From Paul's Security Weekly
Paul's Security Weekly #569
Recorded July 26, 2018 at G-Unit Studios in Rhode Island!
- We just released our 2018 Listener Survey; Please go to securityweekly.com/survey to help us continue to provide you with quality content that doesn't break the build.
- Come to our Pool Cabana @ Black Hat and Def Con to pick up a free copy of "Cyber Hero Adventures". Here you will be able to get the comic book signed by Gary Berman.
Interview: Dean Coclin, DigiCert - 6:00PM-6:45PM
Interview: Chris Dale, Netsecurity - 6:45-7:45PM
Chris is passionate about security -- both physical and in IT, and regularly presents and teaches at conferences and workshops. Chris holds the GCIH, GPEN, GSLC, and GMOB certifications. He also has a B.S in Informatics, with specialization in programming from Norwegian University of Science and Technology. He participates in panel debates and is invited to participate in Government related working groups, to recommend and improve the Norwegian private and public sectors.
Currently Chris teaches two SANS courses- MGT535: Incident Response Team Management and SEC504: Hacking Techniques, Exploits & Incident Handling. SEC504 prepares students for the GIAC Certification in Incident Handling (GCIH).
Security News - 7:45PM-8:30PM
- Cosco at a lossco over ransomware tossco
- Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops
- Skills That a Next-Level Pentester Should Have
- Serial Killer Electrocutes Himself in Jail Cell Sex Act
- Would a bill banning bots do more harm than good?
- From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'
- Titan Security Keys Google launches its own USB-based FIDO U2F Keys
- Apache vulnerabilities spotted in OpenWhisk and Tomcat
- Want a $200k TIP? ZDI sticks bounties on bugs in big-name server code
- Malware targeting cash machines fetches top dollar on dark web
- Tenable Prices IPO, Raises $250 Million
- Bugs in Samsung IoT Hub Leave Smart Home Open To Attack
- 5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
- BLE Crypto could allow for interception and decryption of BLE traffic. My favorite sum up from Josh Wright:
SIG Engineer 1: Hey, uhh, do you think it's important to validate the public key during pairing that establishes the foundational cryptographic principles that protect all subsequent authentication and traffic over the BLE connection?
SIG Engineer 2: Hmm... Nah. Let's leave it up to the OEM to decide.
SIG Engineer 1: Cool. Wanna get a donut?
- Russian hackers invade power plants by the hundreds - please allow me to rant on this one.
- OSCP exams to be proctored by webcams - Video sent to the Philippines (Cryptonomicon anyone?) 24/7 Also they have "dress code standards". How dare they repress my right to Hack Naked!
- GhostPack, A collection of security tools, primarily in C# #Spy or Uber driver? - good reasons to maintain OPSEC...