Episode Media

MP3 < Not yet available!

Announcements

Paul's Security Weekly - Episode 388 for Thursday September 18th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

• This segment is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com

• and by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who [insert something witty here], Paul Asadoorian"

• Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.

• Announcement - Join Paul Asadoorian for an awesome webcast titled 5 Things You’re Not Doing With Your Vulnerability Scanner. I promise to keep it real, have ridiculous pictures in the presentation, and show you how to stay regular, with your vulnerability scanner of course!

• Security Weekly Updates:
  • SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here.
  • Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses at SANS Las Vegas from October 20-25th.
  • You can purchase Hack Naked T-Shirts online via http://shop.securityweekly.com get yours today!
  • Attend the show live if you are in the RI area, check http://securityweekly.com/attend for details

Interview: Michael Gough

Bio

This weeks episode is with Michael Gough from Hacker Hurricane, MI2security and BSides Texas.

Michael has 20 years experience in IT and Information Security. In the past Michael has been a consultant for HP and other consultancies, an analyst for the financial sector, health care and State of Texas. Michael now focuses his talents as a Blue Team Defender, malarian fighter and malware archeologist, protecting his employer from nefarious ne'er-do-wellers.

Michael also runs BSides Texas with Michelle Klinger and leads the BSides Austin conference held in March. Michael and his partner in cyber crime discovered the WInNTI malware 10 months before Kasperski released their report. They also discovered and exploited a major Card Key system flaw back in 2010 which can be found on YouTube and were dubbed "The Thoughtful Hackers" when they were on the show in 2011.

In his last venture Michael and his partner have developed out of necessity, a malware discovery tool called "Malware Sentinel" utilizing the Malware Management Framework to find malware on Windows based systems. Michael also developed the 6 page "Windows Logging Cheat Sheet" to provide a starting point on detailed logging for Windows hosts.

Questions/Topics

  HackerHurricane.com – Personal Blog
   MI2security.com/blog – Malware & Logging Blog
   MalwareSentinel.com – Malware Discovery tool

    MI2security.com/blog - Windows Logging Cheat Sheet
   MalwareManagementFramework.Org – How to perform Malware Management
   MI2Security.com/malware-reporting-standard – What indicators to report for malware

Five Questions

1. Three words to describe yourself
2. If you were a serial killer, what would be your weapon of choice?
3. If you wrote a book about yourself, what would the title be?
4. In the popular game of ass grabby grabby do you prefer to go first or second?
5. Pick two celebrities to be your parents.

Pwnie Express "Not Kevin" - Pwnplug R3

Contest

A Security Weekly drawing that people can enter through our website with this link http://info.pwnieexpress.com/securityweeklyspecial as well as a button that will be placed on our homepage by 5pm today titled “Security Weekly Drawing”.

By completing all info required in the form all entries will also receive a $100 discount code towards the Pwn Plug R3.

Sponsors

• Also by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

• Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Stories

Sponsors

• Stories of the week is sponsored by http://www.blacksquirrel.io/ - Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

• Also by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

• This segment is brought to you by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!

Paul's Stories

1. Why (Cyber) Insurance Is Sexy
2. Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm
3. "In Home Depot Breach
4. Top 10 Security Issues for REST APIs
5. Mucking About With SquashFS
6. Meet The Next Next-Gen Firewall
7. 7 Reasons To Love Passwords
8. Why hackers may be stealing your credit card numbers for years
9. Apple blames 'targeted attack' for leaked nude celebrity photos
10. Rich Mogull on Apple Pay
11. "Hacker ""weev"" has left the United States"
12. Protecting yourself against the celebrity iCloud hackers

Larry's Stories

Jack's Stories of Joy and Wonder

1. Hearing first complaints about failing internal resolving due to .prod TLD
2. Create your own Personal Threat Level image just like the one used by the Department of Homeland Security An image generator that allows you to create your own Personal Threat Level image just like the one used by the Department of Homeland Security, heres

a good sample from Alien at 44Con: [1]

1. Errata Security: Rebuttal to Volokh's CyberVor post
2. IT Security Conundrum, AKA disclosure gone wrong

. This kind of thing is why it is irresponsible to use the term "responsible disclosure".

1. IBM cuts pay by 10% for workers picked for training IBM has initiated a new training program that will result in a 10% pay cut for (non-voluntary) participating employees.
2. How to Choose the Best Vulnerability Scanning Tool for Your Business NO, NO, NO. This is so very bad.
3. Using Metadata to find Paul Revere
4. An Open Letter to Tim Cook and Apple’s Security Team from Jonathan Zdziarski. Come on Apple, treat the dude fairly.
5. Idoneous Security: A tenuous grasp on reality.

Joff's Stories