Paul's Security Weekly - Episode 391 for Thursday October 16th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man needs to remind Mehreen to WAKE UP, Paul Asadoorian"
- Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.
- Security Weekly Updates:
- SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here.
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses at SANS Las Vegas from October 20-25th. AND in sunny Orlando at SANS 2015 Apr 11 - 18 2015, AND in Berlin Germany June 22 - 27, 2015. More coming soon!
- Stories of the week is sponsored by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- Black Hills Information Security, the leaders in penetration testing and active defense. Email firstname.lastname@example.org to request a quote today!
- Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
- Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
- The credit card to replace your credit cards
- Portable Tor Router
- Meet the NSA’s hacker recruiter
- Yahoo Servers Were Owned By Bash Bug Hackers
- ▶ nullcon Goa 2014: Pentesting Proprietary RF Communications by Justin Searle @meeas - YouTube
- The Best DerbyCon 2014 Talks for Red Teams | Strategic Cyber LLC
- Protocol Differential Analysis
- Some POODLE notes
- "Microsoft Patches Critical Windows
- Drupal Fixes Highly Critical SQL Injection Flaw
- Russian Hackers Made $2.5B Over The Last 12 Months
- "Admins! Never mind POODLE
- Man bites dog: HTTPS-menacing POODLE is 'hard to exploit' – unless you're on public Wi-Fi
- Anonabox Kickstarter Project Raises Controversy At Reddit
- Smart Meters Can Be Hacked To Cut Power Bills
- BadUSB Update
- OpenSSL Releases Patch for POODLE Attack
- "SSLv3 POODLE Vulnerability Official Release
- A legend CISSP trainer Shon Harris shuffled off this moral coil. Now how will we pass our CISSP exams without her study guides? For many years, I thought Shon was a man based on the name, which I had only seen as the author of the books. Now, there has been all sorts of “issues” with Shon on the past, but that is in the past. Let’s remember her for all of the good that she did.
- POODLE MOAR - So, we’re naming and iconifying vulnerabilities now? Crap. Either way, Google has discovered a crypto breaking attack for SSLv3. It is fairly convoluted on how it needs to be attacked, but still possible.
- Can you open this PPT for me? - iSight partners finds issues with Office OLE. Pretty big deal, if you can convince someone to open an office document...
- The security Con - Rethinking the security con? Dave has issues with the way we do cons now, and I tend to agree a little bit, but only a little.
- The anonabox - A Kickstarter campaign to build a TOR router in a box so all of your traffic can be anonymous. There has been some discussion as of late that the project is a scam, and that many don’t understand the implications and how TOR will actually help/not help them. Me, personally, I’d just rather learn how to do TOR on my own.
- Blue Team Handbook virtual book tour - The discount code for any sessions purchased until 11:59 on 31 Oct is ‘securityweekly’.