My guest is Charles Givre; here is his bio:
Mr. Charles Givre CISSP currently is a lead data scientist in the CISO for Deutsche Bank. Prior to joining Deutsche Bank, Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for the last seven years where he works in the intersection of cyber security and data science. For the last few years, Mr. Givre worked on one of Booz Allen’s largest analytic programs where he led data science efforts and worked to expand the role of data science in the program. Mr. Givre is passionate about teaching others data science and analytic skills and has taught data science classes all over the world at conferences, universities and for clients. Most recently, Mr. Givre taught a data science class at the BlackHat conference in Las Vegas and the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University. He is a sought-after speaker and has delivered presentations at major industry conferences such as Strata-Hadoop World, BlackHat, Open Data Science Conference and others. One of Mr. Givre’s research interests is increasing the productivity of data science and analytic teams, and towards that end, he has been working extensively to promote the use of Apache Drill in security applications and has contributed to the code base. Mr. Givre teaches online classes for O’Reilly about Drill and Security Data Science and is a coauthor for the forthcoming O’Reilly book about Apache Drill. Prior to joining Booz Allen, Mr. Givre, worked as a counterterrorism analyst at the Central Intelligence Agency for five years. Mr. Givre holds a Masters Degree in Middle Eastern Studies from Brandeis University, as well as a Bachelors of Science in Computer Science and a Bachelor’s of Music both from the University of Arizona. He speaks French reasonably well, plays trombone, lives in Baltimore with his family and in his non-existant spare time, is restoring a classic British sports car. Mr. Givre blogs at thedataist.com and tweets @cgivre.
Hair on Fire 1 of 5
Advice – don’t buy an Intel computer yet. If you must, be sure that it does not have an Intel chip in the “planning” stage!
Progress Update: Intel has released microcode update:
“…we have now released production microcode updates to our OEM customers and partners for Kay Lake- and Coffee Lake-based platforms, plus additional Skylake-based platforms. This represents our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. …
The new microcode will be made available in most cases through OEM firmware updates. I (author: Navin Shenoy) continue to encourage people to always keep their systems up-to-date. There is also a comprehensive schedule and current status for planned microcode updates available online.”
Hair on Fire 1 of 5
Much easier for listeners b/c you don’t have to go to MANUFACTURER for update.
(Apple is manufacturer and software producer. MS is just software vendor.)
Currently supporting the following chip sets:
Make a full system backup! Hair on Fire 5 of 5
Apple systems – no word yet how Apple is handling Intel’s latest update.
Still Hair on fire 5 of 5
The percentage of daily Chrome users who’ve loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018.
These statistics on Flash’s declining numbers were shared with the public by Parisa Tabriz, Director of Engineering at Google, during a keynote speech at Network and Distributed System Security Symposium (NDSS) held in San Diego last week.
Flash’s demise was to be expected, though. Adobe announced last year plans to stop supporting the Adobe Flash Media Player by the end of 2020.
But while Chrome, Firefox, Edge, and all major browsers have already moved from a Flash-enabled-by-default to a Flash-click-to-play policy since last year, the massive drop in Flash usage numbers is a huge surprise for most industry experts.
This big drop could, at least in theory, be explained by the fact that most advertising networks and video streaming portals have moved away from Flash to HTML5, meaning most people can go days before encountering a website that still loads some kind of Flash object.
Again – Hair on Fire 5 of 5: UNINSTALL FLASH!
If you see an auto-update, then UNINSTALL FLASH!
Steve from Michigan:
I heard the internet was going extinct because of a new kind of attack. Seriously. What’s going on?
Nothing to worry about; this will get fixed.
Attack called “Memcache Distributed Denial of Service attack”
Easy fix – disable UDP on Memecache servers.
Before 24th February, the day when Memcached-based DDoS attacks were first spotted, the daily average was less than 50 attacks.
Between 24th and 28th February, when Memcached as a new amplification attack vector was not publicly disclosed and known to a small group of people, the attacks raised to an average of 372 attacks per day.
Soon after the first public report came on 27th February, between 1st and 8th March, the total number of attacks jumped to 13,027, with an average of 1,628 DDoS attack events per day.
The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub (1.35 Tbps attack), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, and Pinterest.
This issue is already fixed! (kill UDP)
What’s the problem? ~17k servers worldwide to patch.
So, this is a hair-on-fire 1 of 5, because all you can do is have a little patience because you may not be able to access site.
Roland from California,
“I recently completed a bitcoin transaction. I hade a small donation to a non-profit. I cut and pasted the Etherium account key they they sent me, but the donation never made it. But, my Etherium account was definitely debited the amount. Am I being scammed by the non-profit, or did my Etherium just get lost on the way?”
Evrial and CryptoShuffler and Combojack.
Click here for article – great explanation:
…ComboJack enters into an infinite loop. Every half second it checks the contents of the clipboard. The contents of the clipboard are checked for various criteria to determine if the victim has copied wallet information for various digital currencies. In the event a wallet of interest is discovered, ComboJack will replace it with a hardcoded wallet that the attacker presumably owns in an attempt to have the victim accidentally send money to the wrong location. This tactic relies on the fact that wallet addresses are typically long and complex and to prevent errors, most users will opt to copy an exact string in order to prevent potential errors. If any potential currency addresses are found, they are replaced following the criteria in the table below:
|Checks for this criteria||Replaces with||Wallet Type|
|Length of 42 and starts with a ‘0’||0xE44598 AB744254 50692F7b 3a9f89811 9968da8Ad||Ethereum|
|Length of 106 and starts with ‘4’||4BrL51JCc 9NGQ71kW hnYoDRffsD Zy7m1HUU7 MRU4nUMX AHNFBE||Monero. It’s important to note that this replacement string is not long enough, as Monero wallet addresses are either 95 or 106 characters in length. This was likely a mistake made by the author.|
|Length of 34 and starts with ‘1’||1LGskAycx vcgh6iAoig cvbwTtFjSfd od2x||Bitcoin|
|Length of 34 and starts with ‘L’||LYB56d6Te Mg6Vmahc gfTZSALAQ RcNRQUV||Litecoin|
|Length of 11 and starts with ‘8’||79965017478||Qiwi|
|Length of 13 and starts with ‘R’||R064565691369||WebMoney (Rubles)|
|Length of 13 and starts with ‘Z’||Z152913748562||WebMoney (USD)|
|Length of 13 and starts with ‘E’||888888888 888888888 888888888 888888888 888888888 88888||Unknown|
|Length of 15 and starts with ‘4100’||4100144741 25403||Yandex Money|
Table 1. Replacement address lookup table hardcoded into ComboJack.
This work is licensed under a Creative Commons License: Attribution required if you republish or reuse this material. For details, see: