Episode510

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 510

Episode Audio

Recording April 20, 2017

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.

Announcements

Tech Segment: Staying Secure at Hacker Conferences - Part 1 - 6:00-6:30PM

  1. Secure Your Phone - Disable Wifi, Bluetooth and NFC. Always use a passcode or swipe pattern to unlock your phone, and set the automatic lock time to 30 seconds or less. Your phone must also be encrypted.
  2. Never Give Your Phone To Anyone - Do not lose your phone and never give your phone to anyone else, ever. Never leave your phone unattended. Even at the bar, do not put it down and turn away to talk to someone.
  3. Laptops - Never leave your laptop unattended, passwords are required to login, and data must be encrypted. Never, ever, under any circumstances connect to Wifi or Bluetooth at a conference. Never, ever, ever, ever take a device (USB, bluetooth, SD Card, etc...) and put it in your laptop, ever.
  4. Disable Stuff - Wifi, Bluetooth, and any other wireless communication (except for 4G in certain conditions) must be disabled on all devices
  5. Internets - Only use 4G to connect to the Internet, and limit the use of logging in to sensitive systems (e.g. Social media is okay as long as 2-factor auth is in use, but Amazon and other services are a no go).
  6. Lies - Defcon is never cancelled.
  7. Demos - Never use your laptop for a demo or other such things inside the booth, or outside the booth.
  8. Authentication - Use two-factor authentication on all services that allow it.
  9. Disposable Gear - When in doubt, use a disposable phone and/or laptop with just a few accounts on it, then wipe it when you return to the conference.
  10. Losing Stuff - Do not leave anything of value unattended (Laptop, phone, wallet, license, two-factor auth token, laptop bag, etc...)

Security News - 6:30-7:30PM

Paul's Stories

  1. Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities
  2. Are we ready to bid the SIEM farewell?
  3. Flaws let attackers hijack multiple Linksys router models
  4. Code-sharing leads to widespread bug sharing that black-hats can track
  5. Microsoft turns two-factor authentication into one-factor by ditching password
  6. Chrome, Firefox, and Opera users beware: This isnt the apple.com you want
  7. Latest Shadow Brokers Windows Exploits Already Patched by Microsoft
  8. Misconfiguration of AWS Services by Users Exposes Cloud Security Risks
  9. 10 Vendors Working to Secure Containers From Modern Threats
  10. Malicious UDP Packets Can Remotely Root Linux
  11. The FBI Says It Can Finally Find Hackers Who Don't Smoke Weed
  12. The Antivirus Market's Nasty Fight Over Cylance
  13. Windows Bug Used To Spread Stuxnet World's Most Exploited
  14. Benign Worm Seeks Out Vulnerable Smart Devices

Larry's Stories

  1. Mystery of the malware that wasn’t
  2. Student for missiles?
  3. Shadowbrokers?
  4. RCW in all versions of windows .NET

Joff's Stories

Carlos's Stories

Interview: Phil Zimmerman, Silent Circle 7:30pm-8:30pm

Phil Zimmerman Founder of Pretty Good Privacy [1]

Phil Zimmermann is the creator of Pretty Good Privacy (PGP), an email encryption software package. Originally designed as a human rights tool, PGP became the most widely used email encryption software in the world. Phil is also the Co-founder of Silent Circle, a provider of secure communications services, and is a partner at Mjolnir Ventures, a European venture fund specializing in cybersecurity. Before founding PGP Inc, Phil was a software engineer with more than 20 years of experience, specializing in cryptography and data security, data communications, and real-time embedded systems. His interest in the political side of cryptography grew out of his background in military policy issues.