The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more from blog The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more
Hello folks, welcome to the Security Box, podcast 20.
First of all, we’ve delayed this and all other posts a day so people can enjoy the thanksgiving holiday and not be bombarded with postings on that day. Be that as it may, I present you program 20, with a few technical problems that I couldn’t help.
Be that as it may, the show turned out well i hope, and I hope that the topics given here are of interest.
Don’t want to deal with the RSS where the program was uploaded? No problem! Download the 206.75mb file by using this link.
Below, please find the elaborate show notes with links to all kinds of things, and I hope you all enjoy the program!
Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.
These show notes are broken up in to segments, and even the news notes will look a little bit different. Let me know if you like these notes. I think it’ll be quite nice to do it this way.
Credit Card discussion:
We continue by talking about the credit card standard PCIDSS which is supposed to be followed. Last Podcast, I mentioned some items that I thought needed changing, but we’ll go through it all.
- PCI DSS requirements for building and maintaining a secure network and systems This is the document we’ll be reading from which was also linked to from last week’s program as well.
Apple VS Logging your application use:
- In a turn of events,, it looks like Apple is getting targeted for logging every application launch. According to an article which I also talk about on the blog, this isn’t the case. It looks like apple has implemented something that has been talked about in the security field and podcasts like Security Now before called OCSP Stapling. In this podcast, we’ll talk about OCSP Stapling, and what it really means. You can also check out this write up Does Apple really log every app you run? A technical look and form your own opinion on what apple is doing.
Things to ponder:
- Michael in Indiana is along with a very good reason why we need to look at our credit cards and our statements on a regular basis. This file should be listened to as a security 101 lesson to all people.
News notes:
We’re segmenting these notes, let me know what you think.
Good News!
We’ve finally got some good news around here, that’s quite awesome!
- We’ve got good news coming out of Krebs on Security and I believe Cyberscoop has this as well. Krebs is reporting that an Irishman was caught as part of a sim swapping person was picked up.
A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just
under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft
via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers
control.Its best to read the article in full detail because it’ll talk about what this is, who is involved, and how this is a big ring that has recently been picked up. The article is entitled Convicted SIM Swapper Gets 3 Years in Jail is the article.
Government
- Trump Fires Security Chief Christopher Krebs comes from Krebs on Security. I guess Mr. Trump isn’t too happy with the particulars of the election, and I understand his position. There may have been issues, but is there proof that the election issues this year happened because of foreign interfeerence? I’m not too sure on that, we did cover the article that indicated Christopher Krebs said there wasn’t anything foreign, and I believe what he is saying. There could have been local things that have happened across the country, none of which happened over the Internet as far as I can tell. Another article dealing with the firing of trump is entitled Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation for your perusal.
Bug bounty
- Steve Gibson has always said that one particular Project Zero member has found the ideas for his bug bounties by taking a shower, and now its a woman’s turn to do the same. Facebook Messenger Bug Allows Spying on Android Users is the article and Natalie Silvanovich, the researcher, must be given propts for finding this and Facebook fixing this in over a month. She got $60k in bounty from this work.
Breaches
- I can’t believe we have to go through this again. In the breach department, not only do we have a misconfiguration of an AWS cloud bucket, but even though one was made private, the large amount of data made available through the CDN is absolutely astronomical compared to the people that use said application. I’m glad the app is successful, but the app’s web site is not saying anything when contacted. From Threat post: Good Heavens! 10M Impacted in Pray.com Data Exposure should be read, and this can’t be good. This is the worst I think that can happen to us as a nation, and we don’t know who these people are. Luckily, it was researchers that found it as far as we know, but what if it wasn’t originally?
Catch up:
- OK, so Michael in Tennessee is along with comments on several different things including the forementioned Google ordeal.
- I touch more on the email I got (blog post) when Preston called in as part of the first segment talking about securing data and how the email said they had data. Don’t worry, I’ll still be blogging stuff throughout the weekend, and we’ll see how things go.
While the show had some technical difficulties, I think you’ll enjoy the program anyway. Its going to happen, and we have to go along with it. See you on another edition of the program, next week.
Next week, we’re going to talk about something that I think needs to be talked about even though places like Security Now and others may have talked about it. I mention this at the end of this week’s program, you don’t want to miss it. Its called Shaken and Stir, and its a very interesting protocol. We’ll take a dive in to it next week. Enjoy!
Informazioni sull'articolo
The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more was released on November 27, 2020 at 9:50 am by tech in podcast announcements.
Last modified: November 26, 2020.
Comments (0)
No comments yet.
Leave a comment
You must be logged in to post a comment.
navigation menu
- Archives
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
- The tech blog’s pages
- Blogroll