Episode494

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 494

Episode Audio

Recorded December 22, 2016


Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


Announcements

  • Make sure you visit http://securityweekly.com/subscribe and subscribe to all of our shows! You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked News, Enterprise Security Weekly, and Startup Security Weekly.

Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM

Eric is an amateur blacksmith and a professional blue-team consultant from Southern California, who lives in the mountains with his wife and cats. Having found a way to turn paranoia into money, he spends his days providing technical support to defensive security operations folks and contemplates how to make everyone's jobs a lot easier.


Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM

How do you find credit card numbers that have slipped out of the Cardholder Data Environment?

We're going to examine different ways to search for credit card numbers on a server. Why? Well, if you do a PCI audit, one of the things you should do is make sure you don't have CC#'s anywhere outside the cardholder data environment (CDE). If you do, that's what's known as a "bad thing", or alternatively, a "resume-generating event." We'll talk about some commercial solutions, then look at the regexes and python scripts to do it yourself. If I can spin up an environment, we'll do a search live on a VM on my laptop.

Security News - 7:30PM-8:30PM

http://www.noradsanta.org/ - Track Santa Claus around the World!

Paul's Stories

  1. Russian Methbot Steals Millions Daily From US Companies
  2. EFF: Dear Tech, Delete Your Logs Before It's Too Late
  3. Energy Firm Points To Hackers After Kiev Power Outage
  4. Is Huawei About to Buy a Security Vendor?
  5. Nokia sues Apple, claims patent infringement in iPhone and other devices
  6. Home routers under attack in ongoing malvertisement blitz
  7. Op-ed: Why Im not giving up on PGP
  8. Security Vulnerabilities Discovered in Airline In-Flight Entertainment Systems
  9. SAP Chief Security Officer Details Approach to Infrastructure and Software Security
  10. Reality Hacking: The Secret World Of AI, Bots And Fake News

Joff's Stories

  1. Op-Ed: I'm GIVING UP on PGP
  2. NIST CFP Encryption in a Post Quantum Computing World

Jeff's Stories

Joshua's Stories

Scott's Stories