Episode Media

MP3 - Not Yet Published!

Announcements

Paul's Security Weekly - Episode 386 for Thursday September 4th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

• This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com

• and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

• This segment is brought to you by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who [insert something witty here], Paul Asadoorian"

• Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.

• Announcement - Join Paul Asadoorian for an awesome webcast titled 5 Things You’re Not Doing With Your Vulnerability Scanner. I promise to keep it real, have ridiculous pictures in the presentation, and show you how to stay regular, with your vulnerability scanner of course!

• Security Weekly Updates:
  • SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here.
  • Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses at SANS Las Vegas from October 20-25th.
  • You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
  • Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details

Interview: Mike Murray

Bio

Mike has a diverse background of technical skills, business and management skills and tries to spend his time doing incredibly cool projects with passionate and interesting people. For him, that usually involves designing/building something or hacking some system (technical or otherwise) to solve a problem that people have.

Most of his career has been in information security - he's spent 15 years working from companies across all range - startups that built security products, consulting companies, and even a large financial services firm. In 2008, he partnered with a couple of other like-minded individuals and built the Hacker Academy, and then, in 2010 they co-founded MAD Security which absorbed The Hacker Academy as part of a security consulting, resale and system integration firm. They went from 3 founding partners in 2010 to over 25 employees in 2013, and bootstrapped the company to over $11M in revenue in 2013.

Find Mike on twitter @mmurray

Questions/Topics

Five Questions

1. Three words to describe yourself
2. If you were a serial killer, what would be your weapon of choice?
3. If you wrote a book about yourself, what would the title be?
4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
5. If you could have dinner with one celebrity, who would it be?

Eleven more questions to ask at random:

1. If you had super powers, what would they be?
2. A penguin walks through that door right now wearing a sombrero. What does he say and why is he here?
3. If we came to your house for dinner, what would you prepare for us?
4. Pick two celebrities to be your parents.
5. What do you think about when you are alone in your car?
6. What song best describes your life?
7. If you were a Star Trek® [or Star Wars® ] character, which one would it be?
8. If you were 80 years old, what would you tell your children?
9. What is the record amount of time you have gone without a shower?
10. What is the geekiest thing you've ever done/created/bought/said?
11. If you could have 5 items fully stocked in your fridge at all times, what would they be?

Tech Segment: Powercat

About Powercat

Powercat recreates the functionality of netcat using native windows powershell.

Why Powercat

netcat is *handy*, but you don't always get to use it!

The Future of Powercat

Be sure to check out DerbyCon! Stable talks on Saturday @ 4 (at the same time as Paul! So *when* his talk is full, consider the stable track for overflow!)

Stories

Sponsors

• Stories of the week is sponsored by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

• Also by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

• Also by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

Paul's Stories

1. Protecting yourself against the celebrity iCloud hackers
2. "Identifying Firewalls from the Outside-In. Or
3. Scared of brute force password attacks? Just 'GIVE UP' says Microsoft
4. Twitter offers a $140 bug bounty reward- The Inquirer
5. Some Cable Modems Found to Leak Sensitive Data Via SNMP
6. Hackers exploit critical vulnerability in popular WordPress theme component
7. One in Five Massachusetts Residents Breached in 2013
8. Feared Home Depot Breach Sparks More Interest in Backoff PoS Malware
9. Threats in Custom App Development: Enterprises’ Lack of Security

Larry's Stories

Jack's Stories of Joy and Wonder

1. Blog post from Adam Shostack in response to a TechCrunch article. Adam is optimistic and idealistic- but realistic.
2. Laws fighting laws and we're in the crossfire
3. Wendy Nather throws down about "How to Help". Many will disagree, but I get the point she's making.
4. Google chairman says 'unbreakable' encryption will become a reality. But doesn't mention quantum computing, so can you take him seriously? And will it matter?
5. The NSA's School of Cyber
6. InfoSec is a strange industry according to Gunnar Peterson. I think he's right.
7. Crypto pioneer Hal Finney has passed away at 58 Hal will be one of the folks Jack talks about at DerbyCon.

Joff's Stories

1. Hacking Traffic Lights is Amazingly Easy
2. Stealthy Thin ATM Insert Skimmers
3. Millions of SOHO Routers with Hard Coded Passwords