From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #566

Recorded June 28, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jason Wood
    Security consultant, penetration tester, sysadmin, and Founder of Paladin Security.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

    Interview: Tom Brennan, Proactive Risk & Gary Berman, Cyberman Security - 6:00PM-6:45PM

    Tom Brennan
    is the Founder of Proactive Risk.
    Tom Brennan is the Founder of Proactive Risk with two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation. He also founded the New Jersey Chapter and grew the New York City as President for (13) Years.

    Today Tom is associated with CREST International as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.

    Gary is the CEO of Cyberman Security and refers to himself as, “the most reluctant cyber security person in the world” given that his 25-year career has been as a thought leader in marketing communications in general and in market segmentation in particular. Until recently, he knew very little about technology and even less about cyber security, but everything about the devastating effects of being the CEO of a company that was victimized by a persistent series of insider attacks.

    Reference: https://engineering.nyu.edu/news/17-startups-join-nyu-tandons-veterans-future-lab-apex-program

    Technical Segment: Joff Thyer: Fun with Android APK's - 6:45-7:45PM

    Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platform.

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Terrible passwords outlawed in Microsofts new Azure tool
    2. OMG! I just received someone elses security camera footage!
    3. Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site
    4. Hilarious! Paid Jailbreak for Nintendo Switches Includes Anti-Piracy Code
    5. Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles
    6. There's No Automating Your Way Out of Security Hiring Woes
    7. Ticketmaster Suffers Security Breach Personal and Payment Data Stolen
    8. Stop Wiping Your Butt So Hard
    9. Toronto Cops in Big Trouble for Eating Weed Edibles, Calling Backup on Themselves
    10. New Windows 10 vulnerability bypasses OS defenses, says security researcher
    11. WiFi's tougher WPA3 security is ready

    Joff's Stories

    Jason's Stories

    1. Plant Your Flag, Mark Your Territory
    2. Windows 10 security can be bypassed by Settings page weakness
    3. Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data

    Kevin's Stories

    1. Exactis said to have exposed 340 million records, more than Equifax breach "We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked it, according to Wired"
    2. Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers "In a novel investigative strategy, rather than just following the money, investigators went undercover as someone converting Bitcoin into cash, exploiting a financial bottleneck faced by dark web criminals."
    3. Victory! Supreme Court Says Fourth Amendment Applies to Cell Phone Tracking "The Supreme Court handed down a landmark opinion today in Carpenter v. United States, ruling 5-4 that the Fourth Amendment protects cell phone location information."
    4. Use of Hard-coded Password, (Remote) Exposed Dangerous Method or Function in Medtronic MyCareLink Patient Monitor "The affected product contains a hard-coded operating system password...This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
    5. Subject: [gentoo-announce Gentoo Github Organization hacked.] "Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories...All Gentoo code hosted on github should for the moment be considered compromised."

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+