Episode428

From Paul's Security Weekly
Jump to: navigation, search


Paul's Security Weekly - Episode 428 - 6:00PM

Episode Media

Intro, Sponsors & Announcements

Paul

[Cut to Paul Live Shot]

This week we interview Samy Kamkar who [redacted]. All that and more so stay tuned!

[Cut to Jack Live shot]

Someone

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

[Cut to sponsor logo]

  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

[Cut to security weekly logo]

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

[Cut to live shot of Paul]

Someone: Here's your host, a man who doesn't clean toilet seats, instead buys new ones Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 428 for Thursday, July 23th 2015

  • Introduce hosts and guests

Announcements

[Cut to Announcement graphics]

  • Ready to learn Combat Firmware Analysis? Register for Paul's Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!

[Cut to shot on Paul]

Guest Interview: Samy Kamkar- 6:05PM-7:00PM

Bio

Samy Kamkar is an independent security researcher, best known for creating The MySpace worm, one of the fastest spreading viruses of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies, SkyJack, the drone that wirelessly hijacks other drones, and KeySweeper, a wireless keyboard sniffer camouflaged as a USB wall charger. He continues to release new tools and hardware, for examples most recently the ProxyGambit, OpenSesame and ComboBreaker tools.

Links

  1. GitHub
  2. Twitter
  3. Personal Website

Questions/Topics

  1. How did you get your start in information security?

Five Questions

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Stories of the Week - 7:00PM-8:00PM

[Play music, Cut to sponsor logo, THEN START RECORDING]

Sponsors

  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

Announcements

[Cut to announcement Graphics]

  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Las Vegas, NV, September 14-19, and lots more places so be certain to check the SANS web site for more course offerings!

[End Music]

Paul's Stories

  1. Want To Know How Your Board Thinks About Cybersecurity?
  2. Online Cheating Site AshleyMadison Hacked
  3. CVSS for ICS
  4. EFF Hopeful Car Hacking Demo Could Help Yield DMCA Exemption
  5. Hacking Team Claims It Always Sold ‘Strictly Within the Law’
  6. Four Zero Days Disclosed in Internet Explorer
  7. Chris Valasek on Car Hacking
  8. WordPress Patches Critical XSS Vulnerability in All Builds
  9. Ashley Madison Hacked: Site For People Who Can't Be Trusted Can't Be Trusted
  10. Adobe And Google Partner To Bolster Flash Security Via Project Zero
  11. Hackers Remotely Kill A Jeep On The Highway For Fun And Profit
  12. Going Too Far to Prove a Point
  13. LifeLock's woes continue as FTC claims violation of 2010 settlement
  14. The Jeep HACK – What You Need To Know
  15. New research: Comparing how security experts and non-experts stay safe online
  16. Remotely Hacking a Car While It's Driving

Michael's Stories

  1. NSA Releases New Open Source Cyber Tool --> NSA, open source... anyone have experience here? Used it?
  2. GBTA Study Reveals Business Travel Trends, Attitudes and Pain Points --> As wireless continues to grow in importance, we need to consider the technical, functional, and training elements of improving experience and security
  3. Microsoft Advanced Threat Analytics coming next month --> thoughts?
  4. The Two Most Overhyped Security Threats --> do you agree? And does an article like this help or hurt our broader efforts?
  5. Three Real Online Dangers You Need To Worry About --> See above on importance of WiFi; do you agree with these 3? Would you place something at a higher priority?
  6. US court says 'pocket-dialed' calls are not private --> interesting reasoning, good to be familiar with
  7. Are Current Cybersecurity Measures Enough? Professionals Can’t Agree. --> more attacks results in less confidence; logical or a bad sign?
  8. Why the perception of a security talent shortage is really a leadership opportunity --> this is a piece I wrote this week, debunking the notion of a shortage and pointing out the leadership opportunity

Kevin's Stories

  1. Universal sends DMCA takedown to Google for 127.0.0.1 --> Jurassic World being seeded from inside Universal's network
  2. Facebook loses appeal on challenging "allegedly defective warrants"
  3. Online Cheating Site AshleyMadison Hacked
  4. Jeep Hack Shows Why the DMCA Must Get Out of the Way of Vehicle Security Research