Paul's Security Weekly - Episode 387 for Thursday September 11th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- This segment is brought to you by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man who [insert something witty here], Paul Asadoorian"
- Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.
- Announcement - Join Paul Asadoorian for an awesome webcast titled 5 Things You’re Not Doing With Your Vulnerability Scanner. I promise to keep it real, have ridiculous pictures in the presentation, and show you how to stay regular, with your vulnerability scanner of course!
- Security Weekly Updates:
- SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here.
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses at SANS Las Vegas from October 20-25th.
- You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
- Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details
Interview: Women’s Society of Cyberjutsu with Lisa Foreman & Marcelle Lee
Lisa Foreman-Jiggetts, Founder & CEO
Lisa Foreman founded the Women’s Society of Cyberjutsu as she recognized the lack of women, and the resources for women entering or trying to advance in the field of Cybersecurity. Lisa comes from a technical background which started in the military where she was a system administrator. She has 17 years of IT experience, 14 of which are in cybersecurity. Her experience ranges from policy development, risk assessments, penetration testing and vulnerability assessments.
She has dealt with a wide range of clients from military and government to commercial. She holds a variety of certifications, as well as a Bachelors in Information Technology from the University of Maryland University College and an MBA.
Marcelle Lee, GCIA, CCNA, Security+, Network+, ACE
Marcelle Lee sits on the Board of Directors for Women’s Society of Cyberjutsu, where she leads the women’s education and training initiative. Marcelle Lee is also an Instructional Specialist with the Anne Arundel Community College (AACC) CyberCenter where she teaches cybersecurity courses, develops training and supports industry partnerships. Marcelle also co-founded a cybersecurity services company earlier this year, Fractal Security Group, LLC. Marcelle transitioned to the field of cybersecurity after working for many years in operations and project management in both the public and private sectors. She holds multiple degrees and is currently working on her MPS in Cybersecurity at UMBC. Marcelle has also earned several industry certifications including GCIA, CCNA, CompTIA Security+ and Network+, AccessData’s Certified Examiner (ACE), and DC3’s Cyber Incident Responder credential. Marcelle is an active volunteer in outreach and training in the cyber arena, with a particular interest in encouraging women and girls to consider positions in the field. She also speaks publicly on a variety of cybersecurity topics. She is a cyber-competition enthusiast and has placed in several, including the DC3 Digital Forensics Challenge, Mid-Atlantic CCDC, the Maryland Cyber Challenge, and the Maryland Digital Forensics Investigation Challenge. She is also involved with several local and industry associations, including the Chesapeake Regional Tech Council, Leadership Anne Arundel, AFCEA, ISSA, and frequently attends industry workshops and seminars. She sits on several boards and committees and when not behind a computer or in front of a class she enjoys reading, biking and hiking, and spending time with her family.
- How did you get your start in information security?
- Women hold 56% of all professional jobs in the U.S. workforce, but only 25% of IT jobs (ncwit.org). Why is that?
- Is it more about education of the younger crowd and raising awareness?
- What characteristics of IT may not appeal to women?
- Or is it the other way around, women do not want to enter the field of IT due to some preconceived notions?
- What can we do to encourage women to become a part of the IT security field?
- You’ve been quoted as saying “She added that women tend to problem-solve differently than men.” What are the difference in problem solving skills across gender? I despise the stereo type that information security is a “boys club”, what can we do do break down this stereotype? (Other than a true female version of our hack naked logo ;)
- What types of things are bing taught in the workshops?
- At the risk of making my own stereotype, we’ve interviewed dozens of penetration testers who do social engineering, and without question they are all in agreement that women are statistically more successful at social engineering engagements, is this something you cover in your courses and tell the younger generation? (if you in fact believe it is true)
- How does one get involved with the mentorship program and what does that entail?
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- If you had super powers, what would they be?
- Pick two celebrities to be your parents.
- Stories of the week is sponsored by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
- Also by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- Also by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- WiFi Sense? - [Larry] - WTF. Good thing noone uses a windows 8 phone.
- Did Jennifer Lawrence’s Naked Photos Leak Out Because She Told the Truth? Lying Can Protect your iCloud Account - [Larry] - Don't care. send more. no on a serious note, lying on the secret reset questions….jsut have to remember your lies.
- Google password leak - [Larry] - Also Google's sorta response
Jack's Stories of Joy and Wonder
- One in five Massachusetts residents had data breached in 2013 according to a report by the Jack's buddies at the Office of Consumer Affairs and Business Regulation.
- Spaf vents on victim shaming and I agree.
- Pizza as a Service from a couple of months ago, but a great visualization of cloud service types
- Not infosec, but for the engineers in the crowd amazing tiny engines made by a retired engineer (You Tube vid)
- Left without comment