HNNEpisode120

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #120

Recorded April 18, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • News

    Cyberpatriot

    http://www.uscyberpatriot.org/

    http://www.uscyberpatriot.org/Pages/Announcements/Congratulations-to-the-CyberPatriot-IX-National-Champions!.aspx

    Shadow Brokers http://boingboing.net/2017/04/14/windows-0-days-too.html -- NSA Shadow Brokers bank exploits -- so is this a false flag? The exploits particulary target Middle Eastern Banks and provide a lot of zero day stuff basically telling you how to do it in Borat-esque language

    Targeting easily hackable banks in the Middle East (SWIFT among others). Egregiousblunder is an example.

    TAO is the Tailored Access Operations NSA Hacking Division

    Most of the code is from 2013, same as timing for Snowden leaks.

    http://www.npr.org/sections/thetwo-way/2016/08/17/490329015/shadow-brokers-claim-to-have-hacked-the-nsas-hackers -- 1.6 bitcoins bid so far -- they asked for about half a billion. The tools look legit. Are these James Bond villianesque kinds of messages being sent (viz. keep it up and we will hurt you) SETEC Astronomy

    http://www.zdnet.com/article/recently-patched-microsoft-word-bug-was-exploited-for-surveillance-and-espionage/ Zero Day Doc exploit

    and

    https://www.engadget.com/2017/04/15/microsoft-says-it-already-patched-several-shadow-brokers-nsa-l/ -- MS patched leaks

    Jan -- Exploits revealed - Feb patch tuesday is skipped -- March flaws are fixed. Did MS buy up the exploits early from Shadow Brokers?

    Expert Commentary: Jason Wood, Paladin Security