Difference between revisions of "ASW Episode62"

From Security Weekly Wiki
Jump to navigationJump to search
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
''Recorded May 20, 2019 at G-Unit Studios in Rhode Island!''
 
''Recorded May 20, 2019 at G-Unit Studios in Rhode Island!''
 +
 +
== Episode Audio ==
 +
<div align="center">
 +
{{#widget:SoundCloud
 +
|id=624074808
 +
|width=75%
 +
|height=100
 +
|color=343e8a
 +
|visual=false
 +
}}
 +
</div>
  
 
==Hosts==
 
==Hosts==
Line 7: Line 18:
  
 
== Announcements ==
 
== Announcements ==
* John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019.  Please register here!  Register Now @ [https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124].<br>
+
{{Template:Announcements}}
*We just released our 2019 Security Weekly 25 Index Survey. Please go to [https://securityweekly.com securityweekly.com] and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
 
  
 
= Interview: Cody Wood, [https://securityweekly.com/signalsciences Signal Sciences] =
 
= Interview: Cody Wood, [https://securityweekly.com/signalsciences Signal Sciences] =
[[File:CodyWood.jpg|right|220px|thumb|<center>'''[https://www.twitter.com/sprkyco Cody Wood]'''<br> is the AppSec Product Support Engineer at [https://securityweekly.com/signalsciences Signal Sciences].</center>]] JDirt miner turned application security fanatic. Often straddling multiple departments and roles, the appsec bug bit Cody in Houston, TX at the Threat Research Center working for Whitehat Security. Cody has also worked for brief periods in both builder and breaker roles. At Signal Sciences, he currently focuses on researching and expanding Signal Sciences' vulnerability specific rules coverage.
+
[[File:CodyWood.jpg|right|220px|thumb|<center>'''[https://www.twitter.com/sprkyco Cody Wood]'''<br> is the AppSec Product Support Engineer at [https://securityweekly.com/signalsciences Signal Sciences].</center>]] JDirt miner turned application security fanatic. Often straddling multiple departments and roles, the appsec bug bit Cody in Houston, TX at the Threat Research Center working for Whitehat Security. Cody has also worked for brief periods in both builder and breaker roles. At Signal Sciences, he currently focuses on researching and expanding Signal Sciences' vulnerability specific rules coverage.<br><center>{{#ev:youtube|xv8T3AiakhU}}</center>
 
<br>
 
<br>
 
==News==
 
==News==
 
+
<center>{{#ev:youtube|9j3Ts8Tnung}}</center>
 
===== Bugs, Breaches, and More! =====
 
===== Bugs, Breaches, and More! =====
 +
* [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal Cisco Expressway goes off path] and a Cisco IOS XE vuln [https://www.tenable.com/blog/thrangrycat-vulnerabilities-in-cisco-secure-boot-and-cisco-ios-xe-cve-2019-1649-cve-2019-1862 goes for emojis]
 +
* [https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html More erosion of CPU data boundaries]
 +
* [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 RDP patches a pre-auth problem] and even [https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 resuccitates a patch process for XP]
 +
* [https://support.apple.com/en-us/HT210118 iOS fixes several vulns] including some for SQLite, which has always been [https://sqlite.org/testing.html well-tested software]
 +
* [https://security.googleblog.com/2019/05/titan-keys-update.html Bluetooth grows fangs], a lot [https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf of them]
  
 
===== If you build it, they will come =====
 
===== If you build it, they will come =====
 +
* [https://github.com/Microsoft/AttackSurfaceAnalyzer Microsoft's Attack Surface Analyzer gives DevSecOps teams more data]
  
 
===== Learning & Tools =====
 
===== Learning & Tools =====
 +
* [https://iapp.org/news/a/interface-design-the-who-what-where-rule/ Clear design goals for better privacy and security]
  
 
===== Food for Thought =====
 
===== Food for Thought =====
 +
* [https://googleprojectzero.blogspot.com/p/0day.html Project Zero shares some wild data]
 +
* [https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html Google Security blogs that basics are best]
  
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Latest revision as of 14:02, 10 July 2019

Recorded May 20, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Mike Shema
    is the Product Security Lead of Square.
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Cody Wood, Signal Sciences

    Cody Wood
    is the AppSec Product Support Engineer at Signal Sciences.

    JDirt miner turned application security fanatic. Often straddling multiple departments and roles, the appsec bug bit Cody in Houston, TX at the Threat Research Center working for Whitehat Security. Cody has also worked for brief periods in both builder and breaker roles. At Signal Sciences, he currently focuses on researching and expanding Signal Sciences' vulnerability specific rules coverage.


    News

    Bugs, Breaches, and More!
    If you build it, they will come
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+