- 1 Paul's Security Weekly - Episode 494
- 2 Announcements
- 3 Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM
- 4 Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM
- 5 Security News - 7:30PM-8:30PM
Paul's Security Weekly - Episode 494
Recorded December 22, 2016
- Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
- Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
- Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
- Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
- Larry Pesce, destroyer of embedded systems and injector of RF energy.
- Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
- Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
- Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
- Joff Thyer, musician, proud father, and friend to many.
- Paul Asadoorian - He is a male who is extremely charming in manner because of his gentlemanly behavior. He has good looks and thinks that women are better than men. He also has a high pain tolerance and likes it kinky.
- Make sure you visit http://securityweekly.com/subscribe and subscribe to all of our shows! You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked News, Enterprise Security Weekly, and Startup Security Weekly.
Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM
Eric is an amateur blacksmith and a professional blue-team consultant from Southern California, who lives in the mountains with his wife and cats. Having found a way to turn paranoia into money, he spends his days providing technical support to defensive security operations folks and contemplates how to make everyone's jobs a lot easier.
Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM
How do you find credit card numbers that have slipped out of the Cardholder Data Environment?
We're going to examine different ways to search for credit card numbers on a server. Why? Well, if you do a PCI audit, one of the things you should do is make sure you don't have CC#'s anywhere outside the cardholder data environment (CDE). If you do, that's what's known as a "bad thing", or alternatively, a "resume-generating event." We'll talk about some commercial solutions, then look at the regexes and python scripts to do it yourself. If I can spin up an environment, we'll do a search live on a VM on my laptop.
Security News - 7:30PM-8:30PM
http://www.noradsanta.org/ - Track Santa Claus around the World!
- Russian Methbot Steals Millions Daily From US Companies
- EFF: Dear Tech, Delete Your Logs Before It's Too Late
- Energy Firm Points To Hackers After Kiev Power Outage
- Is Huawei About to Buy a Security Vendor?
- Nokia sues Apple, claims patent infringement in iPhone and other devices
- Home routers under attack in ongoing malvertisement blitz
- Op-ed: Why Im not giving up on PGP
- Security Vulnerabilities Discovered in Airline In-Flight Entertainment Systems
- SAP Chief Security Officer Details Approach to Infrastructure and Software Security
- Reality Hacking: The Secret World Of AI, Bots And Fake News