Episode320

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Episode Media

MP3

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 320 for Tuesday February 12th, 2013

  • Come to Security BSides Rhode Island One-Day Conference on June 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray ,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 8:30PM EST. Come have a cigar with us!

Interview: Craig Heffner

Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has 6 years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses. His skin has never been exposed to sunlight and is bioluminescent at 200 meters (656 feet) below sea level.

As a benefit to being a PaulDotCom listener, Craig is offering a 10% discount to his TNS Embedded Device Exploitation class. Get your discount coupon here.

Craig-heffner.jpg

  1. How did you get your start in information security?

Five Questions:

  1. If you were a serial killer, what would be your weapon of choice?
  2. Three words to describe yourself?
  3. If you had to write a book about yourself, what would it be?
  4. Stranded on a deserted island, which tablet would you take with you if you could only choose one: iPad, Android or Surface?
  5. In the popular game of ass grabby-grabby would you prefer to go first or second?

Announcement

  • Special Mardi Gras recording on Tuesday the 12th featuring a special appearance by Jack Daniel's beads!
  • We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.

Guest Tech Segment: Josh Wright

Code by Josh

  • Progressive blur plugin – gets more blurry over time!
  • Play kitten wars - find out which one is cuter!
  • Present old (archived) versions of webpages in lieu of the current page via SquidProxy.
  • Replace all images with cute cat on laptop picture!
  • Add animated happy words to images!

and even worse....

  • Redirect google searches to bing!

Stories

Paul's Stories

Just some talking points this week:

  1. 10 ways to reduce security headaches in a BYOD world
  2. Document Metadata Cleaner strips personally identifiable metadata from your files
  3. Unlocking Ma Bell: How Phone Phreaks Came To Be
  4. It's Now Illegal to Unlock Your Cellphone - ABC News
  5. Bizarre Google search bug benefits porn websites | Naked Security
  6. Hacked US TV Channels report zombie apocalypse has begun

Larry's Stories

Oh the tales that Jack's beads would tell

  1. Not light reading, but Microsoft has released their Special Edition Security Intelligence Report Released - How Socio-economic Factors Affect Regional Malware Rates
  2. Cheapskate code review results for Kim Dotcom (who the heck calls themselves "dotcom"?!?!). Mega offered a bug bounty on the new cloud storage service- and bugs were found. Lots of them.
  3. Shame hackers don't "trade in their stolen goods" according to this Globe and Mail editorial.

Allison's Stuff

  1. Chinese spying targeting US businesses US Gov releases a report that summarizes what we already know. There is a systematic effort from Chinese hackers to spy on US businesses
  1. Bush family emails hacked
  1. 11 year old creates a Runescape trojan Reminds me of the good old days.
  1. Hacker arrested after taunting police with clues attached to cat This is a follow up to the story about the Japanese hacker who hijacked people's computers and made bomb threats from those machines. After arresting the wrong people plenty of times, police apparently found and arrested the right person.

Patrick's Stories

  1. Jeremiah Grossman got hacked - by himself! What do you do when you lose the keys to the secret sauce recipe? Call in the password hackers! What initially made it tough is the security he was using on his password was no joke: "Grossman's AES256-encrypted DMG used a staggering 250,000 rounds of PBKDF2-HMAC-SHA-1"
  2. Bit9 accidentally signs malware for its customers - "Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network." Some say the irony is this problem was probably discovered by their customers' anti-virus product. But this quote from Bit9 confuses me: "There is no easy answer to a world where there are sophisticated actors continuously targeting every company and individual and whose primary goal is to steal information, whether for profit, power or glory. This is not fear-mongering or hype—everyone in the security business knows this fact. This is the state of cybersecurity today, and we are all frustrated and angered by it."
  3. Super Bowl Got Social Engineered and two Savannah State U students video recorded themselves doing it.