BREACH, TorSploit, and Fort Disco
Sorry for the late posting, but your weekly taste of “what’s up” in the InfoSec world is here for your viewing pleasure. As always, I summarize some of this week’s biggest network and information security news, in case you didn’t have time to follow it yourself.
This week was packed with security stories, but I only had time to focus on four. The episode includes information on a botnet that brute forces CMS systems, an alleged flaw in Chrome’s password security, a serious new SSL encryption weakness, and suspicions that the FBI tried to backdoor Tor sites. Press play below for the full scoop, and check out the Reference section if you’d like to read about all the other stories I didn’t have time to talk about.
(Episode Runtime: 12:15)
Direct YouTube Link: https://www.youtube.com/watch?v=y4jVozwHdWc
Episode References:
- Fort Disco botnet brute forces CMS systems – Arbor Networks
- Blogger accuses Chrome of bad password management – Blog
- BREACH SSL attack relies on HTTP compression – Breach Attack site
- BREACH attack technical whitepaper [PDF] – Breach Attack site
- FBI suspected of javascript attack on Tor – Wired
- Torsploit IPs may not point to feds – Ars Technica
- Metasploit exploit for the “FBI Javascript flaw” – Rapid 7
Extras:
- Microsoft warns of a CHAPv2 flaw that affects their phone OS – Microsoft
- Microsoft’s August patch day to include eight bulletins, three critical – Microsoft
- Serious OSPF flaw affects many industry routing devices (WatchGuard not affected) – US CERT
- Firefox 23 fixes security flaws and introduces new security features – Tech Crunch
- IPv6 Man in the Middle (MitM) attack affects Windows – Computer World
- Hack NFC for free bus rides – Mashable
- Will Smith shows up at Def Con – PC World
- Hacking bluetooth toilets – Tech Week
- Reseachers release their Def Con car hack details – IOActive blog
- Does the NSA share phone hacking data with DEA? – The Washington Post