go to sections menu

The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: podcast announcements > The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more

Go to Homepage, contents or to navigation menu



The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more

Hello folks, welcome to the Security Box, podcast 20.

First of all, we’ve delayed this and all other posts a day so people can enjoy the thanksgiving holiday and not be bombarded with postings on that day. Be that as it may, I present you program 20, with a few technical problems that I couldn’t help.

Be that as it may, the show turned out well i hope, and I hope that the topics given here are of interest.

Don’t want to deal with the RSS where the program was uploaded? No problem! Download the 206.75mb file by using this link.

Below, please find the elaborate show notes with links to all kinds of things, and I hope you all enjoy the program!


Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.

These show notes are broken up in to segments, and even the news notes will look a little bit different. Let me know if you like these notes. I think it’ll be quite nice to do it this way.

Credit Card discussion:

We continue by talking about the credit card standard PCIDSS which is supposed to be followed. Last Podcast, I mentioned some items that I thought needed changing, but we’ll go through it all.

Apple VS Logging your application use:

  • In a turn of events,, it looks like Apple is getting targeted for logging every application launch. According to an article which I also talk about on the blog, this isn’t the case. It looks like apple has implemented something that has been talked about in the security field and podcasts like Security Now before called OCSP Stapling. In this podcast, we’ll talk about OCSP Stapling, and what it really means. You can also check out this write up Does Apple really log every app you run? A technical look and form your own opinion on what apple is doing.

Things to ponder:

  • Michael in Indiana is along with a very good reason why we need to look at our credit cards and our statements on a regular basis. This file should be listened to as a security 101 lesson to all people.

News notes:

We’re segmenting these notes, let me know what you think.

Good News!

We’ve finally got some good news around here, that’s quite awesome!

  • We’ve got good news coming out of Krebs on Security and I believe Cyberscoop has this as well. Krebs is reporting that an Irishman was caught as part of a sim swapping person was picked up.

    A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just
    under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft
    via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers
    control.

    Its best to read the article in full detail because it’ll talk about what this is, who is involved, and how this is a big ring that has recently been picked up. The article is entitled Convicted SIM Swapper Gets 3 Years in Jail is the article.

Government

  • Trump Fires Security Chief Christopher Krebs comes from Krebs on Security. I guess Mr. Trump isn’t too happy with the particulars of the election, and I understand his position. There may have been issues, but is there proof that the election issues this year happened because of foreign interfeerence? I’m not too sure on that, we did cover the article that indicated Christopher Krebs said there wasn’t anything foreign, and I believe what he is saying. There could have been local things that have happened across the country, none of which happened over the Internet as far as I can tell. Another article dealing with the firing of trump is entitled Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation for your perusal.

Bug bounty

  • Steve Gibson has always said that one particular Project Zero member has found the ideas for his bug bounties by taking a shower, and now its a woman’s turn to do the same. Facebook Messenger Bug Allows Spying on Android Users is the article and Natalie Silvanovich, the researcher, must be given propts for finding this and Facebook fixing this in over a month. She got $60k in bounty from this work.

Breaches

  • I can’t believe we have to go through this again. In the breach department, not only do we have a misconfiguration of an AWS cloud bucket, but even though one was made private, the large amount of data made available through the CDN is absolutely astronomical compared to the people that use said application. I’m glad the app is successful, but the app’s web site is not saying anything when contacted. From Threat post: Good Heavens! 10M Impacted in Pray.com Data Exposure should be read, and this can’t be good. This is the worst I think that can happen to us as a nation, and we don’t know who these people are. Luckily, it was researchers that found it as far as we know, but what if it wasn’t originally?

Catch up:

  • OK, so Michael in Tennessee is along with comments on several different things including the forementioned Google ordeal.
  • I touch more on the email I got (blog post) when Preston called in as part of the first segment talking about securing data and how the email said they had data. Don’t worry, I’ll still be blogging stuff throughout the weekend, and we’ll see how things go.

While the show had some technical difficulties, I think you’ll enjoy the program anyway. Its going to happen, and we have to go along with it. See you on another edition of the program, next week.


Next week, we’re going to talk about something that I think needs to be talked about even though places like Security Now and others may have talked about it. I mention this at the end of this week’s program, you don’t want to miss it. Its called Shaken and Stir, and its a very interesting protocol. We’ll take a dive in to it next week. Enjoy!


Informazioni sull'articolo

The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more was released on November 27, 2020 at 9:50 am by tech in podcast announcements.
Last modified: November 26, 2020.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu