Episode287

From Security Weekly Wiki
Jump to navigationJump to search


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 287 for Thursday May 10th, 2012

Special Guest: Anton Chuvakin

Introduction

Dr. Anton Chuvakin is a Research Director at Gartner's IT1 Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance and author of "Security Warrior" and "PCI Compliance".

Chuvakin.jpg

Questions

Guest Tech Segment: Daniel Martin

Daniel Martin is a member of the Dradis Framework Core Team and founder of Security Roots Ltd. He blogs at usefulfor.com and can be found on Twitter as @etdsoft.

Dradis is an open source framework to enable effective information sharing, specially during security assessments.


Security Roots Ltd for Dradis Professional Edition


VulnDB HQ (platform to manage vuln. data for reports) is a platform that lets you build and maintain a vulnerability database. "Why does your team need to write up the same vulnerability descriptions again and again? How much time will you save if you could reuse issue descriptions from previous reports?"

Stories

Some More Plugs

  • DerbyCon Call for Papers and Ticket Registration is: happening NOW. The PaulDotCom crew will be in attendance for DerbyCon. Training begins Thursday September 27th and the DerbyCon conference runs the 28th thru 30th.
  • Security BSides everywhere: Iowa, London, Chicago, Austin, Charleston, more. http://www.securitybsides.com/ - We have 5 BSides tickets to give away! Listen to the instructions at the end of Episode 282 for complete details!

Paul's Stories

  1. CVE-2012-1675 Oracle Database TNS Poison 0Day Video Demonstration - Looks like this vulnerability allows you to MiTM or control others TNS sessions. It was reported in 2008 and just now published. I wonder how many other people found it in the mean time? Looks like there is no patch, but some workarounds.
  2. Breaking in to Security - Survey Conclusions - Really neat survey!
  3. Tampon-Shaped USB Drive - There's a joke in there somewhere, talk about data leakage!
  4. Security Fail - Really funny, don't leave Wifi passwords on the wall.
  5. DNSChanger Trojan: Not All Doom and Gloom - July 9th is fast approaching!
  6. Don’t let them scare you - Defensive recommendations include Configuration Management, Patch Management , Up-to-Date AV, Application Whitelisting. Agree?
  7. Web Application Firewalls and the False Sense of Security They can Create - I'm leaning more towards solutions that actually fix the problem, rather than mask it. Firewalls and network segmentation are great, but don't rely too much on them. Patching, config management, and a development process that weeds out security vulns.
  8. Jetting off abroad? Pack protection ... for your Wi-Fi - The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel internet connection
  9. PHP devs lob second patch at super-critical CGI bug
  10. Security error in OS X 10.7.3 exposes passwords for legacy FileVault users
  11. From LOW to PWNED [6 SharePoint]

Jack's Stories