From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 502

Episode Audio

Recorded February 23, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


  • ITPro.TV courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, Penetration Testing, Ethical Hacking v9. ITProTV is introducing a new membership level soon. All current Premium Members will be granted the highest membership level available, so ​sign up today! Visit​ itpro.tv/securityweekly and use code ​ SW30.
  • InfoSecWorld - Your 10% off discount code to promote to your members is OS17-SW. This will give them 10% off the main conference or the World Pass.
  • SCADA Security has always been, and continues to be, a hot topic in our industry. Our sponsor Waterfall Security is offering a free book for the first 100 listeners to register titled "SCADA Security: What's Broken and How To Fix It" by Andrew Ginter, Waterfall's VP of Industrial Security. Visit http://securityweekly.com/scada to get your free copy today!
  • Attend the InfoSecWorld conference on April 3-5 in Orlando Florida, tons of great talks and Security Weekly listeners get10% off by using the code OS17-SW. Find out more at infosecworld.misti.com
  • Attend SOURCE Boston on April 24-27th for training and awesome talks! Use the code SECURITYWEEKLY for $100 off either a conference ticket or one of the trainings. Find out more at source conference.com

Interview: Don Pezet - 6:00PM-7:00PM

Don Pezet[1]

Don Pezet has been working in the IT industry for over 18 years. In addition to working with the technologies, he has also been training others for over 12 years. He is a certified trainer with many vendors including Microsoft and Cisco. His combination of real-world experience, textbook knowledge, and a questionable sense of humor have helped him to entertain and educate thousands of people. He and his business partner Tim Broom founded ITProTV in 2013. ITProTV has been described as the Netflix of IT training, with over 2000 hours of original IT training content available online.

Tech Segment: David Fletcher, Symantec - 7:00-7:30PM

Security News - 7:30-8:30PM

Paul's Stories

  1. XSS, GET and POST
  2. Toolsmith Release Advisory: Sysmon v6 for Securitay
  3. Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To") - Nice little Powershell script to look at AD domain users and which wireless APs they've connected to. Kinda creepy, could be used in investigations or to enforce a policy of "do not connect to wireless outside the company".
  4. Lawmakers set to overturn broadband privacy rules, as ISPs requested - A consortium of 19 privacy and consumer-rights groups on January 27 urged Congress to let the FCC rules stand. The rules require consumers to opt in before a broadband provider can sell their web-browsing and other information to advertisers and other third parties, and they require that users be notified when user data is breached by hackers. Wow, time to put a permanent VPN at the house!
  5. Practical collision attack against SHA-1 , (Thu, Feb 23rd) - Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.
  6. Wide Range of New Security Technologies Debut at RSA Conference 2017
  7. Publicly Disclosed Windows Vulnerabilities Await Patches
  8. Java, Python FTP Injection Attacks Bypass Firewalls
  9. Marathon runners tracked data exposes phony time, cover-up attempt - An independent marathon-running investigator (yes, that's a thing) named Derek Murphy posted his elaborate analysis of Seo's scheme, and the findings revolved almost entirely around data derived from Seo's Garmin 235 fitness tracker.
  10. Malware Lets a Drone Steal Data by Watching a Computers Blinking LED - The researchers found that when their program read less than 4 kilobytes from the computer’s storage at a time, they could cause the hard drive’s LED indicator to blink for less than a fifth of a millisecond. They then tried using those rapid fire blinks to send messages to a variety of cameras and light sensors from an “infected” computer using a binary system of data encoding known as “on-off-keying,” or OOK.
  11. Gordon Ramsays father-in-law charged with hacking the chefs computer - It’s a long fall from grace for Hutcheson, who served as the CEO of Gordon Ramsay Holdings for many years. But back in October 2010, Ramsay fired his father-in-law, claiming that his computers had been hacked and that Hutcheson was behind the leaking of emails between Ramsay and his wife (who happens to be Hutcheson’s daughter).
  12. Are Slack Conversations Private? Popular Communications Platform May Not Be As Secure As You Think, Expert Says
  13. The 15 Biggest Threats Online, Ranked
  14. Researchers Offer Simple Scheme To Stop The Next Stuxnet
  15. Russian Military Admits Significant Cyber-War Effort
  16. Linux's Decade-Old Flaw: Major Distros Move To Patch Serious Kernel Bug
  17. Announcing The First SHA1 Collision
  18. How to Bury a Major Breach Notification

Joff's Stories

  1. ASLR Busting JavaScript
  2. TickleBleed

Jeff's Stories

  1. Cybersecurity from a Hacker's Perspective
  2. Watson will make Jeff a drink!