Reboot It! Episode 78 with Amanda Berlin

Upcoming Conferences


Audio: https://audioboom.com/posts/6197711-reboot-it-episode-78-with-amanda-berlin

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

 

Salesforce fires red team staffers who gave Defcon talk

http://www.zdnet.com/article/salesforce-fires-red-team-staffers-who-gave-defcon-talk/

 

US arraignment of British cybersecurity expert postponed

https://apnews.com/1dd7e9ec8e364afbb889fed613b34975/US-arraignment-of-British-cybersecurity-expert-postponed

 

WannaCry White Hat Hacker Arrested After DEF CON, The Facts So Far - Threat Wire

https://www.youtube.com/watch?v=9yROFK9aEUY

 

Updated Info: WannaCry Malware Hero Likely Considering Plea Deal On Hacking Charge

https://www.buzzfeed.com/kevincollier/wannacry-malware-hero-likely-considering-plea-deal-on?utm_term=.bpVr92YJY#.ctyPRjpvp


 

Cyberattack leaves millions without mobile phone service in Venezuela

https://www.yahoo.com/tech/cyberattack-leaves-millions-without-mobile-phone-venezuela-184400502.html

 

Reboot It! Episode 77 with Matt Perry

Upcoming Conferences


 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/


 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories


 

Snopes Says it Needs to Raise $500k to Stay in Business

https://motherboard.vice.com/en_us/article/gybebm/snopes-says-it-needs-to-raise-dollar500k-to-stay-in-business

 

Roomba's Next Big Step Is Selling Maps of Your Home to the Highest Bidder

http://gizmodo.com/roombas-next-big-step-is-selling-maps-of-your-home-to-t-1797187829

 

Belgian company offers to make its employees cyborgs with microchip implants

http://mashable.com/2017/02/07/belgian-company-microchips-employees/#luowWFDhBSqI

 

Reboot It! Episode 76 with Mark Boltz-Robinson and Amanda Berlin

Episode Audio

 

Upcoming Conferences

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

BSides DC

October 6-8

Renaissance

Washington, DC

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/


 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

BSides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

 

Smart speaker calls 911 during domestic dispute, police rescue woman and daughter

http://mashable.com/2017/07/10/smart-speaker-911/?utm_cid=mash-com-fb-main-link&mbid=social_fb_backchannel#oFljCu1eBuqM


 

AlphaBay and Hansa dark web markets shut down

http://www.bbc.com/news/technology-40670010

 

Judge rules pacemaker data admissible in court

http://www.bbc.com/news/technology-40592520

 

Australia plans law to force tech giants to decrypt messages

https://www.theguardian.com/technology/2017/jul/14/forcing-facebook-google-to-give-police-access-to-encrypted-messages-doesnt-add-up











 

Reboot It! Episode 75 with Amanda Berlin

Reboot It! Episode 75 with Amanda Berlin

 

Podcast Audio

Upcoming Conferences

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

O’Reilly Security Conference

BUILD BETTER DEFENSES
OCT 29–30: TRAINING
OCT 30–NOV 1: TUTORIALS & CONFERENCE
NEW YORK, NY

https://conferences.oreilly.com/security/sec-ny

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

SecureWV 3/Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

http://securewv.com/

 

The podcast has a new RSS and iTunes Feed

RSS: https://audioboom.com/channels/4914568.rss

iTunes: pcast://audioboom.com/channels/4914568.rss


 

Stories

Kaspersky offers code to prove it's not a Russian stooge

https://www.engadget.com/2017/07/02/kaspersky-lab-offers-source-code-to-gain-trust/

 

Kaspersky Lab Has Been Working With Russian Intelligence

https://www.lawfareblog.com/kaspersky-lab-has-been-working-russian-intelligence

 

And Kaspersky’s response

https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-response-clarifying-inaccurate-statements-published-in-bloomberg-businessweek-on-july-11-2017

 

How To Turn Off Snapchat’s Stalkerish Snap Map Feature

https://www.wired.com/story/how-to-turn-off-snapchat-snap-maps

 

Smart speaker calls 911 during domestic dispute, police rescue woman and daughter

http://mashable.com/2017/07/10/smart-speaker-911/?utm_cid=mash-com-fb-main-link&mbid=social_fb_backchannel#oFljCu1eBuqM

 

Millions of Verizon customer records exposed in security lapse

http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/







 

Reboot It! Episode 74 with Bill Gardner and Benny Karnes

Upcoming Conferences

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

BSides Asheville 2017

July 28-29 2017

Asheville, NC

http://www.bsidesasheville.com/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/

 

 

 

Stories

Microsoft hit with antitrust complaint from Russian cybersecurity firm over Windows Defender

https://www.geekwire.com/2017/microsoft-hit-anti-trust-complaint-russian-cybersecurity-firm-windows-defender/

 

US suspects Russian hackers planted fake news behind Qatar crisis

http://www.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-crisis/index.html

 

How the Feds Nabbed Suspected NSA Leaker Reality Winner

http://fortune.com/2017/06/06/leak-nsa-reality-winner/

 

List of Printers Which Do or Do Not Display Tracking Dots

https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

 

Hollywood Film Studio Seeks Up-And-Coming Hackers for Reality TV Show

New program on major cable network will feature competitions, personalities.

https://www.darkreading.com/careers-and-people/hollywood-film-studio-seeks-up-and-coming-hackers-for-reality-tv-show/d/d-id/1329036

 

You’ll never guess where Russian spies are hiding their control servers

Turla uses social media and clever programming techniques to cover its tracks.

https://arstechnica.com/security/2017/06/russian-hackers-turn-to-britney-spears-for-help-concealing-espionage-malware/

 

Russian malware communicates by leaving comments in Britney Spears's Instagram account

https://boingboing.net/2017/06/07/watering-holes.html

 

How hackers can ruin your summer vacation

https://www.cnet.com/news/how-hackers-can-ruin-your-summer-vacation/

 

TOR Anonymity: Things Not To Do While Using TOR

https://fossbytes.com/tor-anonymity-things-not-using-tor/

 

Why ‘I forgot my password’ won’t go down well with a judge

https://nakedsecurity.sophos.com/2017/06/05/why-i-forgot-my-password-wont-go-down-well-with-a-judge/

 

 

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

 

Upcoming Conferences

 BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

 

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

 

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

CFP closes Sept 1

http://securewv.com/

  

Stories

Booz Allen Hamilton Leaves U.S. Government Files On Unprotected Amazon Server

http://www.ibtimes.com/booz-allen-hamilton-leaves-us-government-files-unprotected-amazon-server-2545935

 

Silk Road Founder Ross Ulbricht Loses Appeal In Trial Connected To Dark Web

http://www.ibtimes.com/silk-road-founder-ross-ulbricht-loses-appeal-trial-connected-dark-web-2546059

 

2017 Has Already Racked Up 1,200 Breaches--On Pace for Worst Year Ever

https://www.infosecurity-magazine.com/news/2017-has-already-racked-up-1200/

 

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

http://www.theregister.co.uk/2017/05/30/shadow_brokers_subscription_service/

 

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems.

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/

 

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

 

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions or gain root shell.

https://www.cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/

 

Comcast Wi-Fi serving self-promotional ads via JavaScript injection

Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast's decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.

https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

 

 

Google debuts a new way to follow your footsteps around the web

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

 To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

https://nakedsecurity.sophos.com/2017/05/25/google-debuts-a-new-way-to-follow-your-footsteps-around-the-web/

 

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

 

 

 

Reboot It! Episode 72 with Bill Gardner and Amanda Berlin

Upcoming Conferences

 

BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

 

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

 

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/

 

 

 

Stories

 

WannaCry hits Medical Devices in US

https://www.infosecurity-magazine.com/news/wannacry-hits-medical-devices-in-us/

 

WannaCry Ransomware & The Perils of Shoddy Attribution:  It’s the Russians! No Wait, It’s the North Koreans!

http://icitech.org/wannacry-ransomware-the-perils-shoddy-attribution-its-the-russians-no-wait-its-the-north-koreans/

 

U.S. Hacker Linked to Fake Macron Documents, Says Cybersecurity Firm

https://www.wsj.com/articles/u-s-hacker-linked-to-fake-macron-documents-says-cybersecurity-firm-1494929136?mod=e2tw

 

ADHD project

https://sourceforge.net/projects/adhd/

 

Breach at DocuSign Led to Targeted Email Malware Campaign

https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/

 

Chipotle Breach

https://www.chipotle.com/security#security

 

Keylogger in Hewlett-Packard Audio Driver

https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

 

Brooks Brothers Alerted of Year-Long Data Breach

http://www.marketwatch.com/amp/story/guid/00BB473A-0EAF-4D1A-B45E-7AC32B02703E

 

Reboot It! Episode 71 with Bill Gardner, Amanda Berlin, and Rick Hayes

Upcoming Conferences


 

BSides London

June 7

London

https://www.securitybsides.org.uk/


 

Cyber Security World

June 28-29, 2017

Magnolia Hotel Denver

Denver, CO

http://cybersecurityworld.misti.com/

 

BSidesLV

https://www.bsideslv.org


 

DEFCON 25

Las Vegas

July 27-30

https://www.defcon.org/


 

DerbyCon 7.0  “Legacy”

SOLD OUT

CFP is open

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/



 

Stories

 

Infosec Rock Star

https://www.sans.org/instructors/ted-demopoulos

http://infosecrockstar.com/

https://www.amazon.com/Infosec-Rock-Star-Accelerate-Because/dp/1683504828/

 

Cloud Computing springs upset in Preakness

http://www.wsaz.com/content/news/Cloud-Computing-springs-upset-in-Preakness-423372574.html?utm_source=dlvr.it&utm_medium=twitter

 

How one man wreaked ingenious revenge on rude customers in a coffee shop

http://www.telegraph.co.uk/men/the-filter/one-man-wreaked-ingenious-revenge-rude-customers-coffee-shop/

 

Someone Hit the Internet with a Massive Google Doc Phishing Attack

https://motherboard.vice.com/en_us/article/massive-gmail-google-doc-phishing-email

 

MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution

https://packetstormsecurity.com/files/142464/MS17-010.txt

 

Windows 10 version 1507 will no longer receive security updates

https://support.microsoft.com/en-us/help/4015562/windows-10-version-1507-will-no-longer-receive-security-updates

 

WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit # CVE-2016-10033 in the wild

https://pastebin.com/raw/h4cvzTs3

 

Not-so-secret DOD “spy drone” footage, live on the Internet

https://arstechnica.com/information-technology/2017/05/not-so-secret-dod-spy-drone-footage-live-on-the-internet/

 

NIST is No Longer Recommending Two-Factor Authentication Using SMS

https://pages.nist.gov/800-63-3/sp800-63b.html

 

AT&T On Strike

https://www.cwa-union.org/att





 

Reboot It! Episode 70 with Bill Gardner, David Vaughn, Mark Boltz-Robinson, Evan Booth, Scott Lyons, and Joshua Marpet

 

Upcoming Conferences

 

InfoSec World 2017

April 3-5 Omni Orlando Resort at Champion’s Gate

http://infosecworld.misti.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

CarolinaCon (Raleigh)

May 19-21, 2017

http://carolinacon.org

 

BSides London

June 7

London

 

https://www.securitybsides.org.uk/

What did he say? Don’t screw with the show notes?!!!?!!!!?!!!!

I dont know….re you doing that?!!?!?!?!?!?!

Scott, why a

 

Cyber Security World

June 28-29, 2017

Magnolia Hotel Denver

Denver, CO

http://cybersecurityworld.misti.com/

 

BSidesLV – Get ready for the Next Big Thing

End of July in Las Vegas, NV, United States, North America, Planet Earth, Milky way galaxy, sort of the thin area out towards the end of that spiral arm over there.

https://www.bsideslv.org


 

DEFCON 25

End of July in Las Vegas

CANCELLED - bring your towel. No, bring deoderant, please. And use it.

27-30 JUL 2017

Defcon.org

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/



 

Interview with David

 

5 lightning questions:

  1. If you were a Star Trek® or Star Wars® character, which one would it be?

  2. What's the most important part of the sandwich?

  3. If You Could Take Only Three Items With You To A Deserted Island, What Would They Be?

  4. Name 2 people, past or present, that you would like to see square off in a MMA ring.

  5. What is your favorite Linux command?



 

Stories

 

Tor and VPN users labeled as criminals will be hacked and spied by FBI under new law

https://www.techworm.net/2016/05/tor-vpn-users-labeled-criminals-hacked-spied-fbi-new-law.html

https://www.documentcloud.org/documents/1347875-fbi-proposed-amendment-rule-41-1.html

 

Related: As Congress Repeals Internet Privacy Rules, Putting Your Options In Perspective

http://www.npr.org/sections/alltechconsidered/2017/03/28/521813464/as-congress-repeals-internet-privacy-rules-putting-your-options-in-perspective

 

Phishers target World of Warcraft users with fake in-game pet offer

https://www.grahamcluley.com/phishers-target-world-warcraft-users-fake-game-pet-offer/

 

Dishwasher has directory traversal bug

https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/

 

UW professor: The information war is real, and we’re losing it

http://www.seattletimes.com/seattle-news/politics/uw-professor-the-information-war-is-real-and-were-losing-it/

 

Examining the Alternative Media Ecosystem through the Production of

Alternative Narratives of Mass Shooting Events on Twitter

http://faculty.washington.edu/kstarbi/Alt_Narratives_ICWSM17-CameraReady.pdf

 

How police unmasked suspect accused of sending seizure-inducing tweet

https://arstechnica.com/tech-policy/2017/03/how-police-unmasked-suspect-accused-of-sending-seizure-inducing-tweet/


 

Judge OKs warrant to reveal who searched a crime victim’s name on Google

https://arstechnica.com/tech-policy/2017/03/judge-oks-warrant-to-reveal-who-searched-a-fraud-victims-name-on-google/


 

Man jailed indefinitely for refusing to decrypt hard drives loses appeal

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

 

How I Let Disney Track My Every Move

https://gizmodo.com/how-i-let-disney-track-my-every-move-1792875386

 

Alabama House bill would require Internet porn filters

http://abc3340.com/news/local/house-bill-would-put-porn-filters-on-cellphones

 

Facebook launches Stories in the main Facebook app

https://techcrunch.com/2017/03/28/facebook-launches-stories-in-the-main-facebook-app/

 

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

https://github.com/edwardz246003/IIS_exploit

 

Venezuelans Using ‘Rare Pepes’ and Bitcoin As Currency

http://www.breitbart.com/tech/2017/03/27/venezuelans-using-rare-pepes-bitcoin-currency/

 

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=pepe+venezuela&*

 

Reboot It! Episode 69 with Bill Gardner, Mike Baker, Dale Luke, Benny Karnes, Mark Boltz-Robinson, Scott Lyons, and Joshua Marpet


 

Upcoming Conferences

 

InfoSec World 2017

April 3-5 Omni Orlando Resort at Champion’s Gate

http://infosecworld.misti.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

CFP and Call for Workshops closes on 3/27

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Russian bank claims effort to frame it for connections to Trump Organization

http://www.cnn.com/2017/03/17/politics/alfa-bank-trump-dns-hack/index.html

 

THE CYBERSECURITY INDUSTRY HAS FAILED CONSUMERS: TIME TO GET SMART ABOUT 'DUMB' HOMES

http://www.newsweek.com/cybersecurity-industry-failed-threat-572949

 

SHUT THE BACKDOOR! MORE IOT CYBERSECURITY PROBLEMS

http://hackaday.com/2017/03/22/shut-the-backdoor-more-iot-cybersecurity/

 

Four Men Charged With Hacking 500M Yahoo Accounts

https://krebsonsecurity.com/2017/03/four-men-charged-with-hacking-500m-yahoo-accounts/

 

Was Yahoo a sanctioned FSB operation or a rogue operation?

https://medium.com/@jeffreycarr/was-yahoo-a-sanctioned-fsb-operation-or-a-rogue-operation-b8826b7f4c92#.6hxptho1c

 

McDonald’s Says Account Was Compromised Before Anti-Trump Tweet

https://www.bloomberg.com/news/articles/2017-03-16/mcdonald-s-says-account-was-compromised-before-anti-trump-tweet

 

VM Escape Earns Hackers $105K at Pwn2Own

https://threatpost.com/vm-escape-earns-hackers-105k-at-pwn2own/124397/

 

LastPass: websiteConnector.js content script allows proxying internal RPC commands

https://bugs.chromium.org/p/project-zero/issues/detail?id=1209

 

Cisco Vault 7 Leak - 0 day with 318 Products - because, telnet

https://www.bleepingcomputer.com/news/security/ciscos-investigation-into-vault-7-leak-uncovers-0-day-affecting-318-products/

 

Hackers Threaten to Remotely Wipe 300 Million iPhones Unless Apple Pays Ransom

http://thehackernews.com/2017/03/hacking-apple-icloud-account.html

 

The Senate just voted to undo landmark rules covering your Internet privacy

https://www.washingtonpost.com/news/the-switch/wp/2017/03/23/congress-is-poised-to-undo-landmark-rules-covering-your-internet-privacy/?utm_term=.98dc3656acd9

 

Mike Baker’s Talk - How to hack all the bug bounty things automagically & reap the rewards (profit)!

https://www.irongeek.com/i.php?page=videos/securewv-hack3rcon2016/117-how-to-hack-all-the-bug-bounty-things-automagically-reap-the-rewards-profit-mike-baker

 

Windows 'DoubleAgent' Attack Turns AV Tools into Malware

http://www.darkreading.com/threat-intelligence/windows-doubleagent-attack-turns-av-tools-into-malware-/d/d-id/1328462?

 

Source Code:  https://github.com/Cybellum/DoubleAgent

 

Reboot It! Episode 68 with Bill Gardner, Amanda Berlin, Joshua Marpet, and Scott Lyons

Upcoming Conferences

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

Call for Sponsors is also Open

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

CFP and Call for Workshops closes on 3/27

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Trump White House shopping for high-end security software to plug leaks

http://foreignpolicy.com/2017/03/03/trump-white-house-shopping-for-technology-to-plug-leaks/

 

DOJ says it would rather drop a child porn case than reveal technical details about the FBI's Tor Browser exploit, as a court had ordered.

https://twitter.com/bradheath/status/837846963471122432/photo/1

 

U.S. drops child porn case to avoid disclosing Tor exploit

http://www.computerworld.com/article/3176541/security/us-drops-child-porn-case-to-avoid-disclosing-tor-exploit.html#tk.rss_security

 

American Bar Association to offer cybersecurity insurance to law firms: After a year which saw multiple law firms end up in the headlines for data breaches, the American Bar Association expanded its insurance program last week to offer cybersecurity coverage.

https://www.cyberscoop.com/american-bar-association-cybersecurity-insurance/

 

Metasploit team released Metasploit Vulnerable Services Emulator

http://securityaffairs.co/wordpress/56886/hacking/metasploit-vulnerable-services-emulator.html

 

Uber's Secret App for Tracking Cops Sounds Creepy as Hell

http://gizmodo.com/ubers-secret-app-for-tracking-cops-sounds-creepy-as-hel-1792949962

 

Microsoft bug bounty: Now it doubles cash to put more focus on Office 365 flaws

http://www.zdnet.com/article/microsoft-bug-bounty-now-it-doubles-cash-to-put-more-focus-on-office-365-flaws/

 

Danbury trustees pick dog show date

http://www.sanduskyregister.com/story/201703080042

 

Yahoo says about 32 million accounts accessed using 'forged cookies'

http://www.reuters.com/article/us-yahoo-databreach-idUSKBN1685UY

 

Police looking for man who stole Chevy Equinox and 9 baby parrots

http://www.abcactionnews.com/news/region-pinellas/police-looking-for-man-who-stole-chevy-equinox-and-9-baby-parrots

 

WikiLeaks releases 'entire hacking capacity of the CIA' - Vault7

http://www.foxnews.com/us/2017/03/07/wikileaks-releases-entire-hacking-capacity-cia.html

 

Social-Engineer Toolkit (SET) v7.6 codename "Vault7"

https://github.com/trustedsec/social-engineer-toolkit


 

Reboot It! Episode 67 with Bill Gardner, Amanda Berlin, and Mark Boltz-Robinson



 

Upcoming Conferences

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/

 

How a typo took down S3, the backbone of the internet

http://www.theverge.com/2017/3/2/14792442/amazon-s3-outage-cause-typo-internet-server

 

Car Hacker's Handbook Released As A Free Download

http://opengarages.org/handbook/

 

Don’t Talk Trash on Slack

https://motherboard.vice.com/en_us/article/dont-talk-trash-on-slack

 

Sex wearable is coming to track your performance and judge you

https://www.cnet.com/news/icon-smart-condom-ring/?ftag=COS-05-10aaa0b&linkId=35064659

 

Defensive Security Handbook

http://shop.oreilly.com/product/0636920051671.do

Reboot It! Episode 66 with Bill Gardner, Amanda Berlin, and Mark Boltz-Robinson

Upcoming Conferences

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

http://appyide.org

 

BSides NoVA

February 25, 2017

http://www.bsidesnova.org/

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

PoliceOne, a forum used only by only verified law enforcement officials, has been hacked and data dump was offered for sale in a dark web market.

http://securityaffairs.co/wordpress/55967/data-breach/policeone-data-breach.html

 

What Vizio was doing behind the TV screen

https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen

 

Samsung warns customers not to discuss personal information in front of smart TVs

http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs

 

Amazon refusing to hand over data on whether Alexa overheard a murder

https://arstechnica.com/tech-policy/2017/02/amazon-wont-disclose-if-alexa-witnessed-a-murder/

 

Steve Bannon sunk $60M of Goldman Sachs' money into a failed World of Warcraft goldfarming scheme

https://boingboing.net/2017/02/09/steve-bannon-sunk-60m-of-gold.html

 

EFF: Border Security Overreach Continues: DHS Wants Social Media Login Information

https://www.eff.org/deeplinks/2017/02/border-security-overreach-continues-dhs-wants-social-media-login-information

 

Hack reveals data company Cellebrite works with everyone from US cops to Russia (MB-R)

https://arstechnica.com/tech-policy/2017/01/hack-reveals-data-company-cellebrite-works-with-everyone-from-us-cops-to-russia/

 

Cloudflare Hacked - CloudFlare Security Breach: The Result Of Smart Social Engineering, Flaw In Google’s Account Recovery System

https://techcrunch.com/2012/06/04/cloudflare-security-breach-the-result-of-smart-social-engineering-flaw-in-googles-account-recovery-system/

(they have an awesome top tier bug bounty of a t-shirt)

https://hackerone.com/cloudflare

Reboot It! Episode 65 with Bill Gardner and Mark Boltz-Robinson

Recorded February 2, 2017

 

Upcoming Conferences

 

AIDE 2017

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

Website is in the process of being updated

 

BSides NoVA

February 25, 2017

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

Stories

 

Trump taps Giuliani as cybersecurity adviser

http://www.usatoday.com/story/news/politics/onpolitics/2017/01/12/donald-trump-rudy-giuliani-russia-cybersecurity/96482616/

 

MacBook Pro Touch Bar banned from multiple state bar exams

https://www.engadget.com/2017/01/30/macbook-pro-touch-bar-banned-from-multiple-state-bar-exams/

 

Anonymous publish a simple guide on how to hack Donald Trump’s phone on Twitter

http://www.news.com.au/technology/online/social/anonymous-publish-a-simple-guide-on-how-to-hack-donald-trumps-phone-on-twitter/news-story/af65cf8d28f9fee8f5858e858dd29745

 

Delta operations returning to normal after systems outage..again

https://webinar.darkreading.com/2587?keycode=xxxxxx&_mc=sm_twt&cid=sm_twt&wc=4&hootPostID=6f8f33f99d9d6683ca5d5ffc2630c9b5

 

United flights delayed after computer glitch grounds US planes

http://www.cnbc.com/2017/01/22/all-united-airlines-domestic-flights-grounded-by-computer-outage.html

 

Netherlands to Hand Count Ballots for Parliamentary Elections

http://www.independent.co.uk/news/world/europe/netherlands-parliamentary-election-count-vote-by-hand-stop-hackers-cyber-crime-fraud-hacking-a7558701.html

Reboot It! Episode 64 with Bill Gardner, Benny Karnes, Adrian Crenshaw, and Mark Boltz-Robinson

Upcoming Conferences

 

Shmoocon  www.shmoocon.org

January 13-15, 2017

Washington Hilton Hotel

Washington, DC

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

CFP open until December 31

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

 

Stories

 

The CNN porn scare is how fake news spreads http://www.theverge.com/2016/11/25/13748226/cnn-accidentally-airs-porn-fake-news-boston

 

Russian propaganda effort helped spread ‘fake news’ during election, experts say

https://www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6-8a40-4ca9-b712-716af66098fe_story.html?utm_campaign=pubexchange&utm_medium=referral&utm_source=huffingtonpost.com

 

HDD encryption ransomware locks payment terminals at all San Francisco transit stations

http://www.sfexaminer.com/hacked-appears-muni-stations-fare-payment-system-crashes/

 

San Francisco Rail System Hacker Hacked

https://krebsonsecurity.com/2016/11/san-francisco-rail-system-hacker-hacked/

 

Hackers disable Carleton University computer system, demand bitcoins

http://globalnews.ca/news/3097388/hackers-disable-carleton-university-computer-system-demand-bitcoins/

 

Enigma codebreaking site to become elite UK cyber defense school

http://www.cnn.com/2016/11/24/europe/uk-bletchley-park-college/index.html?sr=twCNN112516uk-bletchley-park-college0335PMVODtopLink&linkId=31566354

 

Privacy eyeglasses use reflective material to avoid surveillance cameras.

https://www.kickstarter.com/projects/reflectacles/reflectacles-reflective-eyewear-and-sunglasses

 

Kaspersky “Hack-proof” operating system
http://thehackernews.com/2016/11/kaspersky-operating-system.html

https://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-system-we-confirm-the-rumors-and-end-the-speculation/

 

Every Windows 10 in-place Upgrade is a SEVERE Security risk - Win-Fu Official Blog

http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html?m=1

 

iPhones Secretly Send Call History to Apple, Security Firm Says - The Intercept

https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/

 

More than one million Google accounts hit by malware

http://www.cbsnews.com/news/google-accounts-malicious-software-android/?ftag=CNM-00-10aab7e&linkId=31770030

Reboot It! Episode 63 with Bill Gardner and Mark Boltz-Robinson

Upcoming Conferences

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

BSidesCharm CFP open

http://www.bsidescharm.com

A variety of other BSides coming up soon, see securitybsides.com for info

 

Shmoocon round 2 F5 madness on 12/1. First round 600 tickets sold in 4.19 seconds
    Also CFP is open until 11/18  www.shmoocon.org

 

Stories

 

Why can't Americans vote online?

http://www.cnn.com/2011/11/08/tech/web/online-voting/

 

Indiana county government shut down by ransomware to pay up

http://arstechnica.com/security/2016/11/indiana-county-government-shut-down-by-ransomware-to-pay-up/

 

Yes, Donald Trump, the FBI Can Vet 650,000 Emails in Eight Days

https://www.wired.com/2016/11/yes-donald-trump-fbi-can-vet-650000-emails-eight-days/?mbid=social_fb

 

U.S. Govt. Hackers Ready to Hit Back If Russia Tries to Disrupt Election

http://www.nbcnews.com/news/us-news/u-s-hackers-ready-hit-back-if-russia-disrupts-election-n677936?cid=sm_tw

 

As Rule 41 deadline looms, an "expansion" of FBI hacking powers looks likely

http://www.zdnet.com/article/mass-hacking-rule-change-set-to-happen/

 

DDoS attack takes down HVAC in Finnish apartments

http://thehackernews.com/2016/11/heating-system-hacked.htm

Reboot It! Episode 62 with Bill Gardner and Benny Karnes

Upcoming Conferences

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

 

Stories

 

Paypal 2FA Bypass

https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass

 

Mirai botnets linked to massive DDoS attacks on Dyn DNS, Flashpoint says

http://www.scmagazine.com/mirai-botnets-linked-to-massive-ddos-attacks-on-dyn-dns-flashpoint-says/article/567607/

 

Internet of Things Scanner - Check if your internet-connected devices at home are public on Shodan. If they are, this means they are accessible to the public, and hackers. http://iotscanner.bullguard.com/

 

Webcams used to attack Reddit and Twitter recalled

http://www.bbc.com/news/technology-37750798

 

New, more-powerful IoT botnet infects 3,500 devices in 5 days - Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse: http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-notorious-mirai-infects-3500-devices/

 

Anonymous’ Most Notorious Hacker Is Back, and He’s Gone Legit

https://www.wired.com/2016/10/anonymous-notorious-hacker-back-hes-gone-legit/

 

Jester defaces Russian Foreign Affairs website

https://jesterscourt.cc/2016/10/23/soviet-russia-get-get-propagandered-guy-jingly-hat/

 

Anonymous claims it took down Ecuadorian govt webmail after embassy banned Assange from internet

https://www.rt.com/news/363851-assange-anonymous-ecuador-govt-email/

 

 

DirtyCOW:

What is it - LiveOverflow you channel: https://youtu.be/kEsshExn7aE

 

Wikipedia article: https://en.m.wikipedia.org/wiki/Dirty_COW

 

RedHat security notices: https://access.redhat.com/security/vulnerabilities/2706661