117: Daniel the Paladin

en-usMay 17, 2022

Podcast Summary

Importance of Cybersecurity Measures and Online Addiction: It is crucial to implement and test proper cybersecurity measures regardless of user age. Online gaming addiction can lead to prioritizing it over everyday activities and possibly even illicit activities. It is important to practice responsible online behavior and educate oneself on cybersecurity knowledge.
Even a five-year-old kid was able to hack Xbox Live's parental controls by exploiting a vulnerability that allowed typing all spaces. This highlights the importance of cybersecurity measures being properly implemented and tested, regardless of who the user is. Additionally, the story of Mr. Daniel Kelley is a reminder that online gaming addiction can be real, leading some individuals to prioritize it over daily life activities such as attending school, and possibly leading them down a darker path like hacking. Ultimately, these stories emphasize the importance of internet safety, cybersecurity knowledge, and responsible online behaviour.
From DDoS attacks to Google dorking: A gamer's journey towards understanding cyber threats.: Cheating may offer quick results, but true skill and hard work are the foundation of success. Understanding cybersecurity threats can also help protect oneself and avoid losing interest in a beloved game or activity.
The interviewer discovered that the reason he was being kicked offline during gaming was because of a DDoS attack. He found out how the attacker was getting his IP address and decided to try it on his own. He used it only sparingly because he had achieved his ranking through skill and hard work, not by cheating. He noticed that other top-ranked players were using booters to force people to leave when a match began. This caused him to lose interest in the game. He then learned about Google dorking, which uses Google as a vulnerability scanner to find information about websites that may be useful to hackers.
The Importance of Responsible Disclosure Programs in Cybersecurity: Responsible disclosure programs play a crucial role in preventing potential malicious attacks that can result in large-scale damage. By reporting vulnerabilities to websites, individuals can help them improve their security and potentially even earn recognition.
With the help of clever Google searches and acquiring knowledge on specific vulnerabilities in websites, one can gain unauthorized access to systems and deface websites. But this can be done only for fun or under strict responsible disclosure program only. Daniel discovered this at a young age of 13. Finding a cross-site scripting vulnerability is a hard nut to crack, but he found one on Microsofts subdomain. Upon reporting it to them, their security team got back to him, confirming the vulnerability's existence and added his name to the website in acknowledgement. Responsible disclosure programs are always beneficial and can help prevent large-scale damage that might result from potential malicious attacks.
From Responsible Disclosure to Criminal Exploitation: Offering responsible disclosure programs can prevent frustration and criminal behavior among security researchers, ultimately leading to a prosperous career. It is important for companies to clarify the computer laws and offer rewards for finding vulnerabilities.
Daniel's initial intent was positive, and he began finding vulnerabilities with the hope of getting recognition or reward. However, most companies did not respond or were uninterested, which resulted in him getting frustrated. He then shared his findings with a hacker forum and ultimately joined them in exploiting the vulnerabilities. While he had not yet crossed the line into criminal behavior by just sharing vulnerabilities, it is hard to say where the line is. Different countries have different computer laws, and the UK's Computer Misuse Act is so vague that there are different interpretations of it. Companies can prevent this situation by offering responsible disclosure programs, which can lead to a prosperous career for security researchers like Daniel.
The Consequences of Exploiting Vulnerabilities and the Importance of Ethical Defenses: Reporting vulnerabilities is ethical, but exploiting them for fun is not. DDossing can cause unintended consequences, including shutting down access to critical services. Ethical defenses are crucial to protect vulnerable networks from attacks like Mirai botnets.
Reporting vulnerabilities is ethical, but exploiting them for fun is not. DDossing a college caused unintended consequences, including shutting down access to police stations and other services. Daniel's passion for computers led him to study them in college, but social anxiety made it difficult. He used DDossing as an excuse to skip class and caused class cancellation for the day. However, this was a temporary solution as classes resumed the following week. Ethical defenses against these types of attacks are crucial, especially when vulnerable networks host critical services. A Mirai botnet can be used to launch DDoS attacks that shut down websites. It is essential to make sure that the systems are secure and safe from these types of attacks.
Cyber Crime Comes with Heavy Consequences: Engage in responsible online behavior to prevent severe legal consequences and educate individuals about the implications of cyber crimes.
Attacking a school with a botnet to cancel classes resulted in arrests and multiple charges for the offender. Continuing such criminal activities even during the bail period increased the charges. The offender's curiosity about the school's ability to withstand such an attack led him to continue the offense, eventually leading to his arrest and punishment. The offender's dependence on the internet was so high that he convinced his parents to provide him with a computer even after his arrest. The consequences of engaging in such activities were severe, highlighting the need to educate individuals about the legal implications of cyber crimes and the importance of responsible online behavior.
Escalation of Online Criminal Activities and Its Consequences.: Starting with low-level online offenses can lead to more serious crimes, such as hacking and blackmailing. Criminals who find success in their activities may continue and escalate to involvement in infamous incidents.
Regularly engaging in online criminal activities can lead to escalation and more serious offenses, like blackmail, fraud, and hacking. Daniel resumed his criminal activities on the internet even after being bailed out. He convinced his parents to buy him a new device and continued with low-level offenses, then escalated to demanding money from websites he hacked. He successfully obtained ransom from an Australian company after threatening to release customer data and product source codes. After being paid, he demanded more money and sold some of the stolen data on forums. The success of this criminal activity fueled him to keep hacking and extorting, eventually leading to his involvement in the infamous TalkTalk incident.
The Costly Mistake of Underestimating Teenage Hackers: It is crucial for companies to take teenage hackers seriously and not underestimate the potential damage their attacks can cause. Even a single vulnerability can lead to significant financial and reputational losses.
A teenage hacker posts a vulnerability for big telecom company, TalkTalk, on a forum without knowing its severity, leading to several savvy users exploiting it, stealing data and selling it on darknet markets. The attack resulted in a $70 million damage to TalkTalk, causing scores of customers to cancel their service, stock tumble, and the CEO to appear before the parliament to testify about the security failure. The incident highlights the importance of acknowledging teenage hackers and taking their attacks seriously as they can cause significant destruction to a company and its highly-skilled IT staff, even from a single slip-up in server security.
The Consequences of Cybercrime: A Story of Arrest and Charges: Cybersecurity is critical in protecting ourselves against hacking and cybercrime. Using different passwords and addresses and taking responsibility for our actions are crucial. Education and following best practices can help keep us safe online.
The TalkTalk incident has serious consequences. Daniel's attempt to hack and blackmail companies using a VPN eventually led to his arrest, charge of 20 offenses, and a week or two in jail. The police were able to link his offenses by reusing one Bitcoin address. This case highlights the importance of cybersecurity and using different passwords and addresses to protect oneself against hacking and cybercrime. It also emphasizes the need to take responsibility for our actions and the consequences that follow. Cybercrime can have serious and life-changing impacts on victims and perpetrators alike. It is crucial to educate ourselves about cybersecurity and follow best practices to stay safe online.
From Cyber Criminal to Responsible Hacker: Rehabilitation is possible even after mistakes, turning skills towards responsible behaviour can have positive impacts.
The experience of spending a week in prison made Daniel realize the consequences of his actions as a cyber criminal and he decided to never re-offend again. Even when he was out on bail with restrictions, he found a positive way to use his hacking skills by reporting vulnerabilities to companies and engaging in responsible disclosure. He did this for two years and was able to mitigate his sentence by showing all the good things he did during his sentencing hearing. This shows that even after making mistakes, it is never too late to turn around and use one's skills for the greater good.
The Importance of Reporting Vulnerabilities for Internet Security: By reporting vulnerabilities, individuals can contribute to increasing internet security and receive financial rewards, thank-you letters, or letters of recommendation. CVE-assigned vulnerabilities can help prevent future attacks and responsible disclosure can have a positive impact for both individuals and organizations.
Reporting vulnerabilities can contribute to increasing internet security and lessening the impact of hacking incidents. Even without financial intent, individuals can receive financial rewards from companies for reporting vulnerabilities. The most valuable reward for some people is a thank-you letter or a letter of recommendation from the company. The CVE assigned to the vulnerability makes it easier for security tools and professionals to identify and prevent future attacks. Daniel reported vulnerabilities in over 5,000 companies and helped these entities save more money than he caused damage, showing the potential impact of reporting vulnerabilities. Daniel's actions reflect the importance of responsible disclosure and the potential positive impact for both individuals and organizations when vulnerabilities are detected and reported.
The Consequences of Cybercrime: A Tale of One Hacker: Cybersecurity is paramount, and criminal behavior has dire consequences, but even those who caused significant losses can positively contribute to society with rehabilitation and reform.
After submitting over 5,000 vulnerabilities, the hacker confidently believes that he has saved companies more money than he ever caused in damages. However, his case was complicated and caused a lot of stress which led to him becoming depressed and losing over seven stone in weight. He was sentenced to four years in prison for criminal behavior, with the judge considering his excellent behavior and positive contributions to cybersecurity. Although initially shocked at the prospect of serving twelve years, Daniel was ultimately relieved to receive a four-year prison sentence, of which he will serve half in prison and the other half in the community. His case demonstrates the importance of cybersecurity and the consequences of criminal behavior.
Daniel's Unfair Treatment in Prison: All prisoners deserve fair and humane treatment, regardless of their crimes. Mistreatment and discrimination can lead to negative consequences for both inmates and prison staff.
Daniel's experience in prison shows the mistreatment he received from the staff and guards. Despite being treated unfairly, he managed to build close friendships with gang members in prison. The prison guards were afraid of what he might do if he used any of the computers in prison, and this caused him to experience more frequent and random searches, including confiscation of even a razor he was not aware was in his cell. He was even subjected to a drug test that was not randomly allocated and eventually transferred to a worse prison. This experience highlights the need for fair and humane treatment of all prisoners, regardless of their crimes.
From Prison to Cyber-Security: Daniel's Journey of Regret and Redemption: Blackmailing can lead to severe consequences. Learning from mistakes, following rules, and striving towards a positive direction can lead to fruitful outcomes.
In prison, Daniel was convinced by gang members to put a razor in his mouth, invoking a safer custody issue to prevent transfer to segregation. The incident led to a small riot causing prison officers to leave the wing. Eventually, Daniel spat out the razor and was transferred to another prison where he spent two years. After getting out, he had to follow strict probation rules and restrictions on computer and internet use. His biggest regret was blackmailing people which ultimately led him to prison. He acknowledges the difference between hacking and blackmailing and hopes to work as a cyber-security professional someday.

Recent Episodes from Darknet Diaries

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

137: Predator

A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 05, 2023

human rights abuses

privacy and security

government surveillance

global security

illegal espionage

surveillance technology

Related Episodes

Florian Hantke - pen tester, vulnerability researcher, cybersecurity doctoral candidate

Today's Secure-in-Mind episode features a discussion with (soon to be Dr.) Florian Hantke, a candidate in the pilot intake of the CyAN mentorship pilot programmed.

Florian is conducting advanced research on vulnerability management and information security trends as part of the secure web applications group at CISPA Helmholtz, a major German academic research network. He is an accomplished penetration tester, capture-the-flag contestant, and ethical hacker.

Among the topics we visit today are an overview of his current project on using "web archeology" - using web archives to evaluate past cybersecurity trends, Florian's views on the effectiveness of information security topics in German academia and how what it entails, and his recent experience in finding and reporting a number of embarrassing web vulnerabilities.

We talk about generational differences in spotting fraud and security issues, getting into cybersecurity as an area of interest and career choice, and more.

Florian's LinkedIn: https://www.linkedin.com/in/florian-hantke-59ba0522b/
Website: https://fhantke.de/
Twitter: https://twitter.com/fh4ntke

CISPA Helmholtz Center for Information Security - https://cispa.de/

"You Call This Archaeology? Evaluating Web Archives for
Reproducible Web Security Measurements" - https://swag.cispa.saarland/papers/hantke2023archaeology.pdf

Florian's blog post describing his experiences reporting web vulnerabilities in wedding photo sharing sites: https://fh4ntke.medium.com/till-breach-do-us-part-the-uninvited-guest-at-your-wedding-2aed35755456

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Original YouTube video: https://youtu.be/zwMSUbDeYfU

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Cybersecurity Advisors Network

enSeptember 27, 2023

#94 - Melanie Rieback // Co-founder & CEO at Radically Open Security

Let’s hack cybersecurity in 2024 with Melanie Rieback, Co-founder & CEO of Radically Open Security, the world’s first not-for-profit cybersecurity consultancy with a focus on PenTesting🔏. Melanie is on a mission to fix cybersecurity consulting by putting people before profits and empowering internal teams “how to fish” 🎣. Tune in to hear about the current cybersecurity landscape from the person who not only authored a viral RFID paper (“Is Your Cat Infected with a Computer Virus?”), but also PenTested Tor, Homebrew and Greenpeace. Listen to find out: - What is the business model💸 behind Post Growth Entrepreneurship (90% of profits go towards Open Internet Initiatives via NLNet) - What to prioritise 🕵️‍♀️ in realistic internal IT policies (passwords, backups, updates..) - Internal vs. External Security Teams + Why she uses “Forgot My Password” as a “magic link” to access infrequent sites (and doesn’t remember the password on purpose) Listen here: https://alphalist.com/podcast/94-melanie-rieback-co-founder-ceo-at-radically-open-security

alphalist.CTO Podcast - For CTOs and Technical Leaders

enFebruary 01, 2024

secure website management

The State of Cybersecurity

Peggy and Natali Tshuva, co-founder & CEO, Sternum, talk about cybersecurity and the medical industry. They talk about best steps to stop the exploitation and the attack itself in realtime.

They also discuss:

How most solutions are focused on finding all vulnerabilities but it is impossible.
How the focus of cybersecurity has now moved to the device makers.
Why we need to remember to secure our legacy devices.

sternumiot.com

(03.09.2 - #709)

IoT, Internet of Things, Peggy Smedley, artificial intelligence, machine learning, big data, digital transformation, cybersecurity, blockchain, 5G cloud, sustainability, future of work, podcast

enMarch 11, 2021

Sexy Knowledge - PSW #633

This week, we welcome Kavya Pearlman, CEO at XR Safety Initiative, to talk about Who is going to protect the Brave New Virtual Worlds, and HOW?! In our second segment, we welcome Chris Painter, Commissioner at the Global Commission on the Stability of Cyberspace, to discuss Diplomacy, Norms, and Deterrence in Cyberspace! In the security news, mysterious Drones are Flying over Colorado, 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019!

Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Like us on Facebook: https://www.facebook.com/secweekly

Security Weekly Podcast Network (Audio)

enJanuary 03, 2020

'Tis the Season to Secure: How CVEs Are the Grinch for Cybersecurity

This story was originally published on HackerNoon at: https://hackernoon.com/tis-the-season-to-secure-how-cves-are-the-grinch-for-cybersecurity.
Get ready for a jolly dive into the interplay between CVEs and the ticking cyber clock, where we learn to keep our digital stockings hacker-free with tips.
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cve, #vulnerabilities, #security, #cybersecurity, #zero-day-exploits, #hackers, #alert-fatigue, #patching, and more.

This story was written by: @z3nch4n. Learn more about this writer by checking @z3nch4n's about page, and for more stories, please visit hackernoon.com.

Hackers exploit Common Vulnerabilities and Exposures (CVEs) by taking advantage of the time it takes to identify, disclose, and patch vulnerabilities. This time advantage stems from hackers being quick to identify vulnerabilities, delays in patch availability, and security teams being overwhelmed with the volume of CVEs. The CVE system itself has limitations, including limited resources, incomplete coverage, and complexity in coordinating vulnerability identification. To combat CVEs, proactive measures such as continuous monitoring, automated patch management, and user education are crucial. Promptly addressing vulnerabilities and implementing robust security measures can minimize the risk of exploitation and protect organizations from data breaches and financial losses.