Episode484

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 484

This week, Cody Pierce from Endgame will talk about exploit prevention. Security news will discuss Yahoo! spying, Mirai source code lessons learned, I will try my best, but fail, at not saying "I told you so!", and more! Our interview this week is with Ed Skoudis of Counterhack Challenges and The SANS Institute. Ed will discuss IoT security, the Holiday Hack Challenge and upcoming SANS Hackfest conference

Recorded: October 6, 2016

Hosts

  • Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
  • Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
  • Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
    • Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
    • Larry Pesce, destroyer of embedded systems and injector of RF energy.
  • Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
  • Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
    • Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
    • Joff Thyer, musician, proud father, and friend to many.
  • Paul Asadoorian - He is a male who is extremely charming in manner because of his gentlemanly behavior. He has good looks and thinks that women are better than men. He also has a high pain tolerance and likes it kinky.

Episode Audio

MP3

Announcements

  • Visit http://securityweekly.com/hotseat for the latest edition happening on Sept 13th 2PM EST, register today! We wile sit down with Yolonda Smith, Director of Product Management with Pwnie Express. We will dig into the shift in the number, types, and ownership of devices showing up on enterprise networks, and how you can protect your company from new threats from these devices. We will also get into some cool tech for monitoring and securing your enterprise from wireless, bluetooth, cellular and even good old wired device threats.
  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.

Tech Segment: Pre-exploit Preventing - 6:00PM-6:30PM

Cody Pierce from Endgame will be giving a 15 minute segment on Pre-exploit Preventing.

Cody Pierce has been involved in computer and network security since the mid 90s. For the past 13 years he has focused on discovery and remediation of known and unknown vulnerabilities. Instrumental in the success of HP's Zero Day Initiative program, Cody has been exposed to hundreds of 0day vulnerabilities, advanced threats, and the most current malware research. At Endgame, Cody has lead a successful team tasked with analysing complex software to identify unknown vulnerabilities and leveraged global situational awareness to manage customer risk. A notable contributor to the vulnerability analysis and reverse engineering community Cody has been a subject matter expert in the media, referenced in industry literature, and has presented at notable industry conferences. Cody holds a unique perspective at the intersection of the most advanced threats and the state of the art in defensive measures and trends. https://www.blackhat.com/us-16/speakers/Cody-Pierce.html

Security News - 6:30PM-7:30PM

Paul's Stories

  1. Sex robots with warm skin to hit dating scene and could benefit relationships
  2. 4 cybersecurity trends you need to be aware of
  3. Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
  4. Hack Crashes Linux Distros with 48 Characters of Code
  5. Vulnerabilities in Insulin Pumps Can Lead to Overdose
  6. IoT Home Router Botnet Leveraged in Large DDoS Attack
  7. Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security
  8. Is My Webcam An Offensive Weapon?
  9. Domain Name Resolution Is A Tor Attack Vector
  10. "Hackers Hit Buzzfeed
  11. Yahoo Secretly Scanned Customer Emails For U.S. Intelligence

Larry's Stories

Shout outs to Tom and the SIU Security Dawgs!

  1. Everyone is wrong about conferences
  2. When DVRs go wild - Dr. Ullrich puts a vulnerable DVR on the internet.
  3. Signal fights back
  4. Mirai IoT malware and Krebs
  5. ShadowBrokers not happy about lack of bids

Joff's Stories

Michael's (Santa) Stories

Carlos's Stories

Jack's Stories

  1. Company suspected of blame in Office of Personnel Management breach will help run new clearance agency If at first you don't succeed^^fail miserably...
  2. Google beats back Oracle again in Java Android case
  3. Yahoo hack may become test case for SEC data breach disclosure rules Their stock price hasn't taken a hit yet, but that's more about their holdings, I doubt the buyers are going to make serious offers until this is cleared up.
  4. Yahoo secretly scanned customer emails for U.S. intelligence Oh Yahoo.
  5. Signal messaging app turns over minimal data in first subpoena Hey Yahoo, this is how you do it right.
  6. Intellectual Ventures Case: Why Software Patents Will Take a Big Hit. I felt a great disturbance in the Force, as if millions of VCs suddenly cried out in terror and were suddenly silenced.
  7. N.S.A. Contractor Arrested in Possible New Theft of Secrets
  8. You can't read the report without paying or being an IEEE member, but a new report says people are tired of our security crap, and it should be someone else's problem to protect them. (paraphrasing a bit there)
  9. This week in Chip and Grin credit cards:
  10. A couple of e-voting stories in case you weren't despondent enough during this election season.

Interview: - Ed Skoudis 7:30-8:30PM

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.