Difference between revisions of "Episode393"

From Security Weekly Wiki
Jump to navigationJump to search
Line 85: Line 85:
 
#[http://www.zdnet.com/ftdi-admits-to-bricking-innocent-users-chips-in-silent-update-7000035019/ So, yeah, FTDI are jerks.] I get wanting to protect your intellectual property, but screwing the end user sucks.
 
#[http://www.zdnet.com/ftdi-admits-to-bricking-innocent-users-chips-in-silent-update-7000035019/ So, yeah, FTDI are jerks.] I get wanting to protect your intellectual property, but screwing the end user sucks.
 
#A couple of law enforcement meets privacy stories:[http://www.npr.org/2014/10/29/359725475/can-authorities-cut-off-utilities-and-pose-as-repairmen-to-search-a-home  Posing as a cable repairman to get inside and look around] and [http://www.hotforsecurity.com/blog/fbi-infected-15-year-old-bomb-threat-twit-with-malware-by-impersonating-newspaper-10698.html spoofing a newspaper website to lure a suspect into revealing himself]
 
#A couple of law enforcement meets privacy stories:[http://www.npr.org/2014/10/29/359725475/can-authorities-cut-off-utilities-and-pose-as-repairmen-to-search-a-home  Posing as a cable repairman to get inside and look around] and [http://www.hotforsecurity.com/blog/fbi-infected-15-year-old-bomb-threat-twit-with-malware-by-impersonating-newspaper-10698.html spoofing a newspaper website to lure a suspect into revealing himself]
#[http://blog.erratasec.com/2014/10/no-evidence-feds-hacked-attkisson.html#.VFEDMRYnnfJ Rob Graham takes on allegations that the Feds "hacked" Atkinson]
+
#[http://blog.erratasec.com/2014/10/no-evidence-feds-hacked-attkisson.html#.VFEDMRYnnfJ Rob Graham takes on allegations that the Feds "hacked" former CBS journalist Sharyl Attkisson]
#[http://krebsonsecurity.com/2014/10/how-to-tell-data-leaks-from-publicity-stunts/]
+
#[http://krebsonsecurity.com/2014/10/how-to-tell-data-leaks-from-publicity-stunts/ How to tell data leaks from publicity stunts]. A good post from Brian Krebs, featuring our own Allison Nixon.
 
#[http://threatpost.com/assume-every-drupal-7-site-was-compromised-unless-patched-by-oct-15/109095]
 
#[http://threatpost.com/assume-every-drupal-7-site-was-compromised-unless-patched-by-oct-15/109095]
 
#[http://contextis.co.uk/resources/blog/rdp-replay/]
 
#[http://contextis.co.uk/resources/blog/rdp-replay/]

Revision as of 21:53, 30 October 2014



Episode Media

MP3 < Not yet published!

Announcements

Paul's Security Weekly - Episode 393 for Thursday October 30th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who loves the lumps, the lady lumps, Paul Asadoorian"

  • Announcement - The PVS contest from Tenable! Register Here to enter a contest and win an AR Drone! You must use the PVS to find something cool, details on the registration page.
  • Security Weekly Updates:


Interview: Christopher Crowley

Bio

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Questions/Topics

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.


Stories

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!


Paul's Stories

  1. NSA-Approved Samsung Knox Stores PIN in Cleartext | Threatpost | The first stop for security news
  2. Watch That Windows Update: FTDI Drivers Are Killing Fake Chips
  3. Symantec Intelligence Report: September 2014 | Symantec Connect
  4. 'SecTorCA' Reverse Engineering a Web Application – for fun
  5. Hacking with the Oldies!
  6. 3 ways to make your Gmail account safer | Naked Security
  7. Millions of Drupal websites at risk from failure to patch

Larry's Stories

Jack's Stories of Joy and Wonder

  1. week I linked to some of Cormac Herley's password research in this Naked Security post some of that research is reviewed.
  2. So, yeah, FTDI are jerks. I get wanting to protect your intellectual property, but screwing the end user sucks.
  3. A couple of law enforcement meets privacy stories:Posing as a cable repairman to get inside and look around and spoofing a newspaper website to lure a suspect into revealing himself
  4. Rob Graham takes on allegations that the Feds "hacked" former CBS journalist Sharyl Attkisson
  5. How to tell data leaks from publicity stunts. A good post from Brian Krebs, featuring our own Allison Nixon.
  6. [1]
  7. [2]
  8. [3]
  9. [4]

[5]

  1. [6]

Joff's musings from down under