Episode348

From Security Weekly Wiki
Jump to navigationJump to search


Episode Media

[MP3 pt1]


Announcements

PaulDotCom Security Weekly - Episode 347 for Thursday October 10th, 2013

  • Episode 350 of PaulDotCom will be recorded and streamed live on October 25, 2013. We are looking for submissions for technical segments, send them to psw -at - pauldotcom.com and we will pick the best ones to be featured on the show. We are looking for panel guests as well! Support our chosen charity: Wings For Warriors. This will be an all day event!
  • We've released a book on Offensive Countermeasures! Visit tinyurl.com/OCM-Amazon to add this to your summer reading list.
  • We are looking for sponsors for our weekly webcasts and shows. Contact paul -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!

Guest Interview: Thierry Zoller

Thierry Zoller.jpeg

Biography:

Thierry has 14 years experience in information security, designing resistant architectures and systems, managing development and information security teams, ISM policies and high profile penetration tests. Thierry has a security blog over at blog.zoller.lu . Thierry is currently now working as a Practice Lead for Threat and Vulnerability Management at Verizon Business.

  1. How did you get your start in information security?
  2. What advice do you have for others getting their start in information security?
  3. What is your vulnerability disclosure policy and what led to you adopting this particular policy?
  4. What is the coolest security vulnerability/bug you've ever found?
  5. Do you believe its important to make the distinction between a bug and a flaw?
  6. What can we do to improve software security?
  7. Should people run A/V software or is it a complete waste of time?
  8. Are folks underestimating the continued threat of Bluetooth attacks or have we got that all figured out? Or, more likely, now that every smartphone has Wifi and 3g, a web browser and apps, its far easier to attack them via these methods?
  9. Will we ever be able to trust SSL? Tell us a little about SSL audit tool you wrote and some of the features such as fingerprinting…
  10. is privacy dead, did we kill it, has the US Government taken it hostage, or all of the above?
  11. Who are the primary threats and how well coordinated do you find them to be?
  12. How well should we know our enemy?
  13. From a defensive perspective, what is the most innovative and/or effective technology to surface recently?
  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. Stranded in a desert island, which tablet would you bring along: a) iPad b) Surface c) Android d) All of the above e) None of the above?

Heather Mahalik from SANS on Advanced Smartphone and Mobile Device Forensics Course

Heather-mahalik.jpg


Biography:

Heather Mahalik is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.

Stories

Paul's Stories

Jack's Tales of Happiness and Sunshine with Bourbon

  1. I'm sure I'm late to this party
  2. Prepare for a Rantapocalypse
  3. Oooh, cool for Windows 7 SP1 users.
  4. I haven't heard anything yet but with Microsoft's recent patch issues, this patch is one I would test before widespread deployment.

Larry's Stories

Allison's super cool stuff while drinking a bud and clamato