Episode483

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 483

Episode Audio

Recorded: September 29, 2016


Announcements

  • Visit http://securityweekly.com/hotseat for the latest edition happening on Sept 13th 2PM EST, register today! We wile sit down with Yolonda Smith, Director of Product Management with Pwnie Express. We will dig into the shift in the number, types, and ownership of devices showing up on enterprise networks, and how you can protect your company from new threats from these devices. We will also get into some cool tech for monitoring and securing your enterprise from wireless, bluetooth, cellular and even good old wired device threats.
  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.

Interview: Ferruh Mavituna, Netsparker - 6:00-7:00PM

https://ferruh.mavituna.com/

Hacking web apps since 2003, web app sec expert, CEO of Netsparker - http://netsparker.com

Founder of Netsparker Ltd, Product Manager of Netsparker, Web Application Security Scanner. Developed the first and only false-positive free web application security scanner with state of the art accurate vulnerability detection and exploitation features, today used by thousands companies around the world. Changed the automated web application security space.

Frequent speaker at several conferences about Web Application Security, released several research papers and tools.

Coming from a developer background (C++, ASP, ASP.NET and PHP), working in the web application security area since 2002.

Deep understanding of web application security in both sides, attacking and defending. Between 2002-2006 worked for Turkish Army and Police as well as several big clients as freelance contractor, in Turkey, USA, Canada and UK.

I mostly focus in these technical areas: Web Application Security Research, Automated Vulnerability Detection & Exploitation.

https://www.netsparker.com/blog/web-security/exploiting-csrf-vulnerability-mongodb-rest-api/ https://www.netsparker.com/blog/docs-and-faqs/export-netsparker-web-security-scan-web-application-firewall-rules/ https://www.netsparker.com/blog/docs-and-faqs/selenium-netsparker-manual-crawling-web-applications-scanner/

Listener Feedback: - 7:00PM-7:30PM

"In addition to your wonderful podcast, I also listen to ISMG. Ran into this pile of bullshit this morning and I was hoping you guys would respond.

http://www.bankinfosecurity.com/interviews/interview-john-dickson-i-3333 at the core of the issue Dickson covers here, I think, is the issue of "old vs new" and "shadow IT". He says some of the right things, in a rather daunting way, almost sky-larkings -- then goes down-hill fast when "dynamic languages" are brought up. Different from my view, and I think also yours, is the need to work together, rather than work _with_ shadow IT.

maybe I'm wrong. can you comment?"


Hey guys (Ian Smith),

I am a systems administrator, and in my off time, the co-founder and CTO of an incredibly small web services company. I have a degree in Linux/database administration and am pursuing a few others.

My question is how to pursue a career in information security without much but a drive to learn more about the field. I went to defcon this year, submitted a paper to O'Reiley's security conference in New York about starting security programs in SMBs on the cheap, and plan to develop more presentations about what I know and what I can give back to the community. I know that your general advice on the subject is to obtain certifications and spin up labs, but the certification route is pretty unobtainable at this point because of the costs associated.

Any advice would be greatly appreciated. Thank you for your time.

Security News - 7:30PM-8:30PM

Paul's Stories

  1. Congressional Leaders Demand Answers on Yahoo Breach
  2. ripgrep is faster than {grep
  3. New Raspberry Pi PIXEL Operating System Introduced - Geeky Gadgets
  4. Defending Against Hackers Took a Back Seat at Yahoo
  5. Microsoft Launches Cloud-Based Fuzzing
  6. The Yahoo hackers weren't state-sponsored
  7. The security tsunami of the Internet of Things is coming
  8. Apple logs your iMessage contacts and could share them with police
  9. Marissa Mayer declined to reset Yahoo users’ passwords 2 years ago
  10. HP: Disabling 3rd-party ink ensures “best printing experience”
  11. OpenSSL Swats A Dozen Bugs
  12. Meet The Hackers Who Drive The Porsches You Pay For
  13. UK Police Warn That Modding Games May Turn Kids Into Hackers
  14. Meet Israel's Master Phone Crackers
  15. Thousands Of Cisco Devices Still At Risk Of Unpatched NSA Zero-Day Flaws
  16. 152k Cameras In 990Gbps Record Breaking Dual DDoS

Larry's Stories

Joff's Stories

  1. Multiple Backdoors in D-Link Router!

Michael's (Santa) Stories

Carlos's Stories

Jack's Stories

  1. This week Jack goes barking mad about "Active Defense", "Hacking Back", and Related Stupidity:
  2. You will be stunned to learn this, but people were wrong on the Internet. All of that "Microsoft won't let Lenovo let customers install Linux on their computers" noise last week? Not so much, blame Intel, not Microsoft. Don't worry we still get to blame MS for all kinds of other things.
  3. The Harvard Business Review says good security can be good for marketing
  4. A think tank write a scare piece on cyberterrorism in space and it gets more traction than your company's crappy password policies.
  5. Can armies of interns close the cybersecurity skills gap?
  6. A Commodore 64 is still up and running- and running a business-critial app for an auto repair shop
  7. Local Police Department hit by ransomware- and it's no big deal because they had good backups. Imagine that, preparedness.
  8. UK’s Top Police Warn That Modding Games May Turn Kids into Hackers and the dimwits mean it in a bad way.