Changes

From Security Weekly Wiki
Jump to navigationJump to search
4,274 bytes added ,  17:58, 13 May 2019
no edit summary
==Episode Audio==
<!-- <div align="center">
{{#widget:SoundCloud
|id=496965687618656553
|width=75%
|height=100
|visual=false
}}
</div> -->
=== Hosts ===
{{Template:Larry}}
{{Template:Jeff}}
{{Template:Joff}}
{{Template:LeeNeely}}
= Interview: Lesley Carhart, Dragos Inc. - 6:00-6:30PM =
[[File:LesleyCarhart.jpg|right|250px|thumb|<center>'''[https://twitter.com/hacks4pancakes Lesley Carhart]'''is the Principal Threat Analyst at [https://dragos.com/ Dragos Inc.]]</center>]] Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Some people, certification companies, and awards presenters think she might be pretty okay at it. In her free time, she fights (willing?) people with knives, and answers people’s infosec questions on Twitter instead of sleeping. Her goal in 2019 is to earn enough exp to become a level 14 rogue.<!--<center>{{#ev:youtube|WJAiTXAvtRQKRUKpPl841I}}</center>-->
<br>
* What has it been like moving from IT security to OT security?
* Do you find it difficult to earn the trust of OT folks in ICS? If you haven't walked a mile in their shoes, they tend to find people who have and trust them much more.
* DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?
* What are some common misconceptions that we can dispell about ICS security:
** The state of ICS security - is it totally horrible and like hacking in the 90s all over again?
** Why are there so many security issues in ICS? We are defending critical infrastructure, yet most financial organizations are light years ahead on the security front? True?
** How are the ICS industries dealing with the problems? Which industries are making the most progress? Which ones are making little progress?
** Why are so many legacy systems in use in ICS?
** Legislation will solve all of our problems, right?
** What ICS threats really keep you awake at night?
* Tell us about your crazy smart apartment antics
= Interview: Chris Sanders, Applied Network Defense & Rural Technology Fund - 6:30 - 7:30PM =
[[File:ChrisSanders.jpg|right|250px|thumb|<center>'''[https://twitter.com/LogRhythm Chris Sanders]'''<br>is the Founder of [https://chrissanders.org/about/ Applied Network Defense & Rural Technology Fund].</center>]] Chris Sanders is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. He is the author of Applied Network Security Monitoring and Practical Packet Analysis. You can connect with Chris on his blog at http://www.chrissanders.org or on Twitter @chrissanders88.<br><br>Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense at http://www.appliednetworkdefense.com and the RTF at http://www.ruraltechfund.org. <center>{{#ev:youtube|eHGJnGJwfWM}}</center>
<br><br>
 
# How did you get your start in information security?
# What prompted you to be a leader and a teacher in our field?
# Why did you set out to author "Applied Network Security Monitoring and Practical Packet Analysis"?
# With security shifting to applications, users and data, how important is network security when users are mobile? Apps are in the cloud? Data is accessed from all over?
# What network security concepts do you believe will carry forward into the future for years to come?
# I just have to know the story behind the free course on the Cuckoos Egg.
# What does Applied Network Security do? How many people? When did it start?
# What other courses do you offer? Do you teach them all?
# What is the most popular course and why?
# Tell us about the Rural Technology fund, what is its mission and how did it start?
# Is data destruction on old hardware an issue preventing companies from donating hardware?
# Is this a global or regional effort?
# How can the community get involved?
= Security News - 7:30PM-8:30PM =
 <!-- <center>{{#ev:youtube|iPHM80z9D9kEvyhDKGz5kc}}</center>-->
== Paul's Stories ==
== Larry's Stories ==
#[https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/ Tenants win rights to have physical keys over smart locks]
#[https://www.scmagazine.com/home/security-news/lightneuron-backdoor-receives-secret-commands-via-microsoft-exchange-email-servers-russian-link-suspected/ backdoor getting commands from exchange]
#[https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies Russians compromise three major AV companies]
#[https://www.cnet.com/news/ever-app-reportedly-trained-facial-recognition-tech-on-users-photos-without-telling-them/ Ever, a photo storage and backup app, reportedly used millions of images uploaded to the service to train a commercial facial recognition system that it offers to law enforcement and private companies. The problem, according to NBC News, Ever didn't disclose this to its app users.]
#[https://www.scmagazine.com/home/security-news/hackers-hold-275m-records-on-indian-citizens-for-ransom-after-removing-them-from-open-database/ One week after a researcher revealed a publicly configured database exposing more than 275 million sensitive records on Indian citizens, a hacking group removed that data and replaced it with an apparent ransom note.]
== Jeff's Stories ==
#[https://techcrunch.com/2019/05/07/freedom-mobile-data-leak/ Freedom Mobile Server Leak Exposed Customer Data] Log files, that explains it. But why were they passed to a third party?
#[https://www.itworldcanada.com/article/no-reason-to-ship-credit-card-data-to-third-parties-says-former-freedom-mobile-ciso/417823 No Reason to Ship Credit Card Data to Third Parties, Says Former Freedom Mobile CISO] So much wrong with what is described here - and all fingers point to Freedom Mobile not the third party
#[https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/ “RobbinHood” ransomware takes down Baltimore City government network]
== Lee's Stories ==
#[https://devblogs.microsoft.com/commandline/announcing-wsl-2/ Microsoft WSL 2 Announced] WLS 2 will include a Linux kernel, with better integration. Still includes Debian package manager.
#[https://www.theatlantic.com/science/archive/2019/04/looping-created-insulin-pump-underground-market/588091/ Discontinued Insulin pump with security flaw in high demand] Users are hacking old Insulin pumps, using OpenAPS, to provide looping of insulin for better quality of life.
 
== Johnny's Stories ==
#[https://threatpost.com/airbnb-hidden-camera-bedroom/144508/ Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera] The article states: "The unfortunate guest told local news outlets that she worked in information security, and so was more vigilant than the average person when it came to always checking her hotel rooms for signs of surveillance devices. After inspecting and unscrewing the router, the guest found that there was a digital memory card inside." - Honestly, amazing discovery of a hidden camera. Who would think to look inside the router, finding a hidden cam, and then finding out the AirBnB host was filming people in the bedroom since March 19'. Hats off, and check your s#&*!!
 
<br><br>
1,061

edits

Navigation menu