Episode489

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 489

Recorded: November 10, 2016

Hosts

  • Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
  • Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
  • Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
    • Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
    • Larry Pesce, destroyer of embedded systems and injector of RF energy.
  • Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
  • Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
    • Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
    • Joff Thyer, musician, proud father, and friend to many.
  • Paul Asadoorian - He is probably the coolest guy around, but he won't tell you that. He is the kind of guy you want by your side when fighting off an army of 10,000 pygmies with poison arrows. He can tell you what color your underwear is by looking into your eyes. He can eat a cheeseburger in one bite. Scientists have said that he is so hot, he may be the main reason for global warming. His shit doesn't stink; in fact, it smells like car polish. He was refused entry to the USA because his biceps were classified as weapons of mass destruction. He is in the Guinness Book of World Records for completing the most somersaults in a row (126,253).

Episode Audio

MP3

Announcements

  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.
  • Take our super cool survey! http://www.securityweekly.com/survey

Interview: Greg Foss, LogRhythm - 6:00-7:00PM

Greg Foss is LogRhythm’s Head of Global Security Operations, where he is tasked with leading both offensive and defensive aspects of corporate security. Previously, he was a Senior Researcher with the Labs Threat Intelligence team – presenting research at various information security conferences, such as Black Hat, DerbyCon, AppSecUSA, BSidesLV, and others. Greg is a very active member of the Denver information security community. He started out in the industry as a contract web developer, and then he branched out into security operations with the Department of Energy. After learning about continuous monitoring, he delved into penetration testing, and was eventually placed in charge of one of the DOE National Laboratory Red Team's. With just under a decade of experience in the industry he's always looking for new ways to attack and defend networks.

https://blog.logrhythm.com/ https://github.com/gfoss/ https://github.com/logrhythm-labs/

Phishing Intelligence Engine (PIE) – This is a project that we put together for a recent hackathon (quarterly competition within the company, to create whatever we want within the SIEM, NetMon, or otherwise). Essentially, the goal is in attempt to dynamically track, investigate, quarantine, and report on phishing attacks across the organization.


· Home Network Monitor – Another hackathon project around deploying the LogRhythm network monitor product to a microPC, allowing people to gain insight into their home network traffic quickly and effectively. Blog on this topic: https://logrhythm.com/blog/how-to-build-a-miniature-network-monitor-device/


· Endpoint Agent integration into the SIEM – This is a project where we’ve been working with Carbon Black and Cylance to integrate with the SIEM, provide automated actions via a single pane of glass. We also did an assessment of around 20 endpoint agents, gauging their effectiveness, manageability, and other information. That said, I don’t think I can really talk about the latter. That said, all solutions could be bypassed, some more easily than others. :-)


· General enterprise security and log management – Being a log company, there are various topics we could cover here. One of the items we’ve been working on lately is collecting data from cloud sources and using machine learning analytics to detect anomalous activity.

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Technical Segment: Outlook Web Access Two-Factor Authentication Bypass - 7:00PM-7:30PM

https://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/

http://www.blackhillsinfosec.com/?p=5396

Security News - 7:30PM-8:30PM

Paul's Stories

  1. Kautilya Human Interface Device Hacking Toolkit
  2. Furthering our commitment to security updates
  3. Research into IoT Security Is Finally Legal
  4. Self-Propagating Smart Light Bulb Worm
  5. Regulation of the Internet of Things - Perhaps one of the smartest observations: An additional market failure illustrated by the Dyn attack is that neither the seller nor the buyer of those devices cares about fixing the vulnerability. The owners of those devices don't care. They wanted a webcam —­ or thermostat, or refrigerator ­— with nice features at a good price. Even after they were recruited into this botnet, they still work fine ­— you can't even tell they were used in the attack. The sellers of those devices don't care: They've already moved on to selling newer and better models. There is no market solution because the insecurity primarily affects other people. It's a form of invisible pollution. Wow, dropping some wisdom: . Our choice isn't between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement.
  6. Packet Capture Options, (Thu, Nov 10th)
  7. Hackers hijack Philips Hue lights with a drone - "The malicious firmware can disable additional downloads, and thus any effect caused by the worm, blackout, constant flickering, etc.) will be permanent." What's more, the attack is a worm, and can jump from connected device to connected device through the air. It could potentially knock out an entire city with just one infected bulb at the root "within minutes."
  8. These researchers are modifying CPUs to detect security threats
  9. Facebook buys black market passwords for user account safety
  10. Yahoo hacked again? Probe launched on data breach claims
  11. Google Releases Supplemental Patch for Dirty Cow Vulnerability
  12. OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
  13. Outlook Web Access Two-Factor Authentication Bypass Exists
  14. Tesco Bank Attack: What Do We Know?
  15. Netflix Addresses Account Takeover Bug

Larry's Stories