- 1 Paul's Security Weekly - Episode 484
- 2 Announcements
- 3 Tech Segment: Pre-exploit Preventing - 6:00PM-6:30PM
- 4 Security News - 6:30PM-7:30PM
- 5 Interview: - Ed Skoudis 7:30-8:30PM
Paul's Security Weekly - Episode 484
This week, Cody Pierce from Endgame will talk about exploit prevention. Security news will discuss Yahoo! spying, Mirai source code lessons learned, I will try my best, but fail, at not saying "I told you so!", and more! Our interview this week is with Ed Skoudis of Counterhack Challenges and The SANS Institute. Ed will discuss IoT security, the Holiday Hack Challenge and upcoming SANS Hackfest conference
Recorded: October 6, 2016
- Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
- Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
- Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
- Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
- Larry Pesce, destroyer of embedded systems and injector of RF energy.
- Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
- Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
- Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
- Joff Thyer, musician, proud father, and friend to many.
- Paul Asadoorian - He is a male who is extremely charming in manner because of his gentlemanly behavior. He has good looks and thinks that women are better than men. He also has a high pain tolerance and likes it kinky.
- Visit http://securityweekly.com/hotseat for the latest edition happening on Sept 13th 2PM EST, register today! We wile sit down with Yolonda Smith, Director of Product Management with Pwnie Express. We will dig into the shift in the number, types, and ownership of devices showing up on enterprise networks, and how you can protect your company from new threats from these devices. We will also get into some cool tech for monitoring and securing your enterprise from wireless, bluetooth, cellular and even good old wired device threats.
- Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.
Tech Segment: Pre-exploit Preventing - 6:00PM-6:30PM
Cody Pierce from Endgame will be giving a 15 minute segment on Pre-exploit Preventing.
Cody Pierce has been involved in computer and network security since the mid 90s. For the past 13 years he has focused on discovery and remediation of known and unknown vulnerabilities. Instrumental in the success of HP's Zero Day Initiative program, Cody has been exposed to hundreds of 0day vulnerabilities, advanced threats, and the most current malware research. At Endgame, Cody has lead a successful team tasked with analysing complex software to identify unknown vulnerabilities and leveraged global situational awareness to manage customer risk. A notable contributor to the vulnerability analysis and reverse engineering community Cody has been a subject matter expert in the media, referenced in industry literature, and has presented at notable industry conferences. Cody holds a unique perspective at the intersection of the most advanced threats and the state of the art in defensive measures and trends. https://www.blackhat.com/us-16/speakers/Cody-Pierce.html
Security News - 6:30PM-7:30PM
- Sex robots with warm skin to hit dating scene and could benefit relationships
- 4 cybersecurity trends you need to be aware of
- Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
- Hack Crashes Linux Distros with 48 Characters of Code
- Vulnerabilities in Insulin Pumps Can Lead to Overdose
- IoT Home Router Botnet Leveraged in Large DDoS Attack
- Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security
- Is My Webcam An Offensive Weapon?
- Domain Name Resolution Is A Tor Attack Vector
- "Hackers Hit Buzzfeed
- Yahoo Secretly Scanned Customer Emails For U.S. Intelligence
Shout outs to Tom and the SIU Security Dawgs!
- Everyone is wrong about conferences
- When DVRs go wild - Dr. Ullrich puts a vulnerable DVR on the internet.
- Signal fights back
- Mirai IoT malware and Krebs
- ShadowBrokers not happy about lack of bids
Michael's (Santa) Stories
- Company suspected of blame in Office of Personnel Management breach will help run new clearance agency If at first you don't succeed^^fail miserably...
- Google beats back Oracle again in Java Android case
- Yahoo hack may become test case for SEC data breach disclosure rules Their stock price hasn't taken a hit yet, but that's more about their holdings, I doubt the buyers are going to make serious offers until this is cleared up.
- Yahoo secretly scanned customer emails for U.S. intelligence Oh Yahoo.
- Signal messaging app turns over minimal data in first subpoena Hey Yahoo, this is how you do it right.
- Intellectual Ventures Case: Why Software Patents Will Take a Big Hit. I felt a great disturbance in the Force, as if millions of VCs suddenly cried out in terror and were suddenly silenced.
- N.S.A. Contractor Arrested in Possible New Theft of Secrets
- You can't read the report without paying or being an IEEE member, but a new report says people are tired of our security crap, and it should be someone else's problem to protect them. (paraphrasing a bit there)
- NIST: People have given up on cybersecurity because "it's too much hassle" El Reg's take on it
- "˜Security Fatigue" Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests The calmer NIST take, still ugly.
- This week in Chip and Grin credit cards:
- Chip card lawsuit to move forward against Visa, Mastercard, others
- and a "high-tech" credit card is being rolled out by French banks, you know, the kind Jack and others have suggested for a decade or so.
- A couple of e-voting stories in case you weren't despondent enough during this election season.
Interview: - Ed Skoudis 7:30-8:30PM
Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.
Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.