Tag Archives: NSA

GCHQ Encryption Backdoor? – Daily Security Byte EP. 207

First the NSA, and now GCHQ. A university researcher has claimed to find a weakness in a GCHQ-developed encryption algorithm that could allow governments to snoop on VoIP calls. Watch Friday’s video to learn more about it.

(Episode Runtime: 3:25)

Direct YouTube Link: https://www.youtube.com/watch?v=cK1vIEBVcgs

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Team Updates and RC4 Insecurity – WSWiR Text Edition

 RC4’s Dead and White House On Security

Last week, I was in the UK attending a WatchGuard Partner conference, and as a result I only shot two videos and skipped my weekly summary. Nonetheless, there was still plenty of interesting information security (infosec) news, which I don’t want you to miss. So to make up for it, let me quickly share three infosec stories I would have covered if I had had more time:

  1. Lots of The Hacking Team breach updates: Through the week, we learned a lot more about The Hacking Team organization from the 400GBs of data made public by their network breach. For instance, they had more zero day exploits that first suspected; They leveraged BGP flaws to launch man-in-the-middle attacks, and they worked with both the FBI and DEA to snoop out TOR users. If you’re following this infosec drama, Wikileaks has made all The Hacking Team’s stolen email public. Check out the links below to learn the latest Hacking Team gossip.
  2. The White House brags about cybersecurity: Last week, the White House released a CyberSecurity Fact Sheet detailing everything the US government has done this year to improve the nation’s cybersecurity stance. Highlights include creating a new office in charge of the problem, and encouraging the government and private industry to share threat intelligence. Check out the references if you’d like more details.
  3. RC4 gets another nail in its coffin: RC4 is a very popular hashing algorithm we’ve used for decades. Unfortunately, over the years it has been proven weak due to many vulnerabilities in this old function. Most security experts already consider RC4 dead, that said, new research [PDF] has proven RC4 even weaker. Without going into the details, this new discovery mean bad guys can break RC4 in days instead of months. If you are using RC4, it’s time to move on.

Those are the stories I missed, but the week included many others. If you are interested in all of them, feel free to peruse the Reference section below. I’ll get back to my regularly scheduled videos this week.

References:

 

— Corey Nachreiner, CISSP (@SecAdept)

XKeyScore Sniffs Our Data – Daily Security Byte EP.108

Earlier Snowden leaks have already introduced us to XKeyScore. However, new documents highlighted in the latest Intercept article make it sound even worse than privacy advocates first suspected. Watch the video to learn more.

As an aside: You may have noticed there was no episode on Wednesday. I was updating my production software, which prevented me from creating a video that day. Also, there will be no video on Friday, since it’s a U.S. holiday. Enjoy the 4th of July!

(Episode Runtime: 2:26)

Direct YouTube Link: https://www.youtube.com/watch?v=fCSeXoYajOY

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Grounded Airline, Snowden Leak, and Mr. Robot – WSWiR Episode 158

If you’re feeling behind on critical information security news, you’re not alone. There are so many new InfoSec stories each week that only a dedicated few can keep up with the latest. If you need a little help following what’s important, let our weekly security news summary video keep you informed.

Last Friday’s episode covered an 0day Flash flaw, the latest Snowden leak, my review of a cool new infosec related show, and more. Watch the video below for the details, and check out the References section for other stories.

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=cvZCDHCc4ec

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Nation States Spy on AV Vendors – Daily Security Byte EP.103

You would hope our governments only spy on or hack the bad guys, but apparently they target security companies too. The latest Snowden leaks cover how the NSA and GCHQ target foreign antivirus companies, and reverse engineer their products to presumably find weaknesses. Watch today’s video to learn why I think this is bad for the security of all countries.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=F1ZTOb_uChU

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

APTs, Updates, and OPM – WSWiR Episode 156

Information Security is a hot topic right now; unfortunately not for all the right reasons. Nowadays, it’s not unusual to have a big data breach, new zero day malware, and a ton of security updates all in the same week. If you’re part of an IT organization that’s concerned with protecting your network, but that doesn’t have time to keep up with the deluge of InfoSec news, this weekly video is for you.

Last week’s episode covered a nasty new variant of point-of-sale (POS) malware, Microsoft and Adobe’s monthly security updates, and a significant network breach of a well-respected security company. If you want to learn about all these stories and more, watch the episode below. Also, take a peek at the Reference section if you are interested in other InfoSec items from the week.

(Episode Runtime: 13:25)

Direct YouTube Link: https://www.youtube.com/watch?v=52reUvOR6FE

Show Note: On some occasions, I will not be able to post the blog update associated with these videos immediately, even though the video is already online. If you’d like to know about the latest video as soon as it’s posted, subscribe to my YouTube channel. Also, if you want email updates for each blog post, don’t forget to subscribe to this blog in the top right corner.

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

US & Japan Gov. Hacked – WSWiR Episode 155

A few years ago we’d be surprised to learn about a public data breach once a month. However, nowadays two nation states can suffer major hacks in the same week. If you have trouble keeping up with the weekly security news yourself, let our vlog help you with a short recap.

This week’s episodes shares two stories about nation states losing their citizen’s data, as well as a more light-hearted story about a researcher hacking garage door openers. Press play on the YouTube video below for all the details, and check the Reference section for links to other interesting news.

(Episode Runtime: 8:52)

Direct YouTube Link: https://www.youtube.com/watch?v=kmzOZPnSg8k

Show Note: I’m attending Gartner’s Security and Risk Management Summit with week, so I may not be able to do my daily videos every day. I’ll return to the normal schedule next week.

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Nation States & Crashing iPhones – WSWiR Episode 154

Unfortunately, lots of security news suggests lots of cyber crime. If you want to stay protected, you need to keep up to date; but who has time? Hopefully our weekly InfoSec video can help.

Last Friday’s episode covered an IRS data leak, a mysterious text message that crashed iPhones, some scary new crowd-sourced ransomware, and more. Watch the YouTube video below for all the details, and check out the References for other stories.

(Episode Runtime: 11:53)

Direct YouTube Link: https://www.youtube.com/watch?v=85fEsnnTf7E

Show Note: I’ll be traveling for the next two weeks to attend various security conference. I’ll try to keep up with semi-daily videos, but will not post as regularly, or at the normal times. 

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

North Korean Cyber Killers? – Daily Security Byte EP.91

Today, a North Korean (NK) defector and university professor claimed the NK’s Bureau 121 cyber attack group includes 6000 cyber warrior who could destroy cities and cause human casualties. Meanwhile, we also learned that the US government allegedly launched a failed, Stuxnet-like attack against NK back in 2010. How much of this is true, and what do two nations states battling on the Internet have to do with you? Watch today’s video to find out.

 

(Episode Runtime: 3:17)

Direct YouTube Link: https://www.youtube.com/watch?v=qWU7M3tGp_8

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Cryptography Logjam – Daily Security Byte EP.86

Are you getting sick of SSL/TLS and other cryptography related vulnerabilities? I sure am! Nonetheless, we need to keep on top of them in order to keep our communications private. In today’s daily video I cover Logjam, a new named vulnerability having to do with the Diffie-Hellman key negotiation. Watch the video to learn which of your systems might be affected, and more importantly how WatchGuard’s XTM appliances can help.

 

(Episode Runtime: 3:39)

Direct YouTube Link: https://www.youtube.com/watch?v=9uCjioMPQUg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: