Difference between revisions of "Episode279"

From Security Weekly Wiki
Jump to navigationJump to search
Line 37: Line 37:
== Larry's (taken over by Darren cause Larry is a slacker) Stories ==
== Larry's (taken over by Darren cause Larry is a slacker) Stories ==
#[http://www.macrumors.com/2012/02/16/os-x-mountain-lion-limits-apps-to-mac-app-store-signed-apps-by-default/ Mountain Lion preview (OSX 10.8)] - Apple has released a preview of OSX 10.8 due for release later this year.  New security feature called Gatekeeper is coming.  Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work.  In the event a given developer does something wrong the cert can be pulled and the apps will not run.  There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
#[http://www.networkworld.com/news/2012/021512-apple-to-ban-stealthy-iphone-256206.html?source=nww_rss iPhone Address book access] - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner.  Now you will be prompted with a pop up asking if you wish to allow this access.
#[http://www.networkworld.com/news/2012/021612-adobe-confirms-new-zero-day-flash-256219.html?hpg1=bn patch patch patch patch and then patch some more] - Yet another Adobe 0day.
#[http://www.networkworld.com/news/2012/021412-sunpower-lawsuit-highlights-insider-256133.html Insder threats are real] - Example that your own employees are your biggest threat.
#[http://news.cnet.com/8301-1009_3-57377280-83/nortel-hacked-for-years-but-failed-to-protect-itself-report-says/?part=rss&subj=news&tag=2547-1_3-0-20 Nortel hacked for years ] - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.
== Jack's Stories ==
== Jack's Stories ==

Revision as of 03:40, 22 February 2012

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 279 for Thursday February 23d, 2012

  • John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

Interview: Gene Kim

Since 1999, Gene Kim has been studying and benchmarking high performing IT operations and information security organizations. When Kim was the CTO/founder of Tripwire, he wrote the “Visible Ops Handbook,” which codified how these organizations transformed from “good to great,” which has sold over 200K copies to date. Follow him on Twitter at @RealGeneKim

Gene kim.jpg

  1. Tell us about Rugged DevOps
  2. What is your novel about?
  1. RSA DevOps interview with Gene and Josh Corman


Paul's Stories

Larry's (taken over by Darren cause Larry is a slacker) Stories

Jack's Stories

  1. Domain seizure This stuff gives me seizures alright. Jotform.com, a business providing hosting for online forms, has been seized by the Secret Service. “They have disabled the DNS without any prior notice or request,” Of course the registrar involved is GoDaddy.
  2. Privacy, what's that? Retailer Target knew the teenage girl was preggo before her dad did. Hilarity ensues (not really)
  3. Panic!! Or not. Dennis Fisher has a good, reasoned write up of the RSA key research.
  4. 0-day exploit middlemen are cowboys, ticking bomb at least according to Christopher Soghoian.