Episode502

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 502

Episode Audio

[] Coming Soon

Recorded February 23, 2017

Hosts

  • Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
  • Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
  • Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
    • Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
    • Larry Pesce, destroyer of embedded systems and injector of RF energy.
  • Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
  • Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
    • Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
    • Joff Thyer, musician, proud father, and friend to many.
  • Paul Asadoorian - He is a male who is extremely charming in manner because of his gentlemanly behavior. He has good looks and thinks that women are better than men. He also has a high pain tolerance and likes it kinky.

Announcements

  • ITPro.TV courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, Penetration Testing, Ethical Hacking v9. ITProTV is introducing a new membership level soon. All current Premium Members will be granted the highest membership level available, so ​sign up today! Visit​ itpro.tv/securityweekly and use code ​ SW30.
  • InfoSecWorld - Your 10% off discount code to promote to your members is OS17-SW. This will give them 10% off the main conference or the World Pass.
  • SCADA Security has always been, and continues to be, a hot topic in our industry. Our sponsor Waterfall Security is offering a free book for the first 100 listeners to register titled "SCADA Security: What's Broken and How To Fix It" by Andrew Ginter, Waterfall's VP of Industrial Security. Visit http://securityweekly.com/scada to get your free copy today!
  • Attend the InfoSecWorld conference on April 3-5 in Orlando Florida, tons of great talks and Security Weekly listeners get10% off by using the code OS17-SW. Find out more at infosecworld.misti.com
  • Attend SOURCE Boston on April 24-27th for training and awesome talks! Use the code SECURITYWEEKLY for $100 off either a conference ticket or one of the trainings. Find out more at source conference.com

Interview: Don Pezet - 6:00PM-7:00PM

Don Pezet has been working in the IT industry for over 18 years. In addition to working with the technologies, he has also been training others for over 12 years. He is a certified trainer with many vendors including Microsoft and Cisco. His combination of real-world experience, textbook knowledge, and a questionable sense of humor have helped him to entertain and educate thousands of people. He and his business partner Tim Broom founded ITProTV in 2013. ITProTV has been described as the Netflix of IT training, with over 2000 hours of original IT training content available online.

Tech Segment: David Fletcher, Symantec - 7:00-7:30PM

Security News - 7:30-8:30PM

Paul's Stories

  1. XSS, GET and POST
  2. Toolsmith Release Advisory: Sysmon v6 for Securitay
  3. Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To") - Nice little Powershell script to look at AD domain users and which wireless APs they've connected to. Kinda creepy, could be used in investigations or to enforce a policy of "do not connect to wireless outside the company".
  4. Lawmakers set to overturn broadband privacy rules, as ISPs requested - A consortium of 19 privacy and consumer-rights groups on January 27 urged Congress to let the FCC rules stand. The rules require consumers to opt in before a broadband provider can sell their web-browsing and other information to advertisers and other third parties, and they require that users be notified when user data is breached by hackers. Wow, time to put a permanent VPN at the house!
  5. Practical collision attack against SHA-1 , (Thu, Feb 23rd) - Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.
  6. Wide Range of New Security Technologies Debut at RSA Conference 2017
  7. Publicly Disclosed Windows Vulnerabilities Await Patches
  8. Java, Python FTP Injection Attacks Bypass Firewalls
  9. Marathon runners tracked data exposes phony time, cover-up attempt - An independent marathon-running investigator (yes, that's a thing) named Derek Murphy posted his elaborate analysis of Seo's scheme, and the findings revolved almost entirely around data derived from Seo's Garmin 235 fitness tracker.
  10. Malware Lets a Drone Steal Data by Watching a Computers Blinking LED - The researchers found that when their program read less than 4 kilobytes from the computer’s storage at a time, they could cause the hard drive’s LED indicator to blink for less than a fifth of a millisecond. They then tried using those rapid fire blinks to send messages to a variety of cameras and light sensors from an “infected” computer using a binary system of data encoding known as “on-off-keying,” or OOK.
  11. Gordon Ramsays father-in-law charged with hacking the chefs computer - It’s a long fall from grace for Hutcheson, who served as the CEO of Gordon Ramsay Holdings for many years. But back in October 2010, Ramsay fired his father-in-law, claiming that his computers had been hacked and that Hutcheson was behind the leaking of emails between Ramsay and his wife (who happens to be Hutcheson’s daughter).
  12. Are Slack Conversations Private? Popular Communications Platform May Not Be As Secure As You Think, Expert Says
  13. The 15 Biggest Threats Online, Ranked
  14. Researchers Offer Simple Scheme To Stop The Next Stuxnet
  15. Russian Military Admits Significant Cyber-War Effort
  16. Linux's Decade-Old Flaw: Major Distros Move To Patch Serious Kernel Bug
  17. Announcing The First SHA1 Collision
  18. How to Bury a Major Breach Notification

Joff's Stories

  1. ASLR Busting JavaScript
  2. TickleBleed

Jeff's Stories

  1. Cybersecurity from a Hacker's Perspective
  2. Watson will make Jeff a drink!