From Security Weekly Wiki
Jump to navigationJump to search

Episode Media

MP3 pt1

MP3 pt2


Paul's Security Weekly - Episode 369 for Thursday April 10th, 2014

  • This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out Tenable's other cool products such as the passive vulnerability scanner and SecurityCenter Continuous View. Visit them on the web at www.tenable.com
  • We are scheduling three upcoming webcasts, sponsors will be The SANS Institute, Palto Alto Networks and Pwnie Express, please check http://securityweekly.com/watch for the dates and topics! You can also subscribe to the Security Weekly Insider list and receive advanced notifications of all upcoming webcasts and webcast content.
  • CircleCityCon is the first hacker con in Indianapolis.It is in a small to medium sized venue located in the heart of Indianapolis. general admission ticket: jan 1, 2014 - until sold out, when: june 13-15, 2014.

Guest Interview: Michael Santarcangelo


Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.

  1. how did you get your start?
  2. advice for others getting your start?
  3. How has the Internet of Things impacted security?
  4. What is the best way to deal with a breach?
  5. What is the most common thing missed that we could be doing to prevent breaches?
  6. What can we do to improve PCI?
  7. Why (or why not) will chip and pin solve our payment woes? How long before currency is 100% digital (I was teaching my son to count change and such, thinking he may not need to know how much a dime is worth by the time he goes to college)
  8. What needs to change and/or be implemented to solve the authentication problems?
  9. How do you define a successful CISO? Doing more while spending less? No breaches? Response to breaches?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. If you could have dinner with one celebrity, who would it be?


  • This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
  • and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com

Paul's Stories

I heard something about an OpenSSL vulnerability, my heart is bleeding for you... ;)

  1. Troy Hunt: Everything you need to know about the Heartbleed SSL bug
  2. Heartbleed
  3. Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem
  4. What Have We Learned: OpenSSL Heartbleed Bug
  5. "Not just websites hit by OpenSSL's Heartbleed – PCs
  6. """Heartbleed heartache"" - should you REALLY change all your passwords right away?"
  • Black Hills Information Security, THE source for all of your penetration testing needs. Please visit www.blackhillsinfosec.com for more information and use the contact page to request a quote!
  1. "* Patch Now: OpenSSL ""Heartbleed"" Vulnerability
  2. "Heartbleed vendor notifications
  3. "All things not Heartbleed
  4. "Brace Yourselves (and your Users / Clients) for Heartbleed SPAM
  5. Heartbleed Bug: What Can You Do? — Krebs on Security
  6. Test your server for Heartbleed (CVE-2014-0160)
  7. existential type crisis : Diagnosis of the OpenSSL Heartbleed Bug

Larry's Stories

John's Stories

Jack's Stories