Podcast: Play in new window | Download | Embed
Subscribe: RSS
http://www.symantec.com/connect/fr/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information
https://nakedsecurity.sophos.com/2015/05/21/anatomy-of-a-logjam-another-tls-vulnerability-and-what-to-do-about-it/
http://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/
http://www.forbes.com/sites/thomasbrewster/2015/05/20/guns-bombs-hacking-cars-and-planes-dangerous-tweets-for-a-security-researcher/
Great show. Thank you!
Here’s a good youtube video about this phoney “hacker” you talked about in the show.
Enjoy!
https://www.youtube.com/embed/48wVFfyp4gU
[youtube http://www.youtube.com/watch?v=48wVFfyp4gU&w=560&h=315%5D
Hey guys, great show as usual.
Here is how I’m planning to deal with the look-alike domains discussed in the show.
On my inbound email system I’m going to use a regex string to detect partial matches to the domain I’m trying to protect in the sender address and message body (for links).
For example, if I’m attempting to protect the https://defensivesecurity.org domain I’d match on any sender string that contains “@de” and ends with “ty.org” (obvious tweaking necessary for message body and links, etc).
For messages that meet this match I’ll alert our SecOps and include a Warning in the subject line or maybe defang the link altogether.
This seems to do the trick…
https?:\/\/.*?.de(?!.*fensivesecuri).*?ty.org