This is the 57th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 5, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast:
Yahoo: The Largest Password Breach in History (and what you should do about it if you use Yahoo services)
This is another breach that happened years ago but we’re just now finding out about it. This breach in particular is the largest ever, 500 million users! Scott and Tom discuss the ramifications of this breach and what you need to do if you use Yahoo services. Also interesting to note that Yahoo was just purchased by Verizon. It will be interesting to see how this acquisition plays out given the recent breach and negative publicity.
Record-breaking DDoS reportedly delivered by >145k hacked cameras
The largest DDoS (Distributed Denial of Service) attack has also taken place! (many firsts and record breaking security news this time around). Scott and Tom discuss who was targeted and how thousands of hacked camera’s were used in the attack.
Hackers can track your keystrokes through your Wi-Fi signal
While this headline may seem scary, Scott and Tom discuss why this new threat may not be such a threat after all (at least not right now).
L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago
Password cracking programs like L0phtCrack have not evolved much over the last 20 years because unfortunately not much has changed with password security (especially with Windows systems).
Those chip and PIN cards aren’t as secure as we thought
Chip and PIN is here in the USA! Is it secure? Like anything, everything is hackable. Scott and Tom discuss some new research that was presented at the DEF CON hacking conference that sheds new light on some interesting ways to compromise Chip and PIN. (You can read that as: it’s possible but difficult to pull off).
Fun with LinkedIn Endorsements (a lesson on client side security)
Want to have fun with your LinkedIn contacts? Here’s a great story about how you can abuse LinkedIn’s “endorsement” feature. (for fun of course!)
Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!