Episode394

From Paul's Security Weekly
Jump to: navigation, search



Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 394 for Thursday November 6th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who's chest hair realy isn;t on his chest, in a hair length rivaling jack's, Paul Asadoorian"

  • Security Weekly Announcements:
    • Check out the SteelCon competition. Enter to win a SecurityTube Training course. You must write documentation for an open source project. Details can be found on the website. http://www.steelcon.info/competition/documentation-competition/
    • LArry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18 and Berlin, Germany June 22-27

Interview: Ming Chow


Bio

Ming Chow is an instructor at the Tufts University Department of Computer Science. His areas of work are in web and mobile engineering and web security. He was also a web application developer for ten years at Harvard University. Ming has spoken at numerous organizations and conferences including the High Technology Crime Investigation Association (HTCIA), OWASP, InfoSec World, Intel, DEF CON, SOURCE Conference, and BSides Boston. In his spare time, Ming's projects in information security include breaking things, building CTF challenges, HTML5 and JavaScript security, and mobile security.

Questions/Topics

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.


Stories

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!


Paul's Stories

  1. BBC News - Pirate Bay co-founder 'TiAMO' arrested in Thailand
  2. Chertoff Reminds Enterprises There is Hope in Security
  3. WireLurker Malware Infects iOS and OS X
  4. "Whois someone else?
  5. Password hash disclosure in Linksys Smart WiFi routers | Weblog | Sijmen Ruwhof
  6. Smeege Sec: Detecting and Exploiting the HTTP PUT Method
  7. How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper | Cyber Security Labs @ Ben-Gurion University of the Negev
  8. Reversing D-Link’s WPS Pin Algorithm

Larry's Stories

  1. Oooh, belkin overflow - Neat, a walkthrough of going form extraction to emulation to finding issues with the webserver available on the guest network.
  2. LOL, WPS - Hah, reverse engineering the d-link WPS selection algorithm. sho nuff, it is based on mac address. Because nature abhors a vacuum, Reaver patch anyone?
  3. RTL-SDR on raspi - Nice small platform and all set to go with GNURadio

Joff's musings from down under

  1. NoGotoFail Google Releases TLS Security Tool
  2. Drupal SQL Injection