Paul's Security Weekly - Episode 380 for Thursday July 10th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man for the phrase "tuning his mini" is both a mataphor, and not., Paul Asadoorian!"
- Security Weekly Updates::
- Be sure to check out our new 4 day Active Defense and Offensive Countermeasures class at Black Hat Vegas!
- SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here.
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses at SANS Las Vegas from October 20-25th.
- You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
- Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details
Tech Segment: Bill's Secret Tech Segment
- and by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
- This segment is brought to you by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of Ass Grabby Grabby do you prefer to go first or second?
- If you could have dinner with one celebrity, who would it be?
Ten more questions to ask at random:
- If you had super powers, what would they be?
- A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
- If we came to your house for dinner, what would you prepare for us?"
- Pick two celebrities to be your parents."
- What do you think about when you are alone in your car?
- What song best describes your life?
- If you were a Star Trek® [or Star Wars® ] character, which one would it be?
- If you were 80 years old, what would you tell your children?
- What is the record amount of time you have gone without a shower?
- What is the geekiest thing you've ever done/created/bought/said?
- and by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- and by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at pwnieexpress.com
- Thoughts on BrutPOS
- Pre-order Your Copy of ‘Spam Nation’ Now!
- Please update Flash on your systems
- This Common Home Appliance Can Compromise Your Entire Security
- 10 Powerful Facts About Big Data - InformationWeek
- Zendesk Insights Shows It’s A Data-Driven World
- Intrusive Healthcare
- 6 Tips for Using Big Data to Hunt Cyberthreats
- Etsy’s Threat Modeling
- "As security startups heat up
- Penetration Testing Scripts | Common Exploits - Penetration Testing Information
- Episode #179: The Check is in the Mail
- Remote Access Hack Compromises POS Vendor | Threatpost | The first stop for security news
- New signals wiki - [Larry] - Some neat stuff there, and some might even be interesting for doing signals analysis for unknown IOT things…
- Crashed badge access systems - [Larry] - I love and hate when I find these on a pen test. Why do I love them? often they are full of create info, and maybe even give me the ability to create or elevate prigs for my badge. They are also great because they are never updated or maintained by a third party. Why do I hate them? when I muck with them, they crash and then all of the doors stop working…thick then they prop open and let anyone in….wait, why do I hate them again?
- Homebrew NSA Bugs - [Larry] - now you can build your own. might be neat for a physical pen test.
- The ChipWhisperer - [Larry] - A neat tool for asessing some hardware at the component level.
Jack's Stories of Joy and Wonder
- The Indian Controller of Certifying Authorities says they were pwned, that's how bogus Google certs were issued.
- The Ex-Google Hacker Taking on the World's Spy Agencies Morgan Rocks.
- Nessus Scans return UNKNOWN Domain for NETBIOS Names A reminder that DHCP can do some "interesting" and unexpected things.
- Patrick Gray and H D Moore have come up with a great idea and proof of concept for a secure IM system. Worth keeping an eye on this- or helping if you have the needed skills.
- Microsoft takes on global cybercrime epidemic in tenth malware disruption Oh, wait, oops... Update: Details on Microsoft Takeover | No-IP Blog - Managed DNS Services
- Microsoft Forced to Suspend Email as a Notification System for Security Alerts Oh, wait, no... Microsoft Set to Resume Security Notification Email Service on July 3
Two mistakes from Microsoft, two corrections, and yet we still have that nasty mistake of a Windows 8 and Server 2012r2 UI they won't take back.