Episode474

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 474 - 6:00PM

Recorded: July 21, 2016

Episode Audio

MP3

Announcements

Interview: John Kindervag

JohnKindervag.jpg

With more than 25 years of high tech experience, John is best known for creating the highly influential “Zero Trust” model of information security. He currently advises both public and private sector organizations with the design and building of Zero Trust Networks. He holds, or has held, numerous industry certifications, including QSA, CISSP, CEH, and CCNA. John has a practitioner background, having served as a security consultant, penetration tester, and security architect before joining Forrester. He has particular expertise in the areas of secure network design, wireless security, and voice-over-IP hacking. He has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times. He has also appeared on television networks such as CNBC, Fox News, PBS, and Bloomberg discussing information security topics. John has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World.

  1. How did you get your start in information security?
  2. What is the Zero Trust network architecture?
  3. Many people ask me what they can do to secure their Big Data deployments and databases and as for best practices, what is your advice?
  4. The decisions people make about whether or not to put data in the cloud seem split, some say "No Cloud", some "Maybe" and some are all in, what advice do you have for those who say "No cloud"? What is the happy medium? Is all-in cloud too much?
  5. How is hunting vampires (and werewolves) similar to looking for "cyber" threats?
  6. What is the best way to "Know your network", we all say this, but what are the best ways to accomplish this goal?
  7. Are we seeing the convergence of traditional IT and security? What are some of the most exciting trends you see in this area?
  8. What advice do you have for those folks listening in search of the following solutions:
    1. DDoS mitigation
    2. Threat Hunting
    3. User behavior analytics
    4. Vulnerability management
    5. Data Loss Prevention
  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Tech Segment: Bluetooth Scanning Using The PwnPad 4 & Blue Hydra

While many are focused on securing the network, it could be the devices within your location, not even on the network, that cause security issues. In this segment we talk about a new, open-source, Bluetooth hacking tool from Pwnie Express called "Blue Hydra". It has the unique capability to scan for Bluetooth and Bluetooth Low Energy all at the same time. I have begun analyzing the Bluetooth used on my new Segway MiniPro, and am really happy with the results. Also noteworthy is the ability to also connect an Ubertooth One and get results in the same window! Rick Farina, Director of Research and Development for Pwnie Express, and author of Blue Hydra joins us to talk about this new tool!

I fired up the PwnPad 4 and the new fangled Dongle which supports Bluetooth and Low Energy. I started up Blue Hydra, told it to save the data locally. Here's some of the interesting stuff:

address            vendor       company               manufacturer               classic     le          le_address_type  last_seen                  classic_major_class                            classic_minor_class           classic_class                                                                                                                                         
-----------------  -----------  --------------------  -------------------------  ----------  ----------  ---------------  -------------------------  ---------------------------------------------  ----------------------------  --------------------------------------------------------------------------------------------------------------------                                  
40:B3:95:A6:00:00  Apple, Inc.  not assigned (19456)  Broadcom Corporation (15)  t           f                            2016-07-21T15:56:56-04:00  Computer (desktop, notebook, PDA, organizers)  Handheld PC/PDA (clam shell)  ["Networking (LAN, Ad hoc)","Capturing (Scanner, Microphone)","Audio (Speaker, Microphone, Headset)","Telephony (Cordless telephony, Modem, Headset)"]
C4:73:1E:66:00:00  Samsung Ele  Broadcom Corporation  Broadcom Corporation (15)  t           f                            2016-07-21T16:09:33-04:00  Audio/Video (headset, speaker, stereo, video,  Video Display and Loudspeake  ["Capturing (Scanner, Microphone)"]                                                                                                                   
00:0D:4B:AC:00:00  Roku, Inc.                         Broadcom Corporation (15)  t           f                            2016-07-21T16:09:33-04:00  Audio/Video (headset, speaker, stereo, video,  Set-top box                   []                                                                                                                                                    
A0:E6:F8:88:00:00  Texas Instr  not assigned (33406)                             f           t           Public           2016-07-21T16:05:49-04:00                                                                                                                                                                                                                                     
D4:D9:A6:ED:00:00  N/A - Rando  Sony Ericsson Mobile  Nordic Semiconductor ASA   f           t           Random           2016-07-21T16:08:54-04:00                                                                                                                                                                                                                                     
61:AB:F7:06:00:00  N/A - Rando  Apple, Inc. (76)      Broadcom Corporation (15)  f           t           Random           2016-07-21T16:07:19-04:00                                                                                                                                                                                                                                     
7F:A0:01:B3:00:00  N/A - Rando  Apple, Inc. (76)                                 f           t           Random           2016-07-21T16:09:06-04:00                                                                                                                                                                                                                                     
62:99:40:D5:00:00  N/A - Rando  Apple, Inc. (76)      Broadcom Corporation (15)  f           t           Random           2016-07-21T16:09:30-04:00                                                                                                                                                                                                                                     
7D:A2:A2:BA:00:00  N/A - Rando                        Broadcom Corporation (15)  f           t           Random           2016-07-21T16:08:54-04:00

In the blue_hydra.db file you can see the raw entries:

$ strings blue_hydra.db | grep Samsung
abfcdc27-8819-4807-9f4a-f6ce4c09416aTVBluetoothonlineC4:73:1E:66:67:E81E:66:67:E8Samsung Electronics Co.,LtdBroadcom Corporation (15)Bluetooth 4.0 (0x06) - Subversion 8718 (0x220e)Broadcom Corporation (15)001.002.014t["L2CAP Signaling (BR/EDR)","Capturing (Scanner, Microphone)"]Audio/Video (headset, speaker, stereo, video, vcr)Video Display and Loudspeaker["Capturing (Scanner, Microphone)"][{"t":1469129697,"rssi":"-54 dBm"},{"t":1469129758,"rssi":"-72 dBm"},{"t":1469129822,"rssi":"-73 dBm"},{"t":1469129887,"rssi":"-68 dBm"},{"t":1469129951,"rssi":"-65 dBm"},{"t":1469130016,"rssi":"-76 dBm"},{"t":1469130080,"rssi":"-66 dBm"},{"t":1469130531,"rssi":"-71 dBm"},{"t":1469130596,"rssi":"-65 dBm"},{"t":1469130664,"rssi":"-66 dBm"},{"t":1469130733,"rssi":"-70 dBm"},{"t":1469131023,"rssi":"-74 dBm"},{"t":1469131094,"rssi":"-70 dBm"},{"t":1469131159,"rssi":"-72 dBm"},{"t":1469131227,"rssi":"-63 dBm"},{"t":1469131291,"rssi":"-72 dBm"},{"t":1469131356,"rssi":"-67 dBm"},{"t":1469131424,"rssi":"-63 dBm"},{"t":1469131502,"rssi":"-64 dBm"},{"t":1469131567,"rssi":"-61 dBm"},{"t":1469131641,"rssi":"-63 dBm"},{"t":1469131707,"rssi":"-65 dBm"},{"t":1469131772,"rssi":"-66 dBm"}]0 dBm["3 slot packets","3-slot Enhanced Data Rate ACL packets","3-slot Enhanced Data Rate eSCO packets","5 slot packets","5-slot Enhanced Data Rate ACL packets","A-law log synchronous data","AFH capable master","AFH capable slave","AFH classification master","AFH classification slave","Broadcast Encryption","CVSD synchronous data","Channel quality driven data rate (CQDDR)","EV4 packets","EV5 packets","Encapsulated PDU","Encryption","Enhanced Data Rate ACL 2 Mbps mode","Enhanced Data Rate ACL 3 Mbps mode","Enhanced Data Rate eSCO 2 Mbps mode","Enhanced Data Rate eSCO 3 Mbps mode","Enhanced Power Control","Enhanced inquiry scan","Erroneous Data Reporting","Extended Inquiry Response","Extended SCO link (EV3 packets)","Extended features","Flow control lag (most significant bit)","HV2 packets","HV3 packets","Inquiry TX Power Level","Interlaced inquiry scan","Interlaced page scan","LE Supported (Controller)","Link Supervision Timeout Changed Event","Non-flushable Packet Boundary Flag","Paging parameter negotiation","Pause encryption","Power control","Power control requests","RSSI with inquiry results","Role switch","SCO link","Secure Simple Pairing","Secure Simple Pairing (Host Support)","Simultaneous LE and BR/EDR (Controller)","Slot offset","Sniff mode","Sniff subrating","Timing accuracy","Transparent synchronous data","u-law log synchronous data","Enhanced Retransmission Mode","FCS Option","Fixed Channels","Streaming Mode"]{"0":"0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87","1":"0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00"}f2016-07-21T15:34:58-04:002016-07-21T16:09:33-04:00W

References

Security News - 7:00PM-8:00PM

Paul's Stories

  1. "Guest Diary
  2. Everything You Need To Know About Web Shells
  3. Drone operator arrested for flying over wildfire
  4. SeaWorld hacker and bomb hoaxer escapes prison sentence
  5. Alex Gibney on Stuxnet and why we need to talk about cyberwar
  6. "Adobe
  7. Gotta Catch ‘Em All! – WORLDWIDE! (or how to spoof GPS to cheat at Pokémon GO) - Insinuator
  8. Is Cloud Computing Really Secure? A Pragmatic Approach
  9. Update now: Macs and iPhones have a Stagefright-style bug!
  10. Ransomware on the Cheap
  11. 15 Vulnerabilities in SAP HANA Outlined
  12. EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers
  13. The Mr. Robot Easter Egg Hunt Has Begun
  14. Bruce Schneier Joins The Tor Project
  15. Cisco Gives You Two Nasty Bugs To Fix Before The Weekend
  16. "Thanks
  17. Hackers Claim Credit For Crashing Pokemon Go
  18. IoT Insecurity: Pinpointing The Problems
  19. The coolest US agency is starting a ‘revolution’ to get rid of computer viruses
  20. WikiLeaks under 'sustained attack' after announcing release of Turkey docs - CNET
  21. IoT spurs surprise surge in assembly language popularity | InfoWorld
  22. Criminals plant banking malware where victims least expect it | Ars Technica

Larry's Stories

Joff's Stories

Jack's Stories

Kevin's Stories

Michael's (Santa) Stories