SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
Paul's Security Weekly - Episode 376 for Thursday June 5th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out Tenable's other cool products such as the passive vulnerability scanner and SecurityCenter Continuous View. Visit them on the web at www.tenable.com
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, he has a very small number of cells in his vienna sausage, Paul Asadoorian!"
- Security Weekly Updates::
- Be sure to check out our new 4 day Active Defense and Offensive Countermeasures class at Black Hat Vegas!
- SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Stay tuned for updates, registration, discount codes and sneak previews!
- You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
- Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details
Guest Interview: Michael Ossman
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of Ass Grabby Grabby do you prefer to go first or second?
- If you could have dinner with one celebrity, who would it be?
Ten more questions to ask at random:
- If you had super powers, what would they be?
- A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
- If we came to your house for dinner, what would you prepare for us?"
- Pick two celebrities to be your parents."
- What do you think about when you are alone in your car?
- What song best describes your life?
- If you were a Star Trek® [or Star Wars® ] character, which one would it be?
- If you were 80 years old, what would you tell your children?
- What is the record amount of time you have gone without a shower?
- What is the geekiest thing you've ever done/created/bought/said?
Tech Segment: Dale Luke
- This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
- and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com
- CircleCityCon is Indianapolis's First Hacker Con, Taking place June 13-15, 2014 at the Hyatt Regency Indianapolis. Special promotional code for Security Weekly listeners - Use the code InfoSec2014 for $30 off of each regular priced ticket. Visit circlecitycon.com for tickets and follow @circlecitycon on twitter for more details.
- They Hack Because They Can
- Botnets coming soon to a smart home or automated building near you
- Linksys E4200 Vulnerability Enables Authentication Bypass
- Vulnerabilities in IPMI Protocol Have Long Shelf Life
- gizmodo/full (Gizmodo) How Teen Hackers Were Portrayed In 1980s Family Magazines
- "Critical OpenSSL Patch Available. Patch Now!
- "New OpenSSL MITM Flaw Affects All Clients
- Back To Basics
- Hackers Infiltrate Desk Phones For Epic Office Pranks
- Coolest Companies: Baltimore
- Your car is a giant computer - and it can be hacked
- How I Got Here: Joe Grand
- "New attack methods can 'brick' systems
- 5 lessons from companies that get computer security right
- "Security Manager's Journal: We manage our threats
- [webapps - D-Link Routers - Multiple Vulnerabilities]
- What You Need To Know to Become a Penetration Tester
- Mimikatz Against Virtual Machine Memory Part 1
- [papers - TP-Link TD-W89 Config File Download / Exploiting the Host]
- Nagios and NPRE
- Wendy Nather asks if we want more bad news and she doesn;t wait for us to answer before giving it.
- EFF helps score some legal victories in the battles against crazy patent rulings.
- NY Times coverage of the new DARPA "Cyber Grand Challenge"
- U.S. Marshals Seize Cops’ Spying Records to Keep Them From the ACLU is another in a disturbing trend in law enforcement silence on technology use.
- Milton Security is stepping up to help OpenSSL, whay aren't more folks doing this? This is a win-win, company gets good press and OpenSSL gets funding.
- Javvad Malik has some great tips on surviving conferences and getting the most from them
- Insightful post from Randy Bias on how SDN breaks the "VLAN Contract"
- Poor OpenSSL, another ugly bug. At least this one is "only a MITM vuln".
- http://krebsonsecurity.com/2014/06/they-hack-because-they-can/ - well Paul beat me to it but I am amused by this one.
- http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx - this is an interesting new development for Microsoft.