From Paul's Security Weekly
Recorded December 13, 2018 at G-Unit Studios in Rhode Island!
- RSA Conference 2019 is the place to be for the latest in cybersecurity data, innovation and thought leadership. From March 4 – 8, San Francisco will come alive with cybersecurity’s brightest minds as they gather together to discuss the industry’s newest developments. Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
Interview: Ed Skoudis, Counter Hack Challenge & Kringle Con 2018 - 6:00-7:00PM
Tech Segment: Don Murdoch, Regent University Cyber Range - 7:00PM-7:30PM
Topic: Blue Team Handbook
- So Don – why another book? What was the genesis for this one?
- Whats been happening over the last few years, book wise?
- What makes this book different than the last one?
- Who does your illustrations?
- What’s the hardest part about writing a security focused book? About this one in particular?
- Who can use the book and how?
- Whats Next?
- Whats up with the last one – getting a little long in the tooth?
- How do you use these at work?
- Any success stories (Yep, I have a few).
Security News - 7:30 - 8:30PM
- Taylor Swift Used Facial Recognition to Thwart Stalkers - According to Rolling Stone, a facial-recognition camera was hidden inside a kiosk playing clips of Swift from rehearsals. As fans approached the kiosk to watch, the camera would stealthily snap their photo. Those images were then compared to a database of Swift's known stalkers."Despite the obvious privacy concerns—for starters, who owns those pictures of concertgoers and how long can they be kept on file?—the use of facial-recognition technology is on the rise at stadiums and arenas," the report notes. Ticketmaster, for instance, recently invested in Austin, Texas-based facial recognition startup Blink Identity, which says its technology can identify 60 people a minute walking at full speed past a sensor, meaning paper and digital tickets may soon be a thing of the past. The same tech can be used throughout a venue to allow concertgoers to purchase drinks, snacks, and merchandise.
- Unlocking Android phones with a 3D-printed head - Rather worryingly (if someone has managed to make a 3D-printed version of your head), all four Android phones were duped into thinking they were looking at the real Tom. Only the iPhone X wasn’t duped. It’s certainly impressive to see Apple’s iPhone X not be tricked by Thomas Brewster’s fake head, and it may surprise owners of Android smartphones who have had at best mixed experiences with facial recognition.
- New Australian Backdoor Law
- Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command - Oops: The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS. The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX. Where, INT_MAX is a constant in computer programming that defines what maximum value an integer variable can store, which equals to 2147483647 (in hexadecimal 0x7FFFFFFF). So it means, if you create a user account on affected Linux systems with any UID greater than INT_MAX value, the PolicyKit component will allow you to execute any systemctl command successfully.
- Humble Bundle Breach Could Be First Step In Wider Attack
- OpSec Mistake Brings Down Network Of Dark Web Money Counterfeiter - Encrypt everything: A source knowledgeable of the case's details told ZDNet today that the suspect had failed to protect his operation's business transactions with proper encryption. While the suspect used cryptocurrency to receive payments, he still kept a list of mailing addresses where he sent packages containing the counterfeit banknotes.
- It's December Of 2018 And, To Hell With It, Just Patch Your Stuff - The gift that keeps giving, vulnerabilities: Microsoft, Adobe, and SAP are finishing up the year with a flurry of activity, combining to patch more than 140 CVE-listed security flaws between them.
- Ethical Hacking Growing In Popularity At Data Breaches Increase
- UK Whitehats Blacklisted By Cisco Talos
- Worst password offenders of 2018 exposed
- Education Gets an 'F' for Cybersecurity
- Grammarly Launches Public Bug Bounty Program
- WordPress Releases Security Update