Episode414

From Paul's Security Weekly
Jump to: navigation, search


Paul's Security Weekly - Episode 414 - 6:00PM

Episode Media

MP3

Intro, Sponsors & Announcements

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

Here's your host, <funny comment> Paul Asadoorian"

Hello everyone and welcome to Paul's Security Weekly - Episode 414 for Thursday April 16th, 2015

  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
  • Don't forget to Register for BSides Boston coming up on May 9th!

Guest Interview: Jon Callas 6:05 PM

EmbedVideo received the bad id "OsS8U5Er9t0"" for the service "youtube".

Bio

Jon Callas is a cryptographer, software engineer, and entrepreneur. He is the co-author of many crypto and security systems including OpenPGP, DKIM, ZRTP, Skein, and Threefish. He has co-founded several startups including PGP, Silent Circle, and Blackphone. He has worked on security and crypto for Apple, Tesla, Kroll-O'Gara, Counterpane, and Entrust. He is fond of Leica cameras, Morgan sports cars, and Birman cats.

Questions/Topics

  1. How did you get your start in information security?
  2. What prompted the decision to create PGP software?
  3. For those who are creating security software today, what advice do you have for them regarding open source and commercialization?
  4. People use PGP today, I'd like to think mostly for good but certainly to hide evil doings. When this point comes under scrutiny, what is your response?
  5. Many have not implemented PGP, deeming it a geek/nerd tool and too difficult to use by the average user. Why haven't we seen more widespread adoption of email encryption by the average user?
  6. What is Silent Circle?
  7. How do we protect technologies that integrate embedded devices, mobile and cloud?
  8. Many organizations struggle with mobile device management and security, what advice do you have for them?
  9. Mobile + encryption + tracking is interesting, what are the threats and how real are they today?
  10. Knowing what you know now, what advice would you like to have had when you got started?
  11. As surveillance grows, does encryption grow in importance?
  12. What’s the hardest part of encryption? What do we need to think about to get it right? To do better?
  13. Is open source better? What about what’s happening with TrueCrypt? Audit says “thumbs up” but the team is basically gone.
  14. What is your stance on ‘passwords’ and if it’s really time for them to go away.

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?

Links

Guest Interview: Israel Barak - 7:00 PM

EmbedVideo received the bad id "hNtjuxYggOg"" for the service "youtube".

Sponsors & Announcements

  • Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at http://securityweekly.com/tenablejobs. If you are listening to this show, check out the following two positions, both technical and both are work from home:
  • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Bio

Israel Barak is the co-founder of Sentrix, co-founding the company in 2011. He currently functions as Sentrix GM business operations for the Americas. Mr. Barak specializes in developing and assimilating innovative technologies and enhancing organizations’ capacity to withstand cyber-attacks. Mr. Barak draws from his extensive background in various security and military bodies, including founding and serving as the Head of the Israeli Defense Forces Cyber Red Team Unit for 5 Years. Mr. Barak also founded one of Israel's leading national cyber security consulting groups (now part of CITI Group). He is an active member of OWASP, the Cloud Security Alliance, and ISSA.

Questions/Topics

  1. How did you get your start in information security?
  2. What was your role in the development of Israel's "Red Team" capability?
  3. How did the team come about? What does it do? How did you construct, assemble, and lead that team?
  4. Any interesting stories you can relate from those days?
  5. Israel (the country) is recognized as a formidable power in Infosec R&D. Many breakthroughs have resulted. Tell us a bit about the development of that "Eco-system" of people, companies, & ideas? What's that culture like? How does it compare to the U.S. ?
  6. Stuxnet - Any thoughts on the topic?
  7. Your recent talk on "Signals Intelligence & Counter Measures" in Boston was very interesting - What were the takeaways from that talk?
  8. How pervasive are various government's surveillance efforts & capabilities? What is the balance between security and personal privacy?
  9. Wordpress vulnerabilities have recently made news with attacks by ISIS & others. Can you take us through that attack vector, & some basic mitigations that organizations should put in place to defend against them? (see link #3 below)
  10. Your new company "Sentrix", is involved with a re-thinking of the old DMZ concept, into a new "Cloud Centric DMZ". Tell us how this new approach to the architecture works.
  11. "BusinessWire" reports that your solution to "cloud based, context aware" website security, protects websites against data breaches; Can you explain how your solution is "Context Aware" ?
  12. What's Peter Vogt really like?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?

Links

  1. Israel Barak's LinkedIn page
  2. Sentrix - BusinessWire article gives Insight into the company
  3. Sentrix blog article addresses Wordpress vulnerabilities
  4. Cloud DMZ - Sentrix brief on Cloud DMZ - Web App Security
  5. * CIO Journal's "10 Young Infosec Companies to Watch in 2015"

Stories of the Week - 7:30-8:00PM

EmbedVideo received the bad id "h8BlaW3-uUA"" for the service "youtube".

Sponsors & Announcements

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

Paul's Stories

  1. FBI warns Patch Wordpress Plugins or expect ISIS
  2. Security
  3. Reversing Belkin’s WPS Pin Algorithm
  4. Hacking the D-Link DIR-890L
  5. "What the Ridiculous Fuck
  6. D-Link router patch creates NEW SOHOpeless vuln
  7. Drug Pump's Security Flaw Lets Hackers Raise Dose Limits
  8. Hacked French Network Exposed Its Own Passwords During TV Interview
  9. 8th Grader Charged With Felony For Snagging Password
  10. Snowden's 'Sexy Margaret Thatcher' Password Isn't So Secure
  11. Unpatched 18 Year Old Windows MiTM Vuln Revived
  12. Prosecutors Suspect Man Hacked Lottery Computers
  13. Hackers Could Commandeer New Planes Through Passenger Wi-Fi
  14. SQLite 22 Bugs
  15. WordPress Ajax Store Locator 1.2 SQL Injection
  16. Flaw in WordPress caching plug-in could affect over 1 million sites

Larry's Stories

  1. NY Police use of Stingray w.o. Warrant