Difference between revisions of "Episode287"

From Security Weekly Wiki
Jump to navigationJump to search
Line 8: Line 8:
  
 
* You can watch us live at http://pauldotcom.com/live or watch the recorded episodes on Ustream  
 
* You can watch us live at http://pauldotcom.com/live or watch the recorded episodes on Ustream  
 +
 +
* Be sure to tune in to next week's show featuring wireless security expert Cedric Blancher! That's Thursday May 17, 2012 at 6PM EDT
  
 
* Check out our new shows: [http://hacknaked.tv Hack Naked TV] with John Strand, [http://www.hacknakedatnight.tv Hack Naked At Night] with Larry and Darren, [http://pauldotcom.com/espanol PaulDotCom Espanol] with Carlos Perez and our only non-computer security related show dedicated to Cigar Enthusiasts [http://www.stogiegeeks.com Stogie Geeks] with Paul Asadoorian and Tim Mugherini.
 
* Check out our new shows: [http://hacknaked.tv Hack Naked TV] with John Strand, [http://www.hacknakedatnight.tv Hack Naked At Night] with Larry and Darren, [http://pauldotcom.com/espanol PaulDotCom Espanol] with Carlos Perez and our only non-computer security related show dedicated to Cigar Enthusiasts [http://www.stogiegeeks.com Stogie Geeks] with Paul Asadoorian and Tim Mugherini.

Revision as of 19:35, 10 May 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 287 for Thursday May 10th, 2012

  • Be sure to tune in to next week's show featuring wireless security expert Cedric Blancher! That's Thursday May 17, 2012 at 6PM EDT

Special Guest: Anton Chuvakin

Introduction

Dr. Anton Chuvakin is a Research Director at Gartner's IT1 Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance and author of "Security Warrior" and "PCI Compliance".

Chuvakin.jpg

Questions

  1. How did you get your start in information security?
  2. Lots of people have a SEIM, and lots of people get hacked, what are they doing wrong?# With the volume of information the SEIM provides, how can we better weed through this information?
  3. Many will state they cannot monitor everything, what should they monitor if they pick and choose?# How do you feel about a "poor man's SEIM" such as a Linux Syslog server?
  4. What's the difference between compliance and security?
  5. How does PCI help people?
  6. How can PCI hurt organization's security?

Guest Tech Segment: Daniel Martin

Daniel Martin is a member of the Dradis Framework Core Team and founder of Security Roots Ltd. He blogs at usefulfor.com and can be found on Twitter as @etdsoft. Dradis is an open source framework to enable effective information sharing, specially during security assessments. Security Roots Ltd for Dradis Professional Edition

VulnDB HQ (platform to manage vuln. data for reports) is a platform that lets you build and maintain a vulnerability database. "Why does your team need to write up the same vulnerability descriptions again and again? How much time will you save if you could reuse issue descriptions from previous reports?"

Stories

Some More Plugs

  • DerbyCon Call for Papers and Ticket Registration is: available online. If you have not yet registered or submitted a talk, please do so now.
  • Security BSides everywhere: Iowa, London, Chicago, Austin, Charleston, more. http://www.securitybsides.com/ - We have 5 BSides tickets to give away! Listen to the instructions at the end of Episode 282 for complete details!

Paul's Stories

  1. CVE-2012-1675 Oracle Database TNS Poison 0Day Video Demonstration - Looks like this vulnerability allows you to MiTM or control others TNS sessions. It was reported in 2008 and just now published. I wonder how many other people found it in the mean time? Looks like there is no patch, but some workarounds.
  2. Breaking in to Security - Survey Conclusions - Really neat survey!
  3. Tampon-Shaped USB Drive - There's a joke in there somewhere, talk about data leakage!
  4. Security Fail - Really funny, don't leave Wifi passwords on the wall.
  5. DNSChanger Trojan: Not All Doom and Gloom - July 9th is fast approaching!
  6. Don’t let them scare you - Defensive recommendations include Configuration Management, Patch Management , Up-to-Date AV, Application Whitelisting. Agree?
  7. Web Application Firewalls and the False Sense of Security They can Create - I'm leaning more towards solutions that actually fix the problem, rather than mask it. Firewalls and network segmentation are great, but don't rely too much on them. Patching, config management, and a development process that weeds out security vulns.
  8. Jetting off abroad? Pack protection ... for your Wi-Fi - The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection
  9. PHP devs lob second patch at super-critical CGI bug
  10. Security error in OS X 10.7.3 exposes passwords for legacy FileVault users
  11. From LOW to PWNED [6 SharePoint]