• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

PoS Fail and Browser Side-Channel – WSWiR Episode 149

April 24, 2015 By Corey Nachreiner

As if every week wasn’t busy enough with new information security (InfoSec) news, this week was the RSA Conference, which brings with it a whole new batch of security news. If you find yourself struggling to keep up, follow my daily or weekly videos to get a quick summary of the latest relevant news.

This week, I was too busy at the RSA Conference to post my daily videos, but you can still catch some of the week’s news in today’s summary episode. In it, I cover the latest updates about the White House breach, I share some interesting tidbits from an RSA PoS security presentation, and I point out some great new research highlighting a side-channel attack that affect most web browsers. Watch the video for the details, and check out the references for more stories.

As an aside, I will be attending another industry conference next week as well, so I may not be able to post my regular Daily Security Byte. However, I’ll still post a weekly video at the very least. I’ll continue with the Daily Bytes the week following next. Have a great weekend, and stay safe out there.

(Episode Runtime: 7:20)

Direct YouTube Link: https://www.youtube.com/watch?v=gGqDplwMJA4

EPISODE REFERENCES:

  • Latest updates on WhiteHouse and State Department Breaches
    • RussianDoll campaign uses 0day, and related to APT28 – FireEye
    • Kaspersky disects CozyDuke malware – Securelist
    • Trend Micro covers Operation Pawn Storm – Trend Micro
    • FireEye releases APT28 report on russian cyber actors – FireEye
    • Reuter’s article on the RussianDoll 0day – Reuters
  • PoS Vendor uses default password since 1990s
    • The Point of Sale is a PoS presentation [PDF] – RSA Conference
    • Major unnamed PoS systems use same password (RSA) – The Register
    • Google search suggests the PoS vendor is Verifone – Computer World
  • The Spy in the Sandbox
    • The spy in the sandbox; browser-based cache side-channel attack – Cornell
    • The spy in the sandbox paper [PDF] – Cornell
    • Forbes article on this browser-based side-channel attack – Forbes

EXTRAS:

  • Brute Logic denied bounty for 32 Groupon XSS vulnerabilities – BetaNews
  • Verizon’s Latest Breach report says phishing accounts for most attacks – TechDirt
  • Verizon’s 2015 Data Breach Report – Verizon
  • A NASA scientists pleas against the Federal HTTPS Only campaign – Github
    • The federal HTTPS-Only standard proposal – CIO.gov
  • An evil WiFi network can lock your iOS device (RSA) – SkyCure
  • RSA CEO says the security industry has failed to protect (RSA) – Tech Radar
  • FBI sends alert to airlines after a researcher is banned for a joke – BBC
    • Good opinion piece on why banning the researcher is dumb – Slate
  • SANS directors offers three technologies that prevent breaches (RSA) – Search Security
  • Homeland Security still against encryption (RSA) – Digital Trends
  • “Aaron’s Law” is going through Congress again – Naked Security
    • Other senators propose ”anti-Aaron’s law” bills – TechDirt
  • Two “cyber security” bills pass through the US House (like CISA) – Network World
    • Another take on the two information sharing bills that passed – The Register
  • FireEye researcher finds flaw to pull fingerprints from Samsung phones – Forbes
  • Sony breach may have been caused by Apple ID phishing emails – Computer World
  • The patched “rootpipe” vulnerability is still exploitable in OS X – Tech Spot
  • 1500 iOS apps still suck at HTTPS – Ars Technica
  • Fox-IT develops signatures to help detect Quantum Insert – Fox-IT

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: cyber security, default password, Hacking, Infosec news, Operation Pawn Storm, password, Point of Sale, POS, RSA Conference, Russian Doll, Side-channel attack, Software vulnerabilities, spear phishing, Spy in the Sandbox, Updates and patches, White House Breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use