From Security Weekly Wiki
Jump to navigationJump to search

Episode Media



Paul's Security Weekly - Episode 398 for Thursday December 4th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who is currently testing the security weekly branded sextoys. Hey, can you pass him a tissue? Paul Asadoorian"

  • Security Weekly Announcements:
    • Check out the SteelCon competition. Enter to win a SecurityTube Training course. You must write documentation for an open source project. Details can be found on the website. http://www.steelcon.info/competition/documentation-competition/
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18 and Berlin, Germany June 22-27



  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

  1. The Sony Picture's Hack: Hollywood's Snowden Moment
  2. Critical Remote Code Execution Flaw Found in WordPress Plugin
  3. tcpdump multiple security vulnerabilities
  4. Apache Site Hacked Through SSH Key Compromise
  5. Sony just got hacked
  6. Website Security - Protecting The Unknown - Software Vulnerabilities | Sucuri Blog
  7. DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS • The Register
  8. Do you use SSL/TLS on internal comms?
  9. Guest diary: Detecting Suspicious Devices On-The-Fly
  10. Bugtraq: WordPress 3 persistent script injection
  11. google/firing-range · GitHub
  12. "DeepSec 2014" Trusting Your Cloud Provider. Protecting Private Virtual Machines – Armin Simma | Cатсн²² (in)sесuяitу / ChrisJohnRiley
  13. CryptoPHP WhitePaper

Larry's Stories

  1. XSS via metadata - This is relevant to my interest.

Jack's Stories

  1. Cylance Report Connects Iran to Critical Infrastructure Hacks Worldwide The full report (86 page PDF) from Cylance is available here
  2. Electronic cigarettes exploited in the wild to serve malware and this starts right after Paul gets into vaping. Coincidence?
  3. Is the Sony hack Hollywood's "Snowden Moment"? An interesting article from Violet Blue. It was or was not the North Koreans (Behind WSJ paywall)
  4. Feds dig up law from 1789 to demand Apple, Google decrypt smartphones and tablets

Joff's random verbal emissions

  1. What App? who needs that app
  1. Certified secure baby.. wow this is a big surprise...can you hear the sarcasm