Description

Topics covered

• Certificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We discuss.
  • http://securityaffairs.co/wordpress/26577/hacking/gmail-app-flaw-mitm.html
• Nearly 3 years later, the NASDAQ hack attributed to FSB/Russian 'state sponsored' hackers, via 2 "zero day malware'. Highlighting need for attribution, common language, and other issues in security.
  • http://www.infosecurity-magazine.com/view/39397/nasdaq-hackers-used-two-zero-days-but-motives-a-mystery/
• Cyber insurance - is this a forcing function to improve overall security, or yet another carpet to sweet security problems under?
  • http://www.reuters.com/article/2014/07/14/us-insurance-cybersecurity-idUSKBN0FJ0B820140714
• A judget has just ruled that your "GMail account" has the same legal (or lack thereof) protections as a hard drive you own. Dangerous precedent, or nothing new?
  • http://nakedsecurity.sophos.com/2014/07/22/your-gmail-account-is-fair-game-for-cops-or-feds-says-us-judge/
  • also relevant - http://nakedsecurity.sophos.com/2013/08/14/google-says-gmail-users-cant-expect-privacy/

Not discussed, but interesting reads:

• "Operation Emmental" is an assault against 2FA and online banking
  • http://secureidnews.com/news-item/operation-emmental-attacks-online-banking-and-2fa/
• Looks like healthcare is next on the list of verticals targetted... filed under things we all suspected, but will soon see
  • http://healthitsecurity.com/2014/07/24/how-healthcare-can-learn-from-retails-it-security-mistakes/ h/t to Eric Cowperthwaite

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast