Security 153 – Certificate Revocation Lists

[editor note: Tom is awesome in this. Me, not so much. I completely misunderstood how this worked.]

So what happens when a certificate can no longer be trusted? How do you revoke trust, or the certificate?

https://arstechnica.com/security/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/

We are going into the weeks before defcon, where news is sparse. We recommend joining our WhatsApp group. Tweet us, or comment for the link.

 

Security 151 – Printer Dots

 

Due to poor OPSEC another NSA contractor is in jail for leaking. How did we catch her:

https://en.wikipedia.org/wiki/EURion_constellation

Russian malware communicates by leaving comments in Britney Spears’s Instagram account


http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html?m=1#.WTZRrWjyhaQ
https://twitter.com/leahmcelrath/status/871844022087802880

Security 130 – Unplug Your Toaster

We added a bitcoin link, in case you would like to donate:
btc:1Mg4NYfdaRi38BookVJNqKrEkDRUnv6R78

We discuss the massive DDOS attack on Dyn, a large internet DNS provider, that took out a large chunk of the Internet on Friday

Show Notes

https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities

What We Know About Friday’s Massive East Coast Internet Outage

https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/