Episode404

From Paul's Security Weekly
Jump to: navigation, search



Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 404 for Thursday January 29th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.

Guest Interview: Michael Santarcangelo

EmbedVideo received the bad id "UVLwkqVQ0Ns"" for the service "youtube".

Topics:

  • What are 5 questions organizations should be able to answer in order to avoid a breach?
    • Paul's List:
      • What are all of my systems and where are they?
      • Where is my most sensitive information stored?
      • What are the most interesting events on the network for a given day?
      • Who responded to the most interesting events in a given day?
      • What is the status of system hardening and patching in my organizations? (Ala, where am I most vulnerable?)
  • What are 5 questions organizations should be able to answer after a breach?
    • How?
    • Where?
    • Who? (meh)
    • What?
    • What did I learn and how did I fix it?

Bio

With nearly two decades shaping information security, Michael Santarcangelo is known as the catalyst to develop IT leaders. With his guidance, leaders improve their ability to prioritize assets and efforts, measure and demonstrate wins, and effectively communicate their value to other leaders. Freed-up energy enables higher levels of performance and accelerates change.

Links

My book - Into the Breach

Twitter: @catalyst

My column at CSO Magazine: Translating Security Value

LinkedIn Profile (and writing there)

Questions/Topics

  1. What is your mindset/approach?
  2. What can I automate?
  3. How much confidence do I have -- across people, process, and technology
  4. What can I learn from testing?
  5. What happens when a breach happens?

Stories

EmbedVideo received the bad id "yGgnmJ1G8UY"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
    • Today is the last day to purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity here and get 10 dollars off a Hack Naked t-shirt. Forward invoice from booster to kris at security weekly dot com.

Paul's Stories

  1. WTF! It Should Not Be Illegal To Hack Your Own Car's Computer
  2. Building A Cybersecurity Program: 3 Tips
  3. Small Drone Found On White House Lawn
  4. Android Wi-Fi Direct Vulnerability Details Disclosed
  5. Mark Dowd finds bug in ultra secure BlackPhone that lets attackers stalk users
  6. Apple Patches Thunderstrike Bug in OSX
  7. Top smut site Flashes visitors
  8. The GHOST vulnerability – what you need to know
  9. Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee
  10. Java Patch Plugs 19 Security Holes — Krebs on Security
  11. Guest Blog: httpscreenshot - A Tool for Both Teams
  12. Nobody thought BlackPhone was secure -- just securer
  13. Some notes on GHOST

Carlos's Stories

Joff's stories of his teenage mates of past days

  1. DDoS among us
  2. GLIBC Affected - we should pay attention to this...