Sveriges mest populära poddar
Start / All Jupiter Broadcasting Shows / Its all in the logs techsnap 361

All Jupiter Broadcasting Shows

It’s All in the Logs | TechSNAP 361

N/A • 29 mars 2018

Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.

Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

Links:

Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app

It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name “SEKRET”. (The new class images have a WarGames theme, hence the shout-outs to classic video games!)

Thousands of servers found leaking 750MB worth of passwords and keys

Giovanni Collazo said a quick query on the Shodan search engine returned almost 2,300 Internet-exposed servers running etcd, a type of database that computing clusters and other types of networks use to store and distribute passwords and configuration settings needed by various servers and applications. etcd comes with a programming interface that responds to simple queries that by default return administrative login credentials without first requiring authentication. The passwords, encryption keys, and other forms of credentials are used to access MySQL and PostgreSQL databases, content management systems, and other types of production servers.

Atlanta city government systems down due to ransomware attack

FBI called in as some city services are interrupted, employees told to turn off PCs.

Android malware found inside apps downloaded 500,000 times

The malware was sneaked onto the Google Play store disguised as seven different apps -- six QR readers and one 'smart compass' -- and bypassed security checks by hiding its true intent with a combination of clever coding and delaying its initial burst of malicious activity.

From hacked client to 0day discovery

We will discover in this article how a recent incident response to a customer was handled and how we discovered an otherwise publicly unknown vulnerability that was never reported by the manufacturer which left thousands of users unprotected from this security flaw.

Feedback

Kategorier
PoddarTeknologi
Förekommer på
Teknik
00:00 -00:00
Hur lyssnar jag på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.