- 1 Paul's Security Weekly #572
- 2 Announcements
- 3 Interview: Tod Beardsley, Rapid7 - 6:00-6:45PM
- 4 Tech Segment: Sven Morgenroth, Netsparker - 6:45PM-7:45PM
- 5 Security News - 7:45PM-8:30PM
Paul's Security Weekly #572
Recorded August 23, 2018 at G-Unit Studios in Rhode Island!
- Make sure you register for our webcast with Javelin Networks entitled "How to Get Attackers to Contain Themselves", which will be airing on August 30th from 12 pm to 1pm EST. Go to securityweekly.com/javelin to sign up today!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
Interview: Tod Beardsley, Rapid7 - 6:00-6:45PMhttps://keybase.io/todb
https://opendata.rapid7.com/about/ <-- covers Sonar and Heisenberg, links can be followed from there.
https://www.rapid7.com/globalassets/_pdfs/research/rapid7-under-the-hoodie-2018-research-report.pdf <-- Under the Hoodie pentest report, I can yammer on that all day.
20/20/20 split, which will really be more like 40 sonar + heisenberg + national exposure (they all bleed into each other) and 20 on Under the Hoodie and pentesting stuff.
Tech Segment: Sven Morgenroth, Netsparker - 6:45PM-7:45PM
- explanation of the different data types, like strings, integers, etc. and what they are used for
- Show an example of PHP code, where in certain scenarios, 0 == 'apples' returns true in PHP.
- Sven will explain why as such happens and also show other similar comparison examples that might lead to security issues., like the one in this article.
- This is when the fun starts. He will give a technical demo and show how these issues can lead to authentication bypass or be used for hash algorithm disclosure.
Security News - 7:45PM-8:30PM
- Artificial whiskey is coming, and one company is betting youll drink up
- Internet of Things (IoT): Cheat sheet
- 14 Of The Best Sex Toys For Treating Yourself (And Also Your Partner)
- The Untold Story of NotPetya, the Most Devastating Cyberattack in History
- How doorbell cameras are creating dilemmas for police, neighborhoods
- Spyware Company Leaves Terabytes of Selfies, Text Messages, and Location Data Exposed Online
- New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
- Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data
- Google sued for tracking you, even when 'location history' is off | ZDNet
- New Mirai Variants Leverage Open Source Project
- 6 Reasons Security Awareness Programs Go Wrong
- ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
- Verizon Throttled CA Firefighters’ Internet Speeds Amid Blaze (They Were Out of Data)
- Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
- Study Shows Lax Security Leaves Ride-Sharing Apps Vulnerable to Attack
- Smart Kids Thermometer Coughs Up Digital Health Data to Hackers
- Malware Targeting Cash Machines Fetches Top Dollar on Dark Web
- Burp Suite 2.0 beta now available - And there is much rejoicing!
- Coffee delivery drone patented by IBM
- Facebook pulls its VPN from the iOS App Store after data-harvesting accusations
- Do we really need a CSO?
- The DNC False Alarm Hack Is Good Cybersecurity, Bad PR "The DNC thought it was getting hacked again, but it was just a false alarm set off by a security test. It's a sign that the organization is taking its cybersecurity seriously."
- Enumerating registered BlackHat attendees with the BCard API " I simply guessed that those values corresponded to the eventID and badgeID parameters by sending the request in Firefox. To my surprise, I was able to pull my attendee data completely unauthenticated over this API."
- Win! Landmark Seventh Circuit Decision Says Fourth Amendment Applies to Smart Meter Data "This is critical precedent. Last year, roughly 65 million smart meters had been installed in the United States in recent years, with 88% of them—over 57 million—in homes of American consumers; more than 40% of American households had a smart meter. Experts predict that number will reach about 80% by 2020. And law enforcement agencies are already trying to get access to data from energy companies without a warrant."
- NSA leaker who mailed doc outlining Russian hacking gets 5 years in prison "Reality was a dedicated public servant and veteran who made a poor decision."