Episode551

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #551

Recorded March 15, 2018 at G-Unit Studios in Rhode Island!


Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
    • Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!

    Interview: Patrick Laverty, Rapid7 - 6:00-6:45PM

    Patrick Laverty
    is a Pentester for Rapid7.
    Patrick is a pentester for Rapid7, has done SIRT work for Akamai and was a web application developer at Brown University. Patrick got his start in security as an intern for Security Weekly in 2013! He has been helping to organize conferences since he and Paul put on the first ever (and maybe last ever) BSides Rhode Island, which smashed box office records! Since then, he has been a part of the BSides Boston organizing team and decided to venture off on his own to create Social Engineering RI with Lea Snyder.



    Security News - 6:45PM-7:45PM

    Paul's Stories

    1. [remote MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution]
    2. What John Oliver gets wrong about Bitcoin
    3. Memcrashed Memcached DDoS Exploit Tool
    4. Flash, Windows Users: Its Time to Patch
    5. Pwn2Own 2018 Hackers Earn $162K for Safari, Edge, VirtualBox Exploit
    6. Microsoft Starts Buying Speculative Execution Exploits
    7. Linus Torvalds slams CTS Labs over AMD vulnerability report
    8. Pre-Installed Malware Found On 5 Million Popular Android Phones
    9. Hyperbole Swirls Around AMD Processor Security Threat
    10. VMware Releases Security Updates
    11. Now we know why Siri was so dumb for so long
    12. Newly discovered router malware is a masterpiece
    13. This Is What Happens When Bitcoin Miners Take Over Your Town

    Larry's Stories

    1. Saudi Hacks were intended to be deadly

    Jeff's Stories


    Interview: Dick Wilkins, Phoenix Technologies - 7:45PM-8:30PM

    Dick Wilkins
    Principal Technology Liaison for Phoenix Technologies.
    Richard ‘Dick’ Wilkins is an Associate Professor of Computer Science at Thomas College in central Maine and is Principal Technology Liaison for Phoenix Technologies, a USA based system boot firmware development company. He is active in several international standards bodies (TCG, UEFI, PCI-SIG, DMTF, ACPI, and others) and sits on the board of the Unified Extensible Firmware Interface (UEFI) Forum. He is a leader in the Institute for Electrical and Electronic Engineers (IEEE) and in their Computer Society and is active in the Association for Computing Machinery (ACM) and Project Management Institute (PMI). He has over 30 years’ industry experience in roles from software engineer to director of engineering at companies including Hewlett-Packard, Microsoft, Amazon, Digital Equipment Corp. and others.

    Professor Wilkins travels extensively to Taiwan, Japan and around the USA to deliver presentations on Cyber Security of computing systems and consults with several multinational companies.



    Dick Questions:

    • What are some of the security implications for UEFI?
    • Why do some people seemed to be freaked out about the security of UEFI?
    • Isn't it a good thing to have a platform that can be easily updated?
    • What is your experience with bootloaders on embedded systems?
    • Why don't more embedded systems use UEFI?
    • What is the UEFI forum?
    • What are the goals of the UEFI forum?
    • What are some of the really cool implementations of UEFI?
    • What's next for UEFI?
    • What would a replacement for UEFI look like in the future?


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+