Paul's Security Weekly - Episode 489
Recorded: November 10, 2016
- Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.
- Take our super cool survey! http://www.securityweekly.com/survey
Interview: Greg Foss, LogRhythm - 6:00-7:00PM
Greg Foss is LogRhythm’s Head of Global Security Operations, where he is tasked with leading both offensive and defensive aspects of corporate security. Previously, he was a Senior Researcher with the Labs Threat Intelligence team – presenting research at various information security conferences, such as Black Hat, DerbyCon, AppSecUSA, BSidesLV, and others. Greg is a very active member of the Denver information security community. He started out in the industry as a contract web developer, and then he branched out into security operations with the Department of Energy. After learning about continuous monitoring, he delved into penetration testing, and was eventually placed in charge of one of the DOE National Laboratory Red Team's. With just under a decade of experience in the industry he's always looking for new ways to attack and defend networks.
Phishing Intelligence Engine (PIE) – This is a project that we put together for a recent hackathon (quarterly competition within the company, to create whatever we want within the SIEM, NetMon, or otherwise). Essentially, the goal is in attempt to dynamically track, investigate, quarantine, and report on phishing attacks across the organization.
· Home Network Monitor – Another hackathon project around deploying the LogRhythm network monitor product to a microPC, allowing people to gain insight into their home network traffic quickly and effectively. Blog on this topic: https://logrhythm.com/blog/how-to-build-a-miniature-network-monitor-device/
· Endpoint Agent integration into the SIEM – This is a project where we’ve been working with Carbon Black and Cylance to integrate with the SIEM, provide automated actions via a single pane of glass. We also did an assessment of around 20 endpoint agents, gauging their effectiveness, manageability, and other information. That said, I don’t think I can really talk about the latter. That said, all solutions could be bypassed, some more easily than others. :-)
· General enterprise security and log management – Being a log company, there are various topics we could cover here. One of the items we’ve been working on lately is collecting data from cloud sources and using machine learning analytics to detect anomalous activity.
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Technical Segment: Outlook Web Access Two-Factor Authentication Bypass - 7:00PM-7:30PM
Security News - 7:30PM-8:30PM
- Kautilya Human Interface Device Hacking Toolkit
- Furthering our commitment to security updates
- Research into IoT Security Is Finally Legal
- Self-Propagating Smart Light Bulb Worm
- Regulation of the Internet of Things - Perhaps one of the smartest observations: An additional market failure illustrated by the Dyn attack is that neither the seller nor the buyer of those devices cares about fixing the vulnerability. The owners of those devices don't care. They wanted a webcam — or thermostat, or refrigerator — with nice features at a good price. Even after they were recruited into this botnet, they still work fine — you can't even tell they were used in the attack. The sellers of those devices don't care: They've already moved on to selling newer and better models. There is no market solution because the insecurity primarily affects other people. It's a form of invisible pollution. Wow, dropping some wisdom: . Our choice isn't between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement.
- Packet Capture Options, (Thu, Nov 10th)
- Hackers hijack Philips Hue lights with a drone - "The malicious firmware can disable additional downloads, and thus any effect caused by the worm, blackout, constant flickering, etc.) will be permanent." What's more, the attack is a worm, and can jump from connected device to connected device through the air. It could potentially knock out an entire city with just one infected bulb at the root "within minutes."
- These researchers are modifying CPUs to detect security threats
- Facebook buys black market passwords for user account safety
- Yahoo hacked again? Probe launched on data breach claims
- Google Releases Supplemental Patch for Dirty Cow Vulnerability
- OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
- Outlook Web Access Two-Factor Authentication Bypass Exists
- Tesco Bank Attack: What Do We Know?
- Netflix Addresses Account Takeover Bug