From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 495

Episode Audio

Recorded January 5, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


  • ITProTV is introducing a new membership level on February 1st. All current Premium Members as of February 1st will be granted the highest membership level available, so sign up today! Visit ​itpro.tv/securityweekly ​and use code ​SW30.
  • InfoSecWorld - Your 10% off discount code to promote to your members is OS17-SW. This will give them 10% off the main conference or the World Pass.

Interview: Joe McCray, Strategic Security - 6:00PM-7:00PM

Comprehensive background in computer security, networking, and system administration along with extensive experience with public speaking, and training.

Specialties: Well versed in both Network, and Application Penetration Testing with the unique ability to translate Geekenese to English.

Strategic Security is an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis (ex: PCI, HIPAA, ISO 27000, etc). We also provide guidance on integrating security into your software development lifecycle, building an enterprise security program, and much more…

Technical Segment: Forensic Toolkit (FTK), Doug White- 7:00PM-7:30PM

Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard drive looking for various information. It can for example locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.

Security News - 7:30PM-8:30PM

Paul's Stories

  1. Buying Internal Domain Access Rob 'mubix' Fuller
  2. Claudio Guarnieri on Security Without Borders
  3. Put walls around home Things, win $25k from US government
  4. Hackers Could Explode Horribly Insecure Smart Meters, Pwn Home IoT
  5. Florida Man Sues Verizon For $72m For Letting Him Commit Identity Theft
  6. MongoDB Databases Under Attack Worldwide
  7. What Hack? Burlington Electric Speaks Out
  8. FDA Releases Guidance for Medical Device Cybersecurity
  9. Android Patched by Google for 90 Vulnerabilities in January Update
  10. Linux 2017: With great power comes great responsibility | ZDNet

Larry's Stories

  1. Oh no, MONGO!
  2. FDA offers guidelines on ongoing security of medical devices
  3. FTC offers $25K Prize for proposals for automatic patching and security of IoT - I think th heart is in the right place, but is so mis guided. They want a “device” that can go on a network to protect and patch….this really grinds my gears on so many levels.
  4. Bobby Tables has a company