Episode392

From Paul's Security Weekly
Jump to: navigation, search



Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 392 for Thursday October 23rd, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who loves the lumps, the lady lumps, Paul Asadoorian"

  • Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.
  • Security Weekly Updates:

Interview: Russell Butturini

EmbedVideo received the bad id "cpHmI2L3zP8"" for the service "youtube".


Bio

Russell Butturini is the Senior Enterprise Security Architect for a large wellness solutions company in Nashville, where he oversees everything security that isn’t compliance (which bores Russell to tears). He has presented at several conferences and authored multiple security tools, such as the U3 incident Response Switchblade, The Network Attached Storage Enumerator, and NoSQLMap. These are amazing accomplishments considering he was once fired from a job at Wendy’s after a week and a half of employment.

Russ joins us this week to talk about a tool he made called noSQLMap. Read more here.

Questions/Topics

  • Why did you get fired from Wendys?
  • What is noSQLMap?
  • How did you get your start in information security?
  • What is next for noSQL?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.

Tech Segment: Building a Tor Router by Kris Crawford

EmbedVideo received the bad id "bKb92Qs2MGc"" for the service "youtube".

Sponsors

  • This tech segment is sponsored by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Bio

Kris works at Dell SecureWorks full-time and is a production assistant for Security Weekly/Stogie Geeks part-time. He has become more and more involved in InfoSec over the past few years and is excited to be on the panel presenting this evening. He will be discussing an article describing how to turn a Raspberry Pi into a Tor Router hotspot.

Read more about how to configure your own here.

http://syn-flood.com/wp/2014/10/18/browsing-anonymously-with-tor/

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.

Stories

EmbedVideo received the bad id "OeJUnUTu16w"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
  • Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!


Paul's Stories

  1. "telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability - Telnet? Really? FreeBSD stopped TELNET being turned on by default when many of us were in like elementary school (except for Jack, who was already issue an AARP card at that point). The vulnerability looks to have been around since 2001. Just how does this old code creep its way into old systems? This is failure to communicate. I fear this behavior will go on forever, as developers are taught to re-use code. Maybe we should tell them to stop doing that.
  2. Google goes beyond two-step verification with new USB Security Key - I am probably more optimistic about two-factor than anyone, however I'm willing to sacrafice some usability for security because that's what I do. However, how do you get two-factor on a tablet or phone that uses USB? Uhhh, you don't. So many of us just rely on our phones to check email and such, this solution therefore is flawed. Also, Macs only come with one USB port (two if you're lucky), so now I gotta break out my hub, and its even more of an inconvenience, even for me. At the end of the day, we're all lazy, and that is why two-factor never really catches on. I think Larry's RFID chip implanted in his hand may be the best solution for all of us.
  3. Leave your passwords at the Checkout Desk
  4. Hackers hold 7 million Dropbox passwords ransom - CNET
  5. snapchat-decrypt/README.md at master · programa-stic/snapchat-decrypt · GitHub
  6. Index of /hitbsecconf2014kul/materials
  7. SIM Card Forensics | 0xicf
  8. Microsoft still vulnerable to sandworm after KB3000869
  9. Disable Spotlight from tracking you
  10. CryptoWall RansomWare
  11. Bringing a new meaning to "LifeHack"


Jack's Stories of Joy and Wonder

  1. Why would you want Windows for Iot anyway? Terrifying idea, feeble article.
  2. FTDI-pocalyse!!1!1 Bricking customers' hardware is not nice.
  3. More Windows root certs added, because I trust those governments.
  4. Rob Graham takes aim at FBI crypto "doublethink"
  5. A very eloquent (and British) departure speech from the departing head of GCHQ.
  6. Q3 DDoS Attack Volumes Are the Largest Ever Seen