Episode494
Contents
Paul's Security Weekly - Episode 494
Episode Audio
Recorded December 22, 2016
Hosts
Paul Asadoorian
Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .Larry Pesce
Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.Jeff Man
Cryptanalyst
Infosec analyst
Pioneering ex-NSA pen tester
PCI specialist
Tribe of Hackers
InfoSec Curmudgeon
Currently a Sr. InfoSec Consultant for Online Business Systems.Joff Thyer
SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.Jack Daniel
Co-Founder of Security BSides and certified security wizard.
Announcements
- Make sure you visit http://securityweekly.com/subscribe and subscribe to all of our shows! You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked News, Enterprise Security Weekly, and Startup Security Weekly.
Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM
Eric is an amateur blacksmith and a professional blue-team consultant from Southern California, who lives in the mountains with his wife and cats. Having found a way to turn paranoia into money, he spends his days providing technical support to defensive security operations folks and contemplates how to make everyone's jobs a lot easier.
Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM
How do you find credit card numbers that have slipped out of the Cardholder Data Environment?
We're going to examine different ways to search for credit card numbers on a server. Why? Well, if you do a PCI audit, one of the things you should do is make sure you don't have CC#'s anywhere outside the cardholder data environment (CDE). If you do, that's what's known as a "bad thing", or alternatively, a "resume-generating event." We'll talk about some commercial solutions, then look at the regexes and python scripts to do it yourself. If I can spin up an environment, we'll do a search live on a VM on my laptop.
Security News - 7:30PM-8:30PM
http://www.noradsanta.org/ - Track Santa Claus around the World!
Paul's Stories
- Russian Methbot Steals Millions Daily From US Companies
- EFF: Dear Tech, Delete Your Logs Before It's Too Late
- Energy Firm Points To Hackers After Kiev Power Outage
- Is Huawei About to Buy a Security Vendor?
- Nokia sues Apple, claims patent infringement in iPhone and other devices
- Home routers under attack in ongoing malvertisement blitz
- Op-ed: Why Im not giving up on PGP
- Security Vulnerabilities Discovered in Airline In-Flight Entertainment Systems
- SAP Chief Security Officer Details Approach to Infrastructure and Software Security
- Reality Hacking: The Secret World Of AI, Bots And Fake News