Episode410

From Paul's Security Weekly
Jump to: navigation, search


Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 410 for Thursday March 19th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This episode is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • Sponsored by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.


"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who is giving Jack a run for his money with the beard (now if he could only transplant it to the top!) Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Security B-sides Orlando is a community driven event seeking to bring together anyone with a passion for making, breaking, or protecting. We welcome newbies and experts and anyone in between. Even if you don’t work in information security, you will be sure to find topics of interest. Please join us on April 11th and 12th in Orlando, Florida, for the 3rd Annual Security B-Sides Orlando Conference.

Guest Interview: Pablos Holman

EmbedVideo received the bad id "e67TbMiQLww"" for the service "youtube".


Bio

Pablos is a hacker & inventor with a unique view into breaking and building new technologies. He helped create the world's smallest PC; 3D printers at Makerbot; spaceships with Jeff Bezos; artificial intelligence agent systems; and the Hackerbot, a Wi-Fi seeking robot. Pablos is a member of The Shmoo Group - a notorious group of crusty old hackers who have contributed to a lot of security projects over the years - as well as the annual ShmooCon event. Currently, Pablos is working for Nathan Myhrvold at the Intellectual Ventures Laboratory where a wide variety of futuristic invention projects are underway including a fission reactor powered by nuclear waste; a machine to suppress hurricanes; a system to reverse global warming; and a device that can shoot mosquitoes out of the sky with lasers to help eradicate malaria. Pablos has spoken on stage at The United Nations, the World Economic Forum at Davos, The CIA, TED and DEFCON on invention, innovation, computer security and the future of technology.

Questions/Topics

  1. How did you get your start in information security?
  2. How did you get involved with the Shmoo group?
  3. What led you to your job you have today?
  4. what is the intersection of inventing and hacking?
  5. So, you seem to like to hack big things, like malaria, hurricanes and global warming, how do you apply your computer hacking skills to solve these problems (or not)?
  6. What potential major Science/Technology breakthroughs does he see as possibilities in the next 20 to 50 year time-frame?
  7. How does he see the convergence of Camera/micro-Drone/Wireless/Big Data technologies impacting society in the next 5 yrs?
  8. Are John Von Neuman's & Ray Kurtzweil's concepts of a Technological Singularity imminent? & how would it affect me if it happens?
  9. Looking out over the next 5-10 yrs, how do you envision the state of "cyber-security" <drink> evolving.?
  10. Will future future trends in energy production ever break the grip of the petro/carbon economy we've been in since the dawn of the industrial age, & what might that imply for the world economy & society?
  11. Larry's fanboy questions...

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?


Links

Intellectual Ventures Lab


Guest Interview: Seth Geftic

EmbedVideo received the bad id "CFS2k9XQ3P4"" for the service "youtube".


Bio

Seth Geftic is a Senior Manager in the Advanced Security Operations Center (SOC) Solution Product Marketing group at RSA. Seth is an industry expert in fields of cyber crime, breach detection, incident response and cyber threats and spent over five years in RSA’s Fraud & Risk Intelligence group.

Questions/Topics

  1. How did you get your start in information security?
  2. What advice do you have for security professionals that speak Klingon to their C-level executives?
  3. What can we do to take advantage of the new found popularity of hacking? (As seen in shows such as "<Scorpion/>" and "CSI: Cyber")
  4. What are the latest trends in threat research?
  5. What can organizations do to take advantage of threat research?
  6. If attackers are working one way, using a specific technique, do I need to know that?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?


Contact

Seth.Geftic -at- rsa dot com

@Geftic on Twitter

Guest Interview: Matt Alderman

  • Sponsored by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
EmbedVideo received the bad id "ktrMkgtRBEA"" for the service "youtube".


Bio

Matt Alderman is the Vice President of Strategy at Tenable Network Security. He is responsible for developing Tenable’s long-term road map to include strategies for messaging, new market entries and existing product improvements to meet the emerging needs of its customers across the globe. Prior to joining Tenable, Alderman was responsible for product strategy and messaging at RSA. Before RSA, he was responsible for enhancing the SaaS platform and Policy Compliance solution at Qualys, where he and co-author Jason Creech published Policy Compliance for Dummies. Alderman was also the founder and CTO at ControlPath, where he and co-inventor Sean Molloy were issued United States Patent 7,788,150: Method for assessing risk in a business.


Questions/Topics

  1. What is GRC and how does it intersect with "security" today?
  2. What are the common challenges associated with defining and enforcing policy compliance?
  3. Tell us a little about your software patent regarding risk assessments for business, what drove the need for this idea?
  4. How do you see vulnerability management evolving in the next 5 years? 10 years?
  5. Lets back up a bit, what do you see as the trends being this year in security? Automation? More and bigger vulnerabilities?
  6. How do we automate safely, or do we just wait until "vintage" folks such as ourselves are playing golf and complaining about the gov't full-time and let the next generation worry about implementing the next generation of security automation?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?


Contact

Stories

EmbedVideo received the bad id "I-vorjONQlU"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

Carlos's Stories

Paul's Stories

  1. Most Companies Expect To Be Hacked In The Next 12 Months
  2. 10 Ways To Measure IT Security Program Effectiveness
  3. The End of Pen Testing As We Know It?
  4. The 7 Best Social Engineering Attacks Ever
  5. D-Link patches yet more vulns
  6. "Despite what you may have heard
  7. Black Hat USA 2015: Focus on Infrastructure
  8. Don’t click on the porn video your Facebook friend shared
  9. "Epic Google snafu leaks hidden whois data for 280
  10. Information Security: A Primer on IoT Security ... | SecurityStreet
  11. Door Skimmer + Hidden Camera = Profit
  12. Tool Release – CANBus Protector
  13. OpenSSL Patch to Plug Severe Security Holes
  14. Top 10 API Security Considerations
  15. Analysis of a Remote Code Execution Vulnerability on Fortinet Single Sign On
  16. Double FREAK! A cryptographic bug that was found because of the FREAK bug
  17. EMET 5.2 is available (update)
  18. "What ever it is
  19. Visual Studio VSTFS protocol handler command injection
  20. Tool Release – Digital Bond CANBus-Utils « Digital Bond's SCADA Security Portal

Larry's Stories