Down the Security Rabbithole Podcast (DtSR) DtSR Episode 189 - NewsCast for April 12th 2016
Apr 12, 2016
50:27
Send the hosts a message - try it now!
In this episode...
Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspects
- Plug-ins seem to be a universal weakness
- Many companies have this type of 3rd party security issue
- The broader enterprise implications - how do you find these sites?
- http://www.scmagazine.com/pros-examine-mossack-fonseca-breach-wordpress-plugin-drupal-likely-suspects/article/488697/
WordPress pushes free https encryption for all hosted sites
- What's the problem we're trying to solve?
- 2 separate issues, trust vs. authentication - know which you're solving
- http://www.securityweek.com/wordpresscom-pushes-free-https-all-hosted-sites
If you can't break crypto, break the client
- Bishop-Fox researcher finds webkit bug in iMessage
- JavaScript in iMessage, sure, why not
- Same-Origin-Policy (SOP) not enforced since it's a desktop app
- http://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
Executives - "We're not responsible for cyber security"
- Raf: This is squarely the fault of security professionals failing to make the security discussion a part of the enterprise vernacular
- Michael & James: What does this mean, and what do we do not? If anything.
- http://www.cnbc.com/2016/04/01/many-executives-say-theyre-not-responsible-for-cybersecurity-survey.html
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast