Episode514

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 514

Episode Audio

Recorded on May 18, 2017

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Announcements

    Interview: Joel Scambray, NCC Group- 6:00PM-7:00PM

    Joel Scambray @joelscam,Techinal Director at NCC group

    Joel is a Technical Director at NCC Group, a global expert in cyber security and risk mitigation formed in 1999. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, executive, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Cigital, Amazon, Costco, Softcard, and Ernst & Young. He has been a Senior Director at Microsoft Corporation, where he provided security leadership in Microsoft's online services and Windows divisions. He co-founded Consciere LLC and served as its Chief Executive Officer for 3 years. He also co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee in 2004. He has over 15 years of experience assisting companies ranging from newly minted startups to members of the Fortune 500 address information security challenges and opportunities. His background includes roles as an executive, technical consultant and entrepreneur. He is widely recognized as co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed Windows and Web Applications series. He is a Certified Information Systems Security Professional (CISSP). He holds a BS from the University of California at Davis, an MA from UCLA.

    Tech Segment: Disabling SMBv1 - 7:00-7:30PM

    • Do not disable SMBv2 or v3 (it beaks A LOT of stuff)
    • OS X and Samba do not require SMBv1 (if they do, they are likely old versions and should not be used anyhow)

    Windows 8 and Server 2012

    Set-SmbServerConfiguration -EnableSMB1Protocol $false

    Win 7, 2008 R2, VIsta, 2008

    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

    On the client

    Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012:

    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
    sc.exe config mrxsmb10 start= disabled

    Remove SMBv1 server

    Remove-WindowsFeature -Name FS-SMB1

    Client

    Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

    Restart!

    Resrouces

    dism /online /norestart /disable-feature /featurename:SMB1Protocol

    Security News - 7:30-8:30PM

    Paul's Stories

    1. WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program
    2. My Little CVE Bot, (Thu, May 18th)
    3. HP Inc wireless mouse can be spoofed
    4. Three home security systems found to be vulnerable if hackers were hiding in bushes
    5. Proposed PATCH Act forces US snoops to quit hoarding code exploits
    6. Windows XP PCs infected by WCry can be decrypted without paying ransom
    7. Companies That Patched Software Dodged WannaCry Ransomware
    8. WannaCry Ransomware Worm Risk Continues As Exploit Lands in Metasploit
    9. DDoS Attacks Are in Decline in Number and Size, Akamai Report Finds
    10. Cryptocurrency Botnet Used NSA Exploits Weeks Before WCry
    11. Stealing Voice Prints
    12. Disney Hack: Ransom Demanded For Stolen Film
    13. While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February
    14. WannaCry benefits from unlearned lessons of Slammer, Conficker Naked Security
    15. Two days after WCry worm, Microsoft decries exploit stockpiling by governments
    16. Op-ed: Its time for Google to take responsibility for Androids security updates
    17. Reverse Engineering Apple Location Services Protocol
    18. Github Dorks Github Security Scanning Tool

    Larry's Stories

    1. wanna cry made amateur mistakes?
    2. N, Korea’s cyber sleeper groups
    3. Shadowbrokers pissed about wannacry
    4. Xen guest to host escape
    5. Any half decent hacker could break into Mar-A-Lago - Time to rent a boat….

    Not Kevin's Stories

    1. Facebook Fined $122 Million for Misleading Europe on Privacy Risks of WhatsApp Merger
    2. Any Half-Decent Hacker Could Break Into Mar-a-Lago
    3. California Authorities Are Failing to Track and Prevent Abuse of Police Databases
    4. This Spy App Can See If You’ve Visited Whistleblowing Sites on the Dark Web
    5. FCC votes to dismantle net neutrality as critics cry 'war on open internet'