Episode381

From Paul's Security Weekly
Jump to: navigation, search
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
Onapsis
NetSparker


Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 381 for Thursday July 24th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, insert your own smartass remark here", Paul Asadoorian!"

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. If you could have dinner with one celebrity, who would it be?

Ten more questions to ask at random:

  1. If you had super powers, what would they be?
  2. A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
  3. If we came to your house for dinner, what would you prepare for us?"
  4. Pick two celebrities to be your parents."
  5. What do you think about when you are alone in your car?
  6. What song best describes your life?
  7. If you were a Star Trek® [or Star Wars® ] character, which one would it be?
  8. If you were 80 years old, what would you tell your children?
  9. What is the record amount of time you have gone without a shower?
  10. What is the geekiest thing you've ever done/created/bought/said?

Stories

  • and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com

Paul's Stories

  1. More fun with #TSA
  2. [webapps - NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure vulnerability]
  3. Four Steps to Successfully Implementing Security into a Continuous Development Shop
  4. "For Java: I Patch
  5. Active Directory Vulnerability Disclosure: Weak encryption enables attacker to change a victim’s password without being logged - Aorato
  6. Car Hacker's Handbook
  7. Fingerprinting Computers By Making Them Draw Images
  8. """Password Storage Mistakes"""
  9. Can I use Dropbox?
  10. On Mobile Device ICS App Security
  11. Securing the Nest Thermostat
  12. "WordPress brute force attack via wp.getUsersBlogs
  13. Car hackers build anti-car-hacking gadget
  14. "Firefox 31 has arrived - 11 bulletins
  15. "New Feature: ""Live"" SSH Brute Force Logs and New Kippo Client

Larry's Stories

Jack's Stories of Love and Beauty

  1. I'm not a bow tie wearer myself but if I were, I'd bid on some of these sexy beasts.
  2. What's the difference between a pen test and vulnerability assessment? Daniel Miessler has a good primer on the topic.
  3. Availability matters ask the tens of thousands of folks who can't get visas right now.
  4. It's time to stop rewarding failure is an interesting look as the IT industry and the way failure is rewarded.
  5. Anton Chuvakin published a guide to designing a SIEM deployment You need to be a Gartner customer to get the paper- but there are some great publicly available SIEM resources listed on this post.
  6. Password Managers aren't perfect this paper explains vulnerabilities found in LastPass. So, is the trade off of convenience still worth it? (I think so).