Reboot It! Episode 87 with Benny Karnes

Upcoming Conferences

AREA41

June 15-16, 2018

Zurich, Switzerland

Area41.io

 

BSides Cleveland

June 22-23 2018

The Grog Shop

Cleveland, OH

https://www.bsidescleveland.com/

 

Black Hat USA 2018

August 4-9, 2018

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-18/

 

DEF CON 26

August 9 – August 12, 2018

Caesars Palace and Flamingo Hotels

Las Vegas, NV

https://defcon.org/

 

DerbyCon

October 5th – 7th, 2018

Louisville, KY

CFP is Open

https://derbycon.com

 

BSides Charleston

Saturday November 10th, 2018

College of Charleston

Wells Fargo Auditorium

Charleston, SC

CFP is Open

http://bsidescharleston.org/

 

SecureWV/Hack3rc0n

Nov. 30 – Dec. 2, 2018

Holiday Inn Hotel & Suites Charleston West

South Charleston, WV

https://securewv.org

CFP is Open

Room blocks are open

Registration is open

 

Announcements

Python Coding Camp for Kids!

Jun 25 - Jun 29

RCBI Maker Vault

Huntington, WV

https://www.facebook.com/events/1905801729465883/

 

The podcast RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast

 

Stories

 

Facebook Bug Sets 14M Users' Settings to 'Public' - https://nakedsecurity.sophos.com/2018/06/08/facebook-bug-may-have-made-14m-users-posts-public/

 

Facebook’s post about it: https://newsroom.fb.com/news/2018/06/audience-selector-error/


 

Flash zero-day exploit. Act now! - https://nakedsecurity.sophos.com/2018/06/07/flash-zero-day-exploit-act-now/


 

VPN Filter (router Malware):

Talos Original Blog https://blog.talosintelligence.com/2018/05/VPNFilter.html

Talos Update: https://blog.talosintelligence.com/2018/06/vpnfilter-update.html


 

Hackable CloudPets pulled from Target, Walmart, Amazon and more - https://nakedsecurity.sophos.com/2018/06/07/hackable-cloudpets-pulled-from-target-walmart-amazon-and-more/

Most parents likely don’t want their kids’ talking stuffed toys to issue Dalek threats in those non-indoor voices of theirs.

But that’s exactly what happened, thanks to toy maker CloudPets‘ unsecured MongoDB server. The toys allow children to send and receive audio messages via the cloud and an iOS or Android app.


 

Reboot It! Episode 86 with Amanda Berlin

Audio Link:

https://audioboom.com/posts/6880172-reboot-it-episode-86-with-amanda-berlin

Upcoming Conferences

 

ShowMeCon

Conference Dates: June 7-8, 2018

Ameristar Casino & Resort

St. Charles, MO

Showmecon.com

 

AREA41

June 15-16, 2018

Zurich, Switzerland

Area41.io

 

Bsides Cleveland

June 22-23 2018

The Grog Shop

Cleveland, OH

https://www.bsidescleveland.com/

 

Black Hat USA 2018

August 4-9, 2018

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-18/

 

DEF CON 26

August 9 – August 12, 2018

Caesars Palace and Flamingo Hotels

Las Vegas, NV

https://defcon.org/

 

DerbyCon

October 5th – 7th, 2018

Louisville, KY

CFP is Open

https://derbycon.com

 

BSides Charleston

Saturday November 10th, 2018

College of Charleston

Wells Fargo Auditorium

Charleston, SC

CFP is Open

http://bsidescharleston.org/

 

SecureWV/Hack3rcon

Nov. 30 – Dec. 2, 2018

Holiday Inn Hotel & Suites Charleston West

South Charleston, WV

http://securewv.com/


 

The podcast RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast

 

Interview - Amanda Berlin

Here are 50 FREE things you can do to improve the security of most environments:

 

Access control lists are your friend (deny all first)

AD delegation of rights

App Whitelisting

Best practice GPO (NIST GPO templates)

Block browsing from servers. Not all machines need internet access

Block Dns zone transfers

Change ilo settings/passwords

Close open mail relays

Diff. local admin passwords (LAPS)

Disable LLMNR/NetBios

Disable ports that are unused, & setup port security

Disable telnet & other insecure protocols or alert on use

DMZ behind separate firewall

DNS servers should not be openly recursive

Don't forget your printers (saved creds aren't good)

Egress Filtering (should be just as strict as Ingress)

EMET (when OSes prior to 10 are present)

Ensure web logins use HTTPS

Fail2ban

For the love of god implement TLS 1.2

Force advanced file auditing (ransomeware detection)

Geoblocking

Get rid of open shares

Incident Response drills

Incident Response Runbook & Bugout bag

Incident Response tabletops

Internal & OSINT honeypots

Least privileges EVERYWHERE

Locate and destroy plain text passwords

Log successful and unsuccessful logins - Windows/Linux logging cheatsheets

MITRE ATT&CK Matrix is your friend

Mod security

MSBSA

Network device backups

No open wi-fi, use WPA2 + AES

Password safes

Patch *nix boxes

Purple Team

Remove unneeded software

Restrict access to backups

Role based servers only! DNS servers/DCs are just that

Segment with Vlans

Separation of rights - Domain Admin use should be sparce & audited

Setup centralized logins for network devices. Use TACACS+ or radius

Upgrade firmware

URLscan

Use Bitlocker/encryption

User Education exercises

Vulnerability Scanner

WSUS

 

Story

Local 5th Graders 3D Print Leg for Chicken

http://www.wowktv.com/news/local-news/local-5th-graders-3d-print-leg-for-chicken/1211140031

Reboot It! Episode 85 with Amanda Berlin - Mirai botnet co-authors plead guilty in US court

Upcoming Conferences

 

ShmooCon 2018 - January 19-21, 2018  at the Washington Hilton in Washington, DC

http://shmoocon.org/

 

BSidesNYC

January 20, 2018

https://bsidesnyc.org

http://www.securitybsides.com/

 

THOTCON 0x8 - May 4-5, 2018

https://thotcon.org/

SOLD OUT

 

DerbyCon

Sponsorships will open up the first week in March.

Call for Trainers (CFT), Call for Papers (CFP), and Call for Workshops (CFW) opens on April 1st, 2018

Call for Trainers opens on March 1st and close on April 14th, 2018

Call for Papers (CFP) and Call for Workshops (CFW) opens April 1st, 2018 and end on July 1st, 2018

Ticket Sales: May 5th (Derby Day), 2018 at 1:00PM ET

DerbyCon training dates: October 3rd and 4th, 2018

DerbyCon conference dates: October 5th – 7th, 2018

https://derbycon.com


 

The podcast RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast

 

Stories

Security bod uncovers 15-year-old macOS zero-day flaw

https://www.theinquirer.net/inquirer/news/3023615/security-bod-uncovers-15-year-old-macos-zero-day-flaw

 

North Korean Hackers Hijack Computers to Mine Cryptocurrencies

https://www.bloomberg.com/news/articles/2018-01-02/north-korean-hackers-hijack-computers-to-mine-cryptocurrencies

 

Mirai botnet co-authors plead guilty in US court

https://www.theinquirer.net/inquirer/news/3023120/mirai-botnet-co-authors-plead-guilty-in-us-court

 

Mirai: Student behind IoT malware used it in Minecraft server protection racket, claims Krebs

https://www.theinquirer.net/inquirer/news/3002896/mirai-student-behind-iot-malware-used-in-minecraft-server-protection-racket-claims-krebs

 

Former Rutgers student admits to creating code that crashed internet

http://www.nj.com/education/2017/12/rutgers_student_charged_in_series_of_cyber_attacks.html

Plea Agreement Full Text: https://www.documentcloud.org/documents/4327738-Paras-Jha-Plea.html

 

We Need a New FUD

http://daveshackleford.com/?p=1081

 

Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes

https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hit-100-schools-10-homes/

 

Shame: Richard 'Rick' Fisher Hayes

http://attrition.org/errata/shame/richard_hayes/

 

Massive child porn site is hiding in plain sight, and the owners behind it

https://sijmen.ruwhof.net/weblog/1782-massive-child-porn-site-is-hiding-in-plain-sight-and-the-owners-behind-it

 

';--have i been pwned? - Check if you have an account that has been compromised in a data breach

https://haveibeenpwned.com/

Reboot It! Episode 84 with Mark Boltz-Robinson and Amanda Berlin - Bitcoins, iPhones, and WannaCry

Link to show audio: https://audioboom.com/posts/6565137-reboot-it-episode-84-with-mark-boltz-robinson-and-amanda-berlin-bitcoins-iphones-and-wannacry

Upcoming Conferences

 

ShmooCon 2018 - January 19-21, 2018  at the Washington Hilton in Washington, DC

http://shmoocon.org/

 

THOTCON 0x8 - May 4-5, 2018

https://thotcon.org/

SOLD OUT

 

BSidesNYC

January 20, 2018

https://bsidesnyc.org

http://www.securitybsides.com/

 

The podcast RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast

 

Stories

Bitcoin Price Now Down 15% from All-Time High

https://www.coindesk.com/17k-breached-bitcoin-price-now-down-15-from-all-time-high/

 

Coinbase halts Bitcoin Cash transactions amidst accusations of insider trading

https://www.theverge.com/2017/12/20/16800940/coinbase-bitcoin-cash-fork-insider-trading-probe

 

U.S. blames North Korea for 'WannaCry' cyber attack

https://www.reuters.com/article/us-usa-cyber-northkorea/u-s-blames-north-korea-for-wannacry-cyber-attack-idUSKBN1ED00Q

 

Facebook’s Latest Facial Recognition Tools Introduce New Privacy Concerns

http://www.slate.com/blogs/future_tense/2017/12/19/facebook_announces_new_facial_recognition_features.html

But this is OK: https://www.citylab.com/equity/2017/12/why-privacy-activists-are-wary-of-those-new-airport-face-scans/548975/?utm_source=SFFB



 

iPhone slowdown blamed on controversial fix for aging batteries

https://www.slashgear.com/iphone-slowdown-blamed-on-controversial-fix-for-aging-batteries-19512365/

 

Apple under fire as it admits it DOES deliberately 'smooth out' the performance of older iPhones to keep them running as their batteries age

http://www.dailymail.co.uk/sciencetech/article-5199917/Apple-admits-DOES-deliberately-slow-older-iPhones.html?ito=social-twitter_mailonline

 

Alteryx - Amazon S3 breach https://www.upguard.com/breaches/cloud-leak-alteryx

 

Reboot It! Episode 83 with Benny Karnes - APT, IoT Botnets, Ransomware, and Other Things That Go Bump In The Night

Upcoming Conferences

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html


 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

http://securewv.com/

 

The podcast RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast



 

Stories

Reaper malware outshines Mirai; hits millions of IoT devices worldwide

https://www.hackread.com/reaper-malware-outshines-mirai-hits-millions-of-iot-devices-worldwide/

 

Bad Rabbit ransomware

https://securelist.com/bad-rabbit-ransomware/82851/

 

DHS Alert on Dragonfly APT Contains IOCs, Rules Likely to Trigger False Positives

https://threatpost.com/dhs-alert-on-dragonfly-apt-contains-iocs-rules-likely-to-trigger-false-positives/128572/

 

Clinic Pays Ransom After Backups Encrypted in Attack

https://www.healthcareinfosecurity.com/clinic-pays-ransom-after-backups-encrypted-in-attack-a-10387

 

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict'

http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html?m=1

 

How do I uninstall Java on my Mac?

https://www.java.com/en/download/help/mac_uninstall_java.xml


 

Reboot It! Episode 82- DerbyCon Podcasters Meet-up

Raw and unedited DerbyCon Podcasters Meet-up held in my hotel room at the Hyatt again this year. Thanks to Bryan Brake of the Brakeing Down Security Podcast for organizing and Jerry Bell of the Defensive Security Podcast for recording.

Upcoming Conferences

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

CFP Closes Sept 1

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html


 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast



 

Stories

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

http://securewv.com/

CFP is Closed

Call for sponsors is open

Tickets and hotel block is open

http://securewv.com/

 

Ameteur Radio Learning resources:

http://www.arrl.org/

 

Mailing List - GenCyber Thund3ring H^ck3r5 - Marshall University

https://www.marshall.edu/gencyber/mailing-list/

Reboot It! Episode 81 with Benny Karnes Everything You Wanted to Know About SecureWV/Hack3rcon but Was Afraid to Ask

Reboot It! Episode 81 with Benny Karnes Everything You Wanted to Know About SecureWV/Hack3rcon but Was Afraid to Ask

Link to audio: https://audioboom.com/posts/6298303-reboot-it-episode-81-with-benny-karnes

Upcoming Conferences

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

CFP Closes Sept 1

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html


 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast



 

Stories

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

http://securewv.com/

CFP is Closed

Call for sponsors is open

Tickets and hotel block is open

http://securewv.com/

 

Ameteur Radio Learning resources:

http://www.arrl.org/

 

Mailing List - GenCyber Thund3ring H^ck3r5 - Marshall University

https://www.marshall.edu/gencyber/mailing-list/



 

Reboot It! Episode 80 with Kevin Collier

Reboot It! Episode 80 with Kevin Collier

http://kevinacollier.com/

Audio link: https://audioboom.com/posts/6283771-reboot-it-episode-80-with-kevin-collier?t=0

 

Upcoming Conferences
 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

CFP Closes Sept 1

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open, Closes Sept 1

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss

Patreon

https://www.patreon.com/rebootitpodcast



 

Stories

 

Equifax damage control, round two. Now promises its are-you-screwed-or-not database is clearer & you're not waiving rights.

https://twitter.com/kevincollier/status/906287975700586496/photo/1

 

Equifax Breach Response Turns Dumpster Fire

https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/

 

The hackers who broke into Equifax exploited a nine-year-old security flaw

https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/

 

Report claims Equifax breach was due to Apache Struts vuln

https://baird.bluematrix.com/docs/pdf/dbf801ef-f20e-4d6f-91c1-88e55503ecb0.pdf

 

Equifax blames giant breach on vendor software flaw

http://nypost.com/2017/09/08/equifax-blames-giant-breach-on-vendor-software-flaw/


 

Reboot It! Episode 79 with Amanda Berlin

Reboot It! Episode 79 with Amanda Berlin

Link to Audio

Upcoming Conferences


 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

CFP Closes Sept 1

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open, Closes Sept 1

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

 

Fraud Forces WannaCry Hero's Legal Fund To Refund All Donations

https://www.buzzfeed.com/kevincollier/beset-by-fraud-wannacry-heros-legal-fund-refunds-all?utm_term=.gxyrQJMJ5#.ltYJbVRVZ

 

What Being a Female Hacker Is Really Like

http://www.teenvogue.com/story/what-being-a-female-hacker-is-really-like

 

Hacker's foundation unmasks child predators online

http://money.cnn.com/video/technology/2017/08/28/hacker-unmasks-online-child-predators-innocent-lives-foundation.cnnmoney/index.html

 

Hacking for Innocent Lives: Using OSINT against Online Child Predators

https://www.tripwire.com/state-of-security/security-awareness/hacking-innocent-lives-using-osint-online-child-predators/

 

Innocent Lives Foundation

https://www.innocentlivesfoundation.org/

 

The Brutal Ageism of Tech

https://newrepublic.com/article/117088/silicons-valleys-brutal-ageism

 

Putin saw the Panama Papers as a personal attack and may have wanted revenge, Russian authors say

https://www.washingtonpost.com/news/worldviews/wp/2017/08/28/putin-saw-the-panama-papers-as-a-personal-attack-and-may-have-wanted-revenge-russian-authors-say/?utm_term=.cc82742a23d8

 

Inside the Massive 711 Million Record Onliner Spambot Dump

https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

 

Gardner Deck Shoe

http://www.oldmainemporium.com/gardner-deck-shoe.html

 

Underground Cellar -  $20 off

https://www.undergroundcellar.com/?r=bill-gardner


 

paypal.me/infosystir <- send me all your money, mamma needs new shoes

 

Reboot It! Episode 78 with Amanda Berlin

Upcoming Conferences


Audio: https://audioboom.com/posts/6197711-reboot-it-episode-78-with-amanda-berlin

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

 

Salesforce fires red team staffers who gave Defcon talk

http://www.zdnet.com/article/salesforce-fires-red-team-staffers-who-gave-defcon-talk/

 

US arraignment of British cybersecurity expert postponed

https://apnews.com/1dd7e9ec8e364afbb889fed613b34975/US-arraignment-of-British-cybersecurity-expert-postponed

 

WannaCry White Hat Hacker Arrested After DEF CON, The Facts So Far - Threat Wire

https://www.youtube.com/watch?v=9yROFK9aEUY

 

Updated Info: WannaCry Malware Hero Likely Considering Plea Deal On Hacking Charge

https://www.buzzfeed.com/kevincollier/wannacry-malware-hero-likely-considering-plea-deal-on?utm_term=.bpVr92YJY#.ctyPRjpvp


 

Cyberattack leaves millions without mobile phone service in Venezuela

https://www.yahoo.com/tech/cyberattack-leaves-millions-without-mobile-phone-venezuela-184400502.html

 

Reboot It! Episode 77 with Matt Perry

Upcoming Conferences


 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/


 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories


 

Snopes Says it Needs to Raise $500k to Stay in Business

https://motherboard.vice.com/en_us/article/gybebm/snopes-says-it-needs-to-raise-dollar500k-to-stay-in-business

 

Roomba's Next Big Step Is Selling Maps of Your Home to the Highest Bidder

http://gizmodo.com/roombas-next-big-step-is-selling-maps-of-your-home-to-t-1797187829

 

Belgian company offers to make its employees cyborgs with microchip implants

http://mashable.com/2017/02/07/belgian-company-microchips-employees/#luowWFDhBSqI

 

Reboot It! Episode 76 with Mark Boltz-Robinson and Amanda Berlin

Episode Audio

 

Upcoming Conferences

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/


 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

 

Smart speaker calls 911 during domestic dispute, police rescue woman and daughter

http://mashable.com/2017/07/10/smart-speaker-911/?utm_cid=mash-com-fb-main-link&mbid=social_fb_backchannel#oFljCu1eBuqM


 

AlphaBay and Hansa dark web markets shut down

http://www.bbc.com/news/technology-40670010

 

Judge rules pacemaker data admissible in court

http://www.bbc.com/news/technology-40592520

 

Australia plans law to force tech giants to decrypt messages

https://www.theguardian.com/technology/2017/jul/14/forcing-facebook-google-to-give-police-access-to-encrypted-messages-doesnt-add-up











 

Reboot It! Episode 75 with Amanda Berlin

Reboot It! Episode 75 with Amanda Berlin

 

Podcast Audio

Upcoming Conferences

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

Kaspersky offers code to prove it's not a Russian stooge

https://www.engadget.com/2017/07/02/kaspersky-lab-offers-source-code-to-gain-trust/

 

Kaspersky Lab Has Been Working With Russian Intelligence

https://www.lawfareblog.com/kaspersky-lab-has-been-working-russian-intelligence

 

And Kaspersky’s response

https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-response-clarifying-inaccurate-statements-published-in-bloomberg-businessweek-on-july-11-2017

 

How To Turn Off Snapchat’s Stalkerish Snap Map Feature

https://www.wired.com/story/how-to-turn-off-snapchat-snap-maps

 

Smart speaker calls 911 during domestic dispute, police rescue woman and daughter

http://mashable.com/2017/07/10/smart-speaker-911/?utm_cid=mash-com-fb-main-link&mbid=social_fb_backchannel#oFljCu1eBuqM

 

Millions of Verizon customer records exposed in security lapse

http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/







 

Reboot It! Episode 74 with Bill Gardner and Benny Karnes

Upcoming Conferences

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/

 

 

 

Stories

Microsoft hit with antitrust complaint from Russian cybersecurity firm over Windows Defender

https://www.geekwire.com/2017/microsoft-hit-anti-trust-complaint-russian-cybersecurity-firm-windows-defender/

 

US suspects Russian hackers planted fake news behind Qatar crisis

http://www.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-crisis/index.html

 

How the Feds Nabbed Suspected NSA Leaker Reality Winner

http://fortune.com/2017/06/06/leak-nsa-reality-winner/

 

List of Printers Which Do or Do Not Display Tracking Dots

https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

 

Hollywood Film Studio Seeks Up-And-Coming Hackers for Reality TV Show

New program on major cable network will feature competitions, personalities.

https://www.darkreading.com/careers-and-people/hollywood-film-studio-seeks-up-and-coming-hackers-for-reality-tv-show/d/d-id/1329036

 

You’ll never guess where Russian spies are hiding their control servers

Turla uses social media and clever programming techniques to cover its tracks.

https://arstechnica.com/security/2017/06/russian-hackers-turn-to-britney-spears-for-help-concealing-espionage-malware/

 

Russian malware communicates by leaving comments in Britney Spears's Instagram account

https://boingboing.net/2017/06/07/watering-holes.html

 

How hackers can ruin your summer vacation

https://www.cnet.com/news/how-hackers-can-ruin-your-summer-vacation/

 

TOR Anonymity: Things Not To Do While Using TOR

https://fossbytes.com/tor-anonymity-things-not-using-tor/

 

Why ‘I forgot my password’ won’t go down well with a judge

https://nakedsecurity.sophos.com/2017/06/05/why-i-forgot-my-password-wont-go-down-well-with-a-judge/

 

 

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

 

Upcoming Conferences

 BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

 

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

 

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

CFP closes Sept 1

http://securewv.com/

  

Stories

Booz Allen Hamilton Leaves U.S. Government Files On Unprotected Amazon Server

http://www.ibtimes.com/booz-allen-hamilton-leaves-us-government-files-unprotected-amazon-server-2545935

 

Silk Road Founder Ross Ulbricht Loses Appeal In Trial Connected To Dark Web

http://www.ibtimes.com/silk-road-founder-ross-ulbricht-loses-appeal-trial-connected-dark-web-2546059

 

2017 Has Already Racked Up 1,200 Breaches--On Pace for Worst Year Ever

https://www.infosecurity-magazine.com/news/2017-has-already-racked-up-1200/

 

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

http://www.theregister.co.uk/2017/05/30/shadow_brokers_subscription_service/

 

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems.

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/

 

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

 

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions or gain root shell.

https://www.cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/

 

Comcast Wi-Fi serving self-promotional ads via JavaScript injection

Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast's decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.

https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

 

 

Google debuts a new way to follow your footsteps around the web

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

 To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

https://nakedsecurity.sophos.com/2017/05/25/google-debuts-a-new-way-to-follow-your-footsteps-around-the-web/

 

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

 

 

 

Reboot It! Episode 72 with Bill Gardner and Amanda Berlin

Upcoming Conferences

 

BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

 

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

 

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/

 

 

 

Stories

 

WannaCry hits Medical Devices in US

https://www.infosecurity-magazine.com/news/wannacry-hits-medical-devices-in-us/

 

WannaCry Ransomware & The Perils of Shoddy Attribution:  It’s the Russians! No Wait, It’s the North Koreans!

http://icitech.org/wannacry-ransomware-the-perils-shoddy-attribution-its-the-russians-no-wait-its-the-north-koreans/

 

U.S. Hacker Linked to Fake Macron Documents, Says Cybersecurity Firm

https://www.wsj.com/articles/u-s-hacker-linked-to-fake-macron-documents-says-cybersecurity-firm-1494929136?mod=e2tw

 

ADHD project

https://sourceforge.net/projects/adhd/

 

Breach at DocuSign Led to Targeted Email Malware Campaign

https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/

 

Chipotle Breach

https://www.chipotle.com/security#security

 

Keylogger in Hewlett-Packard Audio Driver

https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

 

Brooks Brothers Alerted of Year-Long Data Breach

http://www.marketwatch.com/amp/story/guid/00BB473A-0EAF-4D1A-B45E-7AC32B02703E

 

Reboot It! Episode 71 with Bill Gardner, Amanda Berlin, and Rick Hayes

Upcoming Conferences


 

BSides London

June 7

London

https://www.securitybsides.org.uk/


 

Cyber Security World

June 28-29, 2017

Magnolia Hotel Denver

Denver, CO

http://cybersecurityworld.misti.com/

 

BSidesLV

https://www.bsideslv.org


 

DEFCON 25

Las Vegas

July 27-30

https://www.defcon.org/


 

DerbyCon 7.0  “Legacy”

SOLD OUT

CFP is open

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/



 

Stories

 

Infosec Rock Star

https://www.sans.org/instructors/ted-demopoulos

http://infosecrockstar.com/

https://www.amazon.com/Infosec-Rock-Star-Accelerate-Because/dp/1683504828/

 

Cloud Computing springs upset in Preakness

http://www.wsaz.com/content/news/Cloud-Computing-springs-upset-in-Preakness-423372574.html?utm_source=dlvr.it&utm_medium=twitter

 

How one man wreaked ingenious revenge on rude customers in a coffee shop

http://www.telegraph.co.uk/men/the-filter/one-man-wreaked-ingenious-revenge-rude-customers-coffee-shop/

 

Someone Hit the Internet with a Massive Google Doc Phishing Attack

https://motherboard.vice.com/en_us/article/massive-gmail-google-doc-phishing-email

 

MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution

https://packetstormsecurity.com/files/142464/MS17-010.txt

 

Windows 10 version 1507 will no longer receive security updates

https://support.microsoft.com/en-us/help/4015562/windows-10-version-1507-will-no-longer-receive-security-updates

 

WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit # CVE-2016-10033 in the wild

https://pastebin.com/raw/h4cvzTs3

 

Not-so-secret DOD “spy drone” footage, live on the Internet

https://arstechnica.com/information-technology/2017/05/not-so-secret-dod-spy-drone-footage-live-on-the-internet/

 

NIST is No Longer Recommending Two-Factor Authentication Using SMS

https://pages.nist.gov/800-63-3/sp800-63b.html

 

AT&T On Strike

https://www.cwa-union.org/att





 

Reboot It! Episode 70 with Bill Gardner, David Vaughn, Mark Boltz-Robinson, Evan Booth, Scott Lyons, and Joshua Marpet

 

Upcoming Conferences

 

InfoSec World 2017

April 3-5 Omni Orlando Resort at Champion’s Gate

http://infosecworld.misti.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

CarolinaCon (Raleigh)

May 19-21, 2017

http://carolinacon.org

 

BSides London

June 7

London

 

https://www.securitybsides.org.uk/

What did he say? Don’t screw with the show notes?!!!?!!!!?!!!!

I dont know….re you doing that?!!?!?!?!?!?!

Scott, why a

 

Cyber Security World

June 28-29, 2017

Magnolia Hotel Denver

Denver, CO

http://cybersecurityworld.misti.com/

 

BSidesLV – Get ready for the Next Big Thing

End of July in Las Vegas, NV, United States, North America, Planet Earth, Milky way galaxy, sort of the thin area out towards the end of that spiral arm over there.

https://www.bsideslv.org


 

DEFCON 25

End of July in Las Vegas

CANCELLED - bring your towel. No, bring deoderant, please. And use it.

27-30 JUL 2017

Defcon.org

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/



 

Interview with David

 

5 lightning questions:

  1. If you were a Star Trek® or Star Wars® character, which one would it be?

  2. What's the most important part of the sandwich?

  3. If You Could Take Only Three Items With You To A Deserted Island, What Would They Be?

  4. Name 2 people, past or present, that you would like to see square off in a MMA ring.

  5. What is your favorite Linux command?



 

Stories

 

Tor and VPN users labeled as criminals will be hacked and spied by FBI under new law

https://www.techworm.net/2016/05/tor-vpn-users-labeled-criminals-hacked-spied-fbi-new-law.html

https://www.documentcloud.org/documents/1347875-fbi-proposed-amendment-rule-41-1.html

 

Related: As Congress Repeals Internet Privacy Rules, Putting Your Options In Perspective

http://www.npr.org/sections/alltechconsidered/2017/03/28/521813464/as-congress-repeals-internet-privacy-rules-putting-your-options-in-perspective

 

Phishers target World of Warcraft users with fake in-game pet offer

https://www.grahamcluley.com/phishers-target-world-warcraft-users-fake-game-pet-offer/

 

Dishwasher has directory traversal bug

https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/

 

UW professor: The information war is real, and we’re losing it

http://www.seattletimes.com/seattle-news/politics/uw-professor-the-information-war-is-real-and-were-losing-it/

 

Examining the Alternative Media Ecosystem through the Production of

Alternative Narratives of Mass Shooting Events on Twitter

http://faculty.washington.edu/kstarbi/Alt_Narratives_ICWSM17-CameraReady.pdf

 

How police unmasked suspect accused of sending seizure-inducing tweet

https://arstechnica.com/tech-policy/2017/03/how-police-unmasked-suspect-accused-of-sending-seizure-inducing-tweet/


 

Judge OKs warrant to reveal who searched a crime victim’s name on Google

https://arstechnica.com/tech-policy/2017/03/judge-oks-warrant-to-reveal-who-searched-a-fraud-victims-name-on-google/


 

Man jailed indefinitely for refusing to decrypt hard drives loses appeal

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

 

How I Let Disney Track My Every Move

https://gizmodo.com/how-i-let-disney-track-my-every-move-1792875386

 

Alabama House bill would require Internet porn filters

http://abc3340.com/news/local/house-bill-would-put-porn-filters-on-cellphones

 

Facebook launches Stories in the main Facebook app

https://techcrunch.com/2017/03/28/facebook-launches-stories-in-the-main-facebook-app/

 

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

https://github.com/edwardz246003/IIS_exploit

 

Venezuelans Using ‘Rare Pepes’ and Bitcoin As Currency

http://www.breitbart.com/tech/2017/03/27/venezuelans-using-rare-pepes-bitcoin-currency/

 

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=pepe+venezuela&*