Security 162 – WhatsApp Tracking

 

We don’t have much. Even over two weeks nothing stuck out as pressing enough to talk about.

WhatsApp has a weird tracking bug that we will discuss.

https://robertheaton.com/2017/10/09/tracking-friends-and-strangers-using-whatsapp/

The new Google minis are recording 24/7: http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/

FBI used VPN logs to catch someone: https://www.bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/

 

The rest is just more of the same.

Security 153 – Certificate Revocation Lists

[editor note: Tom is awesome in this. Me, not so much. I completely misunderstood how this worked.]

So what happens when a certificate can no longer be trusted? How do you revoke trust, or the certificate?

https://arstechnica.com/security/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/

We are going into the weeks before defcon, where news is sparse. We recommend joining our WhatsApp group. Tweet us, or comment for the link.

 

Security 130 – Unplug Your Toaster

We added a bitcoin link, in case you would like to donate:
btc:1Mg4NYfdaRi38BookVJNqKrEkDRUnv6R78

We discuss the massive DDOS attack on Dyn, a large internet DNS provider, that took out a large chunk of the Internet on Friday

Show Notes

https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities

What We Know About Friday’s Massive East Coast Internet Outage

https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/