Cloud Security, Wireless Security

WPA3, Ticketmaster, and Don’t Wipe So Hard – Paul’s Security Weekly #566

July 3, 2018
Terrible passwords outlawed in Microsoft's new Azure tool, Ticketmaster suffers security breach in personal and payment data, stop wiping your butt so hard, Toronto cops in big trouble for eating weed edibles, and WiFi's tougher WPA3 security is read. All that and more, here on Security Weekly!

Paul's Stories

  1. Terrible passwords outlawed in Microsofts new Azure tool
  2. OMG! I just received someone elses security camera footage!
  3. Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site
  4. Hilarious! Paid Jailbreak for Nintendo Switches Includes Anti-Piracy Code
  5. Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles
  6. There's No Automating Your Way Out of Security Hiring Woes
  7. Ticketmaster Suffers Security Breach Personal and Payment Data Stolen
  8. Stop Wiping Your Butt So Hard
  9. Toronto Cops in Big Trouble for Eating Weed Edibles, Calling Backup on Themselves
  10. New Windows 10 vulnerability bypasses OS defenses, says security researcher
  11. WiFi's tougher WPA3 security is ready

Jason's Stories

  1. Plant Your Flag, Mark Your Territory
  2. Windows 10 security can be bypassed by Settings page weakness
  3. Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data

Kevin's Stories

  1. Exactis said to have exposed 340 million records, more than Equifax breach "We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked it, according to Wired"
  2. Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers "In a novel investigative strategy, rather than just following the money, investigators went undercover as someone converting Bitcoin into cash, exploiting a financial bottleneck faced by dark web criminals."
  3. Victory! Supreme Court Says Fourth Amendment Applies to Cell Phone Tracking "The Supreme Court handed down a landmark opinion today in Carpenter v. United States, ruling 5-4 that the Fourth Amendment protects cell phone location information."
  4. Use of Hard-coded Password, (Remote) Exposed Dangerous Method or Function in Medtronic MyCareLink Patient Monitor "The affected product contains a hard-coded operating system password...This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
  5. Subject: [gentoo-announce Gentoo Github Organization hacked.] "Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories...All Gentoo code hosted on github should for the moment be considered compromised."
Full Show Notes Subscribe to YouTube Channel [audio src="http://traffic.libsyn.com/pauldotcom/WPA3_Ticketmaster_and_Dont_Wipe_So_Hard_-_Pauls_Security_Weekly_566_converted.mp3" ]
prestitial ad