36 Burst results for "Homeland Homeland Homeland Homeland Security's Security's Security's Security"

Fresh update on " security" discussed on America First with Sebastian Gorka Podcast

America First with Sebastian Gorka Podcast

01:44 min | 2 hrs ago

Fresh update on " security" discussed on America First with Sebastian Gorka Podcast

"Don't fund your enemies. Join the good guys. Making sense out of today's news here is doctor Sebastian gorka. It's premiering this week, my former Salem colleague Larry elder's new movie, the sequel to Uncle Tom, Uncle Tom, too. You've got to see it, guys. Why? Because in it Larry reveals the NAACP's sinister agenda, the fall of black Harlem, the truth behind Black Lives Matter and the demoralization of America for political power, check it out, pre order it. It will launch this week if you go, the only place you can watch it is Salem now dot com. It has amazing appearances in it by my Salem colleague officer Brandon Tatum, volleyball, and of course Larry the sage of south central. Go to day pre order, Uncle Tom two, the sequel at Salem now dot com, Salem. Now dot com. Matt, I don't think I've had you on the show since the raids. So I've been doing double duty here on newsmax on everybody else's podcast on the war room, lots of stuff for international media, the Brits can't believe what's going on. Your unvarnished first response to not only the raid itself, but in the last 9 days how the narrative has changed every 12 hours. First, it's records, then it's nukes, then it's espionage act, is this going to collapse eventually, or is this just the shape of things to come? Well, it sort of feels like a movie I've already seen before. I mean, if the Department of Justice and the national security state are using improper process to try to accuse Donald Trump of being a spy for a foreign country, it's not even the first time they've done it. And now that people are calling for a release of the affidavit that they presented to get the raid going and they're resisting that call for transparency, I think it raises even more questions. Remember, it was when we got the fisa warrant where they were using Carter page to try to get close to the Trump campaign in 2015 that we saw that the FBI was leaking information and then using the news stories that they created through their leaks to justify authorities that they would never have been given otherwise to spy on someone they believed to be close to a presidential campaign. So that is the practice that we have seen before. It does not build any confidence. And we're now living in a world where grandmothers are being beat up in broad daylight. People are being carjacked and our city centers and political opponents are having their homes rated. It feels like life in one of the poorest third world countries on earth, not in the United States of America. Now, we did see Republican leaders respond very differently to this. Almost no response, a very tepid response from Mitch McConnell, a Tim Scott saying, well, we should just let this play out. I remember the Republicans that talked to like senator Tim Scott back during the Mueller probe history didn't really vindicate their perspective as much as it did mine and Jim Jordan's. And then, you know, I think you had a far stronger response from Kevin McCarthy. I think you've got to give him credit when he reacts the way we would want him to. He said that Merrick Garland ought to prepare to present every feature of this decision before the House judiciary committee preserve record so that we can scrutinize where people exceeded their authorities and violated a norm that's never been violated. I mean, we're watching things that have never happened before. And for all the criticism, the left gave Trump about attacking our institutions, like the institution of the president, presidency itself has been attacked repeatedly before Trump became president with the dossier and the Russia hoax while he was president with the phony Ukraine impeachment and now even after he has left office home at Mar-a-Lago..

Salem Uncle Tom Sebastian Gorka Brandon Tatum Larry Elder Larry National Security State Naacp South Central United States Of America Volleyball Donald Trump Department Of Justice Matt Senator Tim Scott FBI Carter Tim Scott Merrick Garland Mitch Mcconnell
Eric Trump: Security Camera Footage Will Be Released Soon

ToddCast Podcast with Todd Starnes

00:55 sec | 5 hrs ago

Eric Trump: Security Camera Footage Will Be Released Soon

"Eric Trump was on handed he last night and the FBI told the folks at Mar-a-Lago, hey, you've got to turn off all of your security cameras. We don't want you people seeing what we're doing. And they thought that the staff at Mar-a-Lago had complied. But the staff at Mar-a-Lago, they don't answer to the FBI. They answered a Donald Trump, and it's our understanding that the cameras, the surveillance cameras, were turned on and Eric Trump last night on Hannity says, hey, look, we're going to be releasing that footage. Will you still have the surveillance tape? Is that correct? Will you are you allowed to share that with the country? Absolutely, Sean at the right time. And your body can point with spot on. That's why cops wear body cams. They don't tell you to turn off cameras. They want transparency, and that's not what happened here. And you know for a fact, they asked for the cameras to be turned off. They asked for the cameras to be turned off.

Eric Trump FBI Lago Donald Trump Hannity Sean
James O'Keefe: DHS Bulletin Smears Conservatives as 'Extremists'

Mark Levin

01:07 min | 1 d ago

James O'Keefe: DHS Bulletin Smears Conservatives as 'Extremists'

"James what's this bulletin all about Mark this is a document that was given to us by a source inside of the Department of Homeland Security It's titled joint intelligence bulletin It stated August 12th and it talks about in light of the Mar-a-Lago FBI raid This is an internal document for official use only that was given to us by a source inside DHS After the FBI executed the search warrant Palm Beach on August 8th the document talks about dv domestic violence extremists motivated by range of ideologies who have grievances against the FBI So this document talks about this D VE in light of the militia extremism we expose that the FBI document we exposed just a few weeks ago that Ted Cruz talked about in the Senate hearing this is an internal document that really is shining a light on the Department of Homeland securities view of people with ideologies who are upset about what happened calling them domestic violent extremists

FBI Warrant Palm Beach Department Of Homeland Securit DHS James Ted Cruz Department Of Homeland Securit Senate
Wolf Blitzer Should Just Say What He Means

Mark Levin

01:57 min | 1 d ago

Wolf Blitzer Should Just Say What He Means

"Caught one go As you probably know by now I'm sure you've seen this joint FBI Department of Homeland Security bulletin It's now warning of what they call unprecedented violent threats in the wake of the search of Mar-a-Lago Now what's interesting about this is I believe it was project veritas that broke this right mister producer I believe so and we'll have James O'Keefe on the program and literally ten to 15 minutes But of course the constipated news network and no better picture of that than Wolf Blitzer quite frankly He looks like he's in pain every day He looks like he said too many Bologna sandwiches But anyway so He said the Department of Homeland Security if you question what took place a Mar-a-Lago ladies and gentlemen you're a potential threat Your potential threat Go ahead President Donald Trump responsible for inciting his supporters Yeah absolutely a 100% wolf So he wolf You bring this guy on You ask a phony question by putting a question mark after it Why don't you just get on the air and say I'm Wolf Blitzer I'm a star as a ten year old turd And I believe Donald Trump is inciting his supporters with his comments Now among the comments that Donald Trump has put out there is it's time to lower the temperature something terrible is going to happen They act like Donald Trump has all this power They think he's like Chuck Schumer Urging the Democrat party ma the Democrat party militia to attack two Supreme Court Justices

Fbi Department Of Homeland Sec Wolf Blitzer James O'keefe President Donald Trump Donald Trump Department Of Homeland Securit Democrat Party Chuck Schumer MA Supreme Court
Donald Trump Jr. Whether He Believes There Will Be an Indictment

Mike Gallagher Podcast

01:49 min | 1 d ago

Donald Trump Jr. Whether He Believes There Will Be an Indictment

"There's a belief that it's inevitable that your dad will be indicted that they're going to find something that they're going to make something up. They're going to do anything they can. To try to prevent him from running again in 2024. Do you agree with that? Do you think that's inevitable? Do you think we're seeing that next or is there nothing there? And they're just going to have to keep trying. Yeah, you know, I don't think there's anything there. But again, there's got to be a reason in my opinion that they say, hey, we can't let your lawyers watch what's going on. You got to turn off all the close circuits. Television, security cameras that Mar-a-Lago. You must do that. I mean, why? I mean, if you're doing this and you think there's really something there, why wouldn't you want a witness to be able to say, hey, this stuff's legit? When we asked for the records, when we want to unseal the warrant. No, we can't do that. And Merrick Garland has no problem. He goes on TV. We want to be totally transparent, Mike. We want to be very transparent about what's going on. And then about 5 minutes later, once the camera is in the mainstream media, they get that sound bite. They run with it at nausea. Oh, we can't. We can't actually be transparent because, you know, we'd give up X, Y, Z, and it's all a big lie. So if you were actually trying to be above board, and it was anything beyond another yet another witch hunt, why would you act that way? Why would you do these things? So, you know, there's no question in my mind. They're trying to figure out anything to stop Trump because they see him as the only threat in the Republican Party. I mean, the rest of the Republicans, frankly, they're either too weak or they're still beholden somewhat someone like Donald Trump who's successful and rich on his own and doesn't need them and doesn't need the future board seat at big war or whatever it is to make a living. That's a real threat to these guys power.

Merrick Garland Nausea Mike Donald Trump Republican Party
Adam Schiff Doesn't Know Why the FBI Waited 18 Months to Raid Trump

The Dan Bongino Show

01:13 min | 1 d ago

Adam Schiff Doesn't Know Why the FBI Waited 18 Months to Raid Trump

"Why the FBI wait 18 months if this information was so important it was going to threaten national security Check this out If there was that sensitive level of information being held why did Justice Department officials wait 18 months after the end of the Trump presidency What change that made this immediate I don't know But if the Trump people represented that they provided all the classified or national security information and didn't that's a serious problem I could tell you anyone in the intelligence community that had documents like that marked top secret SCI in their residence after authorities went to them they would be under serious investigation You mean like Hillary Clinton who had the server over in the chappaqua place at the residence that a friend of mine actually looked at You mean that you mean that one I mean no no I don't mean that one No no I mean the other the other one That was like other kids or something Is Adam Schiff He can't even explain why These documents were so serious And such an immediate gym acute threat to national security That the FBI went there and said I just leave me We'll come back in a few months

FBI Justice Department Chappaqua Hillary Clinton Adam Schiff
Russia says 'no need' to use nuclear weapons in Ukraine - Reuters

AP News Radio

00:32 sec | 1 d ago

Russia says 'no need' to use nuclear weapons in Ukraine - Reuters

"Russia's president accuses the U.S. of trying to drag out the war in Ukraine as part of what he describes as Washington's alleged efforts to maintain its global hegemony Addressing a security conference attended by military officials from Africa Asia and Latin America Russian president Vladimir Putin accused the west of imposing a unipolar world order that prevents nations from choosing their own path Putin reaffirmed his long held claim he sent troops into Ukraine in response to Washington turning

Ukraine Russia U.S. Washington Vladimir Putin Latin America Asia Africa Putin
Trump Lawyer Christina Bobb Describes the FBI's Conduct at Mar-a-Lago

America First with Sebastian Gorka Podcast

02:14 min | 2 d ago

Trump Lawyer Christina Bobb Describes the FBI's Conduct at Mar-a-Lago

"Was there anybody else who works for the president? Is a member of his family who is allowed to go in the building while they raided Melania's closet? Not to my knowledge. No, I don't think they let anybody as far as the family goes. I do think Secret Service, escorted them around the property, but and I have tremendous respect for Secret Service, not in any way trying to question them, but that's different than having a member of the family or legal counsel present. But Secret Service were there, I believe. There are reports Christina that they requested the FBI wanted to have the security cameras at Mar-a-Lago's switched off while they searched the rooms. Yeah, they did. They tried to get the cameras turned off. And initially, I think, I don't know exactly, but my understanding of the story was that initially the maintenance crew at Mar-a-Lago complied initially. And then, you know, they got the attorneys involved, and they said, nope, you don't have to turn them off. I believe by the time I arrived, they had been turned back on. So if they were off, they were only. Did they give a reason as to why if this was a legal warrant? Why they wanted to not be seen as to what they would do? Yeah. That's a really good question. No, they didn't give a reason. And I, of course, pulled out my cell phone and started filming everything for legal legal preservation, trying to document everything that was happening. They tried to get me to stop filming. I politely, as I was capable in the moment, declined to turn my camera off. So I did what I could and documented everything that I could, but they were very much trying to get me to not film, you know, not do anything to record who was there. I asked for badge numbers of the officers. They wouldn't give me badge numbers. The FBI agent in charge there did tell me his name, so I put that down, you know, sent that to the attorneys in Washington, D.C., but as far as who actually was in the house, they only gave that to Secret Service, obviously anybody who enters the president's president. But the Secret Service doesn't own the property. They're not the targets of the war and the Secret Service is utterly irrelevant in terms of constitutional law, most homes in America don't have Secret Service protection. So telling them is kind of irrelevant.

Secret Service Melania Lago FBI Christina Washington, D.C. America
Feds oppose unsealing affidavit for Mar-a-Lago warrant

AP News Radio

00:47 sec | 2 d ago

Feds oppose unsealing affidavit for Mar-a-Lago warrant

"The Justice Department opposes the unsealing of the affidavit supporting the FBI search the president's Florida estate I Norman hall a court filing from the U.S. attorney in Miami in a top Justice Department national security official says the investigation implicates highly classified material and the affidavit contained sensitive information about witnesses The government's opposition came in response to court filing by several news organizations seeking to unseal the underlying affidavit the Justice Department submitted when it asked for the war to search Trump's estate earlier this month The government told a federal magistrate judge that prosecutors believe some additional records including the cover sheet for the warrant and the government's request to seal the document should now be made public Norman hall Washington

Justice Department Norman Hall FBI Miami Florida Government U.S. Donald Trump Washington
Adam Schiff: 'I Don't Know' Why DOJ Waited 18 Months Before Raid

ToddCast Podcast with Todd Starnes

01:22 min | 2 d ago

Adam Schiff: 'I Don't Know' Why DOJ Waited 18 Months Before Raid

"Question that shifty Schiff got asked on the Sunday shows. So if there were truly materials of this classification level and it's been publicly reported elsewhere that there were materials related to nuclear programs for example. If there was that sensitive level of information being held, why did Justice Department officials wait 18 months after the end of the Trump presidency? What change that made this immediate? I don't know. But if the Trump people represented that they provided all the classified or national security information and didn't, that's a serious problem, and I could tell you anyone in the intelligence community that had documents like that marked top secret SCI in their residence after authorities went to them, they would be under serious investigation. He doesn't know. Why doesn't he do? And I'll tell you the reason why, because this is all about politics. The Democrats know that Donald Trump is gaining ground. The Democrats know that the Republicans are in are in the works of having a tsunami in the midterm elections. The Democrats know all of this, so they've got to try something. Something to stop the big mo. Momentum. That's what this was all about.

Shifty Schiff Justice Department Donald Trump Tsunami
Kelly Tshibaka: Alaska Is the Foundation for the Nation

The Dan Bongino Show

01:45 min | 2 d ago

Kelly Tshibaka: Alaska Is the Foundation for the Nation

"Thought kind of a lighter note I have a very close friend husband and wife in the neighborhood here we hang out with a lot And we were recently we went to Jackson hole Wyoming and it was really an incredibly beautiful place and they said Dan it's great but they said I got to tell you Alaska you got to see as well I said really they said they did a little cruise at around Alaska sedan I have never seen anything like it and they've done a lot of traveling On Planet Earth Alaska they couldn't say enough about it It is so beautiful You've got to realize we're over the size of the state of Texas What we think of mountains in the lower 48 are hills to us in Alaska Our mountains are that big they're huge But most people don't realize Alaska is really the foundation or the piggy bank for the nation We feed the United States most fish on your menus are caught in Alaska We build the United States the logs you use for building your homes the wood it comes from the timber and Alaska or it did before Biden shut us down and you got to import it from Canada and elsewhere We power a lot America your fuel your gas it comes from here except they shut us down We create America all the minerals you need for your phones your tablets your gadgets and gizmos your electric cars they could come here but now they're having us mine over in China And one of the front lines of national security for America we're the further state east not just north and west but we're closest to Russia More close to China and North Korea Indonesia we could be the front lines of national security the second Pentagon with is and years up over the east because that's how close we are Russia is our border state So if you're going to take out America the first thing you take out is Alaska which is why Joe Biden has launched more than 24 direct executive actions against our state because if you level Alaska you take out America

Alaska America Wyoming Jackson DAN Biden Texas China Canada Russia North Korea Indonesia Pentagon Joe Biden
Six Flags amusement park shooting near Chicago leaves 3 hurt

AP News Radio

00:40 sec | 2 d ago

Six Flags amusement park shooting near Chicago leaves 3 hurt

"6 flags amusement park near Chicago was open after a shooting outside its entrance gate on Sunday left three people injured The gurney police department says the shooting was not a random act and appeared to be a targeted incident They say a car entered the parking lot drove toward this 6 flags great America front entrance People got out of the car and shot at another person before driving away A 17 year old and a 19 year old was shot officials described the wounds as non life threatening A third victim had a shoulder injury and declined to go to the hospital 6 flags says their security responded immediately and then closed the park I'm Julie Walker

Flags Amusement Park Gurney Police Department Chicago America Julie Walker
Kash Patel: No Surprise John Carlin, Lisa Monaco Are Top DOJ Officials

The Dan Bongino Show

01:27 min | 2 d ago

Kash Patel: No Surprise John Carlin, Lisa Monaco Are Top DOJ Officials

"Minute I heard cash Patel say these two names this weekend on Maria bartiromo I knew I knew I'm like deep state back again Here we go He also mentioned something about these Russia gate documents too which was fascinating I want you to check this out This is cash Patel on Maria bartiromo this weekend Take a listen You know me as a former national security prosecutor in the national security division where this case is being run out of It's no surprise that the likes of John Carlin who was the assistant attorney general for national security who authorized a russiagate hoax to begin with is now the number three official at DoJ and Lisa Monaco is the number two official who was his superior back then These folks and this is the thing I want to stress with Now that this is a quote unquote ongoing FBI counterintelligence investigation they will come out to the American public and be able to say ongoing CI investigation you will never be allowed to see the Russia gate docs or any other docs at president Trump Lawfully declassified and they will hide it from the public and Congress as a monumental lift ahead of them come November They better start subpoenaing these documents immediately and putting these people before the American public Wait wait wait time out TO baby TO You're telling me the same people involved in spygate From the Obama Biden administration and the Department of Justice there Are the exact same people now raiding Donald Trump's house

Maria Bartiromo Patel National Security Division John Carlin Lisa Monaco Russia DOJ FBI Congress Obama Biden Administration Department Of Justice Donald Trump
The Rude Pundit Is Unsurprised That Trump Is Selling Nuclear Secrets

Stephanie Miller's Happy Hour Podcast

01:25 min | 2 d ago

The Rude Pundit Is Unsurprised That Trump Is Selling Nuclear Secrets

"Like you were saying, until we just talked about this, Chris, and you said on Twitter, Rand Paul. This party, they're like, you know what? Let's just make espionage legal then. Right. What? You tweeted back at Rand Paul, who just like, let's get rid of the espionage act. I'm like, oh my God, just when you think, well, this is finally gotta be it. Like, you know, this is the national security party, and it's not it. There were planted by space aliens, Stephanie. Right, right. We're just asking the question. That's right. Yeah. Well, you know, it's also possible to say, you know, there are some problematic things of the espionage act. It has been used abusively. But that doesn't mean that it hasn't also been used for, you know, espionage. Yes. But you said it on Twitter, you said, how can anyone think it's beyond the pale that Trump took nuclear documents? Frankly, I'd be shocked if he wasn't selling American secrets. I think we've been saying that on this show for I don't know how long. Yeah, you know what? I'd be insulted if he wasn't selling nuclear secrets. Yeah. Because damn it man, you got to live up to who you are. And who are is a greedy egotistical SOB. Sorry, thank you. Had to sort of Chris and I thank you. Yes, we've heard that needle. Yes. Yes. And that's who you are. You would sell out your children. You have probably offered Saudis, nights with Ivanka in exchange for things.

Rand Paul National Security Party Twitter Chris Stephanie Donald Trump Ivanka
Members of Congress visit Taiwan after tense Pelosi trip riles up China

AP News Radio

00:43 sec | 3 d ago

Members of Congress visit Taiwan after tense Pelosi trip riles up China

"A delegation of American lawmakers is visiting Taiwan just 12 days after a visit by House speaker Nancy Pelosi that visit angered China China responded to Pelosi's visit by sending missiles warships and warplanes into the seas and air around Taiwan the American institute in Taiwan says a 5 member delegation led by democratic senator Ed Markey of Massachusetts is in Taiwan to meet senior leaders and to discuss U.S. Taiwan relations regional security trade investment and other issues The American institute in Taiwan represents the U.S. government which does not have official ties with Taiwan China claims self ruled Taiwan is a territory in objects to it having

Taiwan House Speaker Nancy Pelosi China Senator Ed Markey American Institute Pelosi Massachusetts U.S. U.S. Government
It's a Peculiar Artifact of Our System, But...

America First with Sebastian Gorka Podcast

00:56 sec | 3 d ago

It's a Peculiar Artifact of Our System, But...

"It's a peculiar artifact of our system, but cabinet members, secretaries, directors of agencies like the FBI and the CIA. And the president keep their security clearances until they go in the ground. Until they die, they have their clearances. So the idea that president Trump wasn't allowed access to documents likewise is utterly spurious. Is a Dodge is a faint former president still even receives briefings from intelligence agencies. Former presidents have been invited to talk about issues of national import and national security by new presidents. It's how we do business in a normal administration.

President Trump Cabinet FBI CIA Dodge
Sebastian Reflects on the Presidential Clearance System

America First with Sebastian Gorka Podcast

02:32 min | 3 d ago

Sebastian Reflects on the Presidential Clearance System

"Served in the Trump White House as deputy assistant to the president for strategy. As a result of that political commission, yes, that is what we were called politically commissioned officers of the president. I had to go undergo a background investigation. And acquire a top secret SCI, clearance. The clearance system in America, it's different in other countries. Has a very specific genesis and purpose. The intelligence communities, the 17 big agencies, there are many, many other small ones inside various departments and armed services, but the 17 American federal intelligence agencies serve one person in government. Their job is to provide intelligence, raw, or finished intelligence, to help the president of the United States make national security and foreign policy decisions. That is the only reason they exist. In fact, the whole classification system for documents for clearances exists for the president. It doesn't serve the chairman of the joint chiefs. It is not subordinate to the Speaker of the House or the vice president. It serves the president. That is why, for example, the president can give a clearance to anyone he wishes to, likewise he can strip only he can strip a clearance from anybody he wants to. If he wants to give his best buddy from high school a top secret SCI, code word, SAP program clearance, he can. He can just click his fingers and make it happen, because this system works for him. It is predicated, it exists to serve him in protecting America as the commander in chief. Likewise, should he wish to strip someone in federal government in the executive as the chief executive, he can strip them instantly. So the idea that a president or former president is a misusing classified information is impossible. He could wrap his fish in chips in classified information. If he wanted to, he could declassify in theory every single classified document or piece of information in U.S. government, who caused chaos, but he has the power to do so.

Trump White House America Joint Chiefs SAP House U.S. Government
FBI seized 'top secret' documents from Trump home

AP News Radio

00:52 sec | 5 d ago

FBI seized 'top secret' documents from Trump home

"A federal judge has unsealed the search warrant that authorized the FBI's unprecedented search of Donald Trump's Florida home this week Court papers show FBI agents took 11 cents of classified records from Mar-a-Lago including documents labeled top secret The court did not release specific details about what's in the documents which former Justice Department official Steven salzberg says is proper Because that would reveal things that people who don't have security clearances aren't exposed to see Trump has said the seas documents were all D classified though that's unclear He'd kept the documents despite multiple requests from agencies to follow federal law and hand them over Both he and the Justice Department urged the judge to take the unusual step of unsealing the warrant Sagar Meghani Washington

FBI Steven Salzberg Donald Trump Justice Department Florida Sagar Meghani Washington
The Legal Significance of the Trump Raids With Attorney Joyce Vance

Stephanie Miller's Happy Hour Podcast

02:06 min | 5 d ago

The Legal Significance of the Trump Raids With Attorney Joyce Vance

"I have to say even for you, like, solid calm professionals. This is a lot this week. I mean, just those of us that aren't lawyers are like, oh my God. And now Scott Perry's phone. I mean, talk to us about I don't even know where to start with the legal significance of this week. But go ahead. So maybe one way of looking at it, this is probably the most boring way, but you know me, I'm boring. Yeah. That's what we love about it. Is that today is 89 days before the midterm election, Mar-a-Lago was searched. 91 days before the midterm election. And DoJ notoriously tries to go dark on politically complicated investigations. At a period of time sufficiently far enough out from an election to avoid any allegation that they're influencing the election. You know, the ghost of Jim Comey sort of lingers over that whole thing. I'm glad you got to him before I did. Yes. Early. If DoJ had stuff to do, it makes sense that we would see it happening this week. And so now they've got 90 days to quietly sort through what they obtained at Mar-a-Lago. We have no idea what that is. And figure out, you know, let's just put this on the table early. Two things could be going on at Mar-a-Lago, assuming the reporting is correct. This is about national security classified papers. One is there could be a criminal investigation going on. These cases are rarely prosecuted, but there's some factors here that suggest that there would be good reason to investigate and consider that. Possibly more importantly are the national security implications. And whenever you have a spill of classified evidence, you've got to figure out what's involved in the spill and whether or not there is risk to national security. So, you know, we've got a former president who notoriously sat at dinner at Mar-a-Lago and sort of crowdsourced advice on how to handle a Korean missile launch. There's no telling what he would do with papers. The important thing is that people need to get people government needs to understand what's happened and what the risks are.

Scott Perry Lago DOJ Jim Comey
"  security" Discussed on SECTION 9 Cyber Security

SECTION 9 Cyber Security

05:30 min | 6 months ago

" security" Discussed on SECTION 9 Cyber Security

"When we talk about IT and information security, I'm Damian hall. And I'm Dorothy. And today we're going to be doing a mini security audit and this is where we kind of go over some of the things we're doing in security and just sort of double checking in for a fine. We want to know if these things are good for us or not. Now let's remind ourselves of what we're trying to do here. So a couple episodes ago, I came up with a short list of things that we're going to try to do here at section 9 to improve overall security. And on that list I have patching to FA application allow listing and system on for better windows login. Now we're doing the first three, we're going to save cis man for a separate episode because there's a lot that goes on in that. So we're going to be looking at patching two FA and application allow listing. Now, to give people a better understanding of what we're doing here at section 9, I want to talk about our environment because it's one thing to talk about security in a lab environment. But what does it look like when you drag it out of the lab or out of a book or a video and apply that to the real world? So we're tiny. There's just two of us. But we have Microsoft 360 five, we're using Azure AD and intune, and we have Windows 10 systems that are joined to Azure AD, and they're sort of partially managed out of intune. Whenever we want to apply settings, we're going to be doing that through intune. And this is an environment which can be applied to a business. So if we had, let's say, a hundred employees, we could use this environment in that situation. And it would work perfectly. So I'm trying to create that scenario where, instead of doing security in a lab, we're doing security in the real world. One that you can take with you and you can apply to a business environment, which you can do that, because we're doing it..

Damian hall Dorothy Microsoft
"  security" Discussed on SECTION 9 Cyber Security

SECTION 9 Cyber Security

05:23 min | 7 months ago

" security" Discussed on SECTION 9 Cyber Security

"Servers. I'm going beyond that idea that I only have one laptop. I can just install everything myself. I don't need a tool for that. Versus I have a hundred laptops. I have a thousand laptops. How do we manage that? And I think that's where I'm at with security is how do we manage something beyond one or two devices in a lab environment, or just using an example of something? How do you take that and move that into the real world? Because when you do that, it's a completely different situation. You're no longer in a situation where you have one or two lab workstations and maybe a server, now you have 50, 60, a hundred laptops that are moving around, and they're out there in the real world. They're not always in the office. How do you log that? So if you have a seam solution or things like security onion with the Elk stack on there, well how do I send it logs when I have people at home? I have people in a coffee shop. I have people in the office, how do I get all the logs into that one location so I can analyze them. Those are things that make it a challenge and that's what the real world looks like. It's not a nice neat little simple lab where everything is in one location. It's all over the place, and it's messy. And that's where things get interesting. And that's why I think it's important to have that short list. What are some things I think are really, really, really important that we can do and they're easy, right? Like two factor authentication when you have Azure AD is pretty simple. Let's go beyond that. Let's try some of the other stuff. And if we do things like honey pot, well, where does that live, right? Those are some things that I'm looking at now. And so I'm going to take the stuff that we have in all these different classes I've taken so far. And try to create that short list of things that we can do. And hopefully this is helpful to others so they can kind of see what we're doing and use some of the things that we're trying to do. I think one of the best things I.

"  security" Discussed on Security Now

Security Now

02:23 min | 7 months ago

" security" Discussed on Security Now

"Because collide, KOL IDE is built by like minded security practitioners who have seen in the past just how much MDM was disrupting end users. Frustrating them so badly they throw up their hands, forget, all right, I'm using my own laptop. I'm not using this. This is ridiculous. I hear that story a lot. Without telling anyone, of course, opening you up to all sorts of problems. That's scenario, which everybody loses the user and you and your business and everything. Collide is different. Instead of locking down a device, I really like this. I really like this. Collide takes a user focused approach that communicates security recommendations to your employees directly on slack. So after collides set up, in fact, I'm sure Russell wants to use this because we use slack. Device security turns from this on or off police state, basically, into a dynamic conversation. The conversation starts with the users installing the endpoint agent on their own. So they're already kind of empowered, right? We don't deliver this to you, locks down. We say here, install collide. Through a guided process, it happens right inside their first slack message. From there, collide regularly sends employees recommendations. Suggestions, if you will, when they notice their devices in an insecure state. Ranging from simple things like your screen lock is not set up correctly or it doesn't come on. There's no password to turn it off that kind of thing. To somewhat more nuanced maybe even difficult to solve issues like suggesting people secure two factor backup codes sitting in their download folder. That's probably not it can't see post it notes on the screen, but that's the next worst thing. And because it's talking directly to employees, colitis educating them about the company's policies and how to best keep their devices secure using real examples from this is what's actually happening. Some theory, plus they feel listened to and engaged. And honestly, they're more likely to become a partner in security, rather than fighting at every step of the way. Collide, Linux, Mac or Windows. Cross platform endpoint management. It puts end users first. But make sure your security is taken care of. And it's of course for.

Russell
"  security" Discussed on Security Now

Security Now

03:38 min | 7 months ago

" security" Discussed on Security Now

"GRC dot SC slash what is this? 8 5 four. And that will tell you whether you're okay or not. And maybe is it set up? It should have given you more than that already. Let me go directly. There we go. There you go. Building my port, 20,005. Yes. Okay. I'm familiar with not a port anybody's familiar with. Okay, so security yeah, it's your stealth, good. The security research firm sentinel one has discovered that some common code licensed by a number of prominent router manufacturers contains a highly critical remotely exploitable flaw. Among the writers known to be affected are those by netgear, TP link, tender, Edna max, D link and Western Digital. Holy coal. Ugly. I know. So here's what we know. Day or rather he, at sunel one, his name is max. Discovered a high severity flaw in the what's known as the cake codes as the company, K codes, net USB kernel module used by that large number of network device vendors and affecting millions of end user router devices. This allows attackers to remotely exploit the vulnerability to execute code in the kernel. Set in the labs, max's company began the disclosure process last year on the 9th of September, and the patch was sent to licensee, router vendors on the 4th of October. So it should be incorporated into router firmware updates by now. That's more than 90 days. At this time, sentinel one has not discovered evidence of in the wild abuse. Okay, so here, in the author's voice, is how this all began. He said, as a number of my projects start when I heard that prone to own mobile 2021 had been announced. I said about looking at one of the targets having not looked at the netgear device when it appeared in the 2019 contest, I decided to give it a look over. While going through various paths through various binaries, I came across a kernel module called net USB. As it turned out, this module was listening on TCP port two zero zero zero 5 on the IP zero zero zero zero. Provided that there were no firewall rules to emplace to block it and typical consumer routers don't have any. That would mean it was listening on the when as well as the land. He says, who wouldn't love a remote colonel bug? Net USB is a product developed by K codes. It's designed to allow remote devices in a network to interact with USB devices connected to a router. For example, you could interact with a printer as though it is plugged directly into your computer via USB. This requires a driver on your computer, the communicates with the router through this kernel module. Of course, you don't have to be using this to have it there, alive and running in your router..

Edna max netgear sentinel max
"  security" Discussed on Security Now

Security Now

05:55 min | 7 months ago

" security" Discussed on Security Now

"Having the stated goal of getting public and private sector organizations to rally their efforts and resources with the aim of securing Okay. Good goal. Although not only about log for J, ver J was the clear catalyst. Behind the summit, and the public sector, the list of participants, pretty much was the who's who, including the deputy national security adviser for cyber and emergence emerging technology, that's a department that was an new burger. National cyber director, Chris inglis, officials from the office of the national cyber director, office of science and technology policy, the Department of Defense, the Department of Commerce, the Department of Energy, the Department of Homeland Security, the security and infrastructure security agency, of course, the cisa, the NIST and the NSF. The private sector was well represented by akamai, Amazon, Apache, Apple, Cloudflare, Facebook slash meta, GitHub, Google, IBM, the Linux foundation, the open-source security foundation, the open-source security foundation, I didn't know there was one. Good. Microsoft Oracle, Red Hat, and VMware. The participants focused their attention on the three topics. First, preventing security defects and vulnerabilities in open-source software, I guess, good. Let's do that. Improving the process for finding security flaws and fixing them. And third, shrinking the time needed to deliver and deploy fixes. All worthy goals. The White House's after action report wrote, quote, most major software packages include open-source software, including software used by the national security community. Open-source software brings unique value and has unique security challenges. Because of its breadth of use and the number of volunteers, responsible for its ongoing security maintenance. So this sounds a little bit like what the FTC we talked about last week. What they said, they did appreciate the particular challenges it represented because it was not commercial. It was all free and just done by random people. During the summit, Google proposed the creation of a new organization. That would act as a marketplace for open-source maintenance that would match volunteers from participating companies with critical projects that need the most support. Can't walker, Google's president of global affairs and chief legal officer, both for Google and Alphabet. He was quoted, saying, for too long, the software community has taken comfort in the assumption that open-source software is generally secure due to its transparency and the assumption that many eyes were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all. Growing reliance on open software means that it's time for industry and government to come together to establish baseline standards for security, maintenance, provenance, and testing. To ensure it with money for Christ's sake and that's the problem. They use this stuff for free. And then they go, well, you see. Broken. It's broken. To ensure national infrastructure, he said, and other important systems can rely on open-source projects. At least, only use proprietary. But it's Google, after all. Right. Yes. These standards should be developed through a collaborative process with an emphasis on frequent updates continuous testing and verified integrity..

source security foundation Chris inglis office of the national cyber d security and infrastructure se Cloudflare office of science and technolo national security community Google cisa Linux foundation akamai Department of Commerce Department of Homeland Securit NIST Department of Defense Department of Energy GitHub NSF Red Hat Apache
"  security" Discussed on Security Now

Security Now

03:10 min | 1 year ago

" security" Discussed on Security Now

"Won't be a problem but is bad. Why active still a. Why is it still in windows. It's well it's because they're you know documents live on and you you would want that document not to be able to open a website now would you. I know you gotta you gotta have that in your in your power. I remember us specifically talking about what a threat. It was to allow something downloaded from the web to rub locally on your computer as it because and it's bringing in java script what could possibly go wrong. I mean those not only is your. Is your document scripting in order to bring in a in order to host a container which is then a web browser in your document which has been given a u. r. l. to a foreign server which could then load something in with java script writing and like do something it's like there should be a way just remove activex. I stunned. it's still alive in there. Yeah that's crazy there. Must that's that's it. Internet explorer component. Yeah yeah well well. Active x is Is what is what Com evolved into so there was the cry honan object model calm and then it sort of they. They like they got so tired of doing like extensions of it because the kept figuring out it could do more. Did they said okay. Let's just kinda start over so we'll call it but oh and it was also a renaming. Remember that it's sort of like it. They didn't feel like it was exciting enough. It's like it's active com ole right which is pretty good. Sounds like a bull fabulous. It's still supported through As a witness. Ten through internet explorer eleven. Even though it's been deprecated for years right. And so this is invoking i e an old i e control through activex in order to bring it back alive so yeah and i mean we're not noticed we're not even talking about the fact that that ease 'em html control has a problem because like of course it does like why. Why would we imagine that out that. A browser component would not have a horrible easily exploitable flaw. Instead we're just talking about. Oh this is the way you invoke it because embedded in office documents. Okay so we also have. This seems to be abbreviation day. We all i also ran across w. f. h. Which is the new abbreviation for a work from home. That's now a thing w. f. u. w. f. h. your wfan aging anyway last thursday hp's wolf security group published a new study which they titled security rebellions and rejections..

wolf security group hp
"  security" Discussed on Defensive Security Podcast

Defensive Security Podcast

04:03 min | 1 year ago

" security" Discussed on Defensive Security Podcast

"Hey it's our job to advise what to do if desired right. Yeah very similar to lawyer like yeah. You probably shouldn't stab that guy on camera. That would be bad for you but you could still go stab the guy on camera. I don't know it's probably bad example. But you know what i mean. It's just i obviously. It security or cyber is so new and legal professionals ancient. So i don't know if these rav will be defined into laws but it seems to me very similar so let's see Don't share the report or sorry. Share with as few people as necessary for portas is also necessary for internal business. Accounting regulatory purposes. Have a separate sanitized. Report prepared the report and the related work must be a legal expense paid for by the company's legal budget preferably through outside counsel that was also one of the observations of the judge. Let me just restate. We're not giving legal advice. I'm reading this This document document anticipated potential threat of litigation early on and take time to carefully select and prepare your thirty bc witness for the deposition. Whatever the heck that means there you go. Well was a national argue. So it's meant for lawyers that's right that's right which we are not which we're definitely not but again assume that you're engaging a third party forensis company that the report is going to be covered by legal privilege unless you take the action. That's that's the whole point of this. Talk to your attorneys. Don't assume this is your fun parties. I totally am all right. So final story. This one comes from secure world that i owe and the title is suing the sea so solar winds fires back so we've obviously talked about solar winds ad nauseam. Some solar winds investors have sued solar winds The company and as well as their ceo in their see so basically. I'm summarizing basically alleging What i would loosely called malpractice and Basically saying that that In a couple of different points. You know that that the company didn't do the right. You know didn't exhibit responsible security Oversight and so they use some specific examples from former employees. you know one of which was a Strategist and had complained that they that the company wasn't doing enough in in a couple particulars security. There is also the very public issue with the The solar winds one-two-three password. That's referenced in here and so you know point is that it's finding interesting that this is a this is an example where it's not just the company that is being sued. It's also in this in this case. It's the leadership of the company and look it is hard enough to bc. So i think this is. This is really if this becomes common practice. I fear what we're going to see on but on the other hand on that's that's one side on the other side. I think it will quite likely derived different kinds of behaviour..

portas
"  security" Discussed on The 443 - Security Simplified

The 443 - Security Simplified

05:08 min | 1 year ago

" security" Discussed on The 443 - Security Simplified

"There's no liability. There's nothing holding them to this. So you're representing mark. I think optimistic opinion that people want to be secure and one to work in any way they can do. This colonial pipeline might fall into that because they suffered an issue. But i'm from. I'm at the point until it is regulated until there is teeth. I'm not sure it's going to make much difference. So i hope your interpretation of the end you know. I'm glad that they're trying to work voluntary but maybe there should be regulation about a minimum baseline set of security that industrial control critical systems need to establish so. I don't know it sounds. There's nothing wrong with this memorandum. I loved all the ideas of what it proposes. But where's the meat. Where's the beef. Whereas the either the teeth and forcing people to do security or the actual details about what any of this new policy is because i see ics policy that's existed from department of homeland security. Caesar ics cert nist before. So i just want more detail right now. It just seems like oh. We want to make this better less wave our magic wand if only were that easy. But you're right. I think it will boil down to whether they can add teeth to it or not because to be fair teeth or carrots yes it is either fines. Or some some incentive you can also enforce a regulation by giving tax or monetary or other incentives. If you do so add something to this. That really gets the ics community on board beyond just voluntary. Because let's face it as much as everyone wants to be secured. They don't have the time. Voluntary does not seem to often work. And while like you said a lot of these utility districts and stuff are really maintained by very local municipalities like ness not necessarily even state level down the county or city in some cases it is critical to our nation's infrastructure so it makes sense.

department of homeland securit Caesar
"  security" Discussed on Security Now

Security Now

05:26 min | 1 year ago

" security" Discussed on Security Now

"Hello everybody is. I don't know how. Steve does this mustache thing. We're giving steve the week off <hes>. You know he he takes no time off. The man works his butt off not only with with his with his products. Spin right and and all the research and stuff. He does for his website. Grc dot com. But he spends you know hours putting together the security now show every week and the funny thing is about steve. He never wants to take a day off. He never wants to miss a show so i've tied him up and put them in a closet so he can't be here today because the guy needs a week off and we're gonna take some of the best moments from the year. Twenty twenty starting with the story of and this was a bad one clearview and their face recognition technology. So last week we talked about the clearview a i company who were doing the facial recognition and bragging the web for three billion face sprints and made them available to six hundred police department so they could identify people within seconds since then clearview has increased their collection of cease and desist. Letters are just not exactly what they are hoping to be collecting from major. Us social media players. The first one they they received was from twitter a couple of weeks ago when twitter told clearview to stop collecting its data and to delete whatever it had. In addition facebook has similarly demanded the clearview stop scraping photos because the that action violates facebook's policies and now google and youtube are also both telling clearview to stop violating their policies against data scraping. Clearview take on. This is defiance. The ceo hone thanh fat was interviewed last wednesday morning this morning. News show <hes>. He's told to trust him. He said the technology is only to be used by law enforcement and only to identify potential criminals. Tom fat claims that the results which which is not encouraging our ninety nine point six percent accurate. I guess though you wouldn't wanna miss. I want a false positive. Miss identify you as a bad guy. So i guess accuracy is is a better thing and he also claimed that it's his right to collect public photos to feed into his facial recognition archive. He said. there's also a first amendment right to public information so the way we have built our system is to only take publicly available information and index it that way and we by the way there was a recent supreme court decision having to do or was it supreme court but maybe ninth circuit court having to do with scraping of linked in which they ruled. Yup you can't stop scraping if it's public information. Y'all can't stop it. In fact i have that i mentioned that here <hes>. So we know from last week when we talked about this the that in illinois at least with their bitta. The biometric information privacy act <hes>. You know it's illegal there <hes>. And youtube statement read quote. Youtube terms of service explicitly forbid collecting data. That can be used to identify a person. Clearview has publicly admitted to doing exactly that and in response we sent them a cease and desist letter as facebook <hes>. Facebook said last tuesday that it has demanded that clearview stop scraping photos because the action violates its policies. Facebook said we have serious concerns that clear views practices which is a with sorry serious concerns with clear views practices which is why we've requested information as part of our ongoing review. How they respond. We'll determine the next steps. We take which i'm sure. Facebook attended sort of sound ominous <hes>. And <hes> taunt that defended clearview as being a google like search engine. He said google can pull information from all different websites. If it's public and it can be inside sorry. Excuse me if it's public and it could be inside. Google search engine. It can be an hours as well. Google disagreed saying that clearview isn't at all like their search engine. Google said there's a big difference between what we do and the way your shanghai ing everyone's face images without their consent. Most websites want to be included in google search and we give webmasters control over what information from their site is included in our search results

Google clearview dinh shanghai leo san francisco lincoln faa california
"  security" Discussed on Application Security PodCast

Application Security PodCast

04:03 min | 3 years ago

" security" Discussed on Application Security PodCast

"Matt Clapham is a product security person as a developer security engineer advisor and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the healthcare information and management systems society hymns conference. Matt shares his perspectives on application cybersecurity through the eyes of the healthcare industry. There is much for us to understand by viewing. How other segments approach security and privacy Matt believes in stepping outside the echo chamber and experiencing how other industries see security, and he achieved that by visiting this non security conference in sharing his experiences with us. And remember if he visits your booth at an event, you better know, how your company's make secure product or solution. I wanna take a moment to introduce you to security journey at security journey. We believe security is every developers job we work with our customers to help them, build long-term, sustainable security culture amongst all their developers are choice to provide security education that is conversational quick hands on and fun. We don't do lectures. Instead, we let the experts talk about what's important modules are quick ten to twenty minutes in length. We believe in hands on experiments builder and breaker style that allow developers to put what they learned into action. And lastly, fun training. Doesn't have to be boring. We make it engaging and fun for the developers. Visit WWW dot security journey dot com to sign up for a free trial of the security DOJ. Oh. The application security podcast here. We. Hey, folks. Welcome to this episode of the application security podcast. This is Chris Romeo CEO of security journey and one of the co hosts here on the podcast, and I'm also joined by Robert, hey, Robert, hey, Chris. This is Robert threat, mulling architects, offer security architect and very enthusiastic about application security. So we're joined today by a guest who has been on the podcast two times before. So this is his third. Visit and that is Matt Clapham. And we were just talking about where we had actually done these podcasts interviews before. And so Matt Nye had done. Our last interview at converge conference in Detroit, Michigan, which is actually coming up here in a couple of months, and so if you're anywhere near the Detroit metro area in Michigan or anywhere in the state of Michigan should definitely come down. And be a part of this event. It's very cool. Lots of good stuff happening. Matt great to have you back on the show. Show again, thank you for being willing to share your expertise with the industry K happen to be here. So we thought we would refresh your origin story seems like it's been about time. Right. We have to refresh these things now and again, and so especially because your origin story that's going to impact the rest of the things that we talk about here. What what's kind of your origin story or how'd you get involved with security? Sure, I started out as a software tester. I'd been interested in software and went to college to learn about technology and computer science, and as I left college. I started as a tester, and I found that I really enjoyed breaking thinks right? And then as I got better and better at finding the flaws and whatnot. I said we'll, hey, why do we why do we not look at things like of risk management like question why everybody's running as an admin on windows all the time. Right. And so that that actually made me a better offer tester because I could start to to bring things in new and interesting ways and so. Experimented more with that. And I also learn more from talking to co workers

Matt Matt Clapham security architect Matt Nye Michigan Detroit Robert DOJ Chris Romeo developer advisor engineer CEO twenty minutes
"  security" Discussed on Security on The Bayou

Security on The Bayou

06:59 min | 3 years ago

" security" Discussed on Security on The Bayou

"And. Welcome to security on the by you. I'm your host Chris Adkins, and they're a recap of today's Security News. And why it matters to you? Good morning friends. It is Tuesday April thirtieth in here is today's Security News first off from the Atlantic dot com. Not your additional security article that we'll discuss here, but the title is people are clamoring to buy old insulin pumps written by Sarah saying on the Atlantic. So this is an interesting article in there's a lot of you know, sort of medical terminology, and you know, a lot about insulin and type one diabetes, but it's interesting because it has to do with hacking of a mid Tron ick, insulin pump. So essentially what they've done is the views this pump to create a process that they call looping. So that this software that runs on a artificial paint. Greece can then talk to this insulin pump and regulate the amount of insulin. That is put into the person's body. This is interesting because they. They stopped making these Medtronic pumps, y'all. I think in twenty fourteen so you have all these people running around on EBay and Craigslist and Facebook trying to grab these things. So that they can build these systems and use them to instead of having to count everything all day, and, you know, do do all kinds of different insulin shots, and it makes their life a little bit easier of so much. This is used across the industry quite a bit so much. So that the CEO of JD R f-, the Juve juvenile diabetes research foundation, actually does this himself. So very interesting article not your whole security, but hey, it's hacking. So we're gonna talk about it. All right next from threat post dotcom. Mauer infest popular pirate, streaming hardware. This should come. As no surprise anybody. So some researchers have gone and grabbed a Cody streaming box in essentially determined that every. One of the add-ons that it's on there while I'm gonna take the back, not everyone a large majority of the pieces of software and add on that are in this Cody box contain our some of the things that it's doing it is taking all of the wireless information your ID password in such from that box and sending it to server in another country. Somebody had one point five terabytes of data was uploaded from a device that shared the same network of the Cody box. So they were able to move laterally on the network in extract one point five terabytes of data. I don't know about you guys. But that would flag my my p pretty quick as going over my limit. So just a lot of some interesting things here. I mean, this should not be a surprise at all. I mean, if you were if you were developing free, quote, unquote, apps that a larger stream illegally, wouldn't you try and take advantage of that to all these people trying to do that. So. Apparently is quite a bit of talk about it on. The the dark web. And I mean, they the developers of these things literally discussed this with each other on how to do this affectively. So an interesting thing stay away from it. I mean at the end of the day, I mean, at least make sure you're protected somehow if you're gonna use this stuff all right next one a this one. I when I started reading it. I got a bit of a chuckle then it got pretty serious pretty quick. So this one from the registered coat UK Chinese Dev jailed and fined for posting DJ excuse me, DJ is private keys on get hub. So DJ I makes drones for those that don't know. So he ended up posting two extremely important keys on get one of them was the AS key for the firmware. So that's why I got a little bit of a chuckle. How people were allowed to go. You know, they can now modify the firmware to. There there needs. But the second one this was kind of a big deal. He he dropped a wildcard SSL key for star DJ DJ, I dot com. Don't wanna can't say that. And that's a big deal. I mean the world of. Keys. That's big one specially SSL key. So, you know, any sub domain of DJ, I dot com now, hopefully, they've gone revoke that key in you know, they've gone through that process. But who knows at this point? That's a that's pretty dangerous. So he ended up getting fined just under twenty three thousand pounds two hundred thousand Yuan is what it ended up being. So he, of course, is very sorry. I was born in a very poor village. I studied hard all the time. I finally got new university. It was very happy thing to me, and my parents. But now all the things are done. I am done. I will go to jail. I have to take the stain in my life. My girlfriend began to break up with me while my family are broken. F-bomb? What are what are terrible things? Maybe the only thing can do now is to die is so hard. I need to be free. I feel for this guy. That's that's pretty big deal. Sound people who say those kind of things about how wanna die and girlfriends Brigham don't sound like it was intentional. So. All right. Normally we do four, but we're already over our time for the day. So thank you for joining us. It is what day is it's Tuesday, Tuesday, April thirtieth twenty nineteen everybody have a wonderful day.

Cody box diabetes Chris Adkins Medtronic Atlantic Sarah CEO Mauer EBay Greece UK Brigham Facebook JD R Craigslist five terabytes twenty three thousand pounds
"  security" Discussed on Security Now

Security Now

01:31 min | 3 years ago

" security" Discussed on Security Now

"Steve so Android security. Ten years in. Yeah. Since this is the Templars day. Yeah. It really hasn't gone fast. I didn't realize we were like we're doing the podcast what had happened. I still have the first phone right here. I won't get a now. But it's back. Museum of old crap. Nice. Yeah. It's terrible phone. But as you say, we've come a long way, we have so and and really I want to talk about exactly that in detail. How we've come from a security standpoint in the show notes, I've got a link to the Google Android security twenty eighteen report final as they call it. It's a PDF thirty one page report. Which? Examines and shares the statistics of like what they recognize ecosystem data that the the the benefit of GU what they call Google play. Protect the the Android platform security, and then essentially the threats that are out there. The the the very aggressive P H A families, the potentially harmful applications. They write that they Android security teams mission is to.

Google Steve Ten years
"  security" Discussed on Security Now

Security Now

03:23 min | 3 years ago

" security" Discussed on Security Now

"Can better protect. Ourselves Kaspersky have released an online tool that allows you to check your MAC address against a database of victim MAC addresses, which is hidden. Good on casper ski on one hand. But on the other hand good on. Of course, they are Australia in good on Kaspersky. But on the other hand, this is highly inefficient and does not really serve the security community. So we thought it would be a good idea to extract the list and make it public. So that every security practitioner would be able to bulk compare them that is the whole list to known machines in their domain. If you are interested in the list, it can be don't downloaded here or here for the extended list, and I have a link to this page in the show notes where those here and here are links to the. The extended link lists. I also had that actually down below they. So these guys also felt that having a simple list of targeted victim. Macadear would be far more useful for large enterprises with many hundreds of thousands of systems where the stakes were pretty high. Because after all we're talking about the reliable installation of a Trojan back door by unknown actors into specific, laptops, when who knows who's, you know, specific a Seuss, laptops. So how do we solve this problem? That is the problem to these guys faced well, of course, it's a variation of the classic brute force password cracking problem. Although it's significantly simplified. Because in this case, we know that every test MAC address is a forty eight bit binary input to the cracking hash Fung. Action. And we know that half of it will be one of a handful of twenty four bit vendor. Mac prefixes it within the forty eight bit binary. So it's like a password whose length we exactly know. And and in fact, half of it is one of a subset of possible. Twenty four bit chunks. So the skylight cyber guys calculated that their own fastest of first of all day, reverse engineer, a reverse engineered the algorithm because there it was it's sitting in an ex he they used Ida idea, the interactive disassembly. It'll be fun. When in the future we start hearing about them using the NSA's tool, but that'll take a while to proliferate through the ecosystem, they figure out exactly what the hashing function was. They then designed that they took hash cat and tried to use it. But the the function was custom. So they customized and built a custom version of hash cat to reverse the Kaspersky hash functions their.

Kaspersky Australia Mac Seuss Macadear engineer Ida forty eight bit Twenty four bit twenty four bit one hand
"  security" Discussed on Security Now

Security Now

04:31 min | 3 years ago

" security" Discussed on Security Now

"And they have a camera watching your eyes. And if you look away from the road, it rumbles your seat vigorously, so there, I think this look to seven thirty seven max is crashed. Because the apparently the auto stall feature that was supposed to. You know, pull the nose down did it incorrectly and pull it down into the ground. Right. It's very similar problem. Right and pilots who didn't know enough to disable it. That's what happened. So I think it says autopilot is always going to need at least for a while. Anyway, human intervention and considered the lawsuit. I mean, it you there's just no way these car companies are not needing to be able to say we took proactive measures to to own for this to only be an assist function. Not a, you know Grohl up in the backseat and and take a nap while we drive you to work feature. So yeah. Yeah. Could really interesting topic. Yeah. So this is a classic hack. We've course we talked last week about ace's shadow hammer MAC addresses. Well, the as shadow hammer attack. How two of their download servers were infected with multiple. Of malware over a duration of five months. Presumably by a somehow someone who got an advanced persistent presence in their system and was able to do this in reporting. I did note that they were only, laptops. So that's significant because remember that one of my as I was scratching my head brainstorming where could a list of MAC addresses have been resource one of them was from WI fi heights hot spots in a mobile scenario. That's right. They say the MAC addresses, don't yes, you mobile hotspots, get the MAC addresses, and the the other interesting thing was the turns out. There was a list. A further refined list of double MAC addresses where it was the the land and the WI fi MAC address, which was known. So, you know, I don't know what that further tells us, but. That that that would potentially set I think. Yeah. One of my hypothesis is is that they had seen them roaming. They knew who they were. So they were gonna come back and get them L K. So anyway, what as I described last week? What Kaspersky did was they offered an online resource where people could put their MAC addresses in. And it would tell them whether they were all of those six hundred seventeen I think it was addresses or a downloadable tool. If you didn't want to put your MAC address into Kaspersky page, you could download a standalone exc- that would that contain them. All well. Okay. So get this for whatever reason they chose not to publish their full list. Amac addresses, right? It was give it submitted to us. And we'll tell you or download this exc- will. They obscured the MAC addresses by hashing them with a salted hash assaulted SHA to fifty six with a complex algorithm that merge, the MAC addresses in the salt several times in the hash in order to make it, you know, it just made up their own hashing function, essentially, well this apparently bothered some guys at an Australian security firm skylight cyber they wrote the question of who did this. And why is that the skylight cyber wrote the question of who did this, and why is intriguing but not one we were trying to answer in this case first things first if information regarding targets exists, it should be made publicly available to the security community. So we.

Kaspersky WI Grohl Amac first things first five months
"  security" Discussed on Security Now

Security Now

05:05 min | 3 years ago

" security" Discussed on Security Now

"So thank you cash. Life your support and thank you for supporting security now. Yeah. When I say it like that it sounds like, oh, yeah. I remember that. We decided to put less in the front just to get to the shows a little bit faster. So we moved to cash lie inside. So. As we were saying yesterday was April first infamous, April Fools day. But no one was fooling here. I just wanted to note that Android user should update or look for updates from their provider because there were a pair of critical remote code execution vulnerabilities and nine high severity privilege elevation vulnerabilities. And also an information disclosure vulnerability is all patched they were once again, the the art they are sees remote code execution problems. We're in the much troubled media framework, which of course, has been a constant source of trouble because it is a massive interpreter. And that we know how hard those are to get right? So there were two vulnerabilities. What were updated is version seven point zero seven point one point? One seven point one point two eight point zero eight point one and nine so everything essentially from seven point oh on you, depending upon where you get your Android do as it was just released yesterday update yourself because again, the what we have seen is that a patch gets reverse engineered and the bad guys jump on it, and a we know that the media framework is particularly susceptible because it is a essentially your your Android. Mobile device is a wide open. Ma looking you know, a funnel looking for things. You know tweets and snap chats and Twitter, pictures and just everything coming into it. And if it's if if there is a problem in the render of some some type of content than it's readily exploited and the bad guys are going to look at this. And they started yesterday, and they're going to try to get people who haven't updated so do so they did say of them that there were no reports of active customer exploitation or abuse of any of these remote of of these newly report issues. So these none of these are zero days, but we know that even one days is now these days enough, so we're getting fixed. Okay now. Leo as a tesla owner. This will be of interest to you. And I'm sure we have many tesla owners the attention grabbing headline, which is very very wrong was researchers trick tesla to drive into oncoming traffic. That would not be a good thing. Early for not to thank you in terms of ruining your day, pretty high up on us. And unfortunately, in this case the hack appears to a been easy to pull off. But not at all what the headlines have said there is a forty page research paper published by researchers at ten cent. Keen security lab, their paper was titled experimental security research of tesla autopilot, and I hadn't the pun of autopilot hadn't occurred to me, actually, Leo until I what's the began auto. I get it isn't that. Why never thought either is that wonderful. I don't like the name because it implies it flies itself. And it doesn't know man. And I will argue and our and our listeners, maybe a little more, even you will maybe a little more convinced of that. By the end of this because they did find something which is you know worrisome, but anyway, so they're abstract reads, and I'll share it because they did three different things. The abstract reads keen security lab has maintained the security research work on tesla vehicle. The this is a Chinese outfit, by the way. So you'll see their English is not quite you know, hours, but still very legible or intelligible on tesla. Vehicle and shared our research results on black hat USA twenty seventeen and twenty eighteen in a row based on the root privilege of the AP. E that's tesla autopilot e c you software version eighteen point six point one, and we should note. It's now at eighteen point twenty five or something..

tesla Leo Twitter Ma zero days one days
"  security" Discussed on Security Now

Security Now

03:59 min | 3 years ago

" security" Discussed on Security Now

"If I look here for the shortest one. There was actually one of the Chinese networks was. Three days eleven hours and fifty minutes. The worst was one month Twenty-three days. Okay. So that's way over on almost two months, and they had a hundred and sixty three mal wear. You are ELLs the next biggest was two hundred and fifty six Maui where you are ELLs that was a Chinese site are Chinese host to the took that reacted after one month nine days on the other hand the number one hosting site. A provider was digital ocean in the US, and they had three hundred and seven mal where you are L so more than any other provider and their reaction time was six days, twelve hours and fifty six minutes. So I know I certainly we should mention the sponsors, you know. Okay. And what people use them. So easy to spin up a site, right? Yeah. Exactly. And also, I just going to say that these guys have to be responsible because they don't want to take down Assad. They you know, they shouldn't take down a site based on a report without verifying it. So otherwise, you've got, you know, script kitties maliciously reporting good sites that they don't like as being malicious and getting them booted for no good reason. So so, you know with when you have a huge number of sites. There's a lot of remediation work at and burden that that you that has that goes along with it. So anyway, so they went on to talk about what malware was found there and that the number one malware by a long shot was something called IMO Tet, which is a very capable and increasingly flexible. Trojan, which is sort of multi-purpose it gets in. And then it's polymorphic it changes shape, it it's very hard to deal with. And of course, the bad guys are constantly churning out. New domains to host this stuff, and then spew out links and social networks and on on download sites and an an ads and wherever they can to get people to click on them to download the malware and then go from there. So boy wet that's the, unfortunately, that's the world that we live in today. Crazy chrome will be playing catch up to. I e and fire FOX when it comes to mitigating drive by downloads from I frames web browser I frames, and we've talked about them have always been frightening from a security standpoint, they're, you know, we often talk about the classic trade-off between security and flexibility. Nothing could be a better example of that than the I frame, I frame as we know is short for inline frame. It allows the designer of a web page to set aside a rectangular region a frame whose contents will be filled in by the result of an I frame URL, fetch so the origin web page specifies the URL. Then the browser goes to fetch it and to render it sort of as a many web page unto itself. And they are I frames are what have enabled the entire web browser advertising industry since they conveniently allow.

US Assad Maui one month Twenty-three days fifty six minutes fifty minutes eleven hours twelve hours Three days two months nine days six days
"  security" Discussed on Security Now

Security Now

05:41 min | 3 years ago

" security" Discussed on Security Now

"Com. It's all about collaboration. Isn't it always is it? Well, and you know, you don't have to work with anybody. But everybody else is on a team, Steve Gibson works alone. Well, but I do have the the the gang in the newsgroup. They keep Ernst. Yeah. They they're very very important to the processed. I mean, you can develop in a cocoon, but you're not necessarily going to do the right thing. And there's always stuff you miss. It's valuable. I know it is. Yeah. So I I don't really talk about IOS and MAC OS security updates about. I haven't I have a few times in the past this one caught my attention. Just because if I when I searched on the word arbitrary to page the page lit up arbitrary, yes. Because that's the phrase apple uses the phrase, arbitrary code execution. So so I believe I heard Rene say last week that he was a prized that the update was to twelve point one point three because he was expecting. I think it to go to twelve point to I don't, you know, he's the MAC. Guru follower genius guy. So I I don't know what that's about. But anyway, what we got was twelve point one point three presumably maybe apple how already has other plans for twelve point to and that hasn't happened yet. So these things apply to iphone five s and later ipad air and later, the ipad touch six generation. And you know, that caught my eye as I said because when I searched the for when I searched the Security News details page, I had the link here in the show notes for any was interested it for the word arbitrary. I got a lot Blute. Yeah. I got bluetooth an attacker in a privileged network position may be able to to execute arbitrary code. And they described an out of bounds. Read was addressed with improved input validation. But until then you've got an over the air remote codex acution vulnerability in FaceTime. A remote attacker may be able to initiate a FaceTime, call using arbitrary code execution. Get that didn't seem that bad. But still he don't want that a bunch of Colonel impacts Colonel arbitrary code execution. Those are never good. There was. In the apples live X P C, which is a part of the Iowa's process management system. There was an arbitrary code execution. Also, another arbitrary code execution in sequel light web kit had a bunch and those are not good. Because of course, that has a lot web kit is is, you know, internet facing. So there was politically a politically. This. But yeah, exactly. Processing, maliciously crafted, web content may lead to arbitrary code execution. Actually, all three of them say that. So there's a memory corruption issue as addressing with improve memory, handling a type confusion issue was addressed with improved memory handling and multiple memory corruption. Issues were addressed with improved memory handling. No, apple doesn't ever. Give us any details is just you be happy. These are no longer going to bite you and flora acetate was involved in. I remember we talked about him before or she or whoever it working with Trend Micro zero day initiative. Floro acetate reports to trend who then reports to apple also web RTC an again, an high potentially high impact because that tends to be internet facing. And so there was an arbitrary code execution vulnerability there. So. Although I've read malicious right? Oh, yeah. Yeah. Yeah. Mead. We provide the code. We're going to stuff down a throat whether you like it or not betray censo- so harmless, but exactly lately, arbitrarily it's whatever the guy wants to execute. Exactly. Yeah. Exactly. So as we know has historically been less prone to reverse engineering tax than windows yet. A lot of these seem not good. So, you know, I I don't know why it is. But I my systems update lazily it'll be like a week will go by. And then I'll, you know, something it'll begin to say, you know, we'd like to reboot your ipad or your phone or something I go. Oh, anyway. So this time I went looking, and I I was asked if I wanted to download and update and I said, yes, thank you. So. I would just suggest to our listeners again probably targeted attacks these as far as we know we'll be don't know that whether they are in the wild or not they're not they weren't disclosed zero days. So we can presume they're not. But it would be good update..

apple Rene Steve Gibson Ernst Iowa Mead zero days zero day