Episode370

From Paul's Security Weekly
Revision as of 16:07, 14 August 2014 by Kcrawford (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

Episode Media

MP3 pt1

MP3 pt2

Announcements

Paul's Security Weekly - Episode 370 for Thursday April 17th, 2014

  • This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out Tenable's other cool products such as the passive vulnerability scanner and SecurityCenter Continuous View. Visit them on the web at www.tenable.com
  • Come watch us Live! Go to http://securityweekly.com/attend to get all the details. If you like cigars, we are slated to give out a free cigar to the first 20 people on May 1.
  • Paul's special announcement just for Episode 370 listeners...
  • We are scheduling three upcoming webcasts, sponsors will be The SANS Institute, Palto Alto Networks and Pwnie Express, please check http://securityweekly.com/watch for the dates and topics! You can also subscribe to the Security Weekly Insider list and receive advanced notifications of all upcoming webcasts and webcast content.

Guest Interview: Rob Fuller (Mubix)

Biography:


Rob Fuller (@mubix) is a security addict, blogger ( http://www.room362.com/) and active member of the community. Mubix is a Senior Red Teamer. His professional experience starts from his time on active duty as United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications, but the titles that he holds above the rest is FATHER, HUSBAND and United States Marine.

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. If you could have dinner with one celebrity, who would it be?




Stories

  • This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
  • and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com
  • CircleCityCon is the first hacker con in Indianapolis.It is in a small to medium sized venue located in the heart of Indianapolis. general admission ticket: Jan 1, 2014 - until sold out, when: June 13-15, 2014.


Paul's Stories

  • Black Hills Information Security, THE source for all of your penetration testing needs. Please visit www.blackhillsinfosec.com for more information and use the contact page to request a quote!
  1. Dell Automates Driver Downloads with New Driver Pack Catalog
  2. Human-implanted RFID chips
  3. [http://www.darkreading.com/vulnerabilities---threats/satellite-communications-wide-open-to-hackers/d/d-id/1204539 Satellite Commun

ications Wide Open To Hackers]

  1. Notorious troll and hacker Weev has conviction overturned
  2. OpenSSL: The single line of code that broke online security
  3. How To Securely Erase Your SSD Without Destroying It
  4. The security of the most popular programming languages
  5. Google Might Reward Secure Websites With Better Ranking
  6. Galaxy S5 Fingerprint Scanner Hacked With Glue Mould
  7. "Organizations suffer SQL Injection attacks
  8. HD Manufacturer LaCie Admits Yearlong Data Breach
  9. Windows XP Alive & Well in ICS/SCADA Networks

Larry's Stories

John's Stories

Jack's Stories

Where's Jack speaking? InfoSecurity Europe (London), CSA Oslo, BSides Boston, BSides Nashville. I'll also be attending BSides London and BSides San Antonio. Where's Jack speaking? InfoSecurity Europe (London), CSA Oslo, BSides Boston, BSides Nashville. I'll also be attending BSides London and BSides San Antonio.

  1. The 2014 Mandiant M-Trends report is out.
  2. Spaf's belated RSA wrap-up including thoughts on innovation (or lack thereof), booth babes, and hype.
  3. An Open Letter to Brogrammers Think you are a badass programmer? A few facts about a couple of seriously badass programmers, who happen to be women.
  4. The Heartbleed drinking game, every time we say (you know), DRINK! First up, a Dan Kaminsky look at it, followed by "The positive side of Heartbleed" by Dan Raywood, including this Crowdtilt for funding an OpenSSL bug hunt and finally, I hate to throw stones, but seriously VMware, up your game.
  5. The U.S. Government Wants 6,000 New 'Cyber Warriors' by 2016 and I want to know where they are going to come from, especially with their stupidity in recruiting and training them.
  6. Finally, an index of Dan Geer's content on his site incomplete, but still a lot of great content.
  7. Host Unknown presents: I'm a C I Double S P (CISSP Parody)
  8. Introducing Microsoft Threat Modeling Tool 2014 and if you are in to threat modeleing, we'll have Adam Shostack on in a couple of weeks to talk about threat modeling, and new book on the topic.

Joff's Stories

  1. http://arstechnica.com/security/2014/04/confirmed-nasty-heartbleed-bug-exposes-openvpn-private-keys-too/ - OpenVPN falls under the bleeding category also.
  2. http://arstechnica.com/information-technology/2014/04/why-should-passwords-be-encrypted-if-theyre-stored-in-a-secure-database/ - Say what? Passwords should be hashed with a strong algorithm, and they should be salted hashes.