Episode385

From Paul's Security Weekly
Jump to: navigation, search


Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 385 for Thursday August 28th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • This segment is brought to you by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who covers his butthole and makes sure his fly is up when Dave Kennedy is in the house..., Paul Asadoorian!"

  • Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.

Interview: Corey Thuen

Bio

Corey Thuen is a senior researcher at Digital Bond, an ICS focused security company. Corey caught the tinkering bug when he was a wee lad modifying video game save files in a hex editor. Ever since, his most uttered phrase seems to be “what happens if I…?” He has spent years breaking Industrial Control Systems at Digital Bond, Southfork Security, and before that at Idaho National Laboratory.

Corey is a US CyberCorps Scholarship for Service Fellow and received his MS in Computer Science from the University of Idaho. Security is his passion, not just a job. Corey regularly speaks at conferences, teaches hands-on training exercises, and participates in capture-the-flag “hacker fights”.

Find Corey on twitter @coreythuen .

Interview: Ken Shaw

Bio

Kenneth Shaw is a BSEE from Pennsylvania State University. He's been hacking embedded devices since high school and taught himself to program from the QBasic help menu, but has since graduated to Python and Go. Kenneth was formerly employed at the Idaho National Laboratory, and is now the CEO of Besser.io and co-owner of Southfork Security. He has a knack for hardware, software and dropping deuces...I mean 0-days.

Questions/Topics

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. If you could have dinner with one celebrity, who would it be?

Eleven more questions to ask at random:

  1. If you had super powers, what would they be?
  2. A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
  3. If we came to your house for dinner, what would you prepare for us?
  4. Pick two celebrities to be your parents.
  5. What do you think about when you are alone in your car?
  6. What song best describes your life?
  7. If you were a Star Trek® [or Star Wars® ] character, which one would it be?
  8. If you were 80 years old, what would you tell your children?
  9. What is the record amount of time you have gone without a shower?
  10. What is the geekiest thing you've ever done/created/bought/said?
  11. If you could have 5 items fully stocked in your fridge at all times, what would they be?


Stories

Sponsors

  • Stories of the week is sponsored by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
  • Also by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • Also by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

Paul's Stories

  1. "How I Hacked My Home
  2. 10 Common Software Security Design Flaws
  3. "Backoff
  4. Netflix releases home-grown DDoS detectors
  5. Researchers camouflage haxxor traps with fake application traffic
  6. Windows XP-Heavy Turkey Overrun with GameOver Zeus Infections
  7. Why Are Security Pros Blase About Compliance?
  8. SSDP Amplification Scanner
  9. Secure Development - One Bathroom Break At A Time
  10. Masscan does STARTTLS

Larry's Stories

Jack's Stories of Joy and Wonder

  1. Blog post from Adam Shostack in response to a TechCrunch article. Adam is optimistic and idealistic- but realistic.
  2. Laws fighting laws and we're in the crossfire
  3. Wendy Nather throws down about "How to Help". Many will disagree, but I get the point she's making.
  4. Google chairman says 'unbreakable' encryption will become a reality. But doesn't mention quantum computing, so can you take him seriously? And will it matter?
  5. The NSA's School of Cyber

Joff's Stories

  1. Hacking Traffic Lights is Amazingly Easy
  2. Stealthy Thin ATM Insert Skimmers
  3. Millions of SOHO Routers with Hard Coded Passwords