From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #544

Recorded January 18, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Interview: Adam Gordon, ItPro.TV - 6:00PM-6:45PM

    Adam Gordon
    Entertainer at ITProTV.
    With over 30 years of experience as both an educator and IT professional, Adam holds numerous Professional IT Certifications including CISA, CISSP, MCSE, MCITP, CHFI, CEH, SCNA, VCP-Cloud, CompTIA Cloud Essentials and VCI. He has been an MCT since 1996, and is also a VTSP for Microsoft in the areas of Infrastructure, Messaging, Collaboration, Virtualization, Desktop, and Server. Adam holds his Bachelors Degree in International Relations and his Masters Degree in International Political Affairs from Florida International University.
    Adam currently enables customers to learn to leverage their portfolio of hardware, software, and services in order to maximize the success of their IT systems and processes. Working with complex technologies and solutions such as SharePoint, Lync, VMware, Enterprise Messaging, Directory Services, Citrix, and DRP/BCP, Adam is able to create a customized roadmap to allow the value of your IT infrastructure investments to be fully realized through industry best practices and sound architectural planning.
    Ahas a proven track record extending over 30 years in the IT industry. He has extensive experience in providing technical guidance and architecting solutions for major customers. Adam’s continual success is due to his breadth of knowledge, innovative approach and experience with the different aspects of the network computing environment. This includes application support, network integration and security. His diverse experience gives him the ability to support leading edge projects that meet client’s objectives while solving their business problems. Adam has held a number of positions during his career including CISO, CTO, Consultant, and Solutions Architect. He has been instrumental in implementing numerous projects resulting in increased customer satisfaction, productivity and cost reduction.
    Adam has worked on many large implementations involving multiple customer program teams for delivery. On any given day, Adam is interfacing with Fortune 500 companies around the world to help architect, configure, and implement a customized solution developed to fit the needs and requirements of that company.
    Adam has been invited to lead projects for companies such as Microsoft, Citrix, Lloyds Bank TSB, Campus Management, US Southern Command (SOUTHCOM), Amadeus, World Fuel Services, Baptist Health South Florida, Petrotrin, Office Depot, Burger King, Miami Dade Aviation Department (MDAD), Florida Power and Light (FPL), Seaboard Marine, the United Nations, Digicel, and (ISC)².
    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Interview: Rebekah Brown, Rapid7 - 6:45-7:45PM

    Rebekah Brown
    is the Threat Intelligence Lead at Rapid7.
    Rebekah Brown has spent more than a decade working in intelligence and information security; her previous roles include NSA network warfare analyst and Operations Chief of a United States Marine Corps cyber unit. She has helped develop threat intelligence and security awareness programs at the federal, state, and local level, as well as at a Fortune 500 company. Today, Rebekah leads the threat intelligence programs at Rapid7, where her responsibilities include programs architecture, management, analysis, and operations. She is the co-author of the book "Intelligence-Driven Incident Response", and co-author and instructor for the SANS Cyber Threat Intelligence course. Rebekah recently made the move from Portland, OR to Bellevue, Washington (although you'd never know from her Twitter handle) with her three kids and spends her free time hiking and hacking and reading Harry Potter. Today is her birthday.

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. BIND Comes Apart Thanks To Ancient Denial Of Service Vuln - The software, DNS, that runs the Internet suffers from the same crufty open-source vulnerabilities, just like all software. This code has been around forever, is it supposed to be more secure or less secure? Software does change over time, but no one is going back to look at the existing issues.
    2. Text Bomb Is Latest Apple Bug - I've heard about many different variantions of this attack, which calls into question Apple's code when handling text messages....I also believe many people believe that iOS is the more secure platform than other smartphone OSes, not so sure...
    3. Intel fix causes reboots and slowdowns
    4. YouTube raises subscriber, view threshold for Partner Program monetization - Big fear, you host with a provider for free, you help them make money, and they can drop you at any time. Booo.
    5. Potent Skygofree Malware Packs 'Never-Before-Seen' Features - Everyone says that security companies should know better, and not get hacked. But do security companies get paid to secure their own networks? No, they get paid to break into or secure other people’s companies…
    6. Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware - These are all vulnerabilities published last fall. Up your game on patching, and you will be okay, at least for this malware...

    Larry's Stories

    1. IOHIDeous, exploring IOS....the hard way?
    2. Your car may know about more about you than you think....
    3. Brickerbot, taking out your IoT one device at a time
    4. WiFi alliance announces WPA3 and updates to WPA2
    5. New processor based attacks....that are under embargo

    Jack's Stories

    Keith's Stories

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+