No-Name-Podcast

2017-04-15

Епізод 7: Від Самсунга до Білоруса

RCMP reveals use of secretive cellphone surveillance technology for the first time

Here’s where the Apple accounts hackers are threatening to wipe came from

user.js — Firefox hardening stuff

Alleged Spam King Pyotr Levashov Arrested

Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware

Smart TV hack embeds attack code into broadcast signal—no access required

chrome://chrome-urls/chrome://device-log/chrome://net-internals/chrome://site-engagement/chrome://sync-internals/

2017-04-03

Епізод 6. Шифруйтеся і все буде добре.

Vault 7 Megathread – Technical Analysis & Commentary of the CIA Hacking Tools Leak

Justice Department charges Russian spies and criminal hackers in Yahoo intrusion

Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud

Samsung Smart TV Owner Learning About Majority Of Features From Leaked CIA Documents

Outro: Перкалаба – Гулєй https://www.youtube.com/watch?v=BXQbhZiwqLE

Федот R.I.P.

2017-02-28

Епізод 5. Клин клином виганяють.

Outro: Linda Hedström – Big in Japan (Alphaville/Ane Brun cover)

Pragmatic thoughts on #CloudBleed

Incident report on memory leak caused by Cloudflare parser bug

УКАЗ ПРЕЗИДЕНТА УКРАЇНИ №47/2017 Про рішення Ради національної безпеки і оборони України від 29 грудня 2016 року «Про Доктрину інформаційної безпеки України»

Hackers who took control of PC microphones siphon >600 GB from 70 targets

Thoughts on the LeakedSource take down

Who Ran Leakedsource.com?

2017-01-17

Episode 4. Don’t click …it.

Intro/outro: Yelawolf – Devil in my veins (cover) (https://www.youtube.com/watch?v=RgVIFcH77lc)

WhatsApp drama:

MongoDB ransomware attacks and lessons learned http://www.computerworld.com/article/3157766/linux/mongodb-ransomware-attacks-and-lessons-learned.html

Security Through Transparency https://security.googleblog.com/2017/01/security-through-transparency.html

TV News anchor says ‘Alexa, buy me a dollhouse’ with predictable results… https://www.grahamcluley.com/tv-news-anchor-says-alexa-buy-dollhouse-predictable-results/

General Data Protection Regulation: A Short Guide to Data Security in the GDPR https://www.checkmarx.com/2017/01/09/general-data-protection-regulation-short-guide-data-security-gdpr/

Ross Anderson on De-Anonymization https://www.edge.org/response-detail/27195

2016-12-27

Епізод 3. Don’t shoot the messenger

Intro/outro: Freedom’90 George Michael cover by CHIARA MANENTI https://www.youtube.com/watch?v=aZS_p_1Ul4I Private Internet Access funds OpenVPN 2.4 audit by noted cryptographer Dr. Matthew Greenhttps://www.privateinternetaccess.com/blog/2016/12/private-internet-access-funds-openvpn-2-4-audit-noted-cryptographer-dr-matthew-green/

Websites of Ukrainian Finance Ministry, Treasury remain blocked for two days following hacking attackhttp://en.interfax.com.ua/news/economic/389201.html https://www.cys-centrum.com/ru/news/december_financial_system_of_ukraine_was_attacked

Сайт Міноборони недоступний через кібератакуhttp://www.radiosvoboda.org/a/28174073.html

Повна новинаhttp://www.ukrenergo.energy.gov.ua/Pages/ua/DetailsNew.aspx?nID=3387

The rise of TeleBots: Analyzing disruptive KillDisk attackshttp://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/

SWIFT issues core security standards and assurance framework for the communityhttps://www.swift.com/myswift/customer-security-programme-csp_/security-controls

Роскомнадзор заблокировал localhost (127.0.0.1)https://rublacklist.net/24044/ Провайдер “ВОЛЯ” находится в режиме аварийного сбояhttp://internetua.com/provaider–volya–nahoditsya-v-rejime-avariinogo-sboya http://ain.ua/volya-ne-rabotaet

2016-12-05

Епізод 2. Don’t re:Invent the Wheel

Intro/Outro: Halvdan Sivertsen – Twisted little star (Bertine Zetlitz cover) https://www.youtube.com/watch?v=BCpsLnZufFk

GDPR will create 75,000 new Data Protection Officers jobs. https://inform.tmforum.org/cybersecurity-privacy/2016/11/gdpr-will-create-roles-75000-data-protection-officers-worldwide/

‘Extreme surveillance’ becomes UK law with barely a whimper. https://www.theguardian.com/world/2016/nov/19/extreme-surveillance-becomes-uk-law-with-barely-a-whimper

Nemucod downloader spreading via Facebook. https://bartblaze.blogspot.com/2016/11/nemucod-downloader-spreading-via.html

Oracle announced that it has signed an agreement to acquire Dyn. https://www.oracle.com/corporate/acquisitions/dyn/index.html

poisontap – Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js. https://github.com/samyk/poisontap Demo: https://www.youtube.com/watch?v=Aatp5gCskvk

Watch out, Locky ransomware spread via SVG images on Facebook Messenger. http://securityaffairs.co/wordpress/53650/malware/svg-images-locky.htmlВ Крыму разрабатывают «отечественную» замену импортной Windows. http://ain.ua/v-krymu-razrabatyvayut-otechestvennuyu-zamenu-importnoj-windows

2016-11-20

Епізод 1. Make podcasting great again?

Intro/Outro: Yesterday Was Hard on All of Us – Fink (OllieGreatrickMoosic Cover)

  1. OSS security на прикладах CVE-2016-4484: Cryptsetup Initrd root Shell- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.htmlhttps://threatpost.com/cryptsetup-vulnerability-grants-root-shell-access-on-some-linux-systems/121963/Успішний формальний аудит крипти в Signal- https://threatpost.com/signal-audit-reveals-protocol-cryptographically-sound/121892/

  2. Актуальність антивірусів на прикладі ниття Каспера- https://eugene.kaspersky.ru/2016/11/10/s-menya-xvatit/http://news.softpedia.com/news/kaspersky-accuses-microsoft-of-playing-dirty-with-antivirus-apps-in-windows-10-510160.shtml Просто про Каспера- https://twitter.com/Kaspersky_ru/status/799278918440079360

  3. Активізація боротьби з піратством- https://globalvoices.org/2016/11/17/ukraine-cracks-down-on-internet-piracy/http://biz.nv.ua/publications/borba-s-piratami-v-ukraine-zakrojut-vse-278475.html

  4. Вплив соціальних медіа на прикладі ФБ та Твіттера- https://www.washingtonpost.com/news/the-intersect/wp/2016/11/11/mark-zuckerberg-denies-that-fake-news-on-facebook-influenced-the-elections/https://www.theguardian.com/technology/2016/nov/15/twitter-users-to-get-ability-to-mute-words-and-conversations

  5. Просування на ниві безпеки IoT- https://apnews.com/d630d545138146b58388fddeca7150de/In-world-of-internet-enabled-things,-US-says-security-neededhttps://motherboard.vice.com/read/congress-to-security-experts-how-do-we-deal-with-the-internet-of-shit

  6. Прикольні баги та хакиPalo Alto got Tavised https://bugs.chromium.org/p/project-zero/issues/detail?id=908iOS10 screenlock bypass via Sirihttps://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/Large Twitter account breachhttps://www.rt.com/news/367480-twitter-accounts-hacked-spam/OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijackinghttps://threatpost.com/oauth-2-0-hack-exposes-1-billion-mobile-apps-to-account-hijacking/121889/Some US Android phones send data to Chinahttp://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?_r=1