From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #553

Recorded March 29, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
    • Visit securityweekly.com/domaintools to register for our next webcast “Detecting Malicious Domains” hosted by myself and Keith Hoodlet. Tim Helming of DomainTools joins us to show you how to interpret each of the many data points related to a domain. @Wednesday, April 4th 3:00-4:00pm ET

    Interview: Rob Cheyne, SourceBoston - 6:00PM-6:45PM

    Rob Cheyne
    is the Executive Director of SOURCE Conference.

    Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur. He has 25 years of experience in the information technology field and has been working in information security since 1998. Rob has led information security training classes for over 25,000 people across many industry-leading global organizations, and consults regularly with Fortune 500 clients. Rob is the founder and CEO of Big Brain Security and the Executive Director of the SOURCE conferences. Previously, Rob was the co-founder and CEO of Safelight, a leading provider of information security education programs that was acquired by Security Innovation in July 2014. He was was also an early employee of @stake, a well-known pioneer in information security consulting. Rob was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he also worked on the code scanning technology that was eventually spun off as Veracode. Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations.

    Tech Segment: Cutting The Cord: The Ideal Home Network Setup - 6:45-7:45PM

    Nvidia Shield - https://www.amazon.com/gp/product/B01N1NT9Y6 ($179)

    Silicon Dust HD HomeRun Connect - https://www.amazon.com/gp/product/B00GY0UB54 ($66)

    Ubiquity AP UAP-AC-PRO-E Access Point - https://www.amazon.com/dp/B079DSW6XX ($131)

    Firewall - https://wiki.securityweekly.com/Episode471

    Alternative Firewall - https://www.amazon.com/original-Qotom-Q190G4-celeron-OpenElec-player/dp/B01AAKGRSS (https://wiki.securityweekly.com/Episode489)

    Firewall Software - OpnSense (https://opnsense.org/)

    Parental Control and Content Filtering - Circle by Disney: https://www.amazon.com/Circle-Disney-Parental-Controls-Connected/dp/B019RC1EI8 (Thank you Andrian Sanabria)

    Other nice to have:

    • Amazon Echo
    • Smartthings
    • Philips Hue
    • Sonos
    • Google Home

    Things to avoid:

    • Samsung (fridge, vacuum and the awful app)
    • Older Amazon FireTV sticks (too slow)
    • Apple products (too limiting)
    • MythTV - Too complicated to setup and maintain, resource hog

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext
    2. Cisco critical flaw: At least 8.5 million switches open to attack, so patch now | ZDNet
    3. Running Drupal? You need to patch, patch, patch right now!
    4. SAP HANA Pentesting. Part 1: Vulnerabilities history - Security Boulevard
    5. Dont Just Delete Facebook, Poison Your Data First
    6. Russian APT Compromised Cisco Router in Energy Sector Attacks
    7. Stay on top of the vulnerabilities you didn't know about | TechBeacon
    8. Windows 7 Meltdown patch opens worse vulnerability: Install March updates now | ZDNet
    9. One of the Biggest and Most Boring Cyberattacks Against an American City Yet
    10. Its not just elections: Russia hacked the US electric grid
    11. This tiny wearable knows what youve been eating, drinking, and smoking
    12. Atlanta Hit by Ransomware Attack Impacting Multiple Services

    Larry's Stories

    1. TOTAL Meltdown for Windows 7.
    2. Boeing hit by Wannacry, could delay/cripple aircraft production
    3. Drupal releases High Critical vulnerability
    4. Hotlanta ransomware attacks, leaked NSA exploits

    Keith's Stories

    0.) Cutting ‘Old Heads’ at IBM

    1.) The US military could begin drafting 40-year-old hackers

    2.) Yes, Cops Are Now Opening iPhones With Dead People's Fingerprints

    3.) Plattsburgh, New York bans Bitcoin mining

    4.) Breaking the Ledger Security Model

    5.) Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+