Episode536

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #536

Recorded November 9, 2017 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Interview: Amanda Berlin, NetWorks Group and Lee Brotherston, Wealthsimple - 6:00PM-7:00PM

    Amanda Berlin
    Sr. Security Analyst at NetWorks Group, Co-Host of Brakeing Down Security Podcast, IT professional for over 13 years.

    Amanda Berlin is a Sr. Security Analyst for a consulting firm in Southern Michigan. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. Amanda has been involved in implementing a secure Payment Card Industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance as well as building a comprehensive phishing and awards-based user education program.

    Amanda is an avid volunteer and has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, CircleCityCon, GrrCon, and DEFCON. She is the author for a Blue Team best practices book called "Defensive Security Handbook: Best Practices for Securing Infrastructure" through O'Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. While she doesn't have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quick to new technologies.

    Lee Brotherston
    Security Specialist at Wealthsimple, Information Security Specialist, security program initiation and management.

    Lee has worked within Information Security for over a decade. In that time he has held positions ranging from hands-on practitioner through to management with overall responsibility for Information Security in multiple organizations He has spoken on topics ranging from malware analysis to network security and surveillance.


    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Tech Segment: Sven Morgenroth, Netsparker - 7:00-7:30PM

    Sven Morgenroth
    Security Researcher at Netsparker, hacking ninja.

    Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Ex-NSA Director Says Companies Should Never Hack Back Because They Could Start Wars
    2. Marissa Mayer Subpoenaed To Testify Before Senate On Yahoo Breaches
    3. Mr. Robot eps3.4_runtime-err0r.r00 the security review
    4. Microsoft Provides Guidance on Mitigating DDE Attacks
    5. Eavesdropper Vulnerability Exposes Mobile Call, Text Data
    6. No jail time for botnet creator who promises to go straight
    7. Hackers hired for year-long DDoS attack against former employer
    8. Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies
    9. Hacking a Fingerprint Biometric
    10. Stealthy New PLC Hack Jumps the Air Gap
    11. Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

    Larry's Stories

    1. Backdoor in SATNAV systems...used by navy ships?
    2. Don't hack back
    3. When I test my cryptocurrency code, I do it in production with millions of "dollars" on the line
    4. An infused review of Ready Player One
    5. Hacking spirit, building illicit handmade computers in the 80's


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+