Episode473

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 473 - 6:00PM

Recorded: July 14, 2016

Episode Audio

MP3

Announcements

Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly

Interview: Bob Stratton

Bob Stratton is General Partner at Mach37, a startup accelerator investing in information security product companies. Bob is a “repeat offender” with security startups and creating new security product categories, has been a network systems programmer and network application programmer, and was a penetration tester before pentesting was cool. Bob also currently sits on the Black Hat Content Review Board. When he’s not raving about the days when Internet RFCs all had 3-digit numbers, he is looking for security technologies that aren’t baked yet but might turn out to the next Right Thing

  1. How did you get your start in information security?
  2. How has penetration testing changed in the past 15 years? Is it still useful? What is the greatest value?
  3. How do you predict which security technologies will be the next best thing?
  4. What is the most common mistake security startups make when pitching you? In their products?
  5. What is the HOT security technology right now? Is what's hot today a measure?
  6. What advice do you have for enterprises who may be hesitant to buy from a security startup?
  7. What are the top 3 things a security startup can do to be successful?
  8. Most people listening are in charge of securing networks day-to-day, what advice do you have for them in terms of technology adoption? What should they evaluate? How should they evaluate? Implement?
  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Tech Segment: Python implementation DNS blackholing code

Joff will write a Python script that can download malware domain name lists from a URL, and create a DNS blackhole bind9 based configuration file on the domain names obtained.

Security News - 7:00PM-8:00PM

Paul's Stories

  1. "Pokemon Go has a really Serious, er Not-so-serious Security Problem
  2. Enterprises leave vulnerable industrial control systems exposed online - Kaspersky Lab says that is not the case, and that it has found 13,698 ICS hosts exposed to the Internet, which very likely belong to large organizations. More than nine in ten (91.1 percent) host remotely-exploitable vulnerabilities, and 3.3 percent contain "critical and remotely executable vulnerabilities
  3. The FBI Says Its Malware Isn’t Malware Because the FBI Is Good
  4. "Fear My $50 Charger
  5. "MIT Anonymity Network Riffle Promises Efficiency
  6. Drupal Patches Remote Code Execution Vulnerabilities in Three Modules
  7. Food Chain Wendy's Hit By Massive Hack
  8. HTTPS Is Not A Magic Bullet For Web Security
  9. Kim Dotcom Plans 2017 Relaunch Of Megaupload
  10. VPN Provider Claims Russia Seized Its Servers
  11. "FDIC Was Hacked By China
  12. Juniper's Bug Hunters Fire Out Eight Patches
  13. Visiting a Website against the Owner's Wishes Is Now a Federal Crime
  14. Rigged YouTube videos can use Siri and Google Now to hijack your phone
  15. "Fake Pokémon GO app watches you
  16. "Drupal: Patch released today to fix a highly critical RCE in contributed modules
  17. Password Sharing Is Now a Crime
  18. European Union’s First Cybersecurity Law Gets Green Light - Bloomberg
  19. "Researcher pops locks on keylogger
  20. SSD Advisory – Wget Arbitrary Commands Execution – SecuriTeam Blogs
  21. "UPC UBEE EVW3226 WPA2 Password Reverse Engineering

Larry's Stories

Joff's Stories

  1. DARPA Hacker Challenge

Jack's Stories

Kevin's Stories

  1. In first, U.S. judge throws out cell phone 'stingray' evidence
  2. Microsoft Wins Major Privacy Victory for Data Held Overseas

Michael's (Santa) Stories

  1. MIT anonymity network promises to be more secure than Tor
  2. Alex Gibney on Stuxnet and why we need to talk about cyberwar
  3. An FBI 'pilot' collected over 434,000 iris scans since 2013
  4. Nest's Latest: A Security Camera That Uses AI To Analyze Threats