On this episode Micheal and i talk about CVE-2016-5696 better known as the off path attack.

Show Notes:

in /etc/sysctl.conf set the following value

net.ipv4.tcp_challenge_ack_limit = 999999999

Then load the configuration with

# sysctl -p

On this weeks episode we are joined by Ben0xA who works for https://www.trustedsec.com you can follow him on twitter @Ben0xA. This week we discuss Macs and iPhones have a Stagefright-style bug, Android banking malware blocks victims’ outgoing calls to customer service, Hidden 'backdoor' in Dell security software gives hackers full access, and Companies failing to plan for many cyber dangers.

Remember to follow us on twitter @CyDefe and please support us on patreaon patreon https://www.patreon.com/cydefe

Links:

Dell back door security advisory - https://www.digitaldefense.com/ddi-six-discoveries/

This is the third minicast. Dont worry we will soon be going back to our full podcasts.

In this episode we discuss the HummingBad Android malware being distributed by yingmob.

This is the second episode of the CyDefe minicast. On this episode we are joined by Dave Kennedy and Ben Miller

On this episode we discuss Facebook being sued over privacy concerns, Facebook tracking non-users, and audio fingerprinting being used to track web users.

This is the first episode of the CyDefe minicast. We will be doing a lot of minicasts in-between our main podcast to keep delivering awesome content to our listeners.

On this episode we discuss the LinkedIn breach and its impact today.

From the show

krebs on security list

On this weeks episode we discuss checking for malware in your firmware with Google's VirusTotal, Getting pwned by hearthstone hacking tools, Fake Flash Update Serves OS X Scareware, and the FBI trying to scrub its employees data off of the web. 

Links

http://motherboard.vice.com/read/-the-fbi-is-trying-to-scrub-its-employees-hacked-data-off-the-web

https://www.theguardian.com/technology/2016/feb/10/hacking-gold-hearthstone-symantec-malware-blizzard

http://mashable.com/2016/02/02/virustotal-firmware-scanner/#szZeMIzsGSqp

http://www.securityweek.com/fake-flash-update-serves-os-x-scareware

Videos

On this weeks episode we are joined by Ben Miller and Jayson Street. We discuss three stories from 2015 and talk about our predicitons for 2016.

On this week’s episode we discuss Microsoft’s operations center to fight cyber threats, Dell added Cylance, a bug in Gmail app for Android allows anyone to send spoofed emails, and Siri’s lockscreen bypass

On this weeks episode we are joined by Shannon Morse. We discuss hacking chip and pin cards, malware that replaces your browser, a FitBit danger, and the rise of OS X malware.

Links:

Shannon morse

Twitter: @snubs

Website: http://www.snubsie.com/

Hak5: https://www.youtube.com/user/Hak5Darren

Rise of OS X malware report

https://www.bit9.com/download/reports/OSX_Threat_Research_Report_Final.pdf

FitBit attack example

On this week’s episode we discuss fake blue screen of death, ad blocking, a critcal WinRAR vulnerability, and a shortage of cyber professionals.

WinRAR vulnerability POC

On this week’s episode we discuss a new version of the Carbanak malware, a new malware breaks impenetrable corporate defenses, internet of things and vulnerable baby monitors, and malware construction kits.

Carabanak Malware Plugins

wi.exe and klgconfig.plug

Microsoft Word Intruder Revealed Whitepaper

The paper is located HERE

List Of Vulnerable Baby Monitors

On this week’s episode we discuss bittorrent, insiders creating malware, paylpal vulnerabilities, and pawnstorm.

Paypal proof of concpet video

Malicious EFF link

http://electronicfrontierfoundation.org/url/{6_random_digits}/Go.class

On this weeks episode we talk about hackers showing off long distance Wi-Fi radio proxy at DEF CON, a critical IoT security flaw, Dropbox isnt as secure as you think it is, and another Android vulnerability.

Links:

CVE-2015-3825 Whitepaper

https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf

This week we had the amazing Jayson Street join us to discuss the Mac Thunderstrike2 vulnerability, Man-in-the-cloud attacks, Lockheed Martin's open source tools, and hackers exploiting flash on yahoo.

This week we discuss Facebook's plan to deliver internet via drones and lasers, Onstar getting pwned by white hat hackers, The risk your webcam now poses to you due to hackers and RAT malware, and how to protect yourself from malware sent via text. 

This week we discuss Mac os x vulnerabilities, The Ashley Madison hack, OpenSSH vulnerabilities and WordPress Flaws.

SUIDGuard

https://github.com/sektioneins/SUIDGuard

OpenSSH brute force fix

set ChallengeResponseAuthentication and KbdInteractiveAuthentication to ‘no’

This week we talk about the Hacking Team hack and many of its implications. We also annouce the key for our Mr.Robot giveaway.

How to disable Adobe Flash Player

Google Chrome

1.Type "chrome://plugins" into a new browser tab and hit Enter or Return.

2. Click the Disable link under Adobe Flash Player.

Microsoft Internet Explorer

1. Click the gear icon at the top right of the browser window.

2. Scroll down to and click Manage add-ons.

3. Select Shockwave Flash Object.

4. Click Disable.

Mozilla Firefox

1. Click the stacks icon at the top right of the browser window. 

2. Scroll down to and click Add-ons.

3. Scroll down to Shockwave Flash and change the setting to Never Activate.

This week we discuss U.S. hosting the most botnets, Sony's lack of basic security controls, samsung disabling windows updates, the polish airline hack and Mr.Robot