Paul's Security Weekly - Episode 393 for Thursday October 30th, 2014
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
- And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
- And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man who something, something, Paul Asadoorian"
- Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.
- Security Weekly Updates:
- Check out the SteelCon competition. Enter to win a SecurityTube Training course. You must write documentation for an open source project. Details can be found on the website. http://www.steelcon.info/competition/documentation-competition/
Interview: Christopher Crowley
Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby grabby do you prefer to go first or second?
- Pick two celebrities to be your parents.
- Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- And by Black Hills Information Security, the leaders in penetration testing and active defense. Email email@example.com to request a quote today!
- NSA-Approved Samsung Knox Stores PIN in Cleartext | Threatpost | The first stop for security news
- Watch That Windows Update: FTDI Drivers Are Killing Fake Chips
- Symantec Intelligence Report: September 2014 | Symantec Connect
- 'SecTorCA' Reverse Engineering a Web Application – for fun
- Hacking with the Oldies!
- 3 ways to make your Gmail account safer | Naked Security
- Millions of Drupal websites at risk from failure to patch
Jack's Stories of Joy and Wonder
- Last week I linked to some of Cormac Herley's password research in this Naked Security post some of that research is reviewed.
- So, yeah, FTDI are jerks. I get wanting to protect your intellectual property, but screwing the end user sucks.
- A couple of law enforcement meets privacy stories:Posing as a cable repairman to get inside and look around and spoofing a newspaper website to lure a suspect into revealing himself
- Rob Graham takes on allegations that the Feds "hacked" former CBS journalist Sharyl Attkisson
- How to tell data leaks from publicity stunts. A good post from Brian Krebs, featuring our own Allison Nixon.
- Assume ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15 - See more at: http://threatpost.com/assume-every-drupal-7-site-was-compromised-unless-patched-by-oct-15/109095#sthash.eWi7oXiz.dpuf Ouch.
- RDP Replay
- The US Post Office is looking at your stuff, so much for "the sanctity of the mail".
- Is your mobile carrier adding tracking UIDs to your traffic? if the UID field here isn't blank, yes they are. And Twitter is using that tracking data so it is a safe bet others are, too.
- Anton Chuvakin asks: How much do you trust your MSSP and its people? And how much should you?