Episode530

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #530

Recorded September 14, 2017 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Interview: Ted Demopoulos, SANS Institute - 6:00PM-7:00PM

    Ted Demopoulos
    Senior SANS Institute instructor.

    Ted Demopoulos's first significant exposure to computers was in 1977 when he had unlimited access to his high school's PDP-11 and hacked at it incessantly. He consequently almost flunked out but learned he liked playing with computers a lot. His business pursuits began in college and have been continuous ever since. His background includes over 25 years of experience in information security and business, including 20+ years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other businesses. Ted is a frequent speaker at conferences and other events, quoted often by the press, the recipient of a Department of Defense Award of Excellence, and the author of the recent book Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far. In his spare time, he is also a food and wine geek, enjoys fly fishing and playing with his children.

    Five Questions

    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Tech Segment: What It Takes To Attack an ICS with Mike Assante, SANS Institute - 6:30-7:00PM

    Mike Assante
    Director of Critical Infrastructure and ICS for the SANS Institute.

    Michael Assante served as vice president and chief information security officer at American Electric Power, one of the United States’ largest electricity generators; he led the research team at Idaho National Laboratory that discovered the vulnerability of electric generators to destruction through remote cyber attacks; and he served as chief security officer at NERC, the international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. White House cyber security czars and intelligence and military agencies have relied on his counsel for more than 20 years, and Mike coauthored the authoritative summary of what actually happened in the cyber attacks against power utilities in Ukraine. To toughen defenses against attacks on industrial control systems, Mike co-led the international steering committee that defined critical skills, developed measurement tools to assess mastery of those skills and created the most widely respected industrial control systems security skills certification program. The GICSP is now used in 30 countries to ensure control systems engineers and IT security staff have the core skills needed for strengthening defenses against cyber attacks.

    Mike and the hosts discuss models with a focus on recent incidents, like Symantec’s Dragonfly 2.0.

    Security News - 7:00-8:00PM

    Paul's Stories

    1. Windows 10 to Give More Control Over App-level Permissions
    2. Adobe Fixes Eight Vulnerabilities in Flash, RoboHelp, Flash Player
    3. Microsoft Patches .NET Zero Day Vulnerability in September Update
    4. Thousands of Elasticsearch Servers Hijacked to Host PoS Malware
    5. Zerodium Offering $1M for Tor Browser Zero Days
    6. Linus Torvalds Wants Attackers to Join Linux Kernel Development
    7. Equifax Faces Legal Scrutiny in Wake of Data Breach
    8. DHS Bans Federal Agencies From Using Kaspersky Security Products
    9. Researchers Catch MS Zero Day Used To Install Govt Spyware
    10. Security Warning Over Hospital Syringe Pumps
    11. Apple's Facial Recognition Gets Cautious Mixed Reviews

    Jeff's Stories

    1. Equifax Breach...No Excuse
    2. 'South Park' Episode Triggers Viewers' Amazon Alexa and Google Home
    3. Love it or hate it, PSL is a thing

    Joff's Stories

    1. Equifax and Struts...