Difference between revisions of "Episode287"

From Security Weekly Wiki
Jump to navigationJump to search
Line 26: Line 26:
 
# Lots of people have a SEIM, and lots of people get hacked, what are they doing wrong?# With the volume of information the SEIM provides, how can we better weed through this information?
 
# Lots of people have a SEIM, and lots of people get hacked, what are they doing wrong?# With the volume of information the SEIM provides, how can we better weed through this information?
 
# Many will state they cannot monitor everything, what should they monitor if they pick and choose?# How do you feel about a "poor man's SEIM" such as a Linux Syslog server?
 
# Many will state they cannot monitor everything, what should they monitor if they pick and choose?# How do you feel about a "poor man's SEIM" such as a Linux Syslog server?
 +
# From Jack ''Anton was way ahead of the curve on the significance of log management and log analysis, and he seemed to get tired of preaching it a couple of years ago.  We talked at RSA that maybe the time has come and people are starting to take it seriously.'' So, are people starting to take log management seriously? Why now? What has been wrong with log management in the past?
 
# What's the difference between compliance and security?
 
# What's the difference between compliance and security?
 
# How does PCI help people?
 
# How does PCI help people?

Revision as of 19:37, 10 May 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 287 for Thursday May 10th, 2012

  • Be sure to tune in to next week's show featuring wireless security expert Cedric Blancher! That's Thursday May 17, 2012 at 6PM EDT

Special Guest: Anton Chuvakin

Introduction

Dr. Anton Chuvakin is a Research Director at Gartner's IT1 Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance and author of "Security Warrior" and "PCI Compliance".

Chuvakin.jpg

Questions

  1. How did you get your start in information security?
  2. Lots of people have a SEIM, and lots of people get hacked, what are they doing wrong?# With the volume of information the SEIM provides, how can we better weed through this information?
  3. Many will state they cannot monitor everything, what should they monitor if they pick and choose?# How do you feel about a "poor man's SEIM" such as a Linux Syslog server?
  4. From Jack Anton was way ahead of the curve on the significance of log management and log analysis, and he seemed to get tired of preaching it a couple of years ago. We talked at RSA that maybe the time has come and people are starting to take it seriously. So, are people starting to take log management seriously? Why now? What has been wrong with log management in the past?
  5. What's the difference between compliance and security?
  6. How does PCI help people?
  7. How can PCI hurt organization's security?

Guest Tech Segment: Daniel Martin

Daniel Martin is a member of the Dradis Framework Core Team and founder of Security Roots Ltd. He blogs at usefulfor.com and can be found on Twitter as @etdsoft. Dradis is an open source framework to enable effective information sharing, specially during security assessments. Security Roots Ltd for Dradis Professional Edition

VulnDB HQ (platform to manage vuln. data for reports) is a platform that lets you build and maintain a vulnerability database. "Why does your team need to write up the same vulnerability descriptions again and again? How much time will you save if you could reuse issue descriptions from previous reports?"

Stories

Some More Plugs

  • DerbyCon Call for Papers and Ticket Registration is: available online. If you have not yet registered or submitted a talk, please do so now.
  • Security BSides everywhere: Iowa, London, Chicago, Austin, Charleston, more. http://www.securitybsides.com/ - We have 5 BSides tickets to give away! Listen to the instructions at the end of Episode 282 for complete details!

Paul's Stories

  1. CVE-2012-1675 Oracle Database TNS Poison 0Day Video Demonstration - Looks like this vulnerability allows you to MiTM or control others TNS sessions. It was reported in 2008 and just now published. I wonder how many other people found it in the mean time? Looks like there is no patch, but some workarounds.
  2. Breaking in to Security - Survey Conclusions - Really neat survey!
  3. Tampon-Shaped USB Drive - There's a joke in there somewhere, talk about data leakage!
  4. Security Fail - Really funny, don't leave Wifi passwords on the wall.
  5. DNSChanger Trojan: Not All Doom and Gloom - July 9th is fast approaching!
  6. Don’t let them scare you - Defensive recommendations include Configuration Management, Patch Management , Up-to-Date AV, Application Whitelisting. Agree?
  7. Web Application Firewalls and the False Sense of Security They can Create - I'm leaning more towards solutions that actually fix the problem, rather than mask it. Firewalls and network segmentation are great, but don't rely too much on them. Patching, config management, and a development process that weeds out security vulns.
  8. Jetting off abroad? Pack protection ... for your Wi-Fi - The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection
  9. PHP devs lob second patch at super-critical CGI bug
  10. Security error in OS X 10.7.3 exposes passwords for legacy FileVault users
  11. From LOW to PWNED [6 SharePoint]