From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #531

Recorded September 28, 2017 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Interview: Jim Nitterauer, AppRiver - 6:00PM-7:00PM

    Jim Nitterauer
    Senior Security Specialist at AppRiver.

    Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS and SecureTide global SPAM and Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He presents regularly at local regional and national conferences. He writes regularly for the AppRiver blog, Tripwire and Peerlyst. He is also well-versed in ethical hacking and penetration testing techniques, has joined the staff of BSides Las Vegas and has been involved in technology for more than 20 years.

    Five Questions

    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Interview: Ed Skoudis, CounterHack - 6:30-7:00PM

    Ed Skoudis
    SANS Fellow and Founder of CounterHack.

    Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost. Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.

    Security News - 7:00-8:00PM

    Paul's Stories

    1. Worried by PGP private key exposure stories? You dont have to with contemporary Identity-Based Encryption.
    2. Broadening HSTS to secure more of the Web
    3. Signal taps up Intel's SGX to (hopefully) stop contacts falling into hackers, cops' hands
    4. Cardiac Scan Authentication Your Heart As Your Password
    5. 2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw
    6. Dark-Web Drug Dealer Arrested After He Travelled US for World Beard Championships
    7. Internet Explorer bug can reveal the contents of your address bar
    8. Woman says hacker spied on her through the baby monitor
    9. Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
    10. If Bill Gates really thinks ctrl-alt-del was a mistake, he should have fixed it himself
    11. Remote Wi-Fi Attack Backdoors iPhone 7

    Larry's Stories

    1. and that's how you get pwned. Looks like we need to do an OPSEC for GitHub users class...
    2. According to Norton, Vatican City has the highest bonnet count per capita
    3. High Sierra OS X keychain issues. - Apparently this affects older OSes too, and may be some interesting FUD. Watch as the story unfolds]
    4. BlueBorne - 7 bluetooth 0-days - FUUUUUUUU
    5. Part 95 Personal radio rules change
    6. In case you missed it: #TrevorForget

    Jeff's Stories

    1. Remembering Trevor the Roach #Trevorforget
    2. Et tu, Deloitte???
    3. Is Society Becoming Desensitized to the loss of Personal Data?