- 1 Paul's Security Weekly - Episode 510
- 2 Announcements
- 3 Tech Segment: Staying Secure at Hacker Conferences - Part 1 - 6:00-6:30PM
- 4 Security News - 6:30-7:30PM
- 5 Interview: Phil Zimmerman, Silent Circle 7:30pm-8:30pm
Paul's Security Weekly - Episode 510
Recording April 20, 2017
Tech Segment: Staying Secure at Hacker Conferences - Part 1 - 6:00-6:30PM
- Secure Your Phone - Disable Wifi, Bluetooth and NFC. Always use a passcode or swipe pattern to unlock your phone, and set the automatic lock time to 30 seconds or less. Your phone must also be encrypted.
- Never Give Your Phone To Anyone - Do not lose your phone and never give your phone to anyone else, ever. Never leave your phone unattended. Even at the bar, do not put it down and turn away to talk to someone.
- Laptops - Never leave your laptop unattended, passwords are required to login, and data must be encrypted. Never, ever, under any circumstances connect to Wifi or Bluetooth at a conference. Never, ever, ever, ever take a device (USB, bluetooth, SD Card, etc...) and put it in your laptop, ever.
- Disable Stuff - Wifi, Bluetooth, and any other wireless communication (except for 4G in certain conditions) must be disabled on all devices
- Internets - Only use 4G to connect to the Internet, and limit the use of logging in to sensitive systems (e.g. Social media is okay as long as 2-factor auth is in use, but Amazon and other services are a no go).
- Lies - Defcon is never cancelled.
- Demos - Never use your laptop for a demo or other such things inside the booth, or outside the booth.
- Authentication - Use two-factor authentication on all services that allow it.
- Disposable Gear - When in doubt, use a disposable phone and/or laptop with just a few accounts on it, then wipe it when you return to the conference.
- Losing Stuff - Do not leave anything of value unattended (Laptop, phone, wallet, license, two-factor auth token, laptop bag, etc...)
Security News - 6:30-7:30PM
- Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities
- Are we ready to bid the SIEM farewell?
- Flaws let attackers hijack multiple Linksys router models
- Code-sharing leads to widespread bug sharing that black-hats can track
- Microsoft turns two-factor authentication into one-factor by ditching password
- Chrome, Firefox, and Opera users beware: This isnt the apple.com you want
- Latest Shadow Brokers Windows Exploits Already Patched by Microsoft
- Misconfiguration of AWS Services by Users Exposes Cloud Security Risks
- 10 Vendors Working to Secure Containers From Modern Threats
- Malicious UDP Packets Can Remotely Root Linux
- The FBI Says It Can Finally Find Hackers Who Don't Smoke Weed
- The Antivirus Market's Nasty Fight Over Cylance
- Windows Bug Used To Spread Stuxnet World's Most Exploited
- Benign Worm Seeks Out Vulnerable Smart Devices
- Mystery of the malware that wasn’t
- Student for missiles?
- RCW in all versions of windows .NET
Interview: Phil Zimmerman, Silent Circle 7:30pm-8:30pm
Phil Zimmermann is the creator of Pretty Good Privacy (PGP), an email encryption software package. Originally designed as a human rights tool, PGP became the most widely used email encryption software in the world. Phil is also the Co-founder of Silent Circle, a provider of secure communications services, and is a partner at Mjolnir Ventures, a European venture fund specializing in cybersecurity. Before founding PGP Inc, Phil was a software engineer with more than 20 years of experience, specializing in cryptography and data security, data communications, and real-time embedded systems. His interest in the political side of cryptography grew out of his background in military policy issues.