Skip to main content
ISTS - i sh0t the sheriff

ISTS - i sh0t the sheriff

By ISTS

ISTS - i sh0t the sheriff
Desde 2006, o podcast de segurança da informação do Brasil | luiz eduardo | nelson murilo | willian caprino |
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

ISTS Edição Especial Mind the Sec 2020 - Dia 3

ISTS - i sh0t the sheriffOct 15, 2020

00:00
47:10
Edição 142 - 30.08.2023
Sep 04, 202301:03:00
Edição 141 17.07.2023
Jul 24, 202301:10:00
Edição 140 15.06.2023
Jun 19, 202357:00
Edição 139 - 19.04.2023
Apr 26, 202350:15
Ediçao 138 - 16.03.2023
Mar 21, 202351:03
Edição 31 - 27.08.07

Edição 31 - 27.08.07

1 hora e 4 minutos

Eventos

SSI (ITA) no more (?)


24th Chaos Communication Congress 2007: Call for Participation
December 27th to 30th, 2007
Berlin, Germany

http://events.ccc.de/congress/2007/



POC
Date of POC 2007
• Date: November 15 ~ 16
• Venue: Seoul Kyoyuk MunHwa HoeKwan.
POC 2007 Call for Papers (August 23, 2007)
eadline of Submission: September 30, 2007
All submission must include PPT and WORD in English with your brief biography.
http://www.powerofcommunity.net/notice.html



Noticias


Fonelista
http://comercio.fonelista.com.br/cadastro.html?Submit=Incluir+meu+Telefone%21


iPhone Unlocked
http://www.engadget.com/2007/08/24/iphone-unlocked-atandt-loses-iphone-exclusivity-august-24-2007/
http://www.iphonesimfree.com/


Researcher crosses swords with Google over XSS 'flaw'
http://www.theregister.co.uk/2007/08/21/google_modules_security_debate/




-

Assunto 1


[Dailydave] Myth: The US is more vulnerable to information warfare because it is more reliant on information technology
http://lists.immunitysec.com/pipermail/dailydave/2007-August/004524.html


Assunto 2


Hacking Germany's New Computer Crime Law
http://www.darkreading.com/document.asp?doc_id=132255&WT.svl=news1_2

Feb 23, 202301:04:35
Edição 21 - 5.28.2007

Edição 21 - 5.28.2007

1 hora

Eventos

ICCyber
CPF
Sofitel Jequitimar Hotel in Guarujá/SP, Brazil,
26 a 28 de setembro de 2007

RSA Conferece - Europe
22-24 de outubro Londres, UK

T2 - Challenger
Event T2'07 - Information Security Conference
Date October 11 - 12, 2007
Venue Hilton Helsinki Kalastajatorppa, Kalastajatorpantie 1
Price 1200EUR + VAT 22 %

VNSECON 07 CPF

CALL FOR PARTICIPATION
DIMVA 2007 - CfP
July 12 - 13, 2007

CPF for defcon 15
The qualifying contest will start at 1 June 2007 @ 2200 EST and end 3 June
2007 @ 2200 EST.

Noticias

Diretamente do diário do internet storm center do SANS
Auscert day 2 update
Chkrootkit
Nelson Murilo (Pangeia) is the author of chkrootkit. He explained where the idea came from and took us through the different generations of the
products over the last 10 years.

PHRACK is back !

From the introduction "As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine. We
look forward to the next 20 years". This is how the PHRACK63 Introduction was ending, telling everybody that the Staff would have changed and to expect a release sometimes in 2006/2007. This is that release. This is the new staff.

- ---

Concurso de vinhetas.
Prêmio: um pendrive com criptografia e leitor biométrico.

- ---

Assunto 1)
Ameaças internas são sempre um problema

Música da Semana: in a little while... U2

Assunto 2)
Perspective: Who says security breaches are small potatoes?

Feb 23, 202359:33
Edição 14 - 3.20.2007

Edição 14 - 3.20.2007

48 minutos

Call for Papers:
This edition of
IT Underground Dublin: 20 - 22 Julho 2007.
DeepSec IDSC 2007 Viena/Austria: 20-23 Nov 2007.

Noticias:
Go Daddy sofre ataque do tipo DoS
Chamada para escritores. Interresados em escrever um capítulo sobre anti-forense e insegurança, contactem para Jeimy J. Cano, editor, (jjcanoatyahoo.com) até 1 de Maio de 2007.
Abril é o mês dos bugs do MySpace
Comprovado: Schneier ouve I shot the sheriff. Ele nos ouve e depois posta no blog dele:
Chamada para Happy Hours na época da Security Week

Vista:
Como postergar a ativação
Um Rootkit pode ser certificado para rodar no Vista?

Música da semana: Know Your Enemy - Rage Against the Machine

Jogos on-line podem ser uma ameaça à segurança

Feb 23, 202347:32
Edição 82 - 30.09.2014

Edição 82 - 30.09.2014

Duração 52 minutos


Eventos

Bluehat
Roadsec
Sacicon
H2HC
ekoParty
Black Hat São Paulo
Baythreat
31C3
DerbyCon
(e vídeo do garoto de 8 anos usando o SET)

Outros assuntos discutidos nesta edição

John McAfee video e ultimas noticias

IOS 8 Randomizando o endereço MAC
e mais uma análise do assunto

ShellShocker
e mais detalhes
Client-side DHCP POC

Gartner e o futuro

Acabou o Orkut e chegou o Ello

Kevin Mitnick e 0-days

NFC security

Black Hat O Filme

Feb 22, 202351:54
Edição 83 - 21.10.2014
Feb 22, 202356:05
Edição 137 - 14.02.23
Feb 22, 202357:00
Edição 136 17.01.2023
Jan 23, 202347:15
Edição 135 - 22.12.22
Dec 23, 202201:07:00
Edição 134 16.11.22
Nov 22, 202254:46
Edição 133 - 25.10.2022
Oct 31, 202201:21:44
Edição 132 - 01.09.2022

Edição 132 - 01.09.2022

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: Halfmouth Podcasts 

Some Music from: https://www.bensound.com

Eventos:

CyberSecurity Summit  2022 

DEF CON e Black Hat como foi?

https://www.vice.com/en/article/88qxdz/hacker-conference-def-con-bans-pro-trump-outlet-oan

https://www.theregister.com/2022/08/15/black_hat_covid/

https://hackaday.com/2022/08/14/starlink-ground-stations-successfully-hacked/

https://www.theregister.com/2022/08/16/john_deere_doom/

https://www.vice.com/en/article/y3pwqx/hackers-took-over-a-commercial-satellite-to-broadcast-hacker-movies

https://defcon.outel.org/consolidated_page_split_Sat.html#AAVMV_f951fe8a642cec6da8016b461dac0b10

https://defcon.outel.org/consolidated_page_split_Fri.html#AAPLV_7ec0d25db7da7de46a596ea974018217


Notícias:

https://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html

https://www.cnn.com/2022/08/24/tech/peiter-zatko-twitter-whistleblower-profile/index.html

https://www.theguardian.com/technology/2022/aug/30/elon-musk-adds-whistleblower-claims-to-list-of-reasons-for-ending-twitter-deal

https://www.theguardian.com/technology/2022/aug/29/how-to-shut-down-the-internet-and-how-to-fight-back

https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html

https://www.vice.com/en/article/88q8ak/kaspersky-employees-say-they-were-asked-to-resign-because-they-wanted-to-leave-russia

Música: 

Mais notícias:

https://www.vice.com/en/article/qjkvxv/how-a-third-party-sms-service-was-used-to-take-over-signal-accounts

https://www.theguardian.com/technology/2022/aug/18/apple-security-flaw-hack-iphone-ipad-macs

https://nakedsecurity.sophos.com/2022/08/31/urgent-apple-quietly-slips-out-zero-day-update-for-older-iphones/

https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m?utm_content=bufferf67ab&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer

https://spreadprivacy.com/protect-your-inbox-with-duckduckgo-email-protection/

https://www.hackread.com/cisco-confirms-breach-employee-google-account-hacked/

https://www.zdnet.com/article/lastpass-hacked/


Seção Abobrinha 

https://gizmodo.com/spacex-south-korea-moon-launch-pathfinder-lunar-orbiter-1849373010

https://www.washingtonpost.com/technology/2022/08/30/spacex-t-mobile-starlink-satellite/

https://www.theverge.com/2022/8/30/23329610/royal-caribbean-spacex-starlink-cruise-ships-celebrity-silversea

https://olhardigital.com.br/2022/08/30/reviews/iphone-14-pode-ter-conectividade-via-satelite-mas-isso-depende-de-acordos/

https://www-vice-com.cdn.ampproject.org/c/s/www.vice.com/amp/en/article/akek8e/walmart-30tb-ssd-hard-drive-scam-sd-cards

https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research


Sep 06, 202201:23:30
Edição 131 - 19.07.2022
Jul 24, 202201:00:17
Edição 130 - 22.06.2022
Jul 04, 202257:52
Edição 129 08.06.2022

Edição 129 08.06.2022

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: Halfmouth Podcasts 

Some Music from: https://www.bensound.com

Eventos:

YSTS

BHack Ingressos a venda

Evento tech, não exatamente de segurança

Notícias:

https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.htm

https://www.infosecurity-magazine.com/news/evil-corp-changes-ransomware/

https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/

https://www.darkreading.com/threat-intelligence/mandia-keep-shields-up-to-survive-the-current-escalation-of-cyberattacks?_mc=NL_DR_EDT_DR_daily_20220608&cid=NL_DR_EDT_DR_daily_20220608&sp_aid=111122&elq_cid=34635899&sp_eh=cc1532bb1a740047a430b84b126dac15ea5c1eee9dcf92b46e734cc987bafd4f&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.08.22&sp_cid=45166&utm_content=DR_NL_Dark%20Reading%20Daily_06.08.22


Música


Mais notícias:

https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html

https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices?_mc=NL_DR_EDT_DR_daily_20220608&cid=NL_DR_EDT_DR_daily_20220608&sp_aid=111122&elq_cid=34635899&sp_eh=cc1532bb1a740047a430b84b126dac15ea5c1eee9dcf92b46e734cc987bafd4f&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.08.22&sp_cid=45166&utm_content=DR_NL_Dark%20Reading%20Daily_06.08.22

https://g1.globo.com/mg/minas-gerais/bom-dia-minas/video/hacker-invade-painel-de-publicidade-e-exibe-video-porno-em-montes-claros-10628370.ghtml

https://g1.globo.com/rj/rio-de-janeiro/noticia/2022/05/27/paineis-de-aeroporto-sao-hackeados.ghtml


Seção Abobrinha Aeroespacial

https://g1.globo.com/inovacao/noticia/2022/06/06/brasileiro-no-espaco-perguntas-e-respostas-sobre-voo-da-blue-origin.ghtml

https://www.space.com/spacex-starship-deploy-starlink-satellites-pez-dispenser

https://www.virgingalactic.com/sign-up





Jun 13, 202250:24
Edição 128 10.05.2022
May 16, 202250:45
Edição 127 28.04.22
May 02, 202201:00:00
Edição 126 - 05.04.22
Apr 11, 202250:12
Edição 125 15.03.2022

Edição 125 15.03.2022

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: Halfmouth Podcasts 

Some Music from: https://www.bensound.com

Eventos

https://www.virusbulletin.com/conference/vb2022/call-papers1/

VB2022 will take place in Prague, Czech Republic, from 28 to 30 September 2022.

BHAck - 26 e 27 de Novembro, Belo Horizonte. 

Notícias:

https://www.elindependiente.com/economia/2022/02/28/telefonica-crea-el-primer-puesto-directivo-para-el-metaverso-y-pone-al-frente-a-yaiza-rubio/

https://www.vice.com/en/article/akvya5/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead?utm_source=email&utm_medium=editorial&utm_content=tech&utm_campaign=220228

https://www.armis.com/research/tlstorm/

"Meu dados vazaram e tudo que eu tenho é essa camiseta"

Música: https://www.youtube.com/watch?v=NxeybUo7whY

Mais Noticias:

https://www.itsecurityguru.org/2022/03/16/german-government-warns-against-using-kaspersky/?utm_source=feedly&utm_medium=rss&utm_campaign=german-government-warns-against-using-kaspersky

https://nakedsecurity.sophos.com/2022/03/16/russian-actors-bypass-2fa-story-what-happened-and-how-to-avoid-it/

https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/

https://www.schneier.com/blog/archives/2022/03/breaking-rsa-through-insufficiently-random-primes.html

Seção Abobrinha

https://interestingengineering.com/elon-musk-starlink-satellite-ukraine

https://www.teslarati.com/elon-musk-starlink-ukraine-most-downloaded-app

https://www.nytimes.com/2022/03/15/us/politics/submarine-spy-brazil.html



Mar 21, 202201:00:38
Edição 124 17.02.22
Feb 21, 202201:14:41
Edição 123 - 02.02.22
Feb 07, 202201:16:06
Edição 122 - 18.01.22
Jan 24, 202201:06:51
Edição 121 20.12.2021
Dec 28, 202157:16
Edição 120 - 01.12.2021
Dec 07, 202150:59
Edição 119 - 10.11.2021
Nov 16, 202145:15
Edição 118 - 06.10.2021
Oct 13, 202101:00:44
Edição 117 - 31.08.2021
Sep 08, 202101:03:45
Edição 116 - 17.08.2021
Aug 23, 202101:03:22
Edição 115 - 05.08.2021
Aug 09, 202101:00:13
Edição 114 - 22.07.2021
Jul 26, 202101:15:56
Edição 113 - 06.07.2021
Jul 12, 202156:08
Edição 112 - 22.06.2021
Jun 25, 202159:31
Edição 111 - 08.06.2021
Jun 11, 202152:29
Edição 110 - 25.05.2021
May 26, 202159:24
Edição 109 - 05.05.2021
May 10, 202101:08:50
Edição 108- 23.04.2021
Apr 26, 202101:13:03
Edição 107 - 06.04.2021

Edição 107 - 06.04.2021

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: MJ Podcasts e Comunicações

Patrocínio: Thycotic - https://thycotic.com/


Eventos:

Black Hat deve abrir registration agora em Abril

CanSecWest acontecendo nas próximas semanas (cada semana um pouco de coisa)


Notícias:

Facebook says leak of 533m accounts is old news. But my date of birth, name, etc haven't changed in years, Zuck

https://www.theregister.com/2021/04/05/facebook_data_dump/

https://mashable.com/article/zuckerberg-on-signal/


E lá, a internet parou.

https://www.theguardian.com/world/2021/feb/17/myanmars-internet-shutdown-whats-going-on-and-it-crush-dissent


Ameaças a infraestruturas críticas, follow-up, acho que falamos disso há umas edições atrás.

https://newsopener.com/product-reviews/the-threat-to-the-water-supply-is-real-and-only-getting-worse/


US nuclear command agency’s gibberish tweet was sent by a child

https://grahamcluley.com/us-nuclear-command-agencys-gibberish-tweet-was-sent-by-a-child/


Musica: Accepted the Risk

https://www.youtube.com/watch?v=9IG3zqvUqJY


Mais Noticias:

Google lança seu próprio chip para Telefones e Chromebooks

https://www.engadget.com/google-silicon-whitechapel-pixel-6-170200955.html


E como falamos de VR headsets de realidade aumentada

https://www.forbes.com/sites/ginaheeb/2021/03/31/microsoft-wins-22-billion-army-contract-for-augmented-reality-headsets/?sh=5d347cda65d4


E achávamos que só com Wi-Fi já estava bom.

https://www.independent.co.uk/life-style/gadgets-and-tech/brain-computer-interface-braingate-b1825971.html


Utah contrata empresa de monitoração com AI que não tinha AI.

https://www.vice.com/amp/en/article/pkd7pk/banjo-ai-surveillance-utah-contract


Hahahahaha

https://www.nbcnews.com/science/space/first-time-scientists-find-x-rays-coming-uranus-n1262897




Apr 08, 202155:28
Edição 106 - 23.03.2021

Edição 106 - 23.03.2021

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: MJ Podcasts e Comunicações

Patrocínio: Thycotic https://thycotic.com/


Eventos: Nada não.

Noticias:

E a semana (passada) começou com o Microsoft Teams capenga.

https://www.theverge.com/2021/3/15/22332539/microsoft-teams-down-outage-connectivity-issues

E os seus pontos de fidelidade?

https://techcrunch.com/2021/03/04/sita-airline-passenger-breach/#:~:text=Global%20air%20transport%20data%20giant,U.S.%20servers%20had%20been%20breached.

(placas NViDIA com limitação pra minerar Ethereum, que falamos em uma edição passada,  são desbloqueadas acidentalmente com uma atualização do driver)

https://www.theverge.com/2021/3/16/22333544/nvidia-rtx-3060-ethereum-mining-rate-limit-unlock-driver

Receita da semana: Macarrão do Tik Tok


Tragédia do deepfake

https://blog.knowbe4.com/mom-charged-in-deepfake-cheerleading-plot

Depois do Oculos, Facebook lendo a mente das pessoas?

https://newatlas.com/vr/facebook-wrist-ar-control-neuromotor/?utm_source=tldrnewsletter


Música:  The Trooper Version Andina

South Park episode:

https://www.youtube.com/watch?v=cnYAOSrTQaI


Mais Notícias:

Trojan disfarçado de clubhouse app pra android.

https://www.zdnet.com/article/fraudsters-jump-on-clubhouse-hype-to-push-malicious-android-app/

Apple permite que aplicações específicas sejam instaladas nos iPhones vendidos na Rússia.

https://9to5mac.com/2021/03/16/russia-pre-install-iphone-apple/

Na mesma linha:

Governo Britanico logando acessos a sites e etc

https://www.newsbreak.com/news/2182510178451/the-uk-is-secretly-testing-a-controversial-web-snooping-tool

Enquanto isso, China bloqueia o app Signal.

https://www.newsbreak.com/news/2183201265221/encrypted-messaging-app-signal-blocked-in-china


Mar 26, 202153:29
Edição 105 - 09.03.2021

Edição 105 - 09.03.2021

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: MJ Podcasts e Comunicações

Patrocínio: https://www.halfmouthsecurity.org/


Eventos: 

https://conference.auscert.org.au/ (11th - 14th May 2021 // The Star Hotel, Gold Coast, Australia // In person & virtual)


https://www.rsaconference.com/Events/2021-USA

(17-20 de Maio - 100% virtual)  


https://sector.ca

(1-4 de Novembro - Hibrido) 


Noticias:


https://www.securezoo.com/2021/02/microsoft-launches-phase-2-fix-for-netlogon-elevation-of-privilege-vulnerability-cve-2020-1472/


https://www.darkreading.com/threat-intelligence/microsoft-fixes-exchange-server-zero-days-exploited-in-active-attacks/d/d-id/1340305?_mc=NL_DR_EDT_DR_daily_20210303&cid=NL_DR_EDT_DR_daily_20210303&elq_mid=102440&elq_cid=34635899


https://gizmodo.com/someone-is-hacking-the-hackers-1846406428


https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/


Música 「Dschinghis Khan」


Mais Notícias:


https://www.thetimes.co.uk/article/deepfake-videos-of-tom-cruise-watched-by-millions-tr8lkmfdk?utm_medium=Social&utm_source=Twitter#Echobox=1614620214


https://news.sky.com/story/creator-of-viral-tom-cruise-deepfake-wants-to-raise-awareness-over-trick-videos-12237680


https://www.theregister.com/2021/03/03/qualys_ransomware_clop_gang/


https://twitter.com/officialmcafee/status/1357967289862283264?s=20


https://www.imore.com/author-takes-twitter-after-breaking-icloud-true-last-name


Pergunta do ouvinte: Qual é o nome do livro sobre singularidade que eu falei


Mar 11, 202146:13
Edição 104 - 23.02.2021
Feb 25, 202143:43
Edição 103 - 09.02.2021

Edição 103 - 09.02.2021

Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino

Produção: MJ Podcasts e Comunicações

Patrocínio: https://www.halfmouthsecurity.org/


Eventos:

  1. The Call for Papers for VB2021 is open until 21 March.
  2. BLACK HAT ASIA 2021 - May 4-7, 2021 - This event will be fully Virtual.
  3. BLACK HAT USA 2021 - July 31-August 5, 2021 - Mandalay Bay Convention Center, Las Vegas
  4. CanSecWest Virtual


Noticias:

https://pollevanhoof.be/nuggets/smart_cards/nespresso

Update do cinto de castidade

https://www.forbes.com/sites/brucelee/2021/02/06/chastity-belt-ransomware-how-hackers-held-peoples-genitals-hostage/?sh=59aa3fe792b2

Domínios hijacked

https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html

https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/

Security Researchers Push for 'Bug Bounty Program of Last Resort

https://www.darkreading.com/application-security/security-researchers-push-for-bug-bounty-program-of-last-resort/d/d-id/1340081?_mc=NL_DR_EDT_DR_daily_20210208&cid=NL_DR_EDT_DR_daily_20210208&elq_mid=101978&elq_cid=34635899

https://www.forbes.com/sites/daveywinder/2021/02/05/google-chrome-update-gets-serious-hackers-already-have-high-severity-attack-code/?sh=1f2f829d30f1


Música: Bota no meu pix


Mais Noticias:

https://www.metropoles.com/brasil/economia-br/mulher-usa-pix-para-tentar-reatar-namoro-e-revela-furo-no-sistema

https://www.darkreading.com/vulnerabilities---threats/advanced-threats/microsoft-says-its-time-to-attack-your-machine-learning-models/d/d-id/1340072

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Não necessariamente falando de segurança, mas

https://9to5mac.com/2021/02/04/apple-mixed-reality-headset/?utm_source=tldrnewsletter

https://www.ibtimes.co.in/facebook-reality-labs-working-teleporting-mark-zuckerberg-hints-it-clubhouse-chat-832897?utm_source=tldrnewsletter

Feb 11, 202155:52
Edição 102 - 27.01.2021
Jan 28, 202148:46
Edição 101 - 12.01.2021
Jan 13, 202153:21
Edição 100 - 15.12.2020
Dec 18, 202001:01:45
Edição 99 - 01.12.2020
Dec 03, 202049:31
Edição 98 - 17.11.2020
Nov 20, 202058:30