189 – Facebook’s Week of Problems

Facebook had a breach: https://newsroom.fb.com/news/2018/09/security-update/ Facebook security settings: https://www.facebook.com/settings?tab=security Facebook Shadow Contact Info: https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051 GPGTools: https://gpgtools.org/open-letter NordVPN weird bug: https://twitter.com/CiPHPerCoder/status/1044625129278443522?s=19 http://media.blubrry.com/inthirty/p/inthirty.net/podcasts/Security-189-FacebookLastWeek.mp3

Security 188 – Stalking Apps

We have a light week, but we must keep on keeping on. Faxploit: https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/ Fix: https://support.hp.com/us-en/document/c06097712 Fortnite Exploit: https://www.androidcentral.com/epic-games-first-fortnite-installer-allowed-hackers-download-install-silently Ajit Pai knew about DDOS attack: https://arstechnica.com/tech-policy/2018/08/ajit-pai-knew-ddos-claim-was-false-in-january-says-he-couldnt-tell-congress/ Is the CA wildfires issue a net neutrality issue? Maybe: https://twitter.com/gigastacey/status/1033724768099426304 Staking app got hacked: https://nakedsecurity.sophos.com/2018/08/30/hacked-stalking-app-reveals-victims-photos-texts-and-location-info/ http://media.blubrry.com/inthirty/p/inthirty.net/podcasts/Security-188-StalkingApps.mp3

Security 187 – Post Defcon

  We recap Hacker Summer camp. The sights, the sounds, the random room searches. Room Searches: https://arstechnica.com/tech-policy/2018/08/security-theater-meets-def-con-as-room-searches-spark-controversy/ Voting Machines: https://thenextweb.com/tech/2018/08/13/an-11-year-old-hacked-a-government-website-and-changed-election-results-at-defcon/ Voicemail vulnerability: https://mashable.com/2018/08/10/voicemail-hack-password-reset-2fa/#nbbfkK9anmqU Ajit Pai said the FCC wasn’t DDoS’d: https://arstechnica.com/tech-policy/2018/08/ajit-pai-knew-ddos-claim-was-false-in-january-says-he-couldnt-tell-congress/ http://media.blubrry.com/inthirty/p/inthirty.net/podcasts/Security-187-PostDefcon.mp3

Security 186 – Delete All The Tweets

We teased this last week, and never got to it. 1) How to delete your tweets: https://gitlab.com/chaimtime/nuketweets I forked the project, but I can’t find the OP to credit. 2) Fornite sidesteps the play store. This is a bad idea: https://www.theverge.com/2018/8/3/17645982/epic-games-fortnite-android-version-bypass-google-play-store 3) Android P is here http://media.blubrry.com/inthirty/p/inthirty.net/podcasts/Security-186-DeleteAllTweets.mp3

Security 185 – Google gets no Phish

  Google claims nobody has been phished since deploying U2F: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ Russia Indictments shows the US is really good at hacking: https://twit.tv/shows/security-now/episodes/672?autostart=false (Start at minute 90) Tom wipes all his tweets : https://gitlab.com/actualdragon/nuketweets http://media.blubrry.com/inthirty/p/inthirty.net/podcasts/Security-185-GoogleNoPhish.mp3