- 1 Paul's Security Weekly - Episode 473 - 6:00PM
- 2 Announcements
- 3 Interview: Bob Stratton
- 4 Tech Segment: Python implementation DNS blackholing code
- 5 Security News - 7:00PM-8:00PM
Paul's Security Weekly - Episode 473 - 6:00PM
Recorded: July 14, 2016
Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly
Interview: Bob Stratton
Bob Stratton is General Partner at Mach37, a startup accelerator investing in information security product companies. Bob is a “repeat offender” with security startups and creating new security product categories, has been a network systems programmer and network application programmer, and was a penetration tester before pentesting was cool. Bob also currently sits on the Black Hat Content Review Board. When he’s not raving about the days when Internet RFCs all had 3-digit numbers, he is looking for security technologies that aren’t baked yet but might turn out to the next Right Thing
- How did you get your start in information security?
- How has penetration testing changed in the past 15 years? Is it still useful? What is the greatest value?
- How do you predict which security technologies will be the next best thing?
- What is the most common mistake security startups make when pitching you? In their products?
- What is the HOT security technology right now? Is what's hot today a measure?
- What advice do you have for enterprises who may be hesitant to buy from a security startup?
- What are the top 3 things a security startup can do to be successful?
- Most people listening are in charge of securing networks day-to-day, what advice do you have for them in terms of technology adoption? What should they evaluate? How should they evaluate? Implement?
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Tech Segment: Python implementation DNS blackholing code
Joff will write a Python script that can download malware domain name lists from a URL, and create a DNS blackhole bind9 based configuration file on the domain names obtained.
Security News - 7:00PM-8:00PM
- "Pokemon Go has a really Serious, er Not-so-serious Security Problem
- Enterprises leave vulnerable industrial control systems exposed online - Kaspersky Lab says that is not the case, and that it has found 13,698 ICS hosts exposed to the Internet, which very likely belong to large organizations. More than nine in ten (91.1 percent) host remotely-exploitable vulnerabilities, and 3.3 percent contain "critical and remotely executable vulnerabilities
- The FBI Says Its Malware Isn’t Malware Because the FBI Is Good
- "Fear My $50 Charger
- "MIT Anonymity Network Riffle Promises Efficiency
- Drupal Patches Remote Code Execution Vulnerabilities in Three Modules
- Food Chain Wendy's Hit By Massive Hack
- HTTPS Is Not A Magic Bullet For Web Security
- Kim Dotcom Plans 2017 Relaunch Of Megaupload
- VPN Provider Claims Russia Seized Its Servers
- "FDIC Was Hacked By China
- Juniper's Bug Hunters Fire Out Eight Patches
- Visiting a Website against the Owner's Wishes Is Now a Federal Crime
- Rigged YouTube videos can use Siri and Google Now to hijack your phone
- "Fake Pokémon GO app watches you
- "Drupal: Patch released today to fix a highly critical RCE in contributed modules
- Password Sharing Is Now a Crime
- European Union’s First Cybersecurity Law Gets Green Light - Bloomberg
- "Researcher pops locks on keylogger
- SSD Advisory – Wget Arbitrary Commands Execution – SecuriTeam Blogs
- "UPC UBEE EVW3226 WPA2 Password Reverse Engineering
- In first, U.S. judge throws out cell phone 'stingray' evidence
- Microsoft Wins Major Privacy Victory for Data Held Overseas