Show notes
In this episode...
Juniper has a backdoor problem
- 2 separate issues, auth bypass & VPN weakness
- backdoor discovered in Juniper devices
- lots of speculation on who put it there, but it was meant to be disguised as ‘debug code’
- enterprise implications - same as before (what's the bigger picture?)
- https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/
Iranians broke into New York dam in 2013 and “had a look around”
- no direct damage done
- US has largest number of ICS connected to Internet
- critical infrastructure is vulnerable, being probed
- this is not a ‘government problem’ - every company has some ICS on their network
- http://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/
Facebook announced it’s dumping Adobe Flash
- is this a bigger deal than it sounds like
- HTML5 has its own vulnerabilities and issues though… right?
- *only* for videos, games still in Flash
- Facebook will work with Adobe (really?) to improve security of Flash
- http://www.scmagazine.com/facebook-ditches-flash-videos-to-boost-security/article/461040/
191 Million US voter records found ‘unprotected’ by a researcher
- guy from Texas found the data on an unprotected database
- “Vickery told Databreaches.net he was able to poke around the public-internet-facing database because it is poorly configured: no authentication or password is required to query all 300-plus gigabytes stored within.” ←
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast