Mostly Security

Where, O Where, have my Cryptocurrencies gone? Are they hidden in what IBM is dumping? Are they sneaking into Microsoft's new OS? Maybe they are lost in the Marriott/Starwood Data Breach? Where ever they've gone, we don't know. But Microsoft is publishing more of their Minstrel Song as Open Source and the Apple Bards are sharing their Oral Histories with the world. Blockchain Study: 0 for 43 Global Costs to Mine Bitcoin Mining Calculator Will Bitcoin become worthless? IBM dumping Notes Microsoft Windows Lite? Marriott Data Breach Microsoft Open Sources more stuff Infinite Loop. An Oral History. folklore.org He Invented It... -2000 Lines of Code  

Eric fixes a leaky faucet, Jon manages to avoid salad. After some 2 for 1 followup, Stallman wants in on the digital currency scene, Jon

Eric and Jon prep for Thanksgiving, while companies don't invest in Cybersecurity. Duo talks Secure Boot on the T2 chip, Jon lets his inner conspiracy theorist out, and Windows Store now accepts ARM64 builds. If getting a digital implant, best to do it sober! Three fun things this week: lyrics analysis, Frankenstein, and judgement of Thanksgiving side dishes. Intro Cybersecurity Priorities Secure Boot on the T2 A12X is FAST Windows on ARM64 It's Bitcode not Bincode Don't Forget Your Implant PIN Repetitive Song Lyrics The First Frankenstein Side Dishes of Thanksgiving  

Cloudflare launches DNS Privacy apps for iOS and Android, a security "researcher" gets his hand caught in Krebs' cookie jar, and more speculative execution in x86-land. Jon describes his favorite whistle and Eric discovers you can build a cashless payment system without a blockchain. Intro Cloudflare's DNS Privacy Apps "Researcher" playing both sides... More Speculative Execution @ Intel WHLSL Sweden goes cashless (sans blockchain)  

Eric continues basement construction, and Jon gets stung (but not by a bee). A tale of two cryptocurrency topics: the good and the sad. HSBC is breached, but we doubt the statistics about successful credential stuffing. And Krebs has a great article about skimmers in your online shopping cart. DeOldify is machine learning for colorizing old photos, and Eric's got three fun things this week. Intro Yellow Jacket != Honey Bee More Upload Plugin Fail Statcounter Trojan Horse Cryptocurrency Tumblers Ethereum City Celebration, Florida HSBC Breach Cart Skimmers Bend Trails Paypal Data Sharing Dorking for Printers DeOldify

Happy Halloween! We reflect on some ad fraud and right to repair followup, contemplate CAPTCHAs, cerebrate insecure devices, ponder Big Blue and their Red 34-billion-gallon Hat, and, uh, think, or errm, well, you know, chat about, um, filler words and top it all off with some good ol' reinforcement learning. Happy Halloween! Now go Vote. Ad Fraud Followup Right to Repair Followup Google reCAPTCHA v3 Google Home Insecurity GitHub Incident Writeup IBM Buys RedHat How to Stop Saying "Um", "Ah" and "Ya Know" Reinforcement Learning

Implausible Bloomberg followup, JQuery plugin vulnerability (not JavaScript!), and no more GrayKey. An interesting theoretical Cromium vulnerability and an absolutely epic ad fraud article. Eric's screentime has stopped working, and Jon enjoyed the Apologetic Miner. Intro Kumoricon LibSSH Docker Container Implausible Supermicro JQuery Plugin "Zero Day" GrayKey Stops Working Cromium Vulnerability Massive Ad Fraud Screen Time in iOS 12 The Apologetic Miner  

Jon and Eric, live(ish) from Las Vegas! Facebook (again) and the coming PHPocalypse, along with a vulnerability in libssh. Jon learns about The Big Mac Index on a trip to Argentina and Eric geeks about The Illustrated TLS Connection. Intro McAfee MPOWER Jon's Root Beer Facebook Update Facebook Portal The PHPocalypse Vulnerability in libssh The Economist publishes... ...The Big Mac Index on GitHub The Illustrated TLS Connection  

Eric and Jon both use chat support for network gear, the Bloomberg story gets stranger, and a double pile on Facebook and Google Plus. Microsoft joins OIN, opening up its patent portfolio. For fun Eric likes The Good Place, and Jon likes both The Broken Earth trilogy as well as binary layout optimization(??). Intro Frontier Woes Amplifi Teleport Setup Bloomberg Followup More Bloomberg Followup Facebook's Access Token Bug Verge on FB Breach Whatsapp Video Vulnerability Google Plus No More Microsoft Joins OIN The Good Place Codestitcher The Broken Earth  

Burgerville isn't safe from data breaches, despite their fabulous fresh fruit milkshakes. The GRU minions make some rookie mistakes. Aaaand, boom. Bloomberg drops the "All your hardware are belong to us" bomb. Eric likes Volkswagen, Jon likes doodles, and they both like Weird Al... Burgerville breach FBI Report: FIN7 Wired: FIN7 Followup - Episode 41: Freeze your Credit Reckless campaign by Russian military Car registration leak... Bloomberg: The Big Hack Eclypsium: Hardware Supply Chain Threats @thegrugq: Supply Chain Security Risky Business Podcast Patrick Gray: Doubling Down Volkswagen for CI Tess Ferrandez: Deep Learning Weird Al: Mission Statement  

A class action lawsuit is filed for NCIX data sale, 854 million worth of cryptocurrency has been stolen in 2018, and Monero fixed a catastrophic bug which would allow someone to 'print' money. Google backs off forced logins to chrome after pressure from the community. Why we have insecure software, and Facebook demonstrates the opposite of Google's old mantra. More software musings and Azure Functions 2.0 debuts. NCIX Class Action Lawsuit $854 Million Worth of Cryptocurrencies Stolen in 2018 Monero "Catastrophic" Bug Vess' Monero Comment Chrome Auto-login Matthew Green Chrome Rant Why Software Remains Insecure Facebook Allows Targetting by "Shadow Contact Information" Notes About Software Azure Functions 2.0 Launches 42

Right to Repair is back with Tractor Talk. Eric chats cryptocurrency losses and potential losses. Jon agrees with Jeff, there is only security - and what happens to computer data when a company goes under? Eric hikes a volcano and Jon freezes his credit. Farm Lobby & Right to Repair Episode 009 Cryptocurrency Exchange loses 60 million The Bitcoin Bug was Really Bad™ There is only Security Digital data from a defunct business Eric hikes Mt. St. Helens Free Azure CI/CD Pipelines Free Credit Freezes

Eric talks Blockchain security at LA conference, another MongoDB is exposed on the internet, and California poised to pass an IoT security law. Aadhaar grand challenge (episode 32) accepted -- evidently Aadhaar enrollment software is routinely modified. For fun, Eric suggests the Netflix Origins series, and Jon collects and stores seeds for next spring. Eric at MWC Americas Marketing Database Exposed Mongo Security Guidance CA IoT Regulations Aadhaar Software Vulnerabilities UIDAI Denial Netflix Origins Collecting Flower Seeds

Jon makes root beer. Eric paints. Google Chrome turns 10. Exposing your .git on the web. First email addresses and the Web Design Museum. Google Chrome Turns 10 Browser Wars Exposed .git on the Web What's a Tarpit? Join in part Canadian? Smashing Security Podcast Web Design Museum

Back from two more road trips. What life is like when your last name violates profanity filters, and horror stories from (maybe?) an ex-Tesla IT person. Fun with spammers and a book-length article about What-Is-Code. WA International Kite Festival "Offensive" names Former Tesla IT Engineer Stories GitHub DDoS Recovery Spamming Spammers What is Code?

Scam phone calls are still a thing and apparently you can hack multifunction printers by sending a malicious fax. Eric can't describe a video and Jon bends spaghetti. Followup: Hacking voting machines Quick Take: Teen Hacks Apple Phone Scams - "Windows Security" Phone Scams - "IRS Sends Local Cops" IRS Back to School Scam Alert Hacking by fax Sidenote: It is Gif as in Gift, Jon Fabricated Spaghetti Bending Backstory: The Adam Savage Quote

Blackhat and Defcon roundup, including the keynote, voting machine hacking, breaking voice authentication, and hacking various devices, like heartbeat monitors, tornado alarms, and bodycams. Eric asks about early books, and it's Palindrome Week in the land of goofy date formats. Blackhat Week Parisa Tabriz Keynote 11 Year Old Hacking Cracking Voice Authentication Spoofing a Heartmonitor San Francisco Alarms Bodycam Vulnerabilities Eric -- Danny the Champion of the World Jon -- Hardy Boys Palindrome Week

Mobile phone voting? Ummm... Its a little more complicated than people believe. Comcast fixes some bugs. Jon wants a BioReactor. Eric brags about his "Porsche". Underwater Fish Cam Episode 027! Mobile Phone Voting GossiTheDog on Voting Voatz Response XKCD on Voting Comcast Bugs! Reset Apple Watch without Passcode We grew a lung! Eric's First Car: '67 VW Bug Jon's First Car: '73 Oldsmobile Cutlass Supreme

Eric is STILL fishing, but in Idaho. Recording on battery in his truck (dedication!). Edge gets Web Auth support, inmates in Idaho get free emails, and Reddit is breached via SMS. Software continues to eat the world and Verizon has released a great visualization tool against years of DBIR reports. Hiking and a bit of Apple introspection for fun. Edge Gets U2F Reddit Breach Inmate Exploitation 2011: Software Is Eating the World DBIR Data Visualizations Take a Hike... Apple @1T Cash View Four Million Beta Users

Eric successfully fishes, and Jon fixes his QNAP issue. Google says they haven't been phished since deploying U2F keys in 2017. Chrome flags HTTP sites as 'Not Secure' and Troy posts a video for why HTTPS matters even for static 'marketing' sites. Old movie GIFs and water on Mars.   QNAP Issue was Plex Can't Phish This (Google) Just Having 2FA isn't Perfect Chrome 68 Arrives Integrity Matters https://www.reddit.com/r/silentmoviegifs/ Water On Mars