Episode406

From Paul's Security Weekly
Jump to: navigation, search


Episode Media

MP3 < Not yet published!

Announcements

Paul's Security Weekly - Episode 406 for February 12th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This podcast is brought to you by the SANS Institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who plays a 10 year old on the internet...10 year podcaster."

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.
    • B-Sides Boston 2015 is May 9th in Cambridge, MA. Got a great topic, or fresh new idea? Share it with the community at BSB 2015 call for papers is now open, CFP deadline is March 1st

Guest Interview: Deviant Ollam

EmbedVideo received the bad id "Jy-4J8IVK9c"" for the service "youtube".

Bio

While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, SANS, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

You can reach Deviant at the following email:

deviant at deviating dot net PGP key on major servers FBED 2740 858D 4544 C4DA 4DFE DEF9 5F3C 48BC FD28

Links

You can learn more about Deviant by checking out the following links:

http://enterthecore.net/new-core-group-student-training-equipment/

http://enterthecore.net/physical-penetration-training-orlando-fl/

http://deviating.net/firearms

http://deviating.net/lockpicking

Guest Interview: Onapsis

EmbedVideo received the bad id "k-kaFS7Q5dM"" for the service "youtube".

Stories

EmbedVideo received the bad id "jr5mx-YzJDk"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

  1. Just in time for Valentine's Day: More than 60 percent of mobile dating apps are vulnerable to cyber attacks
  2. Today I Am Releasing Ten Million Passwords
  3. "A Winning Strategy: Must Patch
  4. Microsoft Plugs 41 Internet Explorer Flaws
  5. "Chinese Hackers Compromised Forbes.com Using IE
  6. Hacker kicks one bit XP to 10 Windows scroll goal
  7. Anthem data breach cost likely to smash $100 million barrier
  8. "Hacker finds vulnerability in Facebook
  9. Anthem Breach May Have Started in April 2014
  10. "Exploiting “BadIRET” vulnerability (CVE-2014-9322
  11. Microsoft Packing More CVEs into Fewer Security Bulletins
  12. Nscan: Fast Internet Wide Scanner | Python for Pentesting
  13. AirPcap Channel Hopping With Python | Didier Stevens
  14. OWASP Proactive Controls - OWASP
  15. Droopescan – Plugin Based CMS Security Scanner
  16. The year the security dog caught the car

Larry's Stories

  1. Forbes targeted drive by
  2. MS15-011

Jack's lack of stories

  1. And now, from Adobe... "Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole"
  2. The year the security dog caught the car A great take on the state of security from Gunnar Peterson
  3. Markey Car Security Report Just the Start for Automakers The car biz is awretched hive of scum and villainy
  4. Stopping a Smart TV From Eavesdropping On You Could Be a Felony