreon 
Keygen Music [2+ hour Mix] 

Direct download: 105.mp3
Category:Technology -- posted at: 3:58pm CET

Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими

Direct download: special.mp3
Category:Technology -- posted at: 3:51pm CET

На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури 
Ukraine claims it blocked VPNFilter attack at chemical plant 
Speculative Buffer Overflows: Attacks and Defenses (pdf) 
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed 
Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users 
Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу 
Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s 
GitHub to Pythonistas: Let us save you from vulnerable code 
Microsoft seeks regulation of facial recognition technology 
Two-factor auth totally locks down Office 365? You may want to check all your services... 
The Tale of SettingContent-ms Files 
Facebook fined for data breaches in Cambridge Analytica scandal 
Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres 
2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) 
Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers 
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign 
Ammyy Admin compromised with malware again; World Cup used as cover 
US: Government Has Planted Spy Phones With Suspects 
The 111 Million Record Pemiblanc Credential Stuffing List 
June’s Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors 
Did CrowdStrike really miss the mark? 

Securit13 Patreon 

Direct download: 103.mp3
Category:Technology -- posted at: 12:05pm CET

В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель.

Github Gentoo organization hacked - resolved
Apple corrects the record on reported iPhone vulnerability
Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature
Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles
Former NSA contractor Reality Winner accepts guilty plea for leaking classified report
Firefox is adding 'Have I Been Pwned' alerts
«Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google
"Stylish" browser extension steals all your internet history
Brave browser adds private tabs with Tor for 'enhanced privacy protection'
Alter attack
ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers
A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod
New RAMpage attack affects all Android phones released since 2012 [Update]
Thanatos Ransomware Decryptor Released by the Cisco Talos Group 
First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million
The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
Securit13 Patreon 

Keygen Music [2+ hour Mix] 


Direct download: 102.mp3
Category:Technology -- posted at: 7:00am CET

SecurityBsides Odessa CTF is open! 
All who wants to support BSides Odessa you can do it here 

SecurityBSides Kharkiv 

The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies. 

The security firm halted the work after questions were asked in the European Parliament about its software. 

She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave 

Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done? 

Apple is going after another way sites track you for ads. 

Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end 

Support us on Patreon 

Direct download: 101.mp3
Category:Technology -- posted at: 1:35pm CET

Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей. 
DEFCON 25 Nissan Leaf security 
Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs 
Tpyota unintended acceleration bug 
CAN bus specs (BOSCH) 
BMW ConnectedDrive 
Apple iCar release date rumours, features & images 
NVIDIA Self-driving cars 
Intel Discontinues Joule, Galileo, And Edison Product Lines 
TWIC who wants to participate as an AppSec mentor on Techmaker email to 
Connected cars

Thinking, Fast and Slow, Daniel Kahneman ISBN 9785170800537 
Franchesca, Dorje Batuu ISBN 978-617-679-485-1 


Securit13 Patreon

Direct download: 100.mp3
Category:Technology -- posted at: 12:44pm CET

16.06.2018 BSidesKharkiv
07.06.2018 OWASP Odesa
07.07.2018 BSidesOdessa
Kostiantyn Korsun про NoNameCon
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1)
ProtonMail is safe against the efail PGP vulnerability.
Efail or OpenPGP is safer than S/MIME
Digital Photocopiers Loaded With Secrets
Throwhammer: Rowhammer Attacks over the Network and Defenses
Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more
7-Zip: From Uninitialized Memory to Remote Code Execution
IBM bans all removable storage, for all staff, everywhere
Second wave of Spectre-like CPU security flaws won't be fixed for a while
Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed
Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak
DHCP Client Script Code Execution Vulnerability - CVE-2018-1111

Securit13 Patreon

Keygen Music [2+ hour Mix]

Direct download: 99.mp3
Category:Technology -- posted at: 8:30am CET

Мы немного поговорили про конференции, организованные, будущие и посещенные.

#BSidesKyiv 2018
22.05.2018 WWCode Security event
16.06.2018 BSidesKharkiv
07.07.2018 BSidesOdessa
Jack Daniel

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 98.mp3
Category:Technology -- posted at: 11:30am CET

Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие.

General Data Protection Regulation
How Europe's New Privacy Law Will Change the Web, and More
Some more information:
GDPR - A Practical Guide For Developers - Bozho's tech blog
America should borrow from Europe’s data-privacy law
Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
Iran hit by global cyber attack that left U.S. flag on screens
FIDO Alliance and W3C have a plan to kill the password
Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions


Music - KEYGEN MUSIC ~ One hour mix

Direct download: 97.mp3
Category:Technology -- posted at: 9:13am CET

Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки)))

Everything You Need to Know About Facebook and Cambridge Analytica
Cambridge Analytica whistleblower Christopher Wylie appears before MPs
Fact Check: Your Call and SMS History (FB removed "Apps others use")
Total Meltdown?
It's baaack – WannaCry nasty soars through Boeing's computers
Egg on Cisco's face: Three critical software bugs to fix over Easter
Guccifer 2.0 Was Always Sloppy
Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale
Academics Discover New CPU Side-Channel Attack Named BranchScope
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37
Microsoft May Ban Users For Offensive Language Starting In May
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002
Durov refuses to hand over Telegram encryption keys to FSB
Signalling Security in Telecom SS7/Diameter/5G — ENISA


Music - KEYGEN MUSIC ~ One hour mix

Direct download: 96.mp3
Category:Technology -- posted at: 7:05am CET

Adam Doupé
Adam on twitter
Adam on youtube
Series of live hacking of CTF challenges on YouTube
    The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

Direct download: 95.mp3
Category:Technology -- posted at: 8:01pm CET

Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами.

Intro / Outro Extraction de la pierre de folie by Cuicuitte 

#BsidesKyiv 2018 
Vero - True Social 
How To Get Started With Vero - True Social 
Here's how to delete your Vero account 

Keygen Music [2+ hour Mix] 

Direct download: 94_2.mp3
Category:Technology -- posted at: 3:36pm CET

White House blasts Russia for NotPetya cyberattack 
Memcached servers can be hijacked for massive DDoS attacks 
Memcrashed - Major amplification attacks from UDP port 11211 ashed-major-amplification-attacks-from-port-11211/
NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us 
У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника 
Speculative Execution Bounty Launch 
Frequently Asked Questions about Microsoft Bug Bounty Programs 
AMD allegedly has its own Spectre-like security flaws 
​Linus Torvalds slams CTS Labs over AMD vulnerability report 
Intel: Our next chips won't have data leak flaws we told you totally not to worry about 
Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake 
Samba settings SNAFU lets any user change admin passwords 
Zero-day vulnerability in Telegram 
Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges 
В Исландии похитили 600 серверов для добычи Bitcoin 
CBM - Car Backdoor Maker 
Let's Encrypt updates certificate automation, adds splats 
CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS 

Keygen Music [2+ hour Mix] 

Direct download: 94_1.mp3
Category:Technology -- posted at: 10:00am CET

К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно.

Intro / Outro Ninja by Indikings 

Breaking the x86 Instruction Set 
DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set 
17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud 
Clémentine Maurice 
PinMe: Tracking a Smartphone User around the World 
Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle 
Intel® 64 and IA-32 Architectures Software Developer’s Manual 
Intel® 64 and IA-32 Architectures Optimization Reference Manual 

Keygen Music [2+ hour Mix] 

Direct download: 93.mp3
Category:Technology -- posted at: 12:04am CET

Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы?

Intro / Outro The Yellow Flying Cog by Flying Species

Google's AI Built Its Own AI That Outperforms Any Made by Humans
On the security, privacy, and safety challenges of AI
Why Zuckerberg and Musk Are Fighting About the Robot Future
Elon Musk says we need to regulate AI before it becomes a danger to humanity
Live grilling in Mark's backyard
OpenSOC: An Open Commitment to SecurityГордиевский,_Олег_Антонович
Banned In Germany: Kids' Doll Is Labeled An Espionage Device
CCS 2017
GDPR (General Data Protection Regulation)
Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек?
И наоборот, может ли AI определять "плохое" поведение людей
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
David Wagner keynote
AI может "to hack back":

Blindsight by Peter Watts
Далекая Радуга by Братья Стругацкие
WarGames (1983)
Introduction to Artificial Intelligence for Security Professionals

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 92_2.mp3
Category:Technology -- posted at: 10:49pm CET

BSides Kyiv 21.04.2018, cfp
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs
Security hole in AMD CPUs' hidden secure processor revealed ahead of patches
Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield
Intel Releases New Technology Specifications to Protect Against ROP attacks
A Simple Explanation of the Differences Between Meltdown and Spectre
blizzard: agent rpc auth mechanism vulnerable to dns rebinding
I’m harvesting credit card numbers and passwords from your site. Here’s how.
Part 2: How to stop me harvesting credit card numbers and passwords from your site
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
Australia probes sale of secret papers in filing cabinets
Strava's heatmap revealed military bases, but it also showed nothing is anonymous online
Now even YouTube serves ads with CPU-draining cryptocurrency miners
Uber ignores security bug that makes its two-factor authentication useless
British hacker arrested for cyberattacks against Pokemon, Google, and Skype.
Ay MaMi
Hospital Pays $55K Ransomware Demand Despite Having Backups
СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення -
Satellite derived time and position blackett review
Dutch agencies provide crucial intel about Russia's interference in US-elections

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 92_1.mp3
Category:Technology -- posted at: 6:51pm CET

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017)

К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить?

Intro / Outro Clouds of Tenderness by Lobo Loco

Russian-controlled telecom hijacks financial services’ Internet traffic
Resource Certification (RPKI)
The Resource Public Key Infrastructure (RPKI) to Router Protocol
BGPsec Protocol Specification
[ipv6-wg] Belgian limits on CGN/NAT?
Доклад по интернет-блокировкам на Генассамблее ООН:, туда же заодно и
Доклад на ENOG, расшифровка в составе сессии: , презентация:,, запись выступления:
Москва — Пєтушкі by Венедикт ЄрофєєвМосква_—_Пєтушкі

Связаться с Алексеем можно по адресу или

Direct download: 90_2.mp3
Category:Technology -- posted at: 3:20pm CET

Intro / Outro Sleepy in the Garden by Lobo Loco

Malvertising: When Online Ads Attack (2015)
Juniper Acquires Cyphort (2015)
Malvertising and crypto threats have rocketed in 2017
Malvertising Campaign Redirects Browsers To Terror Exploit Kit
Malvertising on Equifax, TransUnion tied to third party script (updated)
New Malvertising Campaign Exploits Home Routers, Changes DNS Servers
Expired domain names and malvertising
Russian Influence Reached 126 Million Through Facebook Alone
Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference
Ad network takes steps to reduce fraud
Will Crypto Browser Mining Replace The Ad Industry
For $1000, anyone can purchase online ads to track your location and app use
I never signed up for this! Privacy implications of email tracking
The Future of Ad Blocking: An Analytical Framework and New Techniques

Direct download: 89_2.mp3
Category:Technology -- posted at: 8:48am CET

Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально.

Intro / Outro State of Mind by Audiobinger

BadRabbit Technical Analysis
Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року
2016 Data Breach Investigations Report (pdf)
The Black Swan by Nassim Nicholas Taleb
Связаться с Владимиром можно по адресу или

Direct download: 88_2.mp3
Category:Technology -- posted at: 10:31pm CET

Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь!

Incident report on memory leak caused by Cloudflare parser bug
Vault 7: CIA Hacking Tools Revealed
NSA-leaking Shadow Brokers just dumped its most damaging release yet
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware
New ransomware, old techniques: Petya adds worm capabilities
The MeDoc Connection
Threat Spotlight: Follow the Bad Rabbit
Equifax website hack exposes data for ~143 million US consumers
We have broken SHA-1 in practice
ROCA: Vulnerable RSA Key Generation
KRACK Attacks: Breaking WPA2
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt)
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more.
Why 'blank' Gets You Root
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'
Блокування веб-русурсів в Україні
МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру”
Мінінформ оприлюднить доповнення до списку заборонених сайтів
#FuckResponsibleDisclosure Sean Brian Townsend

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 91.mp3
Category:Technology -- posted at: 8:06pm CET

Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите!

00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend
00:07:26 Apple и все все все
Why 'blank' Gets You Root
As Apple fixes macOS root password hole, here's what went wrong
Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
00:12:50 John McAfee
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin$62-million-in-bitcoin/d/d-id/1330585
Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными
00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine
00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People
00:18:28 Intel Management Engine pwned by buffer overflow
00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts
Websites use your CPU to mine cryptocurrency even when you close your browser
00:19:09 Android flaw lets attack code slip into signed apps
00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 90_1.mp3
Category:Technology -- posted at: 12:20pm CET

Немного самых громких новостей последних недель вам в ленту. Тут и кролик, и Алиса, и сладкие истории на ночь.

ROCA: Vulnerable RSA Key Generation
Certificate expiry monitoring, KeyChest for HTTPS, TLS, Letsencrypt expiry and server status
Estonia government locks down ID smartcards: Refresh or else
Threat Spotlight: Follow the Bad Rabbit
BadRabbit Technical Analysis
Bad Rabbit: Not-Petya is back with improved ransomware
The Shadow Internet – Comae Technologies
Fake WhatsApp app in official Google Play Store downloaded by over a million Android users
Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address
Oracle Security Alert CVE-2017-10151
Dangerous liaisons
Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe


Music - KEYGEN MUSIC ~ One hour mix

Direct download: 89_1.mp3
Category:Technology -- posted at: 9:06pm CET

И снова вместо 300 секунд наши неугомонные ведущие обсуждают новости и события. Присоединяйтесь!

A new Mirai-Like IoT Botnet is growing in a new mysterious campaign
Google launched Google Play Security Reward bug bounty program to protect apps in Play Store
Equifax website borked again, this time to redirect to fake Flash update
New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock
PUBLIC SECURITY ALERT: New Facebook attack - watch out for phishy messages that say you’re a “Trusted Contact” - Access Now
KRACK Attacks: Breaking WPA2
YouTube sin-bins account of KRACK WPA2 researcher
Malware hidden in vid app is so nasty, victims should wipe their Macs

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 88_1.mp3
Category:Technology -- posted at: 8:46am CET

Intro / Outro Art Of Escapism - The Sands of Windhoek

В связи с повышением количества атак на цепь поставок (Supply chain), в том числе и обновления, программного обеспечения, наши ведушие Андрей, Алиса, Алексей и Тарас решили разобраться что же это такое и с чем его едят, рассмотреть примеры и варианты, а так же возможные пути защиты и предотвращения.

Supply chain
What Is a 'Supply Chain Attack?'
CCleanup: A Vast Number of Machines at Risk
Java security plagued by crappy docs, complex APIs, bad advice
Apple Mac fans told: Something smells EFI in your firmware
Reflections on Trusting Trust

Direct download: 87_2.mp3
Category:Technology -- posted at: 4:38pm CET

В качестве возвращения и начала нового сезона осень-зима 2017-2018, Андрей и Алиса кратенько прошлись по последним новостям

Взлом сайтів в доменій зоні * та помилка у CERT-UA
4G/5G Wireless Networks as Vulnerable as WiFi and putting SmartCities at Risk
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold
FIN7 hacking group is switched to new techniques to evade detection
VPN logs helped unmask alleged 'net stalker, say feds
Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim
Sri Lanka police arrest two men over cyber theft at the Taiwan Bank
Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter
Warning: Millions Of P0rnHub Users Hit With Malvertising Attack
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach
The iPhone's Constant Password Popups Are a Hacker's Dream

Music - KEYGEN MUSIC ~ One hour mix

Direct download: 87_1.mp3
Category:Technology -- posted at: 5:39pm CET

Intro / Outro Finest Cockles by Blah Blah Blah

Интервью с Максимом Тульевым о блокировках и будущем украинского интернета

Direct download: 83.mp3
Category:Technology -- posted at: 8:15am CET

Intro / Outro I Do Believe I've Had Enough by Zephaniah And The 18 Wheelers

Big 4 of the top security and privacy conferences: S&P ("Oakland"), NDSS, CCS and USENIX Security.

Наука не делается самостоятельно, a нужно учиться у передовых исследований, как они интегрируются с практикой, понимать их уровень, и себя показывать. По-этому, для того кто первый с украинским affiliation опубликует статью на этих конференциях - с меня можно пообещать "коньяк" :)

The Network and Distributed System Security Symposium (NDSS) 2017 by Internet Society -

> From the keynote speech by J. Alex Halderman:
"Want to Know if the Election was Hacked? Look at the Ballots" -
"Securing Digital Democracy" course -
Video -

> Web Security section:
"(Cross-)Browser Fingerprinting via OS and Hardware Level Features" by Yinzhi Cao et al. -
Websites to test your browser and device fingerprint: (now, cross-browser!)
"Fake Co-visitation Injection Attacks to Recommender Systems" by Guolei Yang et al. -

> User Authentication section:
"Cracking Android Pattern Lock in Five Attempts" by Guixin Ye at el. -
"Towards Implicit Visual Memory-Based Authentication" by  -

> TLS et al. (several papers on Diffie-Hellman and more)
"The Security Impact of HTTPS Interception" by Zakir Durumeric et al. -
"WireGuard: Next Generation Kernel Network Tunnel" by Claude Castelluccia et al. -  (by a single author, Jason Donenfeld!)
More on WireGuard:

> On Tor:
"The Effect of DNS on Tor's Anonymity" by Benjamin Greschbach et al. -
"Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection" by Aaron Johnson et al.  -  (more on proper path selection for Tor, possible attacks on Astoria).

> Malware:
"Dial One for Scam: A Large-Scale Analysis of Technical Support Scams" - наша статья, получившая Distinguished Paper Award!
"MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models" by Enrico Mariconti et al. -
"A Broad View of the Ecosystem of Socially Engineered Exploit Documents" by Stevens Le Blond et al. - s (можно проводить много интересных исследований на базе данных из VirusTotal).

... and much more interesting works on SGX, virtualization, and binary reassembly, etc.

Plus, a DNS Privacy Workshop program -

Direct download: 82.mp3
Category:Technology -- posted at: 8:13am CET

Intro / Outro Semme Automatic Stay the Course

00:00:34 Слухи про блокировки в интернетах ДО их официальной блокировки
00:04:52 Давайте поговорим про фищинг
00:07:40 Google Docs users hit with sophisticated phishing attack
00:08:44 Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails
00:09:47 Получили письмо из налоговой?
00:11:08 __blank в Edge
Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit
00:13:16 Захист від фішингу від Британської податкової
00:24:45 В Тернополе в торговом центре мужчина при свидетелях открыл банкомат и похитил оттуда полмиллиона (видео)
00:29:06 Prevent & report phishing attacks
00:31:53 Киберполиция Украины помогла ликвидировать киберсеть "Аваланш" (Avalanche), которая с 2009 года использовалась для распространения вредоносных программ, спама и фишинга -

Direct download: 81.mp3
Category:Technology -- posted at: 12:28am CET

Intro / Outro Lady We Knew by Cullah
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt)
Squid: Optimising Web Delivery
Life and death for Windows: Vista support ends as Creators Update starts to roll out

Direct download: 80.mp3
Category:Technology -- posted at: 8:05pm CET

Intro / Outro Just Wait by Drake Stafford
Identity management system
Microsoft built a special government-approved version of Windows 10 for China

Direct download: 79.mp3
Category:Technology -- posted at: 1:55am CET

Intro / Outro StrangeZero - Burnin Star
00:03:12 Vault 7: CIA Hacking Tools Revealed
Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak
00:06:10 Интервью с Евгением Пилянкевичем. Связаться с Евгением можно по почте или в твиттере @9gunpi
Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead
A Graduate Course in Applied Cryptography

Direct download: 78.mp3
Category:Technology -- posted at: 1:19pm CET

Intro / Outro Brady Harris  - Welcome Me Back
00:01:24 Incident report on memory leak caused by Cloudflare parser bug
Pragmatic thoughts on #CloudBleed
00:11:14 We have broken SHA-1 in practice
00:19:26 KasperskyOS 11-11: в России разработана уникальная операционная система
00:23:15 Microsoft forced to issue emergency Flash fix after delaying Windows patches
00:30:08 China just made VPNs illegal
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps
00:35:14 Security experts now warn AGAINST changing online passwords often as it leaves Brits vulnerable to hackers

Direct download: 77.mp3
Category:Technology -- posted at: 5:19pm CET

Intro / Outro DDmyzik- Gypsy Swing
Про будущее Астории, Tor-client Cipollino:
Полная статье по Technical Support Scam:
(о други проектах лаборатории можно узнать на
The full paper about web shells:
и немного визуализации на картах можно найти тут:
Про PrivacyMeter: 
Про браузерные дополнения:
1) Our study "Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions"
- на днях появится на
2) WOT extension:
3) Other spying extensions:
Detecting browser extensions:
1) (based on web accessible resources)
2) Our study on fingerprinting browser extensions based on their functional side effects and on-page changes
- скоро появится на
Занимательные сервисы для обучения:
Книги по алгоритмам:
Кнут и Кормен
Седжвик Р. Фундаментальные алгоритмы на C++
Прошариться в философию:
Кстати, именно по поводу Фейсбук и Tor: 
И на внеклассное чтение, нашумевшее про "data science" и "big data" касательно "personalized/targeted agitation" :) 
Direct download: 76.mp3
Category:Technology -- posted at: 8:17pm CET

Intro / Outro Muciojad - Before I sleep
00:00:44 Best company name ever! Share capital £1, name priceless…
00:04:07 Bug Bounty anniversary promotion: bigger bounties in January and February
00:05:13 Немного истории о расскрытии уязвимостей
Disclosing vulnerabilities to protect users
Charlie Miller and Apple. iPhone Security Bug Lets Innocent-Looking Apps Go Bad
Legal woes
Fatal flaw found in PricewaterhouseCoopers SAP security software 
00:29:23 MongoDB hackers now sacking ElasticSearch
00:30:46 WordPress plugs eight holes in latest release
00:31:17 Peace-sign selfie fools menaced by fingerprint-harvesting tech
00:32:21 We already have a contender for the "Best PR Description" aware for 2017
00:33:20 ISC squishes BIND packet-of-death bugs
00:34:01 Docker swings door shut on privilege escalation bug
00:34:23 GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug
00:34:45 Who is Anna-Senpai, the Mirai Worm Author?
00:35:23 Windows 10 anniversary update: Security and privacy, hope and change?

Direct download: 75.mp3
Category:Technology -- posted at: 3:24pm CET

Intro / Outro Freaky girl by Yung Vikk

Antivirus tools are a useless box-ticking exercise says Google security chap

Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan


Cuckoo Sandbox

How to Stay Safe Online v0.0.2

Standards body warned SMS 2FA is insecure and nobody listened


Direct download: 74.mp3
Category:Technology -- posted at: 6:49am CET

Intro / Outro BeenCalledWorse-DueTime (produced by Expo) by Tab

Hofling hospital experiment

Security scare: Kate Middleton nurse reveals medical details to DJ impersonating the Queen in radio prank call

“Успешный” дедушка из Москвы

Осторожно! Появились мошенники, которые выманивают деньги представляясь работниками "Ощадбанка"

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms (pdf)

Рассуждения на тему стандартизации и укрепления законодательной базы

Direct download: 71.mp3
Category:Technology -- posted at: 1:11pm CET

Intro / Outro The last ones by Jahzzar

00:01:00 UISGCON12. Afterworlds.

Видео докладов

00:01:54 No Name Podcast

00:02:14 Интервью с Сергеем Смитиенко.

00:12:34 Hundreds of thousands of TalkTalk and Post Office broadband users are knocked off the internet by cyber-attack that seizes control of their routers

00:16:43 Six seconds to hack a credit card

Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? (pdf)

How it takes just six seconds to hack a credit card (video)

00:34:23 Хакери атакували українське казначейство

00:43:52 Утверждена Доктрина информационной безопасности России

00:51:54 Связаться с Сергеем можно через facebook

00:53:34 Полтавський суд відпустив кіберзлочинця, якого 4 роки шукали правоохоронці 30 країн світу

00:56:04 СМИ сообщили о краже 2 млрд руб. со счетов в ЦБ

00:56:59 The UK now wields unprecedented surveillance powers — here’s what it means

00:58:06 FBI’s New Hacking Powers Take Effect This Week

01:01:06 [tor-talk] Javascript exploit

Security vulnerabilities fixed in Firefox 50.0.1

01:03:03 Standards body warned SMS 2FA is insecure and nobody listened

01:04:02 Android, Qualcomm move on insecure GPS almanac downloads

01:08:11 Six seconds to hack a credit card (повторение мать заикания)

01:09:16 Clarkson stung after bank prank

01:12:28 Printer security is so bad HP Inc will sell you services to fix it



Donald E. Knuth The Art of Computer Programming

Peter Watts Blindsight

Cixin Liu The Three-Body Problem

Neal Stephenson Cryptonomicon

Direct download: 73.mp3
Category:Technology -- posted at: 1:28am CET

Intro / Outro Hirokazu Sato - Tomorrow Song 佐藤弘和

Константин Корсун про то, чего стоит ожидать на #UISGCON12

Сайт конференции

Программа конференции

Direct download: 72.mp3
Category:Technology -- posted at: 7:16am CET

Intro / Outro Touhou Project / Bad Apple (Nika Lenina Ukrainian Orchestra Version)

Funtenna project

A Monitor Darkly

Compromising emanations: eavesdropping risks of computer displays

Direct download: 70.mp3
Category:Technology -- posted at: 4:14am CET

Intro / Outro Insecurity (Treatment) by fourstones Ft: Ms. Vybe  

00:02:19 ISIS using encrypted apps for communications; former intel officials blame Snowden

Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks

Encrypted messages: Does the government need a way in?

Telegram Messenger Blocks 78 Islamic State-Related Channels

Russian bill requires encryption backdoors in all messenger apps

France calls for worldwide help to fight messaging encryption

Encryption under fire in Europe as France and Germany call for decrypt law

France, Germany Call for European Decryption Law

German Intelligence Plans 12% Budget Increase for Communications Monitoring

Telegram app complicates job of French anti-terror police

Terror investigators grapple with Telegram app

00:38:57 СМИ узнали о возможном запрете на иностранное шифрование для банков

00:42:21 Bellingcat vs Fancy Bear: how hackers tried to halt the MH17 investigation

00:47:05 Critical DoS Flaw found in OpenSSL — How It Works

00:47:36 FBI probes hacks targeting phones of Democratic Party officials -sources

00:47:58 How Russia Wants to Undermine the U.S. Election

00:48:30 ISIL-Linked Hacker Sentenced to 20 Years in Prison

00:49:09 Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

00:50:14 KrebsOnSecurity Hit With Record DDoS

00:52:17 US elections and the hacking of e-voting machines

00:52:44 Apple Weakened iOS 10 Backup Encryption; Now It can be cracked 2,500 times faster

00:53:43 Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab

00:56:50 Oh, It's On Sale! USB Kill to Destroy any Computer within Seconds

00:57:56 ФАС просит доработать правила регулирования мессенджеров

00:59:43 The FBI recommends you cover your laptop's webcam, for good reason

01:02:45 "Газпром" запретил своим сотрудникам ловить покемонов на работе

Direct download: 69.mp3
Category:Technology -- posted at: 7:19pm CET

Intro / Outro Who Knows by sLow_starteR Ft: Tigoolio

Интервью с Владимиром Таратушкой (

HackIt Ukrain

Рекомендуемая книга Теодор Драйзер - Финансист

Direct download: 68_5.mp3
Category:Technology -- posted at: 10:46pm CET

Intro / Outro Christophe Deremy - Fairy Tail

00:02:40 Patch your vBulletin forum – or get popped

Millions of Steam game keys stolen after hacker breaches gaming site

GTAGaming Hack Blamed on Old vBulletin Software

00:09:40 Hackers Can Use Smart Sockets to Shut Down Critical Systems

00:11:46 DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise

00:15:00 Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable

00:16:12 Cisco Begins Patching Equation Group ASA Zero Da

00:17:20 Researchers announce Linux kernel “network snooping” bug

00:23:36 IPhone Users Urged to Update Software After Security Flaws Are Found  

00:26:22 This PC monitor hack can manipulate pixels for malicious effect

00:29:07 Gotta Spam ‘em All - Pokémon GO Spam

00:30:35 Кибеаполиция про PokemonGo

00:31:42 Сторінка Нацгвардії у TWITTER зламана

00:32:24 “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking

Microsoft Windows UEFI Secure Boot — Insecure by Design?

00:34:52 Equation: The Death Star of Malware Galaxy

00:39:26 PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55 -

00:40:07 Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs

00:41:10 Заява РНБО у зв’язку з ситуацією, що склалася навколо запуску системи електронного декларування

00:42:15 Власти РФ отказались вводить уголовную ответственность за оборот биткоинов

00:46:23 DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work

00:47:53 Major Events and Hacktivism #OpOlympicHacking

00:47:59 Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]

00:49:18 Key Fob Hack Allows Attackers To Unlock Millions Of Cars

00:50:25 SQL Injection Vulnerability in Ninja Forms

00:51:14 Немного об интересной рассылке

00:53:22 Resource: List of Car hacking tools, Car security tools and Car security resources

00:54:09 WildfireDecryptor tool

Direct download: 68.mp3
Category:Technology -- posted at: 7:14am CET

Intro / Outro Broken Remote (Channel Changer Mix) by Vidian

00:01:07 Кто ты, слушатель Securit13?

00:01:17 Интервью с Владимиром Гарбузом, организатором BSides Odessa про BSides Odessa 27.08.2016

00:17:49 Всеукраинская битва хакеров и форум по кибербезопасности HackIT

00:20:02 пара слов о DefCon

DEF CON Media Server


Direct download: 67.mp3
Category:Technology -- posted at: 9:03am CET

Intro / Outro Police Academy Theme

Интервью с Алексеем Барановским об отборе в киберполицию

Рекоммендованные книги:

Гарри Гаррисон “Стальная крыса”

Gray Hat Hacking The Ethical Hacker's Handbook

Теоретичні основи моделювання та аналізу систем захисту інформації Антонюк А.О., Жора В.В.

Безпека інформаційно-комунікаційних систем Новиков О. М., Грайворонський M. B.

Direct download: 66.mp3
Category:Technology -- posted at: 9:16am CET

Intro / Outro DZIDZIO - MARSIK

00:01:54 Стан професії 2016: дослідження Української групи інформаційної безпеки.

Кто ты, слушатель Securit13?

00:02:30 Добавляем произвольный телефон в личном кабинете оператора мобильной связи Киевстар (Украина)

00:06:35 Cisco gives you two nasty bugs to fix before the weekend

00:08:18 Crypto flaw made it easy for attackers to snoop on Juniper customers

00:09:00 Хакеры из Кабардино-Балкарии, укравшие 1 млн фунтов с английских счетов, сели в тюрьму

00:11:43 Стримить или не стримить, вот в чем вопрос...

00:12:35 Residents Are Pissed That Their Neighborhood Has Become A Pokémon Go Hot Spot

Pokemon Go: privacy and security concerns you should be aware of

Pokemon Go Away: Russians See CIA Plot, ‘Satanism’ In Viral App

Fake Pokemon GO Android App Locks Your Screen, Clicks on Ads in the Background

NY state: Don’t play Pokemon Go while driving or walking

00:19:08 Riffle: A new anonymity system to rival Tor

Riffle: MIT Creates New Anonymity Network Which Is More Secure Than TOR

How to stay anonymous online

00:24:21 Nmap Announce: Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts,  and more!

00:24:57 Чужими руками: кто защитит чиновников в интернете

00:29:19 How the NSA Converts Spoken Words Into Searchable Text

00:30:54 Microsoft wins email privacy battle against US government

00:31:12 Drupal issues major security fixes for flaw probably used in Panama Papers breach

00:33:34 McDonald's No Longer Offering Free Porn In The US

00:34:34 cuteRansomware Uses Google Docs as C&C Server

00:35:35 Ransomware makes its debut on the small screen: FLocker infects smart TVs

00:36:12 New HIPAA Guidance Tackles Ransomware Epidemic In Healthcare

00:36:39 New Delilah Trojan Used to Blackmail Employees, Recruit Insiders

00:38:29 BAE Systems partners with SWIFT to bolster hacker intel

00:39:49 С 1 августа платежная система Visa вводит в Украине принцип нулевой ответственности клиента за действия мошенников

00:42:32 20-year-old Windows bug lets printers install malware—patch now

00:42:43 Ubuntu Forums hack exposes 2 million users

NZ school servers hacked

Polish telecom suffers major data breach following hack

00:43:48 My Experience With the Great Firewall of China

00:44:56 Erdogan says his government is in control after bloody coup attempt in Turkey

Twitter, Facebook & YouTube blocked in #Turkey at 10:50PM after apparent military uprising in #Turkey

00:46:30 OpenSSH has user enumeration bug

Direct download: 65.mp3
Category:Technology -- posted at: 11:50pm CET

Intro / Outro Wired (cdk Dub and Bass mix) by cdk (c)

00:02:51 Стан професії 2016: дослідження Української групи інформаційної безпеки.

00:03:46 Кто ты, слушатель Securit13?

00:04:11 «Пакет Яровой» принят. И это очень плохо

СБУ советует украинцам до 1 августа удалить свои аккаунты из российских соцсетей (список)

СБУ закликає українців видалитися з російських соцмереж (видео)

00:14:44 В Украине появился мобильный кошелек для покупки и продажи биткоинов за гривну

00:16:21 Ashley Madison gives infidelity a new look

00:18:17 Teenager admits Mumsnet password cyber attack charges

00:19:36 Here's how fake telephone tech support scams work

00:21:18 What does Brexit mean for data protection & privacy?

Will Brexit impact GDPR and data protection rules?

00:22:40 SCADA malware caught infecting European energy company

Word up: BlackEnergy SCADA hackers change tactics

00:24:37 Через сутки вознаграждение за блок Bitcoin упадет вдвое

00:27:42 BMW ConnectedDrive - (Update) VIN Session Vulnerability

BMW - (Token) Client Side Cross Site Scripting Vulnerability

00:29:27 sesto

00:30:12 Харьковчанин, обладающий патентом на создание автоматизированной системы такси, обвинил Uber в нарушении интеллектуальных прав

00:34:00 Taiwan banks suspend cash withdrawal at ATMs due to malware theft  

Direct download: 64.mp3
Category:Technology -- posted at: 11:34pm CET

Intro / Outro Sooner or later by Urmymuse

00:02:03 Привет, Тарас!

00:04:00 Microsoft collaborates on software for the legal marijuana industry

Marijuana and Microsoft: Why This is Huge for Legalized Pot

00:05:11 Cyberspace is officially a war zone – NATO

00:08:28 Security Advisory for Adobe Flash Player

00:10:55 Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says

00:16:33 Gartner’s Top 10 Security Predictions 2016

00:26:21 Facebook Messenger был уязвим к атаке, требующей базовые знания HTML

00:27:32 Flaw in Juniper's JunOS router software could cause DDoS flood

Cisco Issues Hight Alert on IPv6 Vulnerability, Says It Affects Both Cisco and Other Products

00:28:18 Cisco Won’t Patch Critical RV Wireless Router Vulnerability Until Q3

00:30:08 North Korean Hackers Stole F-15 Wing Designs, Seoul Says

00:32:01 Hacker faces 25 years in prison for giving ISIS a US kill list

00:33:19 Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says

00:35:24 В Украине создали Национальный координационный центр кибербезопасности

00:37:28 Forget Game of Thrones as Android ransomware infects TVs

00:39:03 An IT Worker at the Panama Papers Law Firm Has Been Arrested

00:39:52 Twitter: Passwords Leaked for Millions of Accounts

00:40:35 uTorrent Forums Hacked, Passwords Compromised

00:41:14 Let's Encrypt lets 7,600 users... see each other's email addresses

00:42:03 The web attacks that refuse to die

00:42:55 Inferring Internet Security Posture by Country through Port Scanning (pdf)

00:43:31 Should multilingual websites use HTTPS by default | Million Dollar Blog (к моменту публикации, статья и все ссылки на нее были удалены)

00:44:58 FBI: Email Scams Take $3.1 Billion Toll on Businesses

00:46:03 How a college student tricked 17k coders into running his sketchy script

00:48:01 DAO теряет миллионы долларов в час из-за ошибки в своём коде и тянет Ethereum за собой

00:52:32 Telegram bug allows attackers to crash devices, jack up phone bills

00:53:28 BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions

00:55:03 Acer Ecommerce Site Spills Credit Card Information of Thousands

00:57:20 Никифоров: регулирование трафика в мессенджерах и соцсетях технически невозможно

00:58:29 Hacking the Mitsubishi Outlander PHEV hybrid

00:59:36 Help Make Open Source Secure

Direct download: 63.mp3
Category:Technology -- posted at: 8:01am CET

Intro / Outro We are Connected (the Chemma Chi  Remix) by SackJo22

00:01:39 GCHQ joins Twitter

00:02:42 Интервью с Андреем Кузьменко. Связаться с Андреем можно в LinkedIn  или по почте

00:05:53 Your car can be held for ransom

Car hacking news: Ransomware threat could reach auto dealerships

Ransomware cyberattacker did not pretend to be employee

Visa USA | Visa Everywhere | Innovation | Connected Car

Ditch the Wallet and Pay With Your Car

00:10:38 Hospital pays ransom, ransomware demands more money

00:10:47 Observations and thoughts on the LinkedIn data breach

00:19:48 Heart surgery stalled for nearly 5 mins as anti-virus scan crashes computers

00:33:19 Pornhub said to be compromised, shell access available for $1,000

00:37:04 У Києві поліція затримала кіберзлодіїв, які обкрадали банкомати з допомогою вірусу

00:51:33 Symantec antivirus bug allows utter exploitation of memory

00:56:02 Книга от гостя On the Road by Jack Kerouac

00:58:05 CVE-2016-4117: Flash Zero-Day Exploited in the Wild

01:00:08 Взломан украинский реестр недвижимости

01:01:40 Ukrainian hacker pleads guilty to insider trading in US

01:02:16 Observations and thoughts on the LinkedIn data breach

01:04:06 SWIFT Warns of Second Bank Attack via PDF Malware

U.S. banks scrutinize SWIFT security after hacks: reports

Exclusive: UK banks ordered to review cyber security after SWIFT heist

01:05:23 Hacker fans give Mr. Robot website free security checkup

01:06:13 TeslaCrypt shuts down and Releases Master Decryption Key

01:06:54 You really shouldn't download 'WhatsApp Gold'

01:07:45 Google Set to Kill SSLv3, RC4 in SMTP, Gmail in June

Видео запись эпизода на нашем канале

Direct download: 61.mp3
Category:Technology -- posted at: 1:41am CET

Intro / Outro Awaken by TheDICE

00:01:00 Вышел Phrack №69

00:02:50 Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

Server-jacking exploits for ImageMagick are so trivial, you'll scream  

Public Exploits Available for ImageMagick Vulnerabilities

00:08:48 Hacking Slack accounts: As easy as searching GitHub

00:14:32 Vulnerability disclosure for Pornhub

00:17:31 10-Year-Old Hacks Instagram; Wins $10K From Facebook

00:21:02 Student gets conditional 18-month sentence in CRA Heartbleed breach

00:23:28 Anonymous attack Greek central bank, warns others

00:24:53 Wi-Fi network named 'mobile detonation device' grounds plane

00:26:54 Car Hackers Could Face Life In Prison. That's Insane!

00:30:01 Adobe, Microsoft Push Critical Updates

00:30:59 How the Pwnedlist Got Pwned

00:31:58 Here's how many US surveillance requests were rejected in 2015

00:38:09 Twitter Bars Intelligence Agencies From Using Analytics Service

00:39:47 Apple Stole My Music. No, Seriously.

00:42:28 Walmart confirms police report, says card readers compromised in Virginia

00:44:30 The Bitcoin affair: Craig Wright promises extraordinary proof

00:45:36 Another Day, Another Hack: Tens of Millions of Neopets Accounts

Direct download: 60.mp3
Category:Technology -- posted at: 11:29am CET

Intro / Outro Pentatonix - Daft Punk

00:02:56 Bangladesh Bank hackers compromised SWIFT software, warning issued

00:06:58 The Vigilante Who Hacked Hacking Team Explains How He Did It

00:13:00 Millions Of Naughty America Porn Accounts Can Be Yours For A Mere $300

00:17:30 Lip Kit Website Glitch Personal Customer Info Exposed

00:17:46 How a Hacker Found The Personal Information of All Mexican Voters

00:20:25 When a nation is hacked: Understanding the ginormous Philippines data breach

00:21:27 ‘Blackhole’ Exploit Kit Author Gets 7 Years

British Authorities Order Hacker Lauri Love to hand Over Encryption Keys

Creators of  SpyEye Virus Sentenced to 24 Years in Prison

Matthew Keys Sentenced to Two Years for Aiding Anonymous

00:24:23 Privacy tools - encryption against surveillance

00:25:14 2016 DBIR: Understand Your Cybersecurity Threats | Verizon Enterprise Solutions

00:28:32 How to decrypt Petya Ransomware for Free

Reversing the petya ransomware with constraint solvers

00:29:09 How cybercriminals earned $100,000 just by sending a DDoS threat email

00:30:02 Apple stops patching QuickTime for Windows despite 2 active vulnerabilities

Adobe warns that uninstalling vulnerable QuickTime for Windows can break Creative Cloud

00:31:11 В браузер Opera добавили бесплатный и безлимитный VPN-клиент

00:32:17 SMS phishing attackers continue to pursue Apple users

00:33:22 iOS 'date bug' can be exploited over Wi-Fi using NTP

00:34:21 Закрыт крупный ботнет из Linux-серверов

00:36:08 Almost half of dropped USB sticks will get plugged in

00:40:19 Printers at German Universities Mysteriously Churn Out Anti-Semitic Fliers

00:40:45 How I Hacked Facebook, and Found Someone's Backdoor Script

00:42:34 2015 Google Android Security Report

Direct download: 59.mp3
Category:Technology -- posted at: 5:52pm CET

Intro / Outro Vivienne Mort - ГГПТКН

00:02:13 The FBI Drops Its Case Against Apple After Finding a Way Into That iPhone

iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage

00:05:54 Apple's fruitless rootless security broken by code that fits in a tweet

00:09:37 About the Panama Papers

00:14:39 Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens

00:15:13 Megabreach: 55 MILLION voters' details leaked in Philippines

00:18:00 Costa Rica launches investigation after reports hackers ‘rigged’ 2014 election

00:21:04 BlaBlaCar & Uber

00:23:59 Why Hospitals Are the Perfect Targets for Ransomware

1,400+ Vulnerabilities Identified in Medical Supply System

00:28:52 Meet the new ransomware that knows where you live

00:30:27 Certified Ethical Hacker website caught spreading crypto ransomware

00:33:11 Sources: Trump Hotels Breached Again

00:34:33 Adobe Patches Flash Player Zero-Day Threat

Mindless Flash masses saved as exploit kit devs go astray with 0day

00:35:36 FBI: $2.3 Billion Lost to CEO Email Scams

00:36:13 Uber Will Pay $10,000 ‘Bug Bounties’ to Friendly Hackers

00:36:53 How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

00:39:39 No Password Required! 135 Million Modems Open to Remote Factory Reset

00:40:07 Karamba Security

00:44:15 WordPress pushes free default SSL for hosted sites

00:45:31 Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

00:46:55 How Pirates And Hackers Worked Together To Steal Millions Of Dollars In Diamonds

00:48:15 DNS root server attack was not aimed at root servers – infosec bods

Видео запись эпизода на нашем канале

Direct download: 58.mp3
Category:Technology -- posted at: 8:50pm CET

В этом эпизоде Виктор Жора рассказал о тонкостях установления кибер *бинго* стратегии Украины.

Intro / Outro Somewhere by spinmeister

Про рішення Ради національної безпеки і оборони України від 27 січня 2016 року "Про Стратегію кібербезпеки України"

Киберполиция Украины

Direct download: 57_5.mp3
Category:Technology -- posted at: 7:30am CET

Intro / Outro Texasradiofish - It's a Good Day

00:00:58 Skype co-founder launches ultra-private messaging, with video

ChaCha (pdf)

00:02:27 Top iPhone Hackers Ask Court to Protect Apple From the FBI

John McAfee better prepare to eat a shoe because he doesn’t know how iPhones work

John McAfee tells Ars he’s fighting a lonely battle, but he’s not lying

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent

00:10:33 Exim < 4.86.2 Local Root Privilege Escalation

00:11:24 Hacker 'Guccifer' extradited to US

00:12:27 Romanian ATM hacker exploits vulnerability in FENCE, escapes jail

00:13:41 ATM Hackers Have Reached Whole New Level

You'd Never Spot These Hidden Card Skimmers That Are on the Rise

00:15:23 Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid

Hackers did indeed cause Ukrainian power outage, US report concludes

“Прикарпаттяобленерго”: The “First” Attack On Infrastructure

00:17:51 IS Documents Identify Thousands Of Jihadis

00:18:53 The NSA Hacked Into the U.S. Military by Digging Through Its Trash

00:19:49 Pentagon invites hackers to come give it a try

00:21:09 Seagate Phish Exposes All Employee W-2’s

00:21:27 New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer

00:23:01 Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI

00:23:58 Hacker Says He Can Hijack a $35K Police Drone a Mile Away

00:24:49 More than 11 million HTTPS websites imperiled by new decryption attack

00:27:38 Accessibility Clickjacking - A Skycure Discovered Vulnerability

“Accessibility Clickjacking” - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices

00:29:37 Google open sources vendor security review tool

00:33:02 Subgraph OS — Secure Linux Operating System for Non-Technical Users

Видео запись эпизода на нашем канале

Direct download: 56.mp3
Category:Technology -- posted at: 3:53am CET

Intro / Outro Get Money by Blake 

В этом эпизоде Павел Кравченко рассказал о bitcoin, blockchain и децентрализованных аукционах.

Третье поколение электронных аукционов как разгром государственной монополии

Мануал по приєднанню платформи до аукціона


The World’s First State Auction on the Blockchain Being Tested in Ukraine

The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

Безумно просто

Связаться с Павлом можно по скайпу ideateam_macuser

Видео запись эпизода на нашем канале

Direct download: 55_5.mp3
Category:Technology -- posted at: 12:47pm CET

Intro / Outro Степ - Бум-Бум - все в нас є

00:01:45 Apple, The FBI And iPhone Encryption: A Look At What's At Stake

Why You Should Care About Apple’s Fight With the FBI

Judge Forces Apple to Help Unlock Terror Shooter's iPhone

No, A Judge Did Not Just Order Apple To Break Encryption On San Bernardino Shooter's iPhone, But To Create A New Backdoor | Techdirt

The FBI’s attack on Apple could force Congress to rule on encryption

Customer Letter - Apple

Judge Demands that Apple Backdoor an iPhone

Why Tim Cook is wrong about the iPhone 'back door': A privacy advocate's view

Encryption is under attack.

Not a Slippery Slope, but a Jump off the Cliff

Apple vs the FBI - a plain English guide - BBC News

Why Apple — and Not Google — Is in the FBI’s Crosshairs

Here’s how often Apple, Google, and others handed over data when the US government asked for it

Bill Gates sides with FBI on demand for Apple backdoor to shooter's iPhone

Encryption isn’t at stake, the FBI knows Apple already has the desired key

00:26:29 Extremely severe bug leaves dizzying number of software and devices vulnerable

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Критическая уязвимость в glibc опасна для всех Linux

00:34:22 Hospital paid hackers $17,000 to unlock data held for ransom

00:40:24 Execute My Packet

00:46:29 Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

00:48:54 Google Wants to Save News Sites From Cyberattacks—For Free

00:51:39 Joomla Joins WordPress As TeslaCrypt Ransomware Target

00:53:27 Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles

00:59:51 This is Why People Fear the ‘Internet of Things’

01:12:45 Teacher’s sex tape stolen from hacked Dropbox, posted on school site

01:17:49 Man admits he stole nude celebrity pics from Apple and Gmail accounts

01:18:07 Tor: 'Mystery' spike in hidden addresses

RicochetSecurityAssessment (pdf)

01:19:27 Adi Shamir anniversary keynote on “Financial Cryptography: Past, Present, and Future”

01:25:26 Volksverschlüsselung

01:31:42 Интервью с Владимиром Гарбузом

Сайт конференции

The Web Application Hacker's Handbook

Связаться с Владимиром можно по скайпу vigarbuz

Direct download: 55.mp3
Category:Technology -- posted at: 8:55pm CET

Alice, Victor Zhora and Kostiantyn Korsun talked with Kenneth Geers about his book Cyber war in perspective (pdf), how can Ukraine to be a leader in cyber security, conflicts in Ukraine and Syria with perspective on cyber space and other questions.

Kennet's twitter is @KennethGeers

Intro / Outro Grapes - I dunno

Видео-запись интервью на нашем канале

Direct download: 54-2.mp3
Category:Technology -- posted at: 3:43am CET

Intro / Outro Alex - Drive

0:01:54 Чтобы превратить iPhone в "кирпич", достаточно сменить системную дату на 1 января 1970 года -

0:04:23 There's a lot of vulnerable OS X applications out there.

VLC unsigned updates over http

0:09:09 Fake Flash Player Update Infects Macs with Scareware

0:10:09 Nexus Security Bulletin - February 2016

Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android

Google plugs Android vulns

0:10:47 Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware

0:12:02 Every version of Windows hit by 'critical' security vulnerability

0:12:52 Опубликованы новые подробности о том, как троян BlackEnergy атакует Украину

Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж

0:18:47 Hackers mirror 250GB of NASA files on the web

OpNasaDrones Zine #Anonsec

0:24:12 Privilege Escalation + Remote Code Execution in Apache Jetspeed 2.2.0 - 2.3.0

Default settings in Apache may decloak Tor hidden services

0:26:02 Brit spies want rights to wiretap and snoop on US companies' servers

0:26:52 Smart toys spring dumb vulns. Again. This time: Cuddly bears, watches

Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks

0:30:30 Big Question: What does the Julian Assange case have to do with human rights?

The Working Group on Arbitrary Detention Deems the deprivation of liberty of Mr. Julian Assange as arbitrary

0:31:08 New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform

Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal

0:32:27 OpenSSL fixes bug, gets dissed by German gov: That's so random ... not

OpenSSL study

0:34:41 White House seeks its first ever chief information security officer

0:35:39 Safeway Self-Checkout Skimmer Close Up

0:36:39 Взломать PayPal за 73 секунды

0:37:46 AST-2016-001: BEAST vulnerability in HTTP server

0:38:44 For Cyberattackers, Time Is The Enemy

0:39:29 Mysterious spike in WordPress hacks silently delivers ransomware to visitors

0:40:13 KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass

0:40:48 Samsung warns customers not to discuss personal information in front of smart TVs

0:41:21 Twitter Says There’s No “Magical Algorithm” to Find Terrorists

Combating Violent Extremism | Twitter Blogs

0:42:06 Malware Museum!

Roll up, roll up to the Malware Museum! Run classic DOS viruses in your web browser 

О сколько нам открытий чудных готовит Office Microsoft

Видео-запись эпизода на нашем канале

Direct download: 54-1.mp3
Category:Technology -- posted at: 3:38pm CET

Intro/ Outro Time (cdk Give Me Some Dubstep Extended Mix)

0:00:51 Продовжено роботу групи з вивчення причин тимчасового збою в роботі систем енергопостачальних компаній, що мали місце 23 грудня 2015 року
Повна новина
Атака на энергетические объекты 19-20 января 2016 года. Постфактум
Techie on the ground disputes BlackEnergy Ukraine power outage story
Steinitz: Israel’s Electric Authority hit by ‘severe’ cyber-attack
0:07:48 Secret SSH backdoor in Fortinet hardware found in more products
Fortinet SSH vulnerability more widespread than thought
0:14:15 NSA Helped British Spies Find Security Holes In Juniper Firewalls
0:17:28 В ядре Linux обнаружена уязвимость, позволяющая поднять привилегии в системе
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
0:20:41 Canada Cuts Off Some Intelligence Sharing With U.S. Out of Fear for Canadians’ Privacy
0:21:15 Get Safe online
0:23:32 IT-cпецагенты: кого и как отобрали в украинскую киберполицию
0:26:16 Critical Yahoo Mail Flaw Patched, $10K Bounty Paid
0:27:31 Lenovo used 12345678 as hard-coded password in SHAREit for Windows
0:31:28 Here's what an Ashley Madison blackmail letter looks like
0:33:33 HD Moore Leaves Rapid7
0:34:01 OpenSSL to Patch Two Vulnerabilities This Week
0:37:49 PayPal Remote Code Execution Vulnerability 
And the tool used for that.
0:39:08 Oracle's finally killing its terrible Java browser plugin
0:40:36 Kali Linux, Rolling Edition Released – 2016.1
0:46:50 Crash Safari Code |
0:47:38 СБУ задержала группу хакеров при попытке воровства 15 млн грн
0:49:21 iSIGHT and FireEye: Ushering in a New Era of Intelligence-Led Security
0:49:59 Toyota Russia Customers Data
0:52:06 Oracle drops 248 - count 'em - 248 patches, to fix ... something
0:56:42 Skype Now Hides Your Internet Address
0:58:08 NSA Hacker Chief Explains How to Keep Him Out of Your System
1:00:03 Reversing Apple’s syslogd bug
1:00:33 Прикольный баг был в 1Password
1:01:01 As promised @googlechrome indeed doesn't recognise @VERISIGN certificates as trusted anymore.
1:02:44 White Paper: A Guide to DDoS Mitigation & Testing
1:03:01 Remote access to the car or practical aspects of the ELM 327 security 

Видео-запись эпизода на нашем канале

Direct download: 53.mp3
Category:Technology -- posted at: 9:12pm CET

Intro / Outro BRUTTO - Просперо (Piano Cover)
00:03:31 Интервью с Виктором Жорой об атаке на объекты электроэнергетики Украины
Причиною вчорашнього знеструмлення половини Івано-Франківщини була хакерська атака
СБУ попередила спробу російських спецслужб вивести з ладу об'єкти енергетики України
First known hacker-caused power outage signals troubling escalation
Хакери погрожують українським енергомережам. За кібератакою на обленерго читається російський почерк
США підозрюють Росію у причетності до кібератак на електромережі України
Malware 'clearly' behind Ukraine power outage, SANS utility expert says
iSIGHT Partners: Sandworm Team and the Ukrainian Power Authority Attacks
Троян BlackEnergy используется в кибератаках на СМИ и промышленные объекты Украины
BlackEnergy Disrupt Matrix - SOC Prime X
Potential Sample of Malware from the Ukrainian Cyber Attack Uncovered
BlackEnergy .XLS Dropper
Штаб: У "Борисполі" попередили ймовірну хакерську атаку з боку РФ
Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (pdf)
Cyber war in perspective (pdf)
00:58:41 Казусы наших 1с
01:01:15 Герб мининформполитики
01:02:02 Суд дозволив прокуратурі обшукати український офіс Google
01:04:04 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
Fortinet says backdoor found in FortiOS is "a management authentication issue"
01:07:03 Facebook spars with researcher who says he found “Instagram’s Million Dollar Bug”
01:08:43 iOS 9.3 brings multi-user mode to iPads, along with more features and fixes
01:11:10 How Nvidia breaks Chrome Incognito
Nvidia: Chrome 'Incognito' Porn Leakage Is on Apple, Not Us
01:14:11 Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
Evil OpenSSH servers can steal your private login keys to other systems – patch now
How To Fix OpenSSH's Client Bug CVE-0216-0777 and CVE-0216-0778 by Disabling UseRoaming
01:15:29 Microsoft Gives Details About Its Controversial Disk Encryption
01:17:21 Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
01:18:11 Microsoft ends support for Windows 8, IE8 through 10: What does this mean for you?
01:18:40 The Tor Project Is Starting a Bug Bounty Program
01:18:55 Linode: back at last after ten days of hell
Linode Blog » Security Notification and Linode Manager Password Reset
01:19:21 Cisco admins gear up for a late night – hardcoded password in wireless points nuked
01:19:29 Про ДДоС говнокод.ру через JS в посте на хабре
01:21:21 TrendMicro node.js HTTP server listening on localhost can execute commands
01:23:37 Debug code cracked case in hunt for mystery Silverlight zero day
01:24:44 Software bug granted early release to more than 3,200 US prisoners
01:25:32 Massive bug at online gaming platform exposes users' sensitive data
01:26:19 Turkish carder scores record 332-year jail term    
01:26:50 Vulnerability allows to permanently delete any skype account by support request
01:29:28 French say 'Non, merci' to encryption backdoors
01:30:13 Database leak exposes 3.3 million Hello Kitty fans
01:30:23 250 Hyatt hotels hacked via PoS malware
01:30:42 Trustwave failed to spot casino hackers right under its nose – lawsuit
01:31:51 Stranger talks to a kid through this hacked baby monitor
01:32:38 Holiday hack challenge
Security weekly #444
01:41:07 drduh/OS-X-Security-and-Privacy-Guide

Direct download: 52.mp3
Category:Technology -- posted at: 1:43pm CET

Intro / Outro Run The Jewels - A Christmas F*cking Miracle

0:02:41 Bitcoin's Creator Satoshi Nakamoto Is Probably This Unknown Australian Genius

Satoshi Nakamoto Not Eligible For Nobel Prize - CCN: Financial Bitcoin & Cryptocurrency News

Time To Call A Hoax? Inconsistencies On 'Probable' Bitcoin Creator's PhD And Supercomputers Revealed

0:06:16 If you are using TrueCrypt you should stop.  Hashcat is now optimized to crack TrueCrypt volumes.

0:07:03 How the AM hack changed the victims’ lives

0:08:14 Hacker Confirms PlayStation 4 Jailbreak! Exploit Could Open Doors for Pirated Games

Hacking the PS4, part 2

0:09:16 Unauthorized code in Juniper ScreenOS allows for administrative access

0:11:40 Back to 28: Grub2 Authentication 0-Day

Критическая уязвимость в загрузчике Grub2 позволяет обходить защиту паролем

0:12:46 DDoS on DNS

Корневые DNS-серверы пережили необычную DDoS-атаку

0:16:08 MacKeeper data breach

0:20:20 Critical Remote Root Zero-Day In FireEye Appliances 

0:24:08 PCI security standards council revises date for migrating off vulnerable SSL and early TLS encryption (pdf)

Let's Encrypt says get your free digital security certificates here

Let's Encrypt! Get started.

Certificates for US sanctioned countries

0:25:55 MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela

0:28:35 No root for you! Google slams door on Symantec certs

0:29:38 Donald Trump thinks he can call Bill Gates to 'close up' the internet

0:33:45 Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel

0:35:09 A Different Kind of POP: The Joomla Unserialize Vulnerability

0:38:08 A 2008 book by Craig S. Wright contains plagiarism

0:42:36 Google Search starts indexing HTTPS pages by default

0:43:10 Kazakhstan Announces Plan to Spy on Encrypted Internet Traffic

0:51:45 Troy Hunt: When children are breached – inside the massive VTech hack

Hacker Obtained Childrens' Headshots and Chatlogs From Toymaker VTech

VTech Hacker Explains Why He Hacked the Toy Company

0:52:46 First ever EU rules on cybersecurity

0:56:36 I included emoji in my password and now I can't log in to my Account on Yosemite

0:59:15 Хакера з України, підозрюваного в крадіжці 80 млн, затримали в Кракові

0:59:51 Неудачное обновление ПО SAP в Deutsche Post DHL

1:06:45 Tails 1.8 is out

1:06:50 What a nice holiday gift.

1:07:21 Python Extension · rapid7/metasploit-framework Wiki · GitHub

1:07:58 Craig S. Wright - "The IT Regulatory and Standards Compliance Handbook" Contains Plagiarism

1:08:14 The Happiness Advantage: The Seven Principles of Positive Psychology That Fuel Success and Performance at Work 

Direct download: 51.mp3
Category:Technology -- posted at: 6:03pm CET

Intro / Outro Naughty By Nature Ft. Kate Nauta - Name Game

0:02:03 Kaspersky Antivirus Certificate handling path traversal

0:03:40 CVE-2015-6357: FirePWNER Exploit for Cisco FireSIGHT Management Center SSL Validation Vulnerability

0:05:23 Dell ships laptops with rouge CA Lenovo style

Dell apologizes for HTTPS certificate fiasco, provides removal tool

0:06:08 Amazon suffers potential password leak, unknown number of accounts affected

Amazon data breach rumours spread as passwords are reset on some accounts

0:06:33 At 11:59pm EST on Sunday, the NSA will stop in-house phone metadata collection

The secret message hidden in every HTTP/2 connection: HTTP Verb "PRISM"

0:06:44 Казахстан внедряет свой CA для прослушивания всего TLS-трафика

0:09:34 Комментарий Евгения Шульги о прослушивании TLS-трафика

0:17:50 Интервью с Полом Алдерсоном

Daniel H. Pink - Drive

The Anatomy of Peace: Resolving the Heart of Conflict

0:21:15 Интервью с Алексеем Старовым

Concise. A Cybersecurity Education Directory.

Топовые конференции по security

"Security Engineering" by Ross Anderson

Примеры интересных академических статей:

0:25:24 Интервью с Кеннетом Гирсом

0:30:56 Интервью с Сергеем Харюком

0:35:32 Интервью с Гийомом Лове

0:42:50 Интервью с Александром

0:44:30 Интервью с Олегом Кучеровым

0:50:24 Интервью с Евгенией Брошеван и Вадимом Чакряном

Hackup learning network

Вадим Чакрян - С чего начать свой путь этичного хакера?

Direct download: 50.mp3
Category:Technology -- posted at: 6:25am CET

Intro / Outro Wang Rong Rollin - Chick Chick

02:40 Here’s a Spy Firm’s Price List for Secret Hacker Techniques

04:30 Google Is Fixing a Dangerous Gmail Bug That Could Let Others Impersonate You


05:59 Hacker fakes German minister's fingerprints using photos of her hands

09:43 Основатель Bitcoin Foundation Ukraine доказал в суде незаконность изъятия техники при обыске у него дома

12:41 Hacker Group Anonymous Announces 'Biggest Operation' Against ISIS After Paris Attacks

15:44 Кабмин "завернул" законопроект НКРСИ "Об электронных коммуникациях" - InternetUA

16:35 FBI denies paying $1 million to unmask Tor users

17:06 Nmap 7 Released

18:35 Cyberattacks are again used in a hybrid warfare. Now in Bulgaria.

24:59 The way we bank some places

27:53 Why tech firms pay hackers to hack them

29:18 The media link the PlayStation 4 to terrorist attacks in Paris

Direct download: 49.mp3
Category:Technology -- posted at: 1:54pm CET

Intro / Outro Був’є – Стіна

CloudFlare is a free global CDN and DNS provider that can speed up and protect any site online

Op-ed: (How) did they break Diffie-Hellman?

Ransomware Now Gunning for Your Web Sites

Linux Ransomware Debut Fails on Predictable Encryption Key

Let me tell you about Wireshark 2.0

Windows 3.1 Is Still Alive, And It Just Killed a French Airport

Oracle now keeps all EU data within EU borders to avoid Safe Harbour problems

Halloween security breach

Updates to Chrome platform support

Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege

The Secret Service Agent Who Collared Cybercrooks by Selling Them Fake IDs

Direct download: 48.mp3
Category:Technology -- posted at: 12:17pm CET

Intro / Outro Dubioza kolektiv - Free.mp3 (The Pirate Bay Song)



Take 5 minutes and up your opsec game with Tor Messenger

Короткая история времени

Hackers gonna hack, but why? Maybe Freud has the answer (публикация и твитт удалены)



Во Львовской ОГА уволили пользовавшегося почтой чиновника

В правительстве решили отделить свой Интернет от провайдеров

Somebody Just Claimed a $1 Million Bounty for Hacking the iPhone

TalkTalk Hackers Demanded £80K in Bitcoin

A 15-year-old boy Arrested in connection with #TalkTalk Cyber Attack

TalkTalk breach: CEO dismisses encryption, 15-year-old arrested

TalkTalk, Script Kids & The Quest for ‘OG’

13 million plaintext passwords leak from free webhosting firm

FireEye's CEO partly blamed a slowdown in Chinese hacking for its poor results, and the stock is getting crushed

ProtonMail Paid Hackers $6000 Ransom in Bitcoin to Stop DDoS Attacks

This 11-year-old is selling cryptographically secure passwords for $2 each

In the UK, Web browsing history must now be stored for a year

Programmers: Stop Calling Yourselves Engineers

Direct download: 47.mp3
Category:Technology -- posted at: 12:51am CET

Intro / Outro Пустельник - Піккардійська терція

Linux for kids

Интервью с Дмитрием Пономеревым о Lockpicking

Lockpicking wiki

Одни из лучших образовательных видео, чувак реально доходчиво объясняет и адекватное качество картинки, а не пиксели:


Building Your First Lock Pick Kit

Improve Your Lock Picking Skills (for Beginners)

Building Your First Lock Pick Kit

How to Detect and Beat Spool Pins (for Beginners)

Вендоры:  (тут называется Raking, но по-идее,это zipping )


А вот это raking с bogota rake

Связаться с Дмитрием можно в твиттере @ze_punker или написать письмо на

1Password хранит данные в незашифрованном виде - «Хакер»

CIA boss has his personal email account hacked... and yes, it's on AOL

Wikileaks claims release of CIA boss John Brennan's emails - BBC News

Teen Who Hacked CIA Director’s Email Tells How He Did It

HTTPS certs now simple, automated and FREEEE!

Chinese used hacking team software

Apple tells judge it's "impossible" to unlock a device running iOS 8 or higher

КМУ про винагороду кіберполіції

A network error routed traffic for the UK's nuclear weapons agency through Russia

Direct download: 46.mp3
Category:Technology -- posted at: 3:56pm CET

Intro / Outro Mt Eden DnB and Imogen Heap - The walk

Yahoo wants to kill passwords with revamped Mail app

Two-Factor Authentication - Duo Security

Интернет-омбудсмен увидел вред для РФ от вложений в IT-специалистов


Интервью с Евгением Пилянкевичем о проекте Themis

Блог и твиттер компании

Даниэль Канеман “Думай медленно... решай быстро”

John McAfee Launches Presidential Bid With Surprisingly Low Key Video

China arrests hacking suspects on behalf of the US

Створення кіберполіції

Вимоги до інспекторів та спецагентів

What’s in a Boarding Pass Barcode? A Lot

Migrate to KeePassX

Everything Amazon announced at AWS re:Invent 2015

Happy to see @awscloud Inspector ( & @googlecloud scanner ( as another security tool for dev
How is NSA breaking so much crypto?

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (pdf)

OS X 10.11 El Capitan: Bugs, bugs, and more bugs

Microsoft Working on Fix for Office Bugs in OS X El Capitan

Adobe confirms major Flash vulnerability, and the only way to protect yourself is to uninstall Flash

13 new vulnerabilities? You should disable or uninstall Adobe Flash

Adobe releases patch for major Flash vulnerability – here’s how to download it

Dow Jones Hacked, Affecting Thousands

WSJ hacked (pdf)

How I Hacked Hotmail

Exclusive: Uber checks connections between hacker and Lyft

Alleged Ukrainian Hacker Extradited to US

European Court of Justice invalidates European Commission’s Safe Harbor decision

IRS Can’t Update Woefully Out-of-Date Windows Servers Because It Can’t Find Some of Them

Russia ‘very targeted’ in its cyber attacks (video)

Злоумышленники атакуют компании через Cisco WebVPN

VulDB: Cisco ASA SSL VPN cross site scripting [CVE-2014-3393]

Rusky antivirus company FIRE BOMBED for research blogs

App Store removes root certificate-based ad blockers over privacy concerns

Lessons From the Summer of Epic Car Hacks

Direct download: 45.mp3
Category:Technology -- posted at: 2:22pm CET

Intro / Outro Гуцул Калiпсо - Звiзда

Интервью с Игорем Блюменталем. Связаться можно с помощью facebook или twitter

Bugsheet. Bug Bounties & Disclosure Programs



Первая всеукраинская олимпиада и форум по кибербезопасности

SYNful Knock - A Cisco router implant - Part I

IoT vigilante Linux.Wifatch 'malware' may be patching up security flaws

You should traceroute right now and

President Obama says the U.S. and China have agreed to broad anti-hacking principles

Analysis: China-US hacking accord is tall on rhetoric, short on substance

The Cost of Mobile Ads on 50 News Websites

Patreon was warned of serious website flaw 5 days before it was hacked


ARIN IPv4 Free Pool Reaches Zero

Russian police investigate Apple for ‘propagating homosexuality’

Symantec caught issuing rogue certificates

Symantec employees fired for issuing rogue HTTPS certificate for Google


Hello? HELLO? Major Skype outage hits UK, Australia and Japan

Недокументированная фича

AVG can sell your browsing and search history to advertisers (Wired UK)

BitPay Hacked, 5 000 Bitcoins Stolen

Cyber-attacks and underground activities in Port of Antwerp

Direct download: 44.mp3
Category:Technology -- posted at: 1:53am CET

Intro / Outro DJ Orkidea - Beautiful

Да здравствует UISGCon 11!

Мосгорсуд взыскал с Google 50 тысяч рублей за чтение личной переписки

iOS Ad-Blocking Apps Top Apple Inc.'s App Store Paid List Shortly After iOS 9 Launch

Ex-Ashley Madison CTO Threatens Libel Suit

Ashley Madison passwords like “thisiswrong” tap cheaters’ guilt and denial

Researcher discloses zero-day vulnerability in FireEye

FireEye, Kaspersky hit with zero-day flaw claims

FireEye 0day details (as much of them as legally possible)


Android 5.x Lockscreen Bypass (CVE-2015-3860)

iOS 8.4.1 AirDrop Exploit Demo

FBI: $1.2B Lost to Business Email Scams

BitPay Hacked, 5 000 Bitcoins Stolen - CCN: Financial Bitcoin & Cryptocurrency News

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

В России заблокируют PornHub

ЮРИДИЧНІ ОСОБИ, до яких застосовуються обмежувальні заходи (санкції) (pdf)

What is Privacy For? Protecting Our Kids Online.

Raising Kids with Privacy Awareness

Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals

Уязвимость на сайте ПриватБанка позволяла просматривать историю платежей любого пользователя

Яндекс.Навигатор уличили в записи разговоров владельца

LinkedIn Sockpuppets Are Targeting Security Researchers

SUCEFUL: Next Generation ATM Malware

Криворукие «хакеры» ФСБ «Киберберкут» разродились очередным фейком

А что вы ищите на github?

Global State of Information Security Survey 2015

First-ever monthly Android security updates start to roll out

Хакерские группы взламывают спутниковые каналы, чтобы замести следы

Netflix releases reflected XSS audit tool for biz

Что искала СБУ в Днепропетровском офисе LUXOFT

Malicious Firmware Found Preinstalled on Xiaomi, Huawei, Lenovo Phones

Direct download: 43.mp3
Category:Technology -- posted at: 8:41am CET

Intro / Outro ELEPHANT - Moon

A New Encryption Standard of Ukraine: The Kalyna Block Cipher

Держспецзв'язку впроваджує нові стандарти криптографічного захисту інформації

База патентів України. Спосіб шифрування двійкових блоків даних

A Meet-in-the-Middle Attack on Reduced-Round Kalyna-b=2b (pdf)



Who Hacked Ashley Madison?

Exposed Ashley Madison members targeted by scammers and extortionists

Troy Hunt: Here’s what Ashley Madison members have told me

Ashley Madison execs hacked competitors, wrote screenplay

Ashley Madison faces proposed class-action suit over half-deleted data

Lessons learned from cracking 4,000 Ashley Madison passwords

AshleyMadison: $500K Bounty for Hackers

Ashley Madison: 'Suicides' over website hack - BBC News

Leaked AshleyMadison Emails Suggest Execs Hacked Competitors

Almost None of the Women in the Ashley Madison Database Ever Used the Site

Ashley Madison dump, Troy Hunt and The Grugq

Netflix Is Dumping Anti-Virus, Presages Death Of An Industry

ЗМІ дізналися про загрози Касперського мочити компанію-конкурента

Холодильники Samsung могут быть использованы для кражи паролей Gmail

Linux Foundation releases PARANOID internal infosec guide

Improving Security for Bugzilla

Електронні петиції

Uber hires two security researchers to improve car technology

Direct download: 42.mp3
Category:Technology -- posted at: 12:17pm CET

Intro / Outro Frontline - Pillar

Ashley Madison Emails By Category

How to search through the leaked Ashley Madison data

Hackers Finally Post Stolen Ashley Madison Data

Hackers Dump More Ashley Madison Data

Aug 20 2015: New message and torrent!

Ashley Madison Hackers Speak Out: 'Nobody Was Watching'

I found my husband in the Ashley Madison leak

Как дрозды становятся дятлами

Oracle Deletes CSO’s Screed Against Hackers Who Report Bugs

Oracle CSO is right

My Personal Take On Mary Ann's Blog

No, You Really Can’t

Oracle blog. Those Who Can’t Do, Audit

Researchers find way to steal Windows Active Directory credentials from the Internet (SMB protocol)

EXCLUSIVE-Ex-employees: Russian antivirus firm faked malware to harm rivals Hacked! Credit Card information of 93,000 Customers Compromised

ICANN hacked, emails and passwords stolen

Tech Firm Ubiquiti Suffers $46M Cyberheist (8.1 вернули, 6.8 зарезервировано)

BitTorrent clients can be made to participate in high-volume DoS attacks

Domain Administrator in 17 seconds

Заклеивание веб-камеры или как мой муж сошел с ума

The Lifecycle of a Revolution (Keynote)

В Одеській ОДА виявили, що інформація з комп’ютерів йде в "ДНР"

Сайт Львівської обладміністрації зламали з території Криму



Loggly Main Dashboard

AWS CloudFormation

Understanding AWS Security

A lot of security topics  AWS videos are here:

Blog post about port knocking

Не вошедшее:

Empire is a pure PowerShell post-exploitation agent

cve-2015-???? poc ~ os x 10.10.5 kernel local privilege escalation

Share your terminal as a web application

Alibi routing software and data

Direct download: 41.mp3
Category:Technology -- posted at: 11:57am CET

Intro / Outro The Weeknd - Wicked Games

Hackers Can Disable a Sniper Rifle—Or Change Its Target

This Hacker’s Tiny Device Unlocks Cars And Opens Garages

This Gadget Hacks GM Cars to Locate, Unlock, and Start Them

Researchers Hacked a Model S, But Tesla’s Already Released a Patch

New vulnerability can put Android phones into permanent vegetative state

 Can they hear you now? Hacking Team & SS7

Researchers look sideways to crack SIM card AES-128 encryption

Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op’

Windows 10 is spying on you - at least that's what this developer thinks

Disable KeyLogger Windows 10

fix windows 10

Windows 10 updates to be automatic and mandatory for Home users

Researchers claim they’ve developed a better, faster Tor

950 million Android phones can be hijacked by malicious text messages

First Known Exploit of Apple DYLD_PRINT_TO_FILE Vulnerability Discovered in the Wild

Ashley Madison invites red-faced cheats to bolt stable door for free

Захист урядового порталу від Ddos-атак коштуватиме півмільйона

Mt.Gox Bitcoin Exchange CEO Arrested by Japanese Police

Chinese VPN Service as Attack Platform?


Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware

Exclusive: Visa application portal closed following SC Magazine investigation

Rapid7 Inc (NASDAQ:RPD)

What amateurs can learn from security pros about staying safe online

Телеком-регулятор проголосовал за лишение абонентов мобильной связи анонимности

Внимание! Крутое мошенничество с картами «ПриватБанка»!

Direct download: 40.mp3
Category:Technology -- posted at: 8:16am CET

Intro / Outro Hollywood Undead - Young

ВРУ рассмотрит законопроект о защите киберпространства

Предложения «ГО ИСАКА КИЕВ» к проекту закона Украины об основах кибербезопасности

Канадский опыт и

Hackers Remotely Kill a Jeep on the Highway—With Me in It

When Charlie Miller tells you to install an update for your Jeep, you really should go and install that update.

Patch Your Chrysler Now Against a Wireless Hacking Attack

Online Cheating Site AshleyMadison Hacked

#AshleyMadisonHack ... the website is now down

Paying $20 to delete your Ashley Madison profile was probably a bad idea


Firefox blacklists Flash player due to unpatched 0-day vulnerabilities

Adobe: We REALLY are taking Flash security seriously – honest

Third Hacking Team Flash Zero-Day Found

Project Zero. One Perfect Bug: Exploiting Type Confusion in Flash

RIPv1 Used in DDoS Reflection Attacks - AT&T ThreatTraq Bits (video)

Threat Advisory: RIPv1 Reflection DDoS (pdf)

OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability


MS urges Skype users to change their passwords

Bye bye Darkode

How to Crack RC4 Encryption in WPA-TKIP and TLS

Free Tool Looks for HackingTeam Malware

Owners of OPM breached data tobe granted life time credit monitoring

Wow, another NSA leak: Network security code appears on GitHub (Анализ на хабре

Direct download: 39.mp3
Category:Technology -- posted at: 2:33pm CET

Intro / Outro Jam & Spoon Featuring Rea Garvey-Set Me Free

ВРУ рассмотрит законопроект о защите киберпространства

Министерство IT

В Украине арестовали пятерых хакеров, причастных к краже не менее 2 млн евро у крупнейших мировых банков

Operation Lotus Blossom

HP Releases Details, Exploit Code for Unpatched IE Flaws

Analysis and Exploitation of an ESET Vulnerability

IETF официально вывел из обихода протокол SSLv3

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Secret Service agent who stole $820K from Silk Road pleads guilty

This Radio Bug Can Steal Laptop Crypto Keys, Fits Inside a Pita

Polish airline LOT was grounded after 'IT attack' took hold

Polish plane IT attack? Apparently not, just a simple DDoS

All Airlines Have the Security Hole That Grounded Polish Planes

Zero-Day Exploits for Stealing OS X and iOS Passwords

 CIA Backed Firm Finds Stolen Government Passwords Throughout Web

Роскомнадзор заблокировал страницу «архива интернета» за экстремизм

Drupal Fixes Critical OpenID Bug

Canada government websites taken down in cyber attack

US and British Spies Targeted Antivirus Companies

Adobe Releases Emergency Patch for Flash Zero-Day Vulnerability

Sony Hack: WikiLeaks Releases New Batch of 270,000 Documents


HP Security Research OSINT (OpenSource Intelligence) articles of interest

Crooks Use Hacked Routers to Aid Cyberheists

Transparently Routing Traffic Through Tor

Using Metasploit socks proxy auxilliary module over a Meterpretee session

Meterpreter Paranoid Mode

Encryption software for files in the cloud

Direct download: 37.mp3
Category:Technology -- posted at: 10:22am CET

Intro / Outro ЯрмаК - Вставай (TS Prod.)

Интервью с Алексеем Старовым о Tor-клиенте Astoria.

Measuring and mitigating AS-level adversaries against Tor (pdf)

Center for Applied Internet Data Analysis

Связаться с Алексеем можно по e-mail

Direct download: 36.5.mp3
Category:Technology -- posted at: 7:03pm CET

Intro / Outro Андрій Хливнюк "Спи собі сама"

Kaspersky Finds New Nation-State Attack—In Its Own Network


Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates

China might be building vast database of federal worker info, experts say

TV5 Monde attack 'by Russia-based hackers'

Serious iOS bug lets hackers create fake login screens to steal Apple credentials

LastPass Security Notice

Tesla Motors начала платить за найденные уязвимости

Assume your GitHub account is hacked, users with weak crypto keys told

You Can Be Prosecuted for Clearing Your Browser History

Sourceforge Hijacks the Nmap Sourceforge Account

This Hacked Kids' Toy Opens Garage Doors in Seconds

Edward Snowden: “I should have come forward sooner.”

Сноуден обвинил Россию в нарушении неприкосновенности частной жизни

Украинец убедил нигерийского спамера выслать ему 600 долларов

Держспецзв’язку видала позитивний експертний висновок на Симетричний блоковий шифр AES

The Senate Finally Passes NSA Surveillance Reform

Интернет-вруны: В сети появился список кремлевских троллей и пропутинских организаций

У Бельгії комісія подала до суду на Facebook

Report: Hack of government employee records discovered by product demo

Технологический практикум «Облака без лишних слов»

Вебинары Positive Technologies: образовательная программа "Практическая безопасность"

Yahoo to face class action lawsuit over email spying claims

Facebook will encrypt the emails it sends to you with PGP

Microsoft Plans to Add Secure Shell (SSH) to Windows


Direct download: 36.mp3
Category:Technology -- posted at: 9:00pm CET

Intro/outro - Фантом 2 - Двоє

The Complete Guide for Hidden Services And Staying Anonymous

Risky Business #367 -- Tor Project lead Roger Dingledine

Astoria — Advanced Tor Client Designed to Avoid NSA Attacks

Anonymous peer-to-peer instant messaging

Top encryption researcher moves to Switzerland to escape government interference

HideMyAss story: How misbehaving at school made one man a multimillionaire

Russia warns Google, Twitter and Facebook on law violations

Президент РФ подписал указ о создании государственного сегмента интернета

Some notes about Wassenaar

Cisco Systems поставляла оборудование для Минобороны РФ, ФСБ и Роскомоса в обход санкций

Билеты на финал Лиги Европы от Приватбанка

The founder of the Silk Road drug marketplace has been sentenced to life in prison without parole

Aaron Swartz stood up for freedom and fairness

Верховный суд обязал банки возвращать клиентам украденные с карточек деньги

Активисты раскрыли способ "накрутки" голосов при отборе в общественный совет НАБ

NSA (doesn’t) shut down surveillance program

Senate blocks the bill: Senate blocks NSA surveillance reform bill

Китайцы придумали, как отслеживать людей в метро через акселерометры смартфонов

Official Kali Linux Docker Images

ООН причислил шифрование и анонимность в интернете к правам человека

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

Infosec Hype Tracker

pcre -- multiple vulnerabilities

Malicious Minecraft apps affect 600,000 Android Users

Annoying bug causes iPhone Messages to crash

Hola VPN turns 10M users into exit nodes

These two Diablo III players stole virtual armor and gold — and got prosecuted IRL

Real-world, physical crypto-lockers

Security Firm Redefines APT: African Phishing Threat

Direct download: 35.mp3
Category:Technology -- posted at: 9:17am CET

Intro / outro - Christian Kane - LA Song

Интервью с Тарасом Бобало

Связаться с Тарасом можно с помощью email и skype madspeedy

Virtualized Environment Neglected Operations Manipulation (VENOM)

Heartbleed, eat your heart out: VENOM vuln poisons countless VMs

PCI DSS 3.1 (pdf)



Patch Tuesday Facelift End of an Era


Премьер-министр Сингапура написал решатель Судоку на C++ и выложил исходный код программы в открытый доступ

Super secretive malware wipes hard drive to prevent analysis 

WordPress Vulnerability Puts Millions of Websites At Risk

 Киевский трамвай наехал на Google-мобиль

Self-Driving Trucks Are Going to Hit Us Like a Human-Driven Truck

Security Product Liability Protections Emerge

France passes new surveillance law in wake of Charlie Hebdo attack

Microsoft Launches Visual Studio Code, A Free Cross-Platform Code Editor For OS X, Linux And Windows

Sublime Text

Mad Max: Fury Road

Goodbye! We'll be back!

Direct download: 34.mp3
Category:Technology -- posted at: 8:51am CET


Dai Davis

Jerry Gamblin

Kevin Williams

Leslie Forbes


Direct download: 44Con.mp3
Category:Technology -- posted at: 1:02am CET

Intro / Outro The Guild: I'm the One That's Cool

Интервью с Евгением Цигикало, специалистом по сигнализации в сетях связи

Б.Гольтдштейн Сигнализация в сетях связи



Hackers Could Commandeer New Planes Through Passenger Wi-Fi

RSA Conference 2015

How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security

Hacker Implants NFC Chip In His Hand To Hack Android Phones


Twitter перевёл неамериканские аккаунты в ирландский дата-центр

Wi-Fi software security bug could leave Android, Windows, Linux open to attack

iOS bug sends iPhones into endless crash cycle when exposed to rogue Wi-Fi

Fukushima nuke plant owner told to upgrade from Windows XP

Hackers used a surprisingly simple method to access Tesla's website and Twitter account

«ПриватБанк» и «Ощадбанк» запускают в Украине BankID — систему верификации пользователя на госсайтах

Direct download: 33.mp3
Category:Technology -- posted at: 12:50am CET

Intro / Outro Skylar Grey - White Suburban

FORTINET Security Day 2015


Introducing CSX skills-based CYBERsecurity training and performance-baced certifications

СТАЛЕВИЙ БУБЕН - IX (2015-04-04)

С Днем рождения, Владимир!

2015 Data Breach Investigations Report (pdf)

Risky Business #362

IBM to release 20 years worth of cyberthreat data 

IBM® X-Force Exchange 

Wikileaks Publishes Hacked Sony Emails, Documents

VeraCrypt 1.0f-2

French TV station TV5Monde hit by Islamic State hack

The 4 stages of crypto ransomware

Find it in twitter

Полиция Массачусетса заплатила выкуп в биткоинах, чтобы вернуть свои файлы

Q&A about malicious ransomware software

How the U.S. thinks Russians hacked the White House

66% devices patched Heartbleed but Most top corporates still Heartbleeding over the internet


What Your Passwords Say About Your Psychology

Direct download: 32.mp3
Category:Technology -- posted at: 4:23am CET

Intro / Outro Origa - Inner Universe

С Днем рождения, Сергей Борисович!

С Днем рождения, Алиса и Боб!

Интервью с Виктором Жорой


Рекомендованные книги:

Момент истины

Крестный отец

Сталевий бубен

Fortinet Security Day 2015

Information Security Day 2015 доклады


Call for paper R0-Conf #3

PCI Recognizes PTES as a reference framework for Conducting Penetration Tests! (pdf)

Курс з основ інформаційної безпеки

2015 Social Security Blogger Awards

Cyberbullying Resource Center : For parents

Все, що ви написали у "Фейсбук", залишається там – Влодимир Стиран

TrueCrypt Security Audit (pdf)

This 'Killer USB' can make your Computer explode

Is your VirtualBox reading your E-Mail?

Rooting SIM cards

Кабмин разрешил НКРСИ проверить 4 телекомоператора, в том числе "МТС Украина" и "Киевстар"

China's attack against GitHub

App Submissions On Google Play Now Reviewed By Staff, Will Include Age-Based Ratings

Cisco recommends Adblock & Ghostery to combat malvertising

Cisco IP Phones Vulnerable To Remote Eavesdropping

How Hackers Could Delete Any YouTube Video With Just One Click

Federal Agents Accused of Stealing Bitcoins During Silk Road Investigation

OSINT Tools … Recommendations List

Stop using tail -f (mostly)

Direct download: 31.mp3
Category:Technology -- posted at: 3:17pm CET

Intro: Кар - Мэн - Лондон гуд-бай

The Company Securing Your Internet Has Close Ties to Russian Spies

A practical guide to making up a sensation

H4cked off: Is Eugene Kaspersky 'in bed' (or the sauna) with the Russian government? Derr, of course he is

Exploiting the DRAM rowhammer bug to gain kernel privileges

The Rowhammer Bug

Risky Business #357 -- Mark Dowd talks Rowhammer

Black Box Can Brute Force Crack iPhone PIN Passcodes

New BIOS implant, vulnerability discovery tool to debut at CanSecWest

Mobile Android, iOS apps still vulnerable to FREAK attacks

RC4 must die

uTorrent Installs Bitcoin Miner

OpenSSL Audit

Webnic Registrar Blamed for Hijack of Lenovo

Bogus SSL certificate for Windows Live could allow man-in-the-middle hacks

Yahoo Mail launches on-demand passwords, end-to-end encryption coming by year's end

Yahoo exec goes mano a mano with NSA director over crypto backdoors

Adobe web services vulnerability disclosure program

Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities

Cyber terror test tasks hackers with saving London from hacked battleship

Banning Tor unwise and infeasible, MPs told

Drupal Patches Critical Password-Reset Vulnerability

GPG Suite Beta 6

Интервью с представителем департамента по борьбе с кибер. преступностью Украины Василием Гузием

Форма связи

Outro: Петр Сказкив - Буревій

Direct download: 30.mp3
Category:Technology -- posted at: 12:22am CET

Intro/Outro: Etherwood - Begin By Letting Go

'FREAK' in Android and iOS

'FREAK' in Windows

Вопрос от слушателя по мотивам очередного pre-load in Android


Truecrypt audit

Dropbox Accesses All The Files in Your PC (Not Just Sync Folder) and Steals Everything

Dropbox Is Probably Not Stealing All Your Files

Seagate NAS Remote Code Execution Vulnerability

How the NSA’s Firmware Hacking Works

Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys

How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It

Github Hacking for fun and... sensitive data search!

Hillary Rodham Clinton and her emails

Spies Just by Watching Your Phone’s Power Use has been hacked

Google is More Protected from Unwanted Software

Cloud based web app security scanner released by GOOGLE

Most vulnerable operating systems and applications in 2014 

Blogger porn content policy

Internet is for PORN!!

Direct download: 29.mp3
Category:Technology -- posted at: 3:15am CET

Intro/Outro: La Fouine - Controle Abusif

CTF движение в Украине и мире – интервью с Николаем Ильиным @MykolaIlin

Рейтинги команд CTF и успехи dcua

Популярность CTF-соревнований в Украине и мире

Принципы проведения CTF

Типы соревнований, тактика и стратегия участия в CTF

Для связи с Николаем используйте Twitter или пишите на

Ten Million (Logins and) Passwords


Online Check:

Lenovo caught installing adware on new computers

Кража миллиардов из 100 финансовых организаций по всему миру

Anunak vs Carbanak FAQ

Microsoft Pushes Patches for Dozens of Flaws

Bypassing Windows Security by modifying 1 Bit Only

Universal XSS in IE 11

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

Решили как-то за блогерами следить

но потом передумали

Рада ликвидировала Нацкомиссию по вопросам морали

Отчет об уязвимости моб.интернета от Positive Technologies (pdf)

The great SIM heist

SSL is officially declared dead

GnuPG 2.1.2 released

Facebook SCAM Alert: Get FREE $200 Amazon Gift Card!

Spat leads to partial leak of Rig Exploit Kit compromised by Chinese cyber spies targeting US firms

Direct download: 28.mp3
Category:Technology -- posted at: 1:54pm CET

Intro/Outro: Mad Heads – Молода кров

GnuPG donations

Support Risky.Biz

GPG Tools

GPG encrypted loopback disks

Mofilla, Tor & Privacy

Anthem hack

World's Biggest Data Breaches infographic

The Pirate Bay & CloudFlare CDN

Tsarev & Kolomoyskiy


Kyivstar cell network blackout in Eastern Ukraine

SS7 security concerns

Had Russian blackhats pwned Sony?

Tech journalism in Ukraine

RetroShare Signal Silent Circle

Extradition aspects

Snare on MacOS X bootkitting

Cisco Annual Security Report

Source 114 vs Verizon Business. Who wins?

Fear the known: why AV companies publish security reports?

Binary Risk Analysis

2 factor authentication vs 2 step verification


Army cyber defenders open source code in new GitHub project

CERT-UA 2014 report

Direct download: 27.mp3
Category:Technology -- posted at: 4:28pm CET

Эпизод 25: (туманное) Будущее (облачной) безопасности

Семейное счастье, яркие вулны, хаки и политические акции последнего времени, обачные инфраструктуры и их влияние на область ИБ, знания и инструменты безопасника будущего.

Ссылки на обсуждаемые материалы.

Intro/Outro: Крихітка Цахес – Пароль (

Direct download: 25.mp3
Category:Technology -- posted at: 9:06pm CET

Feature interview: Andrey "login" Loginov

Windows XPinction in 2014

Snowden leaks 

Anti DDoS in banking 

ØMQ/Saltstack firewall DDoS side effect

DNS amplification classics

Personal VPN on amazon EC2

Hadoop’ed Big Data swamp smelling like Redis

Data aggregation risks

Threat modeling fails

Quantum crypto progress

Outro: Alliance Ethnik - Respect (feat. Vinia Mojica)

Direct download: 24.mp3
Category:Technology -- posted at: 8:07pm CET

Интервью с Владимиром Кочетковым (

Тернистый путь специалиста по безопасности приложений: где учиться, чему учиться, к чему стремиться и многое другое.

Безопасность open source, аспекты безопасности использования разделяемых библиотек и frameworks.

Экзотическое поведение списков в Python (

О безопасности компиляторов (

Форум по безопасности для разработчиков на RSDN (

Язык программирования Nemerle (

The Tangled Web: A Guide to Securing Modern Web Applications (

Источники информации об исследованиях по безопасности кода:

Outro: Веня Д'ркин - Нибелунг (

Direct download: 23.mp3
Category:Technology -- posted at: 6:39am CET

Intro/Outro: 2Pac – Dear Mama (MelodyAngel Guitar Cover) - 

Призмы и линзы (Meet Mr. Prism!

Natural Language Processing & Нейронные сети

Безопасность облаков - своими руками

(не)безопасность open/closed-source ПО

Усиление Украинского законодательства в области защиты авторского права

No WebMoney – no honey

Тоска по Netflix & Spotify


Прогресс в области гомоморфной криптографии

Пару слов за PHDays

Direct download: 22.mp3
Category:Technology -- posted at: 12:12am CET

Intro/Outro Malukah - Frozen Sleep - Halo 4 / Cortana Tribute (

Latest Java o-day recap, still not fully patched (

Java 1.7u10 Security Settings fail (

Good Morning, Your Mac Keeps A Log Of All Your Downloads(

Google looks to ditch passwords for good with NFC-based replacement(

How to Secure SSH with Google Authenticator’s Two-Factor Authentication(

Red October (

Gozi Malware (

Google cached HP printers (

PHDays is coming (

PentestersLab (, DVL (, DVWA (, CFT365 (, (

PoewrShell 3 (

Direct download: 21.mp3
Category:Technology -- posted at: 3:25pm CET

Intro/Outro: Ylvis - Someone Like Me [dubstep edit] (

Fail #1 - Безмолвный Карпик

Fail #2 - Неудавшееся обсуждение "бани трафика"

Криптоанализ в "облаках" - PoC извлечения приватных ключей RSA из соседней виртуальной машины (

Смещение парадигмы защиты ИТ-систем в "облаках"

Курсы, связанные с безопасностью, доступные на Coursera (

Direct download: 20.mp3
Category:Technology -- posted at: 9:25pm CET

Intro/Outro: System Of A Down - Toxicity - piano cover by vkgoeswild (

Прогресс карьеры

Обсуждение UISGCON8

Организационная структура и информационная безопасность

Состояние безопасности ИТ- и софтверных компаний

Безопасность и Agile

Связи и различия корпоративной безопасности и безопасности приложений

OK, сколько типов безопасников нам нужно?

DevOps и "облачная" безопасность

Еще обсуждение UISGCON8

Некоторые заметки о том, как организовать конференцию

Несколько слов о bug bounty program

Специальный гость: Интервью с Алексеем Лукацким

Безопасность и языки программирования

Direct download: 19.mp3
Category:Technology -- posted at: 5:57am CET

(Intro) PSY - GANGNAM STYLE 8bit Version

Первая попытка интервью с Андреем Логиновым - впечатления о конференции OSDN -

Анонс программы UISGCON8 - как пройти, что докладывают (аудиогид по докладам)

Интервью с Андреем Кулиничем ( на тему @Privatbank Bug Bounty Program "Слабое место": опыт участия, размеры премий, принципы награждения и пр. и пр.

- Клиенты ПриватБанка помогают находить уязвимые места банковских систем -

- Форма оповещения об уязвимостях -

To be continued...

Direct download: 18-1.mp3
Category:Technology -- posted at: 6:18pm CET

The summer of hack

PHDays recap

- Slides and video

- Photo


10 crazy IT security tricks that actually work

Dave Aitel’s attack on Security Awareness

- Original post on CSO:

- Reaction 1:

- Reaction 2:

- Reaction 3:



Direct download: 17.mp3
Category:Technology -- posted at: 11:00pm CET