Episode365

From Security Weekly Wiki
Jump to navigationJump to search


Episode Media

[ Episode 365 MP3 pt1]

[Episode 365 MP3 pt2]

Announcements

Paul's Security Weekly - Episode 365 for Thursday March 6th, 2014

  • The Offensive Countermeasures Hack Lab at the Mid-Atlantic CCDC conference in 2014, and sticking around to MC the event and do a live Podcast!
  • We are looking for sponsors for our weekly webcasts. Contact paul -at- hacknaked.tv for details, there are still a few slots available!
  • SECURITY B-SIDES ORLANDO April 5-6th, 2014 : "COMMUNITY DRIVEN EVENT SEEKING TO BRING TOGETHER CENTRAL FLORIDA INFOSEC WITH A PASSION FOR MAKING, BREAKING, AND PROTECTING."
  • Paul will be speaking at this years Northeast Linux Fest which will be held on April 5 of 2014 at Harvard University and on April 6.
  • I'm also slated to speak at the Charlotte ISSA conference in 2014 and the NOLA conference in New Orleans in June.

Guest Interview:Eve Adams @HackerHuntress

Biography:


Eve Adams (@HackerHuntress) is Senior Talent Acquisition Expert at Halock Security Labs, a full-service information security advisory in Schaumburg, IL. Eve leverages her security staffing experience to drive recruitment for both internal Halock roles and client placement. She also spearheads Halock’s social media presence and counts Twitter as one of her most powerful recruiting tools. Eve’s passionate about information security, thinks most recruiters are doing it wrong, and naively believes technology can change the world for the better. In past lives, she has been a writer, translator and reptile specialist, among other things. While she is officially OS-agnostic, Eve usually runs Ubuntu at home.

  1. How did you get involved with recruiting? How did you get involved with the security community?
  2. What advice do you have for those just starting their information security careers?
  3. How much value do certifications have in computer security?
  4. I believe certs help you when you get started, then start to diminish in value as you move through your career, do you agree or disagree and why or why not?
  5. What are the top 2 tips for resume building?
  6. The job market is pretty competitive in security, what tips do you have for employers?
  7. Lets take someone who has some skills, and is not happy with their job, what are the top things they can do to start making a move?
  8. What is the highest paying position(s) in security and why?
  9. From both a job seeker and employer perspective, how do you put the right salary on a position?


Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. If you could have dinner with one celebrity, who would it be?



Tech Segment: Regular Expressions!

By Allison Nixon

Stories

Paul's Stories

  1. The Cyber Security Skills Gap - J4vv4D - Pretty cool graphic, but begs the question just how large is the gap and how do w

e close it? Why is there a skills gap in the first place? Do we ask too much of our security positions?

  1. "New iOS flaw makes devices susceptible to covert keylogging -

Curious how the keystroke logging works, I am guessing that the cooidinates of the press match a character when the keyboard is present on the screen. In any case, you have to install

a malicious app to be vulnerable, which is not unheard of on iOS, but not as common as Android.
  1. RFID Wallets/Sleeves. How much Security do they provide? | Pentura Labs's Blog -

Looks like RF protection, aside from stainles steel, work about half the time. Just sayin'. And, over 96% of us carry an RF enabled card of some kind.

  1. ChrisTruncer/EyeWitness · GitHub - This is based on Peeping Tom, pretty neat stuff, I love the screenshot functionality and can't wait to
check out this tool.
  1. "Trey Ford: Testing - We can't be asleep at the wheel and let big brother take

away our rights to use hacking tools, making this talk very important. If we get ahead of it now, we stand a chance, if we don't, we'll be behind the curve and could lose the battle.

  1. BsidesSF 2014 Fix What Matters - Love this talk premise, people put too much faith in CVSS>
  2. Hackers Can Infect Your Computer Even If It's Not Connected To The Internet
  3. "Target overhauls security and compliance group - CIO has resigned, try to contain your shoc

k and awe.

  1. "Hackers Take Control Of 300 - Well no kidding, maybe this is the press that we need.
  2. CIA Found To Be Hacking The Senate Intelligence Committee - Right o

ut of a Hollywood script!

  1. "Hackers Churning Out 55 - 55,000 malware variants a day is some serious code re-use.
  2. Cisco Patches Authentication Flaw in Wireless Routers - Finally, but will people apply it? More t

han would apply home router updates.

  1. """Researchers at the University of Liverpool claim to have created a computer virus that can spread via Wi-Fi as effic..."
  2. C programming: you are teaching it wrong
  3. Car Hacking: You Cannot Have Safety without Security
  4. Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy
  5. DDoS & Security Reports » NTP ATTACKS: Welcome to The Hockey Stick Era
  6. "Swiss Firm Digs Up 300

Jack's Stories of Joy and Wonder

  1. Echo
  2. Time to step up
  3. When is the best time to buy your airline tickets?
  4. DEF CON contests
  5. Bogus survey has humorous, if bogus results
  6. Your tax dollars at work^^waste?
  7. Version 5 of the 20 Crtitical Security Controls
  8. Getty images free for use*
  9. RSA, BSidesSF, TrustyCon
  10. [1]
  11. Patrick Gray of Risky Business interviews Marcus Ranum on the RSA Conference Note: Audio file, may autoplay

Joffs Stories

http://www.informationweek.com/security/attacks-and-breaches/malware-lobbing-hackers-seize-300000-routers/d/d-id/1114109?

 SOHO Routers Under Widespread Attack

http://www.darkreading.com/sophoslabs-insights/preying-on-a-predator/240166361

 Any O/S is a potential target.   WinXP is not the only desktop platform going end of support.