Risky Business #332 -- Evading IDS with Multipath TCP

Multi-stream fragmentation is the new black...
01 Aug 2014 » Risky Business

In this week's feature interview we're chat with Catherine Pearce of Neohapsis about some research she'll be presenting at BlackHat next week with her colleague Patrick Thomas. They're doing a talk all about Multipath TCP, and yes, it's exactly what it sounds like and yes, it's great for doing stuff like IDS evasion and confusing firewalls.

In this week's sponsor interview we speak with Senetas CTO Julian Fay about the so-called BADA55 paper. Senetas is about to ship elliptic curve algos with its gear -- is it reconsidering now we know that elliptic curves can be subverted? No way! Tune in to find out why.

Show notes

WikiLeaks publishes court suppression order over what Julian Assange calls 'unprecedented' case of censorship | News.com.au
http://www.news.com.au/technology/online/wikileaks-publishes-court-suppr...

Tor security advisory: "relay early" traffic confirmation attack | The Tor Blog
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traff...

Tor hidden services attacks deanonymize users | Threatpost | The first stop for security news
http://threatpost.com/tor-sniffs-out-attacks-trying-to-deanonymize-hidde...

Russia publicly joins war on Tor privacy with $111,000 bounty | Ars Technica
http://arstechnica.com/security/2014/07/russia-publicly-joins-war-on-tor...

Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED
http://www.wired.com/2014/07/usb-security/

Dark Reading Radio: Data Loss Prevention (DLP) Fail
http://www.darkreading.com/perimeter/dark-reading-radio-data-loss-prevention-(dlp)-fail/a/d-id/1297650?

Your iPhone Can Finally Make Free, Encrypted Calls | Threat Level | WIRED
http://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the...

arxiv.org/pdf/1407.4923v1.pdf
http://arxiv.org/pdf/1407.4923v1.pdf

Instasheep: Coder builds tool to hijack Instagram accounts over Wi-Fi | Ars Technica
http://arstechnica.com/security/2014/07/instasheep-coder-builds-tool-to-...

seL4 Secure Microkernel Made Open Source | Threatpost | The first stop for security news
http://threatpost.com/secure-microkernel-sel4-code-goes-open-source/107506

Hackers Plundered Israeli Defense Firms that Built 'Iron Dome' Missile Defense System - Krebs on Security
http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-fir...

CIA admits to spying on Senate committee - CNET
http://www.cnet.com/au/news/cia-admits-to-spying-on-senate-computers/

China rebuffs Canada for 'irresponsible' hacking claims - CNET
http://www.cnet.com/au/news/china-rebuffs-canada-for-irresponsible-hacki...

Service Drains Competitors' Online Ad Budget - Krebs on Security
http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-...

The App I Used to Break Into My Neighbor's Home | Threat Level | WIRED
http://www.wired.com/2014/07/keyme-let-me-break-in/

Microsoft Releases EMET 5.0 Exploit Mitigation Tool | Threatpost | The first stop for security news
http://threatpost.com/microsoft-releases-new-version-of-emet-exploit-mit...

Crouching Yeti APT Campaign Stretches Back Four Years | Threatpost | The first stop for security news
http://threatpost.com/crouching-yeti-apt-campaign-stretches-back-four-ye...

New Backoff PoS Malware Identified in Several Attacks | Threatpost | The first stop for security news
http://threatpost.com/new-backoff-pos-malware-identified-in-several-atta...

Neohapsis Labs | Multipath TCP - BlackHat Briefings Teaser
http://labs.neohapsis.com/2014/07/29/multipath-tcp-blackhat-briefings-te...

We Never Change | Every Day Carry
http://everydaycarry.bandcamp.com/track/we-never-change

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: