inThirty

We go almost 15 minutes long discussing. Sorry. We discuss Net Neutrality again, and how this time it is different than last time. I will try to have an open mind. Some quick news like this Homekit Vulnerability: https://9to5mac.com/2017/12/07/homekit-vulnerability/

Apple’s root password Bitcoin’s crazy price Crypto != Cryptocurrency DNS Again

  First topic is youtube poisoning, where bad actors are placing weird cartoons into youtube kids. Second topic is logitech harmony disconnecting their hubs in March. Should iot devices have expiration dates. UPDATE: Harmony is replacing devices.

Chaim is going abroad, so we thought this was a good opportunity to discuss security while traveling.

Our main story tonight is the KRACK vulnerability on WPA2. We also have a few more little stories to round out the thirty minutes. KRACK: https://krackattacks.com Browser based crypto-mining: https://donateyourtab.to IOS password re-prompts

  We don’t have much. Even over two weeks nothing stuck out as pressing enough to talk about. WhatsApp has a weird tracking bug that we will discuss. https://robertheaton.com/2017/10/09/tracking-friends-and-strangers-using-whatsapp/ The new Google minis are recording 24/7: http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/ FBI used VPN logs to catch someone: https://www.bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/   The rest is just more of the same.

North America has been hit hard in the last three weeks where everyone has lost everything. We are talking recovery options for when you finally get to recover things. https://www.ready.gov/build-a-kit http://www.artofmanliness.com/2011/03/07/how-to-make-a-bug-out-bag-your-72-hour-emergency-evacuation-survival-kit/

  So Equifax is in a lot of hot water. 143 Million records lost. An interesting website choice. Lots of legalese. https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever https://arstechnica.com/information-technology/2017/09/so-equifax-says-your-data-was-hacked-now-what/

  Now that your computer is backed up, and secure, we take the next half hour to talk about some physical security things you can do to protect your stuff

  On tonight’s show we discuss things to get everyone ready for back to school. How to secure your stuff both physically and digitally.

We start off with a cautionary tale about why you shouldn’t open ports. We will talk about some backup strategies, and offsite backup Door lock manufacturer goofed firmware: https://www.theverge.com/circuitbreak… Tunnelbear VPN Audit: https://www.tunnelbear.com/blog/tunne…

[Editor: I think the transitions are off. Hopefully it isn’t too big of a deal] We continue with Defcon news: Marcus Hutchins was arrested leaving Las Vegas: https://www.youtube.com/watch?v=9yROF… Safe Cracking robot: https://www.youtube.com/watch?v=v9vIc… Salesforce employee fired for giving his talk: http://www.zdnet.com/article/salesfor… China VPN ban: http://www.npr.org/sections/alltechco…

  We talk about what happened at Defcon: Vote Hacking Village and how people hacked voter machines FUD with the Echo: http://www.bbc.com/news/technology-40… What is BitCash: https://www.theverge.com/2017/8/1/160… and no more VPNs in China (from the app store) Finally, Verizon rewards for tracking you.

We want to keep it light tonight, as everyone is super busy. Chaim is getting ready for DEFCON. All the news is basically being held until next week. If you wanted to know what a security conference feels like, stay tuned.

[editor note: Tom is awesome in this. Me, not so much. I completely misunderstood how this worked.] So what happens when a certificate can no longer be trusted? How do you revoke trust, or the certificate? https://arstechnica.com/security/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/ We are going into the weeks before defcon, where news is sparse. We recommend joining our WhatsApp group. … Continue reading "Security 153 – Certificate Revocation Lists"