From Security Weekly Wiki
Jump to navigationJump to search

Episode Media

MP3 < Not yet published!


Paul's Security Weekly - Episode 399 for Thursday December 11th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who's chest hair really isn't on his chest, in a hair length rivaling Jack's, Paul Asadoorian"

  • Security Weekly Announcements:
    • For a chance to win a free Hack Naked or Smoke Naked T-Shirt, please submit a selfie listening or watching Security Weekly. Legally, we have to say that it is not safe to drive and selfie, so don't do it. Email your selfie to psw -at- securityweekly dot com before December 19th. Please include "free tshirt contest" in the subject line.
    • Don't forget, Episode 400 is next Friday, December 19th. We have a very exicting all-day show planned, so be sure to check it out.
    • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
    • Please join our new discussions mailing list, we've retired the old mailman server and moved over to Google Groups. You can join the new list here.

Guest Interview: Valerie Thomas and Bill Gardner

Bio: Bill Gardner

Bill Gardner is an Assistant Professor at Marshall University, where he teaches in the Digital Forensic and Information Assurance Program. He is also President and Principal Security Consultant at BlackRock Consulting, and the Information Security Chair at the Appalachian Institute of Digital Evidence. Prior to joining the faculty at Marshall, Bill co-founded the Hack3rCon convention. Bill is the coauthor of "Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats" with Valerie Thomas, which was published in August.

Bio: Valerie Thomas

Valerie Thomas is a Principal Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor's degree in Electronic Engineering, Valerie led information security assessments for the Defense Information Systems Agency (DISA) before joining private industry. Valerie is the coauthor of "Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats" with Bill Gardner. Throughout her career, Valerie has conducted penetration tests, vulnerability assessments, compliance audits, and technical security training for executives, developers, and other security professionals.


Garder and Thomas co-authored the book "Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats." Link to Amazon, which can be found in paperback or kindle version. The book was reviewed by Zeljka Zorz, published on net-security.org.

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.



  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

  1. Keurig 2.0 K-Cup Spoofing
  2. Snort version 3 released today
  3. Best Defense Against a Cyber-Attack Is to Know Your Adversary
  4. "Home Wi-Fi security's just as good as '90s PC security! Wait
  5. Poll: The Perimeter Has Shattered!
  6. How To Become a CISO: Top Tips
  7. 5 ways to prepare for Internet of things security threats
  8. Mobile security — top tips for protection for BYOD devices
  9. New WordPress Password Policy in WP Password Policy Manager Plugin
  10. 2014: The Year of Shaken Trust
  11. Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
  12. Employees Still Get More Access Than They Need
  13. It's nearly 2015 – and your Windows PC can still be owned by a Visual Basic script
  14. Why You Shouldn’t Use MAC Address Filtering On Your Wi-Fi Router
  15. Coming to Blackphone: An app store loaded with privacy tools
  16. Hacked payment card service transmitted some data in plaintext
  17. Intel's IoT vision encompasses more than chips
  18. Belden buys Tripwire for $710m: Will keep network burglars out of Internet of Things things
  19. Sony Hackers Leak Netflix Deal Info
  20. "Judge Says Banks Can Sue Target (December 4 & 8
  21. "‘Poodle’ Bug Returns
  22. Not Enough CISOs to Go Around

Unnamed Source's Stories

  1. This is really important No, it is not. But it is amusing. And terrifying.
  2. CYBERWAR!!!!!11!! or not. This one should wind up tonight's guest host, Mr Space Rogue.
  3. Ponemon's nonsense is pwnemoned. A thorough dismembering of Ponemon data analysis.

Joff's stories of his teenage mates of past days

  1. Powerful cross platform malware The sophistication of online criminals keeps escalating.
  2. Poodle and TLS Why do they name things like this? Well it seems that backward compatibility is a serious problem for many.
  3. Not so subtle card skimming