Mostly Security

  Jon is back from Florida. Is it Trust-ICO or Trustico? Anatomy of an Amplification Attack. Visualizing data and watching documentaries. Links: Trustico emails private keys - https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/ GitHub does not

We chat CSS Keyloggers and are not worried. Careful what you put into securityheaders.io. Is your Password in the list of 500 million known passwords? And you can't chat with Peter without a Disney sidetrack. Links: CSS Keyloggers - https://www.bram.us/2018/02/21/css-keylogger-and-why-you-shouldnt-worry-about-it/ securityheaders.io - https://securityheaders.io Pwned Passwords - https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Avatar Flight of Passage - https://disneyworld.disney.go.com/attractions/animal-kingdom/avatar-flight-of-passage/ Check your Password - https://haveibeenpwned.com/Passwords Peter's Something Fun: D&D Starter Set - https://www.amazon.com/dp/B00SI774U6

  iFixit and the iPhone X Teardown, Consumer Reports is now adding Security and Privacy into their electronic device ratings, Telegram has a Zero-day vulnerability due to a Right-to-Left Unicode character and Salon.com wants to mine cryptocurrencies in exchange for viewing their website. Jon talks about building a Raspberry Pi time-lapse video and Eric talks about StackOverflow stats. Links: iFixit and iPhone X Teardown - https://video.vice.com/en_us/video/motherboard-ifixit-worlds-best-iphone-teardown-repair/5a01b91b177dd416f530a081 Consumer Reports adds Security and Privacy - https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/ Zero-day Vulnerability in Telegram - https://securelist.com/zero-day-vulnerability-in-telegram/83800/ Unicode character crashes iPhones - https://techcrunch.com/2018/02/16/iphone-bug-telugu-unicode-ios-mac-text-bomb/ Salon.com wants to mine cryptocurrencies - https://www.salon.com/about/faq-what-happens-when-i-choose-to-sup

  Carl talks meltdown/spectre from the trenches. Jon fawns over the Falcon Heavy launch. Eric yaps about Right to Repair and Hacking John Deere tractors. Carl wants an alarm clock, buys an Alexa - its all downhill from there, and it is Cedric's fault. Links: Netflix Repokid - https://medium.com/netflix-techblog/introducing-aardvark-and-repokid-53b081bf3a7e Transaction Synchronization Extension - https://software.intel.com/en-us/node/524022 Falcon Heavy Launch - https://www.space.com/39632-spacex-falcon-heavy-launch-whats-next.html Tesla added to US satellite catalog - https://twitter.com/AFSpace/status/961371676582797313 Right to Repair - https://repair.org/ Hacking Tractors - https://motherboard.vice.com/en_us/article/xykkkd/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware Carl buys an Echo Spot - https://www.amazon.com/Amazon-VN94DQ-Echo-Spot-Black/dp/B073SQYXTW/

Jon's roof doesn't collapse. Eric talks about a moon and snow caving. Then they actually talk about security stuff. Sorta. Thoughts on Chronicle, Alphabet's now named security company. Then, is there a solution for the AWS IAM permissions? And "Jackpotting" ATMs is the new thing in the US (Yay! WinXP!). Finally, Eric wants to know the first thing you bought on Amazon and Jon is looking to get stung. Links: Alphabet announces Chronicle: https://chronicle.security PolySwarm.io: https://polyswarm.io/ Using AWS X-Ray to achieve Least Privilege: https://medium.com/@glicht/using-aws-x-ray-to-achieve-least-privilege-permissions-93dfd6701318 Snyk.io: https://snyk.io/ Functional One - AWS Least Privilege: https://github.com/functionalone/aws-least-privilege Jackpotting: https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/

  Jon and Eric ramble through a few completely random topics. Pointless flaws in Apple Preference Panes, Stripe says goodbye to Bitcoin, Burger King takes on Net Neutrality and Jon almost earns himself a Darwin Award. Links: Flaw in AppStore System Preferences: https://www.macrumors.com/2018/01/10/macos-high-sierra-app-store-password-bug/ Stripe drops support for Bitcoin: https://stripe.com/blog/ending-bitcoin-support 50 Cent is a Bitcoin Millionaire: https://www.theverge.com/2018/1/24/16930010/50-cent-rich-bitcoin-twitter-instagram-humblebrag Linus rants... https://lkml.org/lkml/2018/1/21/192 Whopper Neutrality: http://www.latimes.com/business/la-fi-net-neutrality-burger-king-20180125-story.html Montana signs on net neutrality rules: https://www.engadget.com/2018/01/22/montana-governor-executive-order-requires-net-neutrality/ SymPy: http://www.sympy.org/en/index.html @AwardsDarwin: https://twitter.com/AwardsDarwin/status/956362264453533696

Jon and Eric chat about stuff completely unrelated to security, with bonus tangents! Links: Shadows Over Camelot: http://www.theboardgamefamily.com/2010/06/shadows-over-camelot-noble-quest-for/ The Laundroid: https://www.theverge.com/2018/1/10/16865506/laundroid-laundry-folding-machine-foldimate-ces-2018 Crash of the Cryptocurrencies: https://arstechnica.com/information-technology/2018/01/in-the-wild-malware-preys-on-computers-dedicated-to-mining-cryptocurrency/ Tangent! Electricity in Rural Alaska: https://green.blogs.nytimes.com/2009/06/30/big-alaska-looks-to-small-nuclear/ Hawaii UX #Fail: https://www.washingtonpost.com/news/post-nation/wp/2018/01/14/hawaii-missile-alert-how-one-employee-pushed-the-wrong-button-and-caused-a-wave-of-panic/