Episode449

From Paul's Security Weekly
Jump to: navigation, search


Paul's Security Weekly - Episode 449 - 6:00PM

Episode Media

MP3

Intro, Sponsors & Announcements

Paul: This week, We ...

Larry: Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, systems aren't the only things getting penetrated, functions are the only things getting wrapped, bits aren't the only things getting banged and the cocktails flow steady, it's Paul’s Security Weekly!

Sponsors

  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

Larry: Here's your host, here's a man who has no idea what he's going to say, eh?, Paul Asadoorian!

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 449 for Thursday, January 28th, 2016!

Announcements

  • Vote for us in the RSA Social Security Bloggers Awards for Best Podcast! We were NOT nominated this year, so you have to write in "Security Weekly". Go vote at http://securityweekly.com/vote
  • Welcome our new sponsor, ProXPN! proXPN is a leading VPN service offering free accounts, excellent premium features, and an outstanding commitment to privacy and security online.
    • Free accounts that let you try the service with no obligation. There are lots of VPNs out there and they all offer different things. It’s great that proXPN lets you try the service out for free to make sure it’s right for you. They don’t even require a credit card for the free accounts, it’s not like they’re on of these 7 day trials or something. Free is free.
    • Ease of use. A lot has gone into everything from making the signup process easy to keeping servers running at peak condition so your overall experience is as simple and pleasurable as possible.
    • Good support team. What’s cool about proXPN’s support is that the same team that does the testing of new software releases, servers, and so forth do the support for users. So you’re dealing with people who really know the product, and indeed VPNs, inside and out.
    • proXPN’s overall philosophy is what you want, or at least I want, in a VPN company. They’re dead serious about privacy and go to great lengths to maintain their user’s privacy and security online. We’ve had a read of their terms and conditions, and really if you’re shopping for a VPN I encourage you to do the same, but we’ve had a read and there’s no fine print nonsense. It’s very straightforward and they have a history of backing that up.

Segment: Scanning the Internet - 6:05PM-7:00PM

Essobi

Stories of the Week - 7:00PM-8:00PM

Sponsors

  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Paul's Stories

  1. Interview: John Matherly On Check Point Blacklisting Shodan
  2. Hard-Coded Password Found In Lenovo File-Sharing App
  3. "Magento Update Addresses XSS
  4. Show us the code! You should be able to peek inside the gadgets you buy – FTC commish
  5. Hacker Who Sent Heroin To Brian Krebs Pleads Guilty
  6. MiniUPnP Vulnerability Clears Way for Stack Smashing Attack
  7. NSA’s top hacking boss explains how to protect your network from his attack squads
  8. BlackEnergy APT Group Spreading Malware via Tainted Word Docs
  9. Oracle plans to kill an attacker's favorite: the Java browser plug-in
  10. OpenSSL Patches Serious Flaw that Puts ‘Popular Applications’ At Risk
  11. DDoS World Record Broken With 500 Gbps Attack In 2015
  12. Angler Exploit Kit Now Hooking Execs With Xmas Flash Hole
  13. Police destroy evidence with 10 failed passcode attempts on iPhone
  14. Worried about cyberattacks on US power grid? Stop taking selfies at work - CSMonitor.com
  15. SEC Consult: Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices
  16. Hot Potato – Windows Privilege Escalation
  17. "Autopwn every Android < 4.2 device on your network using BetterCap and the ""addJavascriptInterface"" vulnerability. - Simone Margaritelli"

Larry's Stories

  1. Shodan, NTP and IPv6 - Fascinating, novel and creepy. Sent in by listener Adam and I fell in love with it.
  2. [no link] - from @ryanhuber "Any sufficiently advanced attacker is indistinguishable from one of your developers.”. Discuss.
  3. Selfies at work lead to grid failure? - LOL, have yourselfie a nice little pwnage.
  4. Lenovo file sharing with hardcoded, bad passwords

Jack's Stories

  1. "Friendly Fire", a great post from Mubix

Kevin's Stories

  1. 25 Civil Liberties Organizations Call for Open Hearings on Section 702 Surveillance
  2. Where the candidates stand on cybersecurity
  3. Canada Cuts Off Some Intelligence Sharing With U.S. Out of Fear for Canadians’ Privacy
  4. Tails 2.0 is out