Down the Security Rabbithole Podcast (DtSR) DtSR Episode 203 - NewsCast for July 19th 2016
Jul 19, 2016
52:05
Send the hosts a message - try it now!
Ransomware that's 100% pure JavaScript? Sort of...
- Slightly misleading article
- Generally a Windows-based attack (go where the users are)
- https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/
Researchers have come up with a 'cure' for ransomware
- Based on some interesting things like file-type changes, similarity measurements and entropy
- Interesting but not perfect ... do we even think perfect is reachable?
- Average of 10 files before an identification was made
- http://www.scmagazineuk.com/florida-researchers-claim-to-discover-cure-for-the-common-ransomware/article/509147/
The government has officially issued a 'fact sheet' on randomware
- Yes, it's a reportable breach
- Lots of interesting misconceptions (or half-truths) in this guidance
- Good for them for asking us to 'do better' but it's not enough
- Go read for yourself! http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
Pokemon Go! - a neat idea with big issues potentially
- First there are the privacy and security implications
- Then there is the app that wants every permission known to man
- Physical security and well-being issues?
- http://abcnews.go.com/Business/hit-app-pokemon-raises-security-concerns-google-account/story?id=40524454
FDIC hacked but covered it up, didn't report
- Perfect example of "the cobbler's children have no shoes"
- The FDIC is consistently terrible, and does little to close the gaps
- Obviously, it was China
- http://thehill.com/policy/cybersecurity/287561-chinese-government-likely-hacked-fdic-report
The Fiat/Chrysler bug bounty program
- They will only pay you $1,500
- Lots of uproar about how the pay-out isn't enough but there is so much more her
- Lots to unpack, including issues with complexity on enterprise side
- https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast