Christian Science Monitor – Passcode at SXSW: Ad blockers, spies, hackers, and Hollywood

Find us at SXSW, where Robert will be speaking on a panel: Connected Cities, Hackable Streets.

In cities around the world, street lights, public transit systems, and electric meters are already connected to the internet. Soon, smartphone controlled, self-driving cars will roam cities and every part of the urban fabric could be Wi-Fi enabled. While tomorrow’s smart cities will usher in efficiencies and convenience, they’ll also bring about security threats and vulnerabilities. Hackers have already demonstrated they can remotely take over cars and switch off traffic lights. So, how can urban planners and engineers build cities of the future that are resilient enough to guard against cunning criminal hackers who may want to bring Singapore or San Francisco to a grinding halt?

Featuring: Tom Cross, Drawbridge Networks; Robert Hansen, founder of OutsideIntel. Moderated by Nadya Bliss, Global Security Initiative, Arizona State University. JW Marriott Salon 6. 12:30 – 1:30 p.m.

Read Full Article

Cloudflare’s Cloudbleed Surface Area

With the recent findings by Google’s Project Zero with regard to sites hosted at Cloudflare being vulnerable to an attack dubbed Cloudbleed, there has been a lot of talk about which sites might be in scope for this attack and which users of those sites should be concerned. This has widespread implications for passwords, secret questions/answers, credit cards, API keys, etc.

People have been helpfully attempting to find the total list of domains that are in scope since it wouldn’t behoove Cloudflare to out their customer list. For instance this Github page lists 4,288,852 Cloudflare sites that are potentially in scope.

Using OutsideIntel I was able to uncover that same number plus an additional 1,030,501 sites that are potentially in scope. In total that comes to 5,319,353 domains (about a 24% increase).

You can download the master list here (27M gzip compressed format). It contains both lists de-duped into one master list. If you are running a Linux derivative you can check the sites you are interested in by doing something like:

$ egrep -Z "\.tanium\.com$" cloudflare-list.txt.gz
content.tanium.com
forums.tanium.com
kb.tanium.com
www.tanium.com
$

I hope that’s helpful! Please change your passwords, secret questions and answers, API keys, etc. for any sites you deal with within this list, just to be safe.

Want to learn more about your IT assets, or those of your competitors, customers, vendors, partners, etc? Click here to get access to OutsideIntel.