- 1 Paul's Security Weekly - Episode 424 - 6:00PM
- 2 Discussion: Roll your Own Password Management- 7:00PM-7:20PM
- 3 Stories of the Week - 7:30PM-8:00PM
Paul's Security Weekly - Episode 424 - 6:00PM
Intro, Sponsors & Announcements
[Cut to Paul Live Shot]
This week we talk wireless security with Rick Farina. All that and more so stay tuned!
[Cut to Jack Live shot]
Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!
[Cut to sponsor logo]
- And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
- Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
- And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
[Cut to security weekly logo]
Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...
[Cut to live shot of Paul]
Larry: Here's your host, a man who changes your paradigm....with glitter....Paul Asadoorian!"
Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 424 for Thursday June 25th, 2015
- Introduce hosts and guests
[Cut to Announcement graphics]
- Ready to learn Combat Firmware Analysis? Register for Paul's Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
[Cut to shot on Paul]
Guest Interview: Rick Farina - 6:05PM-6:55PM
Rick Farina (@Zero_ChaosX) is a well known wireless hacker and member of the DEF CON Wireless Village team and the Wireless Capture the Flag team. He has been researching all manner of layer one and two hacking for the past fifteen years, most recently as Director of Research and Engineering for Pwnie Labs at Pwnie Express.
- How did you get your start in information security?
- What drew you to trolling Ubuntu users?
- What is your level of attraction to wireless security?
- What's your experience as a director of research like? What's a typical day like?
- What are some common misconceptions about wireless that you encounter on a regular basis?
- How important is wireless -- wifi + cellular/LTE/etc -- in the enterprise today?
- In your experience, are organizations paying enough attention to wireless?
- What's one thing most people could do that would dramatically improve their ability to use wireless with more security?
- Let's talk rogue wireless, including stingray: how big a challenge is this for companies? what sort of companies? What should they focus on first?
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Discussion: Roll your Own Password Management- 7:00PM-7:20PM
One of our listeners submitted a question for discussion. Ryan would like to know the pros and cons of rolling your own password manager. His solution is a sqlite database that is encrypted with bcrypt and stored on bitlocker encrypted sd card.
Stories of the Week - 7:30PM-8:00PM
[Play music, Cut to sponsor logo, THEN START RECORDING]
- Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email email@example.com to request a quote today!
- This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
- And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
- Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at http://securityweekly.com/tenablejobs. If you are listening to this show, check out the following two positions, both technical and both are work from home: Nessus Vulnerability Research Engineer and C Software Engineer
[Cut to announcement Graphics] Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Las Vegas, NV, September 14-19, and lots more places so be certain to check the SANS web site for more course offerings!
- Oh Samsung, why, why?!? Samsung disables Windows Update on some of their laptops.
- Meet the ClueBot a bot responsible for finding 40% of the vandalism on Wikipedia, and it has a 0.1% False Positive rate.
- Top 3 security priorities for CIOs in 2015 --> Released in June, it's not a standard list. TL;DR: patch faster, improve credentials, better coding (reduce vulnerabilities)
- Why the Federal Government Sucks at Cyber Security --> so because there is no mandate, people don't patch. Really?
- Hacking a self-driving car --> What could go wrong here? Note the line "IT security isn't a manufacturer focus - yet."
- Cyber Threats Have Broadcasters Hacked Off --> Are broadcasters a new target? Old target?
- Cybersecurity Tops Advisors’ Compliance Worries: Poll --> here's the point, more and more people are concerned, paying attention. What are we doing about it?
- Why It's Worth Divorcing Information Security From IT --> What, if anything, would this solve?