Paul's Security Weekly - Episode 403 for Thursday January 22nd, 2015
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
- And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"
- Security Weekly Announcements:
- Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
- Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
- Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
- Purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity here.
Guest Interview: Paul Henry
Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 30 years of experience covering all 10 domains of network security. Paul began his career in critical infrastructure / process control supporting power generation and currently manages security initiatives and incident response for Global 2000 enterprises and government organizations worldwide.
Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security and as a retained security expert for multiple financial and healthcare firms.
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby grabby do you prefer to go first or second?
- Pick two celebrities to be your parents.
- Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- And by Black Hills Information Security, the leaders in penetration testing and active defense. Email firstname.lastname@example.org to request a quote today!
- Password Re-use Fuels Starwood Fraud Spike
- Flash Patch Targets Zero-Day Exploit
- Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable
- Pentesting Firebird Databases - These damned things frustrate the hell out of me and now I’m glad I have this guide. Turns out it is easier than I ever made it out to be.
- Hacking cars for Insurance dongles - Cell MiTM, reverse engineering, unsigned code and updates and now you have a wireless device you can use to control someone else’s car over CANBUS.
- Keysweeper - Capturing MS 2.4Ghz keystrokes. It has been done before but this one is a bit innovative; submits keystrokes via 2G cell to a remote server (that you control), log to onboard flash (coming soon?) and to serial port.
- Litter box DRM - Two weeks ago it was Keurig coffee DRM, this week, kitty litter DRM.
- LeakedIn - a pastebin trolling tool that looks for possible disclosures. I'd love to get the backend code so I could customize searches. If anyone knows of good automated pastebin search tools, I’d love to hear about them
- WPscan licensing - WPscan has a GPL licensce and lots of interesting things happen with folks selling it “in violation” of the GPL. Ryan Dewhurst sent one company a note to stop selling it and here is their response.