- 1 Security Weekly was nominated for the 2015 Best Security Podcast! Please vote for our show here: Security Blogger Awards
- 2 Episode Media
- 3 Announcements
- 4 Guest Interview: Chris John Riley
- 5 Guest Interview: Onapsis
- 6 Stories
Security Weekly was nominated for the 2015 Best Security Podcast! Please vote for our show here: Security Blogger Awards
Paul's Security Weekly - Episode 378 for Thursday June 26th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man knows what is better than a bathroom next to your office (a catheter) and who asks the dumbest question ever: "would you like a beer?", Paul Asadoorian!"
- Security Weekly Updates::
- Be sure to check out our new 4 day Active Defense and Offensive Countermeasures class at Black Hat Vegas!
- SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
- You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
- Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details
Guest Interview: Chris John Riley
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of Ass Grabby Grabby do you prefer to go first or second?
- If you could have dinner with one celebrity, who would it be?
Ten more questions to ask at random:
- If you had super powers, what would they be?
- A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
- If we came to your house for dinner, what would you prepare for us?"
- Pick two celebrities to be your parents."
- What do you think about when you are alone in your car?
- What song best describes your life?
- If you were a Star Trek® [or Star Wars® ] character, which one would it be?
- If you were 80 years old, what would you tell your children?
- What is the record amount of time you have gone without a shower?
- What is the geekiest thing you've ever done/created/bought/said?
Guest Interview: Onapsis
- This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
- and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com
- Plaintext Supermicro IPMI Credentials Exposed
- Why A Secured Network Is Like The Human Body
- Patched Code-Execution Bug Affects Most Android Users
- Got a botnet? Thinking of using it to mine Bitcoin? Don't bother
- "Major SSL flaw found in iOS
- Own goal as World Cup Wi-Fi passwords spilled in newspaper snap
- SCADA/ICS Systems Under Attack In Europe Stuxnet-Style
- WiFi Anyone? - [Larry] - Why does this keep happening? World Cup “corporate WiFi’ PSK shown on whiteboard in press picture. Really, stop writing this stuff down in plain sight, and then packing pictures for the media. Loose lips sink ships. This is not the first time we’ve seen this happen…Wildfire support FTP servers, wifi networks for press at baseball games...
- Paypal Mobile 2FA bypass - [Larry] - nice write up and research by @quine and compadres at Duo Security into the investigation of the Paypal Mobile app. If your Paypal account is set up for 2FA, you can’t use the mobile app as it is unsupported….unless you burp it and set the flag for 2FA to false, then it chugs along just fine, including the ability to re-use session tokens to authorize multiple transactions. PayPal has not completely fixed the issue, but they have made it non-trivial to exploit.
- Recovering iDevice device PINs - [Larry] - ...and not how you’d think. This one uses a video recording, and analysis of hand motions. Of course camera angle and quality increased the recovery rate, use of a low quality Google Glass camera and 3meter distance, the recovery rate was still as high as 83% for a 4 digit pin. A good camera? 100% success rate at up to 44 meters (yeah, nearly 150 feet).
- Heathrow Express WiFi TOS - [Larry] - Love it. Includes notification that HEX and others can monitor traffic, and that the user is responsible for their own security (or lack thereof). I wonder how many people actually read these things...
Jack's Stories of Despair and Paranoia
- Lessons in insecure SSL courtesy of Hoyts cinemas "This is what we refer to as “Security Theatre” and it’s the fake boobs of web security"
- The paranoid computer user's guide to privacy, security and encryption "Hack-proof computers don’t exist. That’s an important truth to keep in mind as you browse this guide to building a more secure computer."
- Massachusetts high court says accused criminal must decrypt computers for police
- Federal judge rules U.S. no-fly list violates Constitution
- Spaf says "Industry Is Failing Miserably At Fixing Underlying Dangers"
- Uber Facts fails at critical thinking with the Tweet "Men who do not take an annual vacation have a 20% higher risk of death and about a 30% greater risk of death from heart disease." Repeat it with me kids, correlation is not causation, umbrellas do not cause rain.
- Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones
- Facebook is Fighting Bulk Search Warrants In Court