Episode529

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #529

Recorded September 7, 2017 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Interview: Michele Jordan, Under the Oak Consulting - 6:00PM-7:00PM

    Michele Jordan
    Founder and principal consultant of Under the Oak Consulting.

    Michele Jordan has worked in IT and network security for over 35 years, starting with X.25 networks and migrating to today’s Internet. She currently runs Under the Oak Consulting in North Carolina and works with Computer Network Defence, LTD in Bath, England. In her work with CND, Michele has been the researcher responsible for the regular updating of the Computer Network Defence Cyber Threat Intelligence page, affectionately known as the Radar Page, for the last 10 years.

    1. How did you get your start in information security?
    2. What do you recommend folks do who want to break into the field of information security?
    3. What was it like making the transition from working for a company to being a consultant?
    4. What are some of you most rewarding security consultant gigs and why?
    5. What are some of the most common issues facing your customers today?
    6. What is the Radar Page?
    7. Why did you create the Radar Page? Who is the audience and what problems does it solve?
    8. Why did you choose to put the information on this page?
    9. How did you choose the information on this page and validate it?
    10. What are some of the best use cases for this page?
    11. Where can people find it?

    Five Questions

    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Tech Segment: Mobile Application Assessment with Chris Crowley, SANS Institute - 6:30-7:00PM

    Chris Crowley
    SANS Institute Instructor and independent consultant.

    Chris Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

    Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

    Mr. Crowley spends his spare time mountain biking, rock climbing, and savoring epicurean treats.

    Security News - 7:00-8:00PM

    Paul's Stories

    1. Fixing, upgrading and patching IoT devices can be a real nightmare
    2. Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
    3. Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound
    4. Wikileaks Unveils Project Protego: CIA's Secret Missile Control System
    5. ShadowBrokers Return With The Release Of UNITEDRAKE Exploit
    6. Facebook Uncovers Russian-Funded Misinformation Campaign
    7. How to Implement a Solid Identity and Access Management Strategy
    8. Victims of Payment Card Breaches Not Fully PCI DSS Compliant
    9. 10% of Ransomware Attacks on SMBs Targeted IoT Devices
    10. 10 Essential Bug Bounty Programs of 2017
    11. Linux 4.13 Kernel Launches With Accelerated Security Feature
    12. Trend Micro Offering $500K in Security Awards at Mobile Pwn2Own 2017
    13. Where are the Actionable Defense talks?

    Jeff's Stories

    1. Equifax Reports Data Breach Possibly Affecting 143 Million U.S. Consumers
    2. Cybersecurity is simply a matter of all of us speaking the same language
    3. Purdue #1 ranking for Cybersecurity Studies
    4. Hurricane Irma Impacts the North America PCI Community Meeting
    5. Equifax Executives Sold Stock Before Breach Announcement