Want a quick way to learn about the latest information security (infosec) news and tips? Then this is the video for you! Every week, I summarize the most important stuff, and share what you should do about it.
This week, we’ve changed the format of the show. Since I’m now posting the Daily Security Byte every week day, our weekly episode will summarize those episodes, share additional updates, and cover Friday’s story. I hope you enjoy the new format and am open to all feedback.
This episode, from the second week of January, covers Microsoft’s January Patch Day, the CENTCOM Twitter hijack, Charlie Hebdo related cyber attacks, and a vulnerability disclosure fight between Google and Microsoft. Click play for the details.
(Episode Runtime: 5:18)
Direct YouTube Link: https://www.youtube.com/watch?v=MIhdn7c2cZY
EPISODE REFERENCES:
- Daily Security Bytes:
- Microsoft vs. Google on early vulnerability disclosure
- Microsoft and Google fight over an early released vulnerability – Reuters
- MS’s blog post about coordinated disclosure – Microsoft
- Google’s details on pre-released flaw – Google
- Security pundits thoughts on the controversy – Tech Republic
- Two more 0day in Google and Microsoft’s disclosure fight – ThreatPost
- Windows 0day one – Google
- Windows 0day two – Google
- Microsoft Patch Day (and other updates)
- President Obama’s address on cyber security
- Robert Graham’s great opinion piece on Obama’s proposal – Errata Sec
- Hollywood reporter on obama – Hollywood Reporter
- Krebs’ thoughts on mandatory breach disclosure – KrebsonSecurity
- Some negative opinions on Obama’s cyber security proposals – Forbes
- More commentary against Obama’s proposal – CircleID
- Charlie Hebdo related cyber attacks
- CENTCOM Social Network hijack
EXTRAS:
- Kim Jung Un video game creators hacked – Kotaku
- Google not fixing flaws in old versions of Android – PC World
- Attackers deface Crayola Facebook page with inappropriate content – Phys.org
- North Korea’s official news site delivers malware (surprise, surprise) – Ars Technica
- Researcher’s details on DRPK’s malicious news site – Infosecotter.com
- Anonymous takes down jihadist website in retaliation for Paris terrorism – Red Orbit
- Attackers publish client emails after bank refuses to pay ransom – Reuters
- UK Prime Minister wants backdoors in messaging apps – Ars Technica
- Attackers hijacked United milage accounts to book free trips – Mashable
- We wary of non-Oracle sites pushing fake updates – Oracle
- Malicious wall charge key sniffs wireless keyboards – Business Insider
- Skeleton Key Malware hijacks AD servers – Forbes
- SecureWorks’ analysis on Skeleton Key – SecureWorks
- Russian credit card theft tries to get out of extradition – Phys.org
- Cisco patches Webex – Tech Target
- Airport parking companies confirm a data breach – KrebsonSecurity
- Is open wifi a crime? SWAT team raids grandma’s house – TechDirt
- Do insurance dongles provide a new vector to hack cars? – Forbes
- Blackhat movie tries to get hacking right – Ars Technica
- NSA says “sorry” for weakened crypto algorithm (kind of) – ThreatPost
- I like the idea of Internet as a public utility – Gizmodo
- Free open network used to make point about electronic surveillance – Ars Technica
- The CIA clear themselves for their Senate hacking – Ars Technica
- Serious vulnerabilities found in popular Italian ISP consumer router – UPV.es
- Canada’s new anti-spam laws could have auto-update ramifications – CBC.ca
- New York Post and UPI’s twitter accounts hijacked – Computer World
- Need a hacker? A web site offers them for hire – Slate
- ISC still seeing lots of Shellshock attemtps; hope you patched – SANS
- US government says encryption is key, yet they still backdoor it? – The Guardian
- Chinese research on Windows telnet issue and PoC leak – PasteBin
— Corey Nachreiner, CISSP (@SecAdept)
You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.
The original article/video can be found at Vulnerability Disclosure Fight – WSWiR Episode 135