Serious About Security
Serious About Security
Preston Wiley, Mike Hill, and Keith Watson
A biweekly information security news and discussion podcast.
Serious About Security Episode 68: Disabling Webcam Lights and a Presidential Panel Recommends Changes for the NSA
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Research shows how MacBook Webcams can spy on their users without warning by Ashkan Soltani and Timothy B.Lee (The Washington Post), FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance by Craig Timberg and Ellen Nakashima (The Washington Post), iSeeYou: Disabling the MacBook Webcam Indicator LED by Matthew Brocker and Stephen Checkoway (Technical Report 13-02, Department of Computer Science, Johns Hopkins University) Liberty and Security in a Changing World by The President’s Review Group on Intelligence and Communications Technologies, White House panel recommends new limits on NSA surveillance by Ken Dilanian and Christi Parsons (Los Angeles Times), Obama Is Urged to Sharply Curb N.S.A. Data Mining by David E. Sanger and Charlie Savage (The New York Times), Obama review panel: strip NSA of power to collect phone data records by Dan Roberts and Spencer Ackerman (The Guardian), EFF Statement on President’s Review Group’s NSA Report by Rebecca Jeschke (The Electronic Frontier Foundation)
Dec 20, 2013
26 min
Serious About Security Episode 67: Dial 00000000 for Launch and French Government Attempts to be Google
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles For Nearly Two Decades the Nuclear Launch Code at All Minuteman Silos in the United States was 00000000 by Karl Smallwood (Today I Found Out), ‘Secret’ Nuclear Missile Launch Code During Cold War Was ‘00000000’ by Ryan Grenoble (The Huffington Post), Zero protection from nuclear code by Oliver Burkeman (The Guardian), Keeping Presidents in the Nuclear Dark by Bruce Blair (Bruce Blair’s Nuclear Column), For nearly 20 years, the launch code for US nuclear missiles was 00000000 by Lisa Vaas (nakedsecurity blog), Permissive Action Links by Steven M. Bellovin Further improving digital certificate security by Adam Langley (Google Online Security Blog), Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France by Paul Ducklin (nakedsecurity blog), Google catches French finance ministry pretending to be Google by David Meyer (GigaOM)
Dec 13, 2013
33 min
Serious About Security Episode 66: Forward Secrecy and Botnet Gathered Passwords
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Forward Secrecy (Wikipedia), Twitter Enables Perfect Forward Secrecy Across Sites To Protect User Data Against Future Decryption by Matthew Panzarino (TechCrunch), Forward Secrecy at Twitter by Jacob Hoffman-Andrews (Twitter Engineering Blog), Pushing for Perfect Forward Secrecy, an Important Web Privacy Protection by Parker Higgins (EFF Deeplinks Blog) Google, Facebook, payroll accounts targeted in major password theft, security experts say by Hayley Tsukayama (The Washington Post), 2 Million Stolen Facebook, Yahoo And Google Passwords Posted Online by Alexis Kleinman (The Huffington Post), Look What I Found: Moar Pony! by Trustwave SpiderLabs
Dec 7, 2013
28 min
Serious About Security Episode 65: Yahoo! Encrypts and Healthcare.gov Has Some Security Issues
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Our Commitment to Protecting Your Information by Marissa Mayer (Yahoo!), After N.S.A. Disclosures, Yahoo Moves to Encrypt Internal Traffic by Nicole Perlroth (NY Times Bits Blog), Yahoo Will Follow Google In Encrypting Data Center Traffic, Customer Data Flow By Q1 ’14 by Matthew Panzarino (TechCrunch), Google encrypts data amid backlash against NSA spying by Craig Timberg (The Washington Post) Expert to warn Congress of HealthCare.gov security bugs by Reuters, Hackers throw 16 attacks at HealthCare.gov plus a DoS for good measure by Lisa Vaas (nakedsecurity blog), Healthcare.gov ‘may already have been compromised,’ security expert says by FoxNews.com
Nov 20, 2013
24 min
Serious About Security Episode 64: Facebook Warns Adobe Users and IE 0-day Injects Payload into Memory
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Facebook Warns Users After Adobe Breach by Brian Krebs (Krebs on Security), Facebook mines Adobe breach data for reused passwords, warns users to change them or disappear by Liam Tung (ZDNet), Anatomy of a password disaster - Adobe’s giant-sized cryptographic blunder by Paul Ducklin (naked security blog) IE zero-day exploit disappears on reboot by Shona Ghosh (PC Pro), IE Zero Day Watering Hole Attack Injects Malicious Payload into Memory by Michael Mimoso (threat post)
Nov 15, 2013
21 min
Serious About Security Episode 63: The badBIOS Controversy and the NSA taps Google and Yahoo!
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps by Dan Goodin (Ars Technica), badBIOS by Bruce Schneier (Schneier on Security), Security researcher says new malware can affect your BIOS; communicate over the air by Ian Paul (PCWorld), ‘BadBIOS’ System-Hopping Malware Appears Unstoppable by Marshall Honorof (Tom’s Guide), The badBIOS Analysis Is Wrong. by Phillip Jaenke NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say by Barton Gellman and Askan Soltani (Washington Post), How the NSA’s MUSCULAR tapped Google’s and Yahoo’s private networks by Sean Gallagher (Ars Technica), How we know the NSA had access to internal Google and Yahoo cloud data by Barton Gellman, Askkan, and Andrea Peterson (Washington Post)
Nov 10, 2013
23 min
Serious About Security Episode 62: Steps to Avoid Internet Surveillance and Big Corp Social Engineering Fails
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Ten Steps You Can Take Right Now Against Internet Surveillance by Danny O’Brien (EFF) Major Corporations Fail to Defend Against Social Engineering by Michael Mimoso ()
Nov 1, 2013
25 min
Serious About Security Episode 61: iCloud Insecurity and Avoid the Hacker Title
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Apple’s iCloud iConundrum - does convenience mean insecurity? by Chester Wisniewski (nakedsecurity), Cracking and Analyzing Apple’s iCloud Protocols  by Vladimir Katalov (Hack in the Box Malaysia) Call yourself a ‘hacker’, lose your 4th Amendment right against seizures by John Leyden (The Register), Call Yourself A Hacker, Lose Your 4th Amendment Rights by Dale Peterson (Digital Bond), Battelle Energy Alliance, LLC v. Southfork Security, Inc. et al
Oct 25, 2013
20 min
Serious About Security Episode 60: Let’s Audit Truecrypt and Beware of Ransomware
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Keith Watson, CISSP-ISSAP, CISA Articles Is Truecrypt Audited Yet?, The TrueCrypt Audit Project, New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks by Cyrus Farivar (Ars Technica), Let’s audit Truecrypt! by Matthew Green (A Few Thoughts on Cryptographic Engineering) Destructive malware “CryptoLocker” on the loose - here’s what to do by Paul Ducklin (nakedsecurity), CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams (bleepingcimputer.com)
Oct 18, 2013
21 min
Serious About Security Episode 59: Tor Stinks According to the NSA and Microsoft Follows Yahoo!
Youtube   Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Attacking Tor: how the NSA targets users’ online anonymity by Bruce Schneier (The Guardian), NSA and GCHQ target Tor network that protects anonymity of web users by James Ball, Bruce Schneier and Glenn Greenwald (The Guardian), ‘Tor Stinks’ presentation – read the full document on The Guardian Is Microsoft recycling old Outlook.com and Windows Live email accounts? by Lee Munson (nakedsecurity blog), Microsoft is quietly recycling Outlook email accounts by Andreas Udo de Haes (PC World)
Oct 12, 2013
22 min
Load more