Episode503

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 503

Episode Audio

[] Coming Soon

Recorded March 2nd, 2017

Hosts

  • Paul Asadoorian, @securityweekly, Embedded device security researcher, Security podcaster and CEO of Offensive Countermeasures
  • Larry Pesce, @haxorthematrix, Director of Research and Senior Managing Consultant at InGuardians
  • Jeff Man, @MrJeffMan Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
    • Joff Thyer[3] - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.

Announcements

Interview: Alan White, Dell SecureWorks/US Army - 6:00PM-7:00PM

Alan White[1]

Alan White is the Global Regions Consulting and Services Director for Dell SecureWorks, and is part of the US Army's Computer Emergency Research Team. Previously, Alan was the Director of Security and Risk Consulting (SRC) – Asia Pacific Japan, responsible for managing teams delivering Incident Response, Forensics, Technical Testing and Compliance Services. He built the first Security Operations Center (SOC) in APJ located in Tokyo. As an expert in computer security Alan assists clients in achieving better security awareness, managing threats effectively, and efficiently responding to incidents. He is also an active Lieutenant Colonel in the United States Army National Guard and leads a Cyber Computer Network Defense Team.

Alan has lead each of the service practices and all SRC for North America prior to his role in APJ. His responsibilities entail performing strategic consulting including: incident response management, information risk management, compliance audits (PCI, SOX, SAS70, GLBA, FFIEC, NCUA, HIPAA, ISO27001/2, FISMA/NIST), security strategy, gap analysis and controls assessment, policy development, business impact analysis, and best practices assessment (CERT, CIS, NSA, NIST, ISO, ITIL, CMM, COBIT, OCTAVE). Alan also performs various professional services including: vulnerability assessments, application security assessments, incident response, compliance assessments, penetration testing, database security assessments, and instructing. He has won the SANS Hacker Competition and DoD Cyber Championships.

Alan recently authored the "Red Team Field Manual".

Technical Segment: Incident Response & Forensic Reporting with Doug White - 7:00-7:30PM

Doug White[2]

Security News - 7:30-8:30PM

Paul's Stories

  1. Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS
  2. Slack Fixes Cross-Origin Token Theft Bug
  3. Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum
  4. We found a hidden backdoor in Chinese Internet of Things devices researchers
  5. White Hat Hackers Warn Of Easy To Hack Household Robots
  6. Yahoo's Marissa Mayer Loses Cash Bonus Over Security Breaches
  7. Three Years after Heartbleed, How Vulnerable Are You?
  8. Researchers find severe flaw in WordPress plugin with 1 million installs
  9. Researchers uncover PowerShell Trojan that uses DNS queries to get its orders
  10. Recent Security Issues Show Vulnerability of the Cloud
  11. Use an Android password manager? Your private information could be at risk
  12. Over a million websites could be at risk from critical WordPress gallery plugin flaw
  13. Week in review: Mac ransomware, women in infosec, and the death of SHA-1 - Help Net Security
  14. Alarming number of businesses hit by hackers in past year: poll

Larry's Stories

  1. I took a leak on my teddybear
  2. Airport security lapses...
  3. Leveraging expired domains for red team engagements

Jack's Stories

Jeff's Stories

  1. It’s the End of SHA-1 and I Feel Fine
  2. Jeff visited the National Cryptologic Museum
  3. Watson will make Jeff a drink!
  4. What happened to the Amazon Cloud???
  5. Amazon Post-Mortem
  6. Amazon S3 Outage is What Happens When One Site Hosts Too Much of the Internet
  7. (PCI Corner) More on Bluetooth POS Skimmers
  8. Howard A. Schmidt Appreciation
  9. Trump, Russia, WTF?