Paul's Security Weekly - Episode 404 for Thursday January 29th, 2015
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
- This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
- And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"
- Security Weekly Announcements:
- Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
- Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
- Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
- Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.
Guest Interview: Michael Santarcangelo
- What are 5 questions organizations should be able to answer in order to avoid a breach?
- Paul's List:
- What are all of my systems and where are they?
- Where is my most sensitive information stored?
- What are the most interesting events on the network for a given day?
- Who responded to the most interesting events in a given day?
- What is the status of system hardening and patching in my organizations? (Ala, where am I most vulnerable?)
- Paul's List:
- What are 5 questions organizations should be able to answer after a breach?
- Who? (meh)
- What did I learn and how did I fix it?
With nearly two decades shaping information security, Michael Santarcangelo is known as the catalyst to develop IT leaders. With his guidance, leaders improve their ability to prioritize assets and efforts, measure and demonstrate wins, and effectively communicate their value to other leaders. Freed-up energy enables higher levels of performance and accelerates change.
My book - Into the Breach
My column at CSO Magazine: Translating Security Value
LinkedIn Profile (and writing there)
- What is your mindset/approach?
- What can I automate?
- How much confidence do I have -- across people, process, and technology
- What can I learn from testing?
- What happens when a breach happens?
- Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
- And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- And by Black Hills Information Security, the leaders in penetration testing and active defense. Email firstname.lastname@example.org to request a quote today!
- Today is the last day to purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity here and get 10 dollars off a Hack Naked t-shirt. Forward invoice from booster to kris at security weekly dot com.
- WTF! It Should Not Be Illegal To Hack Your Own Car's Computer
- Building A Cybersecurity Program: 3 Tips
- Small Drone Found On White House Lawn
- Android Wi-Fi Direct Vulnerability Details Disclosed
- Mark Dowd finds bug in ultra secure BlackPhone that lets attackers stalk users
- Apple Patches Thunderstrike Bug in OSX
- Top smut site Flashes visitors
- The GHOST vulnerability – what you need to know
- Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee
- Java Patch Plugs 19 Security Holes — Krebs on Security
- Guest Blog: httpscreenshot - A Tool for Both Teams
- Nobody thought BlackPhone was secure -- just securer
- Some notes on GHOST