Zoom, Kubernetes, and Hacking – PSW #646 | SC Media
Container security, Firewall, Security research

Zoom, Kubernetes, and Hacking – PSW #646

April 10, 2020

A little about Zoom vulnerabilities and data leaks and Cisco Webex vulnerabilities. We talk about security Kubernetes and how the same security principals apply, vulnerabilities in ICS systems and how hackers can help improve society. Oh, and smart toilets that scan your, er, logs.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Zoom, Kubernetes, and Hacking

As if the world couldn't get any weirder, this AI toilet scans your anus to identify you - This is amazing, I was like "Holy crap": In fact, it will capture both your pee and your stools on video and process them with algorithms that Stanford News says “can distinguish normal ‘urodynamics’ (flow rate, stream time and total volume, among other parameters) and stool consistencies from those that are unhealthy.” Also, I did not know this: In fact, the toilet has a built-in identification system that scans your anus: a biometric that turns out to be like fingerprints or iris prints, Gambhir said: We know it seems weird, but as it turns out, your anal print is unique.

Vulnerabilities in B&R Automation Software Facilitate Attacks on ICS Networks | SecurityWeek.Com - “A malicious attacker could hijack the initial DNS request to the B&R update server and direct the update utility to retrieve the updates from his own site. Since there was no proper verification of the update server or the update package, at this point the attacker could exploit the path traversal through the update vulnerability, and execute their own code on the Automation Studio host in SYSTEM privileges.” If the updates are not signed, you don't even need the traversal vulnerability.

Schneier on Hacking Society - Schneier's big idea boils down to this: "Can we hack society and help secure the systems that make up society?" he explains. One component of hacking society is what Schneier calls the public-interest cybersecurity technologist, a role for security experts that he has been advocating over the past year or so.

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]

Guests

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering - a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

[audio src="http://traffic.libsyn.com/sw-all/PSW_646_-_Security_News-0_converted.mp3"]

prestitial ad