From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #569

Recorded July 26, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    • We just released our 2018 Listener Survey; Please go to securityweekly.com/survey to help us continue to provide you with quality content that doesn't break the build.
    • Come to our Pool Cabana @ Black Hat and Def Con to pick up a free copy of "Cyber Hero Adventures". Here you will be able to get the comic book signed by Gary Berman.

    Interview: Dean Coclin, DigiCert - 6:00PM-6:45PM

    Dean Coclin
    is the Senior Director of Business Development at DigiCert.
    Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. In his role at DigiCert, he's responsible for representing the company in industry consortia and driving the company's strategic alliances with technology partners. He's the past chair of the CA/Browser Forum and the current co-chair of the CA Security Council.

    Interview: Chris Dale, Netsecurity - 6:45-7:45PM

    Chris Dale
    is the Head of the Penetration Testing & Incident Handling at Netsecurity.
    Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management. This broad experience in IT is advantageous when managing penetration tests, incidents and while teaching.

    Chris is passionate about security -- both physical and in IT, and regularly presents and teaches at conferences and workshops. Chris holds the GCIH, GPEN, GSLC, and GMOB certifications. He also has a B.S in Informatics, with specialization in programming from Norwegian University of Science and Technology. He participates in panel debates and is invited to participate in Government related working groups, to recommend and improve the Norwegian private and public sectors.

    Currently Chris teaches two SANS courses- MGT535: Incident Response Team Management and SEC504: Hacking Techniques, Exploits & Incident Handling. SEC504 prepares students for the GIAC Certification in Incident Handling (GCIH).

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Cosco at a lossco over ransomware tossco
    2. Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops
    3. Skills That a Next-Level Pentester Should Have
    4. Serial Killer Electrocutes Himself in Jail Cell Sex Act
    5. Would a bill banning bots do more harm than good?
    6. From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'
    7. Titan Security Keys Google launches its own USB-based FIDO U2F Keys
    8. Apache vulnerabilities spotted in OpenWhisk and Tomcat
    9. Want a $200k TIP? ZDI sticks bounties on bugs in big-name server code
    10. Malware targeting cash machines fetches top dollar on dark web
    11. Tenable Prices IPO, Raises $250 Million
    12. Bugs in Samsung IoT Hub Leave Smart Home Open To Attack
    13. 5 Ways Small Security Teams Can Defend Like Fortune 500 Companies

    Larry's Stories

    1. BLE Crypto could allow for interception and decryption of BLE traffic. My favorite sum up from Josh Wright:
    SIG Engineer 1: Hey, uhh, do you think it's important to validate the public key during pairing that establishes the foundational cryptographic principles that protect all subsequent authentication and traffic over 
    the BLE connection? 
    SIG Engineer 2: Hmm... Nah. Let's leave it up to the OEM to decide.
    SIG Engineer 1: Cool. Wanna get a donut?
    1. Russian hackers invade power plants by the hundreds - please allow me to rant on this one.
    2. OSCP exams to be proctored by webcams - Video sent to the Philippines (Cryptonomicon anyone?) 24/7 Also they have "dress code standards". How dare they repress my right to Hack Naked!
    3. GhostPack, A collection of security tools, primarily in C# #Spy or Uber driver? - good reasons to maintain OPSEC...

    Jeff's Stories

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+