Episode494

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 494

Recorded December 22, 2016


Hosts

Template:Hosts Template1

  • Michael Santarcangelo[1] - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
  • Joff Thyer[2] - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
  • Paul Asadoorian[3] -Embedded Device Researcher, Security Podcaster, CEO of Offensive Countermeasures

Episode Audio

MP3

Announcements

  • Make sure you visit http://securityweekly.com/subscribe and subscribe to all of our shows! You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked News, Enterprise Security Weekly, and Startup Security Weekly.

Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM

Eric is an amateur blacksmith and a professional blue-team consultant from Southern California, who lives in the mountains with his wife and cats. Having found a way to turn paranoia into money, he spends his days providing technical support to defensive security operations folks and contemplates how to make everyone's jobs a lot easier.


Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM

How do you find credit card numbers that have slipped out of the Cardholder Data Environment?

We're going to examine different ways to search for credit card numbers on a server. Why? Well, if you do a PCI audit, one of the things you should do is make sure you don't have CC#'s anywhere outside the cardholder data environment (CDE). If you do, that's what's known as a "bad thing", or alternatively, a "resume-generating event." We'll talk about some commercial solutions, then look at the regexes and python scripts to do it yourself. If I can spin up an environment, we'll do a search live on a VM on my laptop.

Security News - 7:30PM-8:30PM

http://www.noradsanta.org/ - Track Santa Claus around the World!

Paul's Stories

  1. Russian Methbot Steals Millions Daily From US Companies
  2. EFF: Dear Tech, Delete Your Logs Before It's Too Late
  3. Energy Firm Points To Hackers After Kiev Power Outage
  4. Is Huawei About to Buy a Security Vendor?
  5. Nokia sues Apple, claims patent infringement in iPhone and other devices
  6. Home routers under attack in ongoing malvertisement blitz
  7. Op-ed: Why Im not giving up on PGP
  8. Security Vulnerabilities Discovered in Airline In-Flight Entertainment Systems
  9. SAP Chief Security Officer Details Approach to Infrastructure and Software Security
  10. Reality Hacking: The Secret World Of AI, Bots And Fake News

Joff's Stories

  1. Op-Ed: I'm GIVING UP on PGP
  2. NIST CFP Encryption in a Post Quantum Computing World

Jeff's Stories

Joshua's Stories

Scott's Stories