Paul's Security Weekly - Episode 468 - 6:00PM
Recorded June 9, 2016
This week we interview Chris Poulin, a Research Strategist for the X-Force Threat Intelligence program at IBM. He will be an-in studio guest this week, so stay tuned.
Interview: Chris Poulin
Chris Poulin is an engineer and entrepreneur, having built and run a nationally respected information security consulting firm, which provided services from Fortune 500 companies to small-and-medium business. With 25 years in information technology and security, he's successfully managed hundreds of projects in practically all industries, bringing a balance of technical skills and management experience, as well as unique experience from his time in the Department of Defense intelligence community.
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
We have a special co-host on the show, Russell Beauchemin, IT Instructor II at Year Up. Russell is a graduate of RIC with a B.A. in English, minor in Chem, M.A. in Media Studies, and currently pursuing his PhD in Education at Lesley University. With his diverse academic background coupled with over 15 years of working in the field of educational technology and close to a decade of experience with teaching and instruction, he brings a wealth of experience and knowledge to everyone he meets and to every project he works on.
Larry will discuss with Russell about his new Hololens!
- What the heck is a HoloLens?
- In developing for the HoloLens, what types of interactions should we expect with the internet, or networks at large? Are we talking IoT for your eyes here?
- What type of additional considerations to security should we consider when developing for this new platform out side of traditional DevOps and SDLC? Will this force our models to evolve?
- Looking to the future, what kind of hacks can we see for the HoloLens in which wed want to consider a different look at the security? I think a whole new level of "phishing style attacks"/
- On the security application side, what could we use this for in terms of Security visualizations/dashboards?
Security News - 7:00PM-8:00PM
- Typo squatting package managers - Holy crap. We know about typo squatting domains, but what about typo squatting popular, open package managers for programming libraries (PiPy, Npmjs, ruby gems), buy adding backdoor libraries with common misspellings; reqeusts instead of requests. Provide all of the additional functionality and correct spelling when called, but with added functionality.
- 20 years of red teaming, lessons learned - While with some military red team slant the lessons learned are still so applicable to “cyber” red teams. I love #3 and #6, but #4 carries special meaning
- Spear Phishing, the secret weapon - yep. discuss.
- Infosec is a sham - while the title didn’t quite bring the expected “grinds my gears” moment that I was hoping for, it still got me thinking...
- GPS DoS? - Announcements that GPS will become unreliable while some large scale military tests are conducted, and aircraft reliant on GPS is advised to stay away and revert to manual methods. Hmm...