• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

SSL FREAK Out – WSWiR Episode 142

March 6, 2015 By Corey Nachreiner

Did you catch all the important information security news this week? Do you know what you might learn from it? If not, watch our weekly security recap video to catch up.

Today’s episode covers yet another SSL vulnerability, explores a new Android worm, and mentions a controversy around Turbo Tax-related fraud. Watch the video for the details and check out the Reference section for more.

(Episode Runtime: 8:37 for main video with an extra at the end)

Direct YouTube Link: https://www.youtube.com/watch?v=y5dryp9wFhE

EPISODE REFERENCES:

  • Daily Security Bytes:
    • Monday: TurboTax Doesn’t Stop Fraud? – Daily Security Byte EP.35
    • Tuesday: Don’t FREAK Out – Daily Security Byte EP.36
    • Wednesday: Gazon Android Worm – Daily Security Byte EP.37
    • Thursday: CSI: Cyber? NOPE! – Daily Security Byte EP.38
    • Friday: FREAK affects Windows – Daily Security Byte EP.39
  • FREAK SSL Vulnerability
    • Official FREAK page and description – Freakattack
    • CVE listing for FREAK vulnerability –  Mitre
    • Good Ars Technica write-up on the FREAK flaw – Ars Technica
    • FREAK affects Windows too – Microsoft Advisory
  • Turbo Tax fraud controversy
    • Whistleblowers claim Intuit doesn’t do enough to stop fraud – KrebsOnSecurity
    • Intuit’s response to fraud handling allegations – Intuit
    • Earlier interview with Intuit’s CISO – KrebsOnSecurity
    • Original TurboTax Fraud Security Byte – WatchGuard Blog
  • Gazon: Android malware SMSs Amazon card scam – AdaptiveMobile
  • CSI: Cyber reviews
    • CSI: Cyber website – CBS
    • Space Rogue’s review of CSI: Cyber – Space Rogue

EXTRAS:

  • Audience does not accept that NSA Director is a Libertarian – The Intercept
  • Researcher finds 0day in Seagate’s 2-Bay NAS device – Beyond Binary
  • A couple data/account breaches and disclosure:
    • Toys ‘R US warns about fraudulent account access – SC Magazine
    • Uber data breach leaks 50K drivers’ PII – Uber
    • Someone stored Uber’s secret key on Github – Ars Technica
  • Legally watch CitizenFour for free – ThoughMaybe
  • GoPro WiFi reset mechanism exposes others’ passwords – IBTimes
  • Device found in German Parliament Chairman’s mobile might illustrate interdiction – The Local
  • Latest Chrome update fixes a lot of security flaws – Threatpost
  • Malicious Blu-ray’s infect PCs and players – Ars Technica
    • The Register’s article on the Blu-ray hack – The Register
  • Malware authors hide C&C with Domain Shadowing – Help Net Security
  • Criminals use Apple Pay to leverage stolen CCs – Ars Technica
  • uTorrent uses your computer to mine Bitcoin – Independent
  • D-Link fixes a bunch of consumer router vulnerabilities – Naked Security
  • Apparently the FAA sucks at information security – Engadget
  • US mad when other governments want backdoors too – Techdirt
  • Do you play video games? You’ll probably become a hacker (whatever) – Huffpo
  • Java installs adware on macs too (no thanks Oracle) – Gizmodo
  • UK’s NCA shutdown 57 cyber criminals – Engadget
  • Canadian arrested for not handing over his password at the Border – The Register

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Cross-site scripting, Edward Snowden, Hacking, Infosec news, Net Neutrality, Phishing, PowerOffHijack, Snowden, Snowden leaks, Software vulnerabilities, xss

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use