From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 515

Episode Audio

Recorded on May 25, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Jack Daniel
    Works for Tenable Network Security and Co-Founder of Security BSides.
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Announcements

    Interview: Dr. Branden Williams - 6:00PM-7:00PM

    Dr. Branden R. Williams has twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. Branden has world for well known Information Security companies as well as founded two. He’s an author, blogger, pilot, and lover of bourbon. In his spare time, you will find him flying airplanes, chasing storms, or manning a barbecue pit.

    • Research: I gave an RSA talk on some research I published last year about how consumers don’t care/recognize breaches. The talk was about security as a business enabler (meaning, stop wielding the stick but give in to the carrot). Could be interesting.
    • Research” I recently did on how much money the PCI Council pulls in for revenue/fees every year.
    • General Topics I’m passionate about: IoT Security and the economics of who should pay for this, CISO Issues, Endpoint security, Security Strategy, DLP, the Business of Security.

    you can read Branden's book here: https://www.brandenwilliams.com/home/media view his blog here: http://blog.brandenwilliams.com/ View his GitHub here: http://blog.brandenwilliams.com/

    Tech Segment: How Compromise Happens: Active Directory is Vulnerable with Almog Ohayon, Javelin Networks - 7:00-7:30PM

    Almog Ohayon,@md5session,Co- Founder of Javeling NEtworks

    Almog is a Network & Security Architect who served in the Israeli Air Force as part of the OFEK unit. Afterwards, in the private sector was a leader in companies like Cisco and Orange Telecom. He has designed and implemented hundreds of secured infrastructure networks all over the world.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Gravityscan, keeping WordPress sites safe
    2. Police swoop on gang that planted banking Trojan on 1m phones
    3. Ransomware and the Internet of Things
    4. Keybase Extension Brings End-to-End Encrypted Chat To Twitter, Reddit, GitHub
    5. A wormable code-execution bug has lurked in Samba for 7 years. Patch now!
    6. Top 10 Tips on How to Avoid Damage From Insider Threats
    7. Twitter Flaw Allowed You To Tweet From Any Account
    8. The Man Who Made The Mistake Of Trying To Help Wikileaks
    9. Latest Cb Defense UX Features Intuitive Design, Easy Access to Answers - Carbon Black
    10. CrowdStrike Raises $100M to Advance Internet Security
    11. How to Become Insanely Well-Connected | First Round Review
    12. IoTruth: IoT is Just a Consumer Issue - ForeScout

    Larry's Stories

    1. Pwning VLC (and others) with subtitle tracks
    2. WiFi to see through walls - We’ve covered this before, but it has reared it’s head again. Not practical.
    3. ALL IT jobs are security jobs - Security is everyone’s responsibility…I seem to remember hearing that before. What is old is new again.
    4. SambaCry - RCE in Samba that’s been there for a loooong time.

    Jeff's Stories

    Jack's Stories

    1. Dodged a bullet and stepped in front of another one. Patching wannacry has broken Cairns Hospital's electronic patient records system.