Difference between revisions of "Episdoe543"

From Security Weekly Wiki
Jump to navigationJump to search
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
= Paul's Security Weekly #543 =
 
= Paul's Security Weekly #543 =
 +
''Recorded January 11, 2018 at G-Unit Studios in Rhode Island!''
  
<!-- <div align="center">
+
== Episode Audio ==
 +
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=366788456
+
|id=383377001
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 9: Line 11:
 
|visual=false
 
|visual=false
 
}}
 
}}
</div> -->
+
</div>
  
=== Hosts ===
+
== Hosts ==
  
 
{{Template:Paul}}
 
{{Template:Paul}}
{{Template:Larry}}
 
 
{{Template:Joff}}
 
{{Template:Joff}}
 
{{Template:John}}
 
{{Template:John}}
Line 23: Line 24:
 
= Interview: Diana Kelley & Ed Moyle - Security Curve - 6:00PM-6:45PM =
 
= Interview: Diana Kelley & Ed Moyle - Security Curve - 6:00PM-6:45PM =
  
[[File:Diana_Kelley.jpg|right|220px|thumb|<center>'''[https://twitter.com/dianakelley14 Diana Kelley]'''<br> is the Chief Security Advisor, Co-Founder of [https://securitycurve.com/ Security Curve]. </center>]]
+
[[File:Diana_Kelley.jpg|right|220px|thumb|<center>'''[https://twitter.com/dianakelley14 Diana Kelley]'''<br> is the Chief Security Advisor, Co-Founder of [https://securitycurve.com/ Security Curve]. </center>]] Diana Kelley is the Cybersecurity Field CTO at Microsoft and a cybersecurity thought leader, practitioner, executive advisor, speaker, author and co-founder of SecurityCurve. She was the Global Executive Security Advisor at IBM Security and built and managed the IBM Security Research Community Newsroom. She leverages 25+ years of cyber risk and security experience to provide advice and guidance to CSOs, CIOs, and CISOs at some of the world’s largest companies. At IBM, she was a regular contributor to X-Force Research, lead author of IBM’s “5 Indisputable Facts about IoT Security” and co-author of the “Securing the C-Suite” and “Cybersecurity in the Cognitive Era” studies.
Diana Kelley is the Cybersecurity Field CTO at Microsoft and a cybersecurity thought leader, practitioner, executive advisor, speaker, author and co-founder of SecurityCurve. She was the Global Executive Security Advisor at IBM Security and built and managed the IBM Security Research Community Newsroom. She leverage my 25+ years of cyber risk and security experience to provide advice and guidance to CSOs, CIOs and CISOs at some of the world’s largest companies. At IBM, she was a regular contributor to X-Force Research, lead author of IBM’s “5 Indisputable Facts about IoT Security” and co-author of the “Securing the C-Suite” and “Cybersecurity in the Cognitive Era” studies.
 
[[File:EdMoyle.jpg|right|220px|thumb|<center>'''[https://twitter.com/securitycurve Ed Moyle]'''<br> is currently Director of Thought Leadership and Research for [https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=562 ISACA]. </center>]]
 
Ed Moyle is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 15+ years in information security, Ed has held numerous positions including: Senior Manager with CTG’s global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as author, public speaker, and analyst.
 
  
<!-- <center>{{#ev:youtube|PF69klX4LQU}}</center> -->
+
[[File:EdMoyle.jpg|right|220px|thumb|<center>'''[https://twitter.com/securitycurve Ed Moyle]'''<br> is currently Director of Thought Leadership and Research for [https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=562 ISACA]. </center>]] Ed Moyle is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 15+ years in information security, Ed has held numerous positions including Senior Manager with CTG’s global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is a co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as an author, public speaker, and analyst.<center>{{#ev:youtube|Nx3nok8ZLws}}</center>
 +
 
 +
# How did you get your start in information security?
 +
# With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
 +
# What are the weaknesses ransomware preys upon?
 +
# What is a tabletop exercise?
 +
# Why are they so useful for ransomware?
 +
# For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
 +
# How do you execute on the lessons learned in tabletop exercises?
  
 
= Tech Segment: Jake Williams, SANS - 6:45-7:45PM =
 
= Tech Segment: Jake Williams, SANS - 6:45-7:45PM =
[[File:Jake Williams.jpg|right|220px|thumb|<center>'''[https://twitter.com/MalwareJake Jake Willilams]'''<br> is the Principal Consultant at [https://www.renditioninfosec.com/ Rendition InfoSec]. </center>]]
+
[[File:Jake Williams.jpg|right|220px|thumb|<center>'''[https://twitter.com/MalwareJake Jake Willilams]'''<br> is the Principal Consultant at [https://www.renditioninfosec.com/ Rendition InfoSec]. </center>]] Jake Williams is the founder of Rendition Infosec and is a Senior Instructor at the SANS Institute. He currently performs smatterings of incident response, computer forensics, exploit development, and penetration testing. In a previous life, Jake worked for various three letter agencies doing all sorts of offensive and defensive cyber stuff (way before cyber was cool).<center>{{#ev:youtube|oS3khJKd3GQ}}</center>
When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert, U.S. Army veteran, certified SANS instructor and co-author of FOR526: Memory Forensics In-Depth and FOR578: Cyber Threat Intelligence. To help mitigate the attack, Jake plied his information security expertise, discovered that not one but three different attackers had compromised the firm's network, and went about countering their moves.
 
 
 
Jake relishes the idea of meeting adversaries on the cyber battlefield. "I went into this field because I wanted a challenge," he says. "Infosec is like a game of chess to me. The attacker plays their moves and you play yours."
 
 
 
Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. "I am immensely proud of the things I've accomplished," Jake says. "I'm positive the world is a safer place because of my work."
 
 
 
Today, Jake runs a successful Infosec consultancy. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. In one, Jake discovered attackers compromising a custom service the client had distributed to all its endpoints. Leveraging experience and insight with advanced persistent threats helped Jake "think like the attacker" and determine the attacker's likely hiding spots.
 
 
 
Jake's work has led to his invention of DropSmack, a proof-of-concept tool for highlighting the danger that cloud-based file sharing services pose to corporate networks, and the creation of ADD (Attention Deficit Disorder), a publicly-available memory anti-forensics toolkit.
 
  
 
* https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters
 
* https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters
  
 
= Security News - 7:45PM-8:30PM =
 
= Security News - 7:45PM-8:30PM =
 
+
<center>{{#ev:youtube|MuAhlCIz4e4}}</center>
<!-- <center>{{#ev:youtube|PF69klX4LQU}}</center> -->
 
  
 
== Paul's Stories ==
 
== Paul's Stories ==
  
 
{{Template:PSWPaul543}}
 
{{Template:PSWPaul543}}
 
==Larry's Stories==
 
  
 
== Jeff's Stories ==
 
== Jeff's Stories ==
Line 61: Line 55:
 
Correction of last weeks story:
 
Correction of last weeks story:
 
[https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/ According to Daniel Miessler’s blog post, it looks like I mismatched the Intel vulnerabilities for the architectures they effect]
 
[https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/ According to Daniel Miessler’s blog post, it looks like I mismatched the Intel vulnerabilities for the architectures they effect]
 +
 +
[https://www.bleepingcomputer.com/news/microsoft/microsoft-pauses-rollout-of-windows-meltdown-and-spectre-patches-for-amd-devices/ Microsoft Pauses Rollout of Windows Meltdown and Spectre Patches for AMD Devices]
  
 
[https://www.macrumors.com/2018/01/10/macos-high-sierra-app-store-password-bug/ macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password]
 
[https://www.macrumors.com/2018/01/10/macos-high-sierra-app-store-password-bug/ macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password]
  
[https://twitter.com/cnntech/status/951205508895199232 CES 2018: Blackout at tech's biggest show]
+
[https://www.techspot.com/news/72612-western-digital-cloud-drives-have-built-backdoor.html Western Digital My Cloud drives have a built-in backdoor]
  
[https://www.techspot.com/news/72612-western-digital-cloud-drives-have-built-backdoor.html Western Digital My Cloud drives have a built-in backdoor]
+
[http://money.cnn.com/2018/01/10/technology/ces-2018-blackout/index.html CES 2018: Blackout at tech's biggest show]
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Latest revision as of 19:24, 12 July 2018

Paul's Security Weekly #543

Recorded January 11, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.
  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Interview: Diana Kelley & Ed Moyle - Security Curve - 6:00PM-6:45PM

    Diana Kelley
    is the Chief Security Advisor, Co-Founder of Security Curve.

    Diana Kelley is the Cybersecurity Field CTO at Microsoft and a cybersecurity thought leader, practitioner, executive advisor, speaker, author and co-founder of SecurityCurve. She was the Global Executive Security Advisor at IBM Security and built and managed the IBM Security Research Community Newsroom. She leverages 25+ years of cyber risk and security experience to provide advice and guidance to CSOs, CIOs, and CISOs at some of the world’s largest companies. At IBM, she was a regular contributor to X-Force Research, lead author of IBM’s “5 Indisputable Facts about IoT Security” and co-author of the “Securing the C-Suite” and “Cybersecurity in the Cognitive Era” studies.

    Ed Moyle
    is currently Director of Thought Leadership and Research for ISACA.

    Ed Moyle is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 15+ years in information security, Ed has held numerous positions including Senior Manager with CTG’s global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is a co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as an author, public speaker, and analyst.

    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Tech Segment: Jake Williams, SANS - 6:45-7:45PM

    Jake Willilams
    is the Principal Consultant at Rendition InfoSec.

    Jake Williams is the founder of Rendition Infosec and is a Senior Instructor at the SANS Institute. He currently performs smatterings of incident response, computer forensics, exploit development, and penetration testing. In a previous life, Jake worked for various three letter agencies doing all sorts of offensive and defensive cyber stuff (way before cyber was cool).

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Daniel Miessler on My Writings about IoT Security
    2. Prosecutors Say Mac Spyware Stole Millions Of User Images Over 13 Years - Disgusting The indictment, filed in US District Court for the Northern District of Ohio's Eastern Division, went on to say that Durachinsky developed a control panel that allowed him to manipulate infected computers and view live images from several machines simultaneously. The indictment also said he produced visual depictions of one or more minors engaging in sexually explicit conduct and that the depiction was transported across state lines. He allegedly developed a version of Fruitfly that was capable of infecting Windows computers as well. Prosecutors are asking the court for an order requiring Durachinsky to forfeit any property he derived from his 13-year campaign, an indication that he may have sold the images and data he acquired to others.
    3. Fingerprinting Digital Documents
    4. Skype finally getting end-to-end encryption
    5. Apple Set To Patch Yet Another macOS Password Security Flaw
    6. Wi-Fi Alliance launches WPA3 protocol with new security features
    7. FTC Fines IoT Toy Vendor VTech for Privacy Breach
    8. 147 Security Vulnerabilities Reported in ICS Mobile Applications

    Jeff's Stories

    Jack's Stories

    Keith's Stories

    Correction of last weeks story: According to Daniel Miessler’s blog post, it looks like I mismatched the Intel vulnerabilities for the architectures they effect

    Microsoft Pauses Rollout of Windows Meltdown and Spectre Patches for AMD Devices

    macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password

    Western Digital My Cloud drives have a built-in backdoor

    CES 2018: Blackout at tech's biggest show


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+