Difference between revisions of "Episode278"

From Security Weekly Wiki
Jump to navigationJump to search
Line 36: Line 36:
 
== Larry's (taken over by Darren cause Larry is a slacker) Stories ==
 
== Larry's (taken over by Darren cause Larry is a slacker) Stories ==
 
#[http://www.engadget.com/2012/02/16/apple-os-x-mountain-lion-10-8-in-depth-preview/ Mountain Lion preview (OSX 10.8)] - Apple has released a preview of OSX 10.8 due for release later this year.  New security feature called Gatekeeper is coming.  Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work.  In the event a given developer does something wrong the cert can be pulled and the apps will not run.  There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
 
#[http://www.engadget.com/2012/02/16/apple-os-x-mountain-lion-10-8-in-depth-preview/ Mountain Lion preview (OSX 10.8)] - Apple has released a preview of OSX 10.8 due for release later this year.  New security feature called Gatekeeper is coming.  Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work.  In the event a given developer does something wrong the cert can be pulled and the apps will not run.  There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
#
+
#[http://www.networkworld.com/news/2012/021512-apple-to-ban-stealthy-iphone-256206.html?source=nww_rss iPhone Address book access] - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner.  Now you will be prompted with a pop up asking if you wish to allow this access.
 +
#[http://www.networkworld.com/news/2012/021612-adobe-confirms-new-zero-day-flash-256219.html?hpg1=bn patch patch patch patch and then patch some more] - Yet another Adobe 0day.
 +
#[http://www.networkworld.com/news/2012/021412-sunpower-lawsuit-highlights-insider-256133.html Insder threats are real] - Example that your own employees are your biggest threat.
  
 
== Jack's Stories ==
 
== Jack's Stories ==

Revision as of 16:49, 16 February 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 278 for Thursday February 16th, 2012


  • John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

Interview: Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001, and is a world-renowned expert in Web security. He's a founder of the Web Application Security Consortium (WASC), and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Follow him on Twitter at @jeremiahg


JGrossman.jpg


Four years and 4,000 websites video, slides

  1. Tell us about "Top Ten Web Hacking Techniques of 2011" survey
  2. There is always a lot of discussion about the value of certifications in InfoSec Careers, but the Certified Application Security Specialist credential has retained its cachet. As one of the founders, what lessons can you share with other certification bodies such as (ISC)2 and ISACA?

Stories

Paul's Stories

Larry's (taken over by Darren cause Larry is a slacker) Stories

  1. Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
  2. iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
  3. patch patch patch patch and then patch some more - Yet another Adobe 0day.
  4. Insder threats are real - Example that your own employees are your biggest threat.

Jack's Stories