Episode Details

In this episode..

ImageTragick - major flaw in open source image processing toolkit

• ImageTragick is CVE-2016-3714
• Logo & Website: https://imagetragick.com
• Has a logo, so it must be yuge
• Is this really that big of a deal? How many are impacted potentially?
• https://blog.sucuri.net/2016/05/imagemagick-remote-command-execution-vulnerability.html
• Remote code execution, with minor caveats - likely darn near everywhere

Detroit company loses $495k to wire fraud

• Source was a faked email to make a wire transfer
• Why didn’t someone verify this?!
• http://www.detroitnews.com/story/news/local/oakland-county/2016/05/03/troy-investment-company-hacked/83879240/
• Will insurance pay out?
• Is the policy change too little too late? How can other companies learn from this?

The Ransomware Epidemic (Optiv blog)

• Is there an epidemic at play here?
• Why the switch to ransoming people’s data
• Is this a viable business model for cyber criminals?
• https://www.optiv.com/blog/ransomware-part-1-is-this-an-epidemic

Undetectable flaw in Qualcomm-powered Android phones is a huge deal

• Input sanitization flaw (again?!)
• At risk is 34% users running Android 4.3 and earlier
• Text messages and call histories accessible in plain text
• An "undetectable" software flaw in Qualcomm Snapdragon-powered Android smartphones could lay bare users' text messages and call histories to hackers
• http://www.computing.co.uk/ctg/news/2457217/undetectable-qualcomm-code-vulnerability-lays-bare-android-users-text-messages-and-call-histori

White Hat hacker sent to the clink for going too far

• Found (accidentally?) a SQL Injection flaw then used a tool to pull data out
• Obviously went too far, right?
• Where was the 'responsible' or 'reasonable' notification to victim?
• This headline is deceptive, and misrepresents the story:
  • http://www.infosecurity-magazine.com/news/white-