Episode434

From Paul's Security Weekly
Jump to: navigation, search


Paul's Security Weekly - Episode 434 - 6:00PM

Episode Media

MP3

Intro, Sponsors & Announcements

Paul

This week the Security Weekly crew interviews Micah Hoffman, security news includes John McAfee for president and whole lot more so stay tuned!

Jack

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, systems aren't the only things getting penetrated, functions are the only things getting wrapped, bits aren't the only things getting banged and the cocktails flow steady its Paul’s Security Weekly!

  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at http://securityweekly.com/tenablejobs. If you are listening to this show, check out the following two positions, both technical and both are work from home: Nessus Vulnerability Research Engineer and C Software Engineer
  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Jack

Now, fire up a packet capture, pour yourself an adult beverage, and give the intern control of your botnet...

Jack: Here's your host, a man that has a 'red' lighter, Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 434 for Thursday, September 10th 2015

Announcements

  • Purchase Hack Naked T-Shirts and stickers online at http://shop.securityweekly.com get yours today! For a limited time only use the discount code "HACKNAKEDSUMMER" and get 50% your order! Its a summer blow-out sale and ends on September 23, 2015 (The first official day of fall).
  • Tenable is looking for a Technical Director (http://jobvite.com/m?3sIczhwH), works from home in the US.
  • Save the date! October 16, 2015 will be our 10 year anniversary show! Stay tuned for details, come to the studio and hang out with us for the day!

Interview: Micah Hoffman - 6:05PM-6:55PM

EmbedVideo received the bad id "csaITd4g6NA"" for the service "youtube".


Bio

Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide excellent solutions to his customers. Micah holds GIAC's GAWN, GWAPT, and GPEN certifications as well as the CISSP and is a SANS Certified Instructor.

Micah is an active member in the NoVAHackers community, writes Recon-ng modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.

Questions

  1. How did you get your start in information security?
  2. How has the move towards Cloud and SaaS impacted web application security?
  3. Why don't people secure their APIs and mobile apps that interact with a web application?
  4. Tell us about your talk: Running Away from Security: Web App Vulnerabilities and OSINT Collide
  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Resources

Running Away from Security Web App Vulnerabilities and OSINT Collide Micah Hoffman (Video)

Stories of the Week - 7:00PM-8:00PM

Sponsors

  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!


Announcements

  • Submit your B-Sides Tampa CFP here. This is a four night cruise, the conference is two full days at sea with a stop in Cozumel Mexico. Accepted talks receive a free cabin for two.
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Las Vegas, NV, September 14-19, and the Pentest Hackfest in November in Washington, DC and lots more places so be certain to check the SANS web site for more course offerings!

Paul's Stories

  1. Zero-day vulnerabilities reportedly found in Kaspersky and FireEye security products - If you find 0-day in these products should you publish it?
  2. 5 Free Security Analytics Tools
  3. Is John McAfee running for US president? 'My campaign manager told me not to comment' - He may be the most sane 2016 candidate as of yet!
  4. FireEye
  5. John McAfee Announces He's Running For President
  6. Cops Wardriving To Find MACs Of Stolen Gear - Not a bad idea, most people don't think to change the MAC address, until now...
  7. Jessy Irwin on Password Security
  8. Will New Security Features Win Over Windows Users? - Did it take 15 years to make security part of the purchase decision? Is it? Only when corporations are the customer? End users?
  9. 10 things to do before you lose your laptop - Really just 2: 1) Encrypt your hard drive 2) Never lose your laptop...
  10. GM Took 5 Years To Fix A Full-Takover Hack In Millions Of OnStar Cars - 5 years! Now how do you feel about disclosure?
  11. Yahoo! Refuses! To! Fix! Emoticon! Exploit! In! Messenger! - The product is end of life, do they have a responsibility to fix it? Do you install new emoticons in your IM apps? ;)
  12. Valasek: Today’s Furby Bug is Tomorrow’s SCADA Vulnerability
  13. Save WiFi: Act Now To Save WiFi From The FCC | Hackaday

Jack's Stories

  1. Even the LastPass will be Stolen a talk at the upcoming Black Hat Europe will expose critical flaws in LastPass. Does this mean I have to go back to using Password1 everywhere?
  2. Over 10 Million Consumers’ Personal Info Stolen In Latest Health Insurer Data Breach Oh, this again.
  3. In case you missed it- How Hackers steal info according to The Onion. Laugh, and probably wince a little.
  4. Some good starting security guidance for businesses from the FTC