Plane Hacking & Crypto Logjams – WSWiR Episode 153

Are you too busy provisioning new servers and reseting your users’ Windows passwords to keep up with information security news? If so, we have a quick solution for you. Learn the most important security issues in under ten minutes with our weekly security review video.

Today’s episode talks about the latest plane hacking drama, a new cryptographic weakness, and a data breach affecting a popular “adult” online dating site. Watch the video for the details, as well as some security tips, and check the references below for more news.

(Episode Runtime: 8:50)

Direct YouTube Link: https://www.youtube.com/watch?v=nN3q6KWYKrc

EPISODE REFERENCES:

• Monday: Plane Hacking Hijinks – Daily Security Byte EP.85
  • Latest details about FBI’s investigation into RSA plane hacker – Techdirt
  • Opinion piece on Robert’s Plane pen-testing – Information Week
  • Eccentric John McAfee supports Roberts – Motherboard
  • Roberts claims of controlling the plane may be overstated – Bloomberg
• Tuesday: Missed due to travel
• Wednesday: Missed due to travel
• Thursday: Cryptography Logjam – Daily Security Byte EP.86
  • Primary Logjam FAQ page – WeakDH.org
  • Academic Logjam vulnerability whitepaper [PDF] – WeakDH.org
  • Logjam proof-of-concept examples – WeakDH.org
  • Logjam mitigation strategies – WeakDH.org
  • Media article covering the Logjam vulnerabilities – Ars Technica
• Friday: Adult Friend Pwner – Daily Security Byte EP.87
  • Post by researcher who discovered stolen Adult Friend Finder data – TekSecurity Blog
  • Media article on the Adult Friend Finder data breach – Ars Technica
  • Friend Finder Network confirms they have heard about the potential leak – FFN

EXTRAS:

• Malvertising (malicious ads) more than doubled last year – PC Advisor
• Safari flaw could help phishers – Ars Technica
• Oracle’s response to the VENOM vulnerability – V3.co.uk
• Another big healthcare related data breach – Time
• High school student DDoSes his school – Slashgear
• Ransomware increasing on Android devices – SC Magazine
• Domain registrar suffers from sophisticated DNS attack – GeekWire
• Create fake password vaults to protect your real one – Network World
• Alleged Russian hacker fired his lawyer before trial – Seattle Times
• Hacker hold Darknet market for Ransom – Motherboard
• Researchers find flaws in Google App Engine – Ars Technica
• Technical post on how researcher exploited MS15-011 – Core Security
• Ebay fixed a flaw that could help phishers – Threatpost
• NSA tried to hack Google and Samsung’s app stores – V3.co.uk
• Don’t want government backdoors? Write the President – Security Search
• Teen plead guilty to swatting female gamer – Business Insider
• Researcher uses Starbuck hack to buy a chicken sandwich – The Register
• NetUSB vulnerability affects many routers – Sec-Consult
• iWatch update fixes security flaws – Business Insider

— Corey Nachreiner, CISSP (@SecAdept)

Share This: