All posts by jb

Defensive Security Podcast Episode 8

February 24, 2013Podcast, SecurityAPT1, Bit9, CPanel, Zendeskjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

News:

Burger King & Jeep twitter accounts hacked

Microsoft and Apple hacked with same exploit that hit Facebook

NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Continue reading Defensive Security Podcast Episode 8 →

Defensive Security Podcast Episode 7

February 18, 2013Podcastfacebook, hacking, information security, Javajb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

defensive security episode 7Please rate the podcast on iTunes!
Follow me on twitter @defensivesec
Send comments to info@defensivesecurity.org

News:

Continue reading Defensive Security Podcast Episode 7 →

Defensive Security Podcast Episode 6

January 29, 2013PodcastAnonymous, Bit9, China, Java, New York Times, State of South Carolona, USSCjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Suggestions to podcast@defensivesecurity.org

News:

ISD Podcast shuts down
Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites
Yet another Java update. Oracle seems to have gotten the message.
Combofix, a free tool for removing certain kinds of malware, was infected with Sality
- Do not download repackaged software from other file hosting sites. Bad!
Cisco released it’s 2013 security report.
- Legitimate sites much more likely to be malicious than traditional pornography
- Ad networks and content delivery networks worst offenders
Anonymous stole information on 4600 bank executives from a Federal Reserve emergency communication application.
- Fed seems to be downplaying the significance. Continue reading Defensive Security Podcast Episode 6 →

Defensive Security Podcast Episode 5

January 20, 2013PodcastAnti Virus, HIPAA, Java, MEGA Rulejb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Download the MP3 here

Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org

A lot has happened since the last Podcast:

HIPAA mega rule released – all 563 pages
Zero day in Java
Freak-outs ensued
Oracle released a Java patch
Freak-outs continued
Word of new vulnerabilities have emerged Continue reading Defensive Security Podcast Episode 5 →

Protect Yourself From The Latest Java Zero Day

January 11, 2013Information Security, Malware, SecurityJava, Zero dayjb

Brian Krebs is reporting that a new zero day vulnerability and matching exploit are making the rounds, with no patch or fix in sight.

My recommendation is to consider disabling the java browser plugin or implementing no script with a policy to only allow java originating from intranet sites.

Be careful out there!

Defensive Security Podcast Episode 4

January 7, 2013Podcast, Securityinformation security, securityjb

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Happy New Year!

In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post.

First, a bit of news. Unless you’re still recovering from an egg-nog hangover, you’ve probably heard about the Internet Explorer zero day exploit. Note that it doesn’t impact the latest versions of IE, only 6, 7 and 8. Continue reading Defensive Security Podcast Episode 4 →