Episode353

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Episode Media

MP3 pt1

MP3 pt2

Announcements

Security Weekly - Episode 353 for Thursday November 14th, 2013

  • We've released a book on Offensive Countermeasures! Visit tinyurl.com/OCM-Amazon to add this to your summer reading list.
  • We are looking for sponsors for our weekly webcasts and shows. Contact paul -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
  • Larry teaching SANS classes: Check out his SANS page for the details" 617 in DC in December, and in Orlando in March, Also 571 at RSA

Guest Interview: Kyle 'esSOBI' Stone (@essobi)

Biography:

Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.


  1. You gave a talk at derbyCON about botnets, what are you seeing in your research, what are the trends?
  2. What are the largest threats out there in terms of security and personal information?
  3. In your embedded device research, what keeps you up at night?
  4. Do you have any real life examples you could share?




  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. Stranded in a desert island, which tablet would you bring along: a) iPad b) Surface c) Android d) All of the above e) None of the above?

Deciphering Episode 350 Crypto Challenge with Mike Connor (@themikeconnor)

Link to start the challenge: Episode350 challenge



Biography:

Mike is currently a senior member of the Analysis team at Dell SecureWorks. He is a big supporter of all things Chicago, specifically THOTCON , BsidesChicago, and all of the different Burbsec groups.

Stories


Paul's Stories

  1. It’s the little things that count | Andy ITGuy - Information Security Blog
  2. "Healthcare.gov will eventually be functional
  3. Defenders Still Chasing Adequate Threat Intelligence Sharing
  4. Research Into BIOS Attacks Underscores Their Danger
  5. Barracuda Web Application Firewall Now In AWS Marketplace
  6. Hackers Take Limo Service Firm for a Ride — Krebs on Security
  7. Attacking the Spanning-Tree Protocol
  8. 4 reasons BadBIOS isn't real | Security - InfoWorld

Larry's Stories

  1. In the "reinvent the wheel department… - [Larry] - You know how reinventing encryption and trying to implement your own is never a good idea? Yeah, that's is what the TSA tried todo for profiling, and it only cost $1Billion (yes, with a B) and failed miserably. So, like profiling and encryption, go with the thried, true and vetted. If you don't they are bound to fail…
  2. Brickable car - [Larry] So when I saw this article I thought OMG HAX, but turns out that it is different. With the REnault Zoe electric car, you lease the batteries that contain "DRM". If you don't make your payment, they render the batteries unusable. Ok, I get it that's cool. wait, how does the data get to the provider? what happens if I spoof responses, or requests? can I brick someone else's car or filter the messages? So many hacks, so little time.
  3. Happy hour virus - [Larry] - L love the kernel panic.
  4. Multiplexed attack surface - [Larry] - yes, manufacturers use the same connector to do multiple signals…by leveraging different frequencies and unused pins…
  5. Your phone's hidden OS - [Larry] - and it is hugely vulnerable. Wait, I have a hidden OS on my phone? Yes, the radio baseband…the big question is how does one test for it.
  6. Hacking GSM on the cheap - [Larry] This is one that we talk about in 617, but at signifigantly higher cost. Wth this, you can use an inexpensive DVB tuner (or hackrf, bladeRF, funcube dongle, etc). The only thing I'm missing is Kraken and the rainbow tables (at about 2G). Can anyone help me out?
  7. Recon-NG Updates - [Larry] - Cool stuff, and good changes to the base framework.

Allison's Stories

Jack's Stories

  1. U.S. Postal Service Logging All Mail for Law Enforcement Privacy, what's that?
  2. New from Rob Graham of Errata, isowall, a simple isolating firewall.
  3. Interview with the Grugq
  4. New version of LastPass is out. If it makes you as cranky as it makes me, try this to use version 2 mode.

Carlos Stories

  1. Cisco stock tumbles over company's sales projections Blames NSA - We are starting to see companies using the NSA leeks to explain lower percentages in sales, can this be true or just a smoke screen for a slowing market with competitors with lower prices and margins?
  1. Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own - Chrome on Android has fallen, I do see lack of APIs and good tools to control and manage mobile devices are going to make this the prefer attack target in the next couple of years.