From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #558

Recorded May 3, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.

  • Announcements

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!

    Interview: Leonard Rose, Principal Security Architect at Limelight Networks - 6:00PM-6:45PM

    Leonard Rose
    Principal Security Architect at Limelight Networks.

    Convicted Hacker.

    Leonard Rose is a fellow hacker and UNIX geek who in 1991 was convicted of wire fraud. Once believed to be associated with the hacking group Legion Of Doom (which he was not), Leonard then went on to to become the founder of the Full Disclosure Mailing list and holds a position today as a Pricnipal Security Architect for a large provider.

    1. How did you get your start in information security?
    2. What is the Legion of Doom and how did it get started?
    3. Tell us about the Phrack article you wrote
    4. Who helped you along the way with your case?
    5. What was the focus early in your career after the conviction?
    6. Gotta ask, vi or emacs?
    7. Where do you work today and what is your role?
    8. What tools and/or techniques help you the most managing Linux systems?
    9. What do we need to do better to encourage more people to be in the security field?

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Firms running Cisco WebEx are told to update their software... again!
    2. Volkswagen Cars Open To Remote Hacking, Researchers Warn
    3. Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0
    4. Medical devices vulnerable to KRACK Wi-Fi attacks
    5. Facebook fires engineer accused of stalking women
    6. github-exposed-passwords-some-users
    7. Controversial biohacker is found dead
    8. Twitter: no big deal, but everyone needs to change their password
    9. No Computing Device Too Small For Cryptojacking

    Larry's Stories

    1. iLo ransomware
    2. it’s specifically the Rar decoder. Fixed 7z executable is out too. .7z files can use Rar compression, so you’re not safe just because you’re not decoding a .rar file with it. But you can check the compression type without decoding
    3. schneider electric vulns...by tenable
    4. pentesters guide to hashes

    Kevin's Stories

    1. Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata
    2. Amazon blocks domain fronting, threatens to shut down Signal’s account

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+