Episode400

From Security Weekly Wiki
Revision as of 01:06, 25 December 2014 by Kcrawford (talk | contribs)
Jump to navigationJump to search


Watch Live!

EFF

Logo full.png


Please help support our charity for this event, EFF!

Episode 400

December 19, 2014 10:00AM-6:00PM EDT

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who's never thought he had the stamina for this (neither did his wife), Paul Asadoorian"


Welcome to our very special episode 400! We have a very special episode, all in support of the Electronic Frontier Foundation. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!

Interview: Marcus Ranum 10:00AM-10:45AM

EmbedVideo received the bad id "Rc0XB9JQZuI"" for the service "youtube".

This interview is sponsored Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!


  • When we use new technology, what privacy rights are we giving up?
  • Why should we have to give up our privacy rights to use technology?
  • What impact will this have on society? For example, I used to walk up to my thermostat and adjust the temperature in my house. Now, I use my smartphone, open an app, which connects to the cloud, where my thermostat also connects to, and communicates to change the temperature.
  • How do we protect our privacy given all of the technology we have at our disposal? Is there a happy medium?
  • How has technology impacted our ability to monitor the Government and vice versa? For example, many police officers I know are now recorded at every traffic stop...
  • Warrants and such are an interesting topic, we have them to protect us, but how do we change them to fit within the technology without being abused?
  • Is part of the solution using purpose-built end-to-end encryption for email, SMS, chat and the like?
  • Many people are sitting around thinking "how do I not become the next Sony", what advice do you have for them?
  • In 2014 we saw several major flaws surface in TLS, GNU software, etc... Will this continue? How do we plug all the holes?

Interview: Billy Rios - Secure and Internet of Things in the Same Title? 11:00am-11:45AM

EmbedVideo received the bad id "XUN7pJytPTk"" for the service "youtube".

This interview is sponsored The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

  • Embedded device vulnerabilities - seems this is getting worse?
  • Better in some areas?
  • Still, so many devices are using a security model from the 1990s, like why passwords stored in /etc/passwd, TELNET, and default credentials?
  • What can we do to raise awareness about this problem to the different audiences such as consumers, vendors (hardware/software), and various industries (Such as consumer electronics, SCADA, corporate embedded systems, building controls, etc...)?
  • What is the real threat? Some articles I've read are highlighting embedded "things" as critical, such as Bluetooth devices in the board rooms and fitness bands as something the CISOs should be worries about.
  • What are the real attack vectors and what is most concerning? What is least concerning?
  • How can we design more secure systems? Better software? Software processes?
  • Does it just start from the ground up or are there add-on solutions?

Lunch: Special Video Broadcast 12:00PM - 1:00PM

Jeremy & Richard from the EFF 1:00PM-1:50PM

EmbedVideo received the bad id "Nlw1FuLnrag"" for the service "youtube".

Jeremy and Richard join us for part three of this special episode in support of the EFF.

Panel: One Vulnerability To Rule Them All, Until The Next One 2:00PM-2:50PM

EmbedVideo received the bad id "iC1D9CYWZpA"" for the service "youtube".

This Panel is sponsored Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

  • Guests:
    • HD Moore
    • Rob "Mubix" Fuller
    • Dave Kennedy


  • Topics:
    • Why is that 2014 seemed to have so many big vulns?
    • More people looking, more people reporting, media attention at al all time high? all of the above? none of the above?
    • Who cares? With so many vulnerabilities, focusing on just one is bad, right?
    • Can we just fix the ones that make the news?
    • Which ones do I fix so I don't become Sony?
    • Several open-source projects had some major vulns disclosed, I thought open-source was more secure because its open? who is looking for bugs in open source code? Is this model really flawed with respects to security?

Interview: Defcon SECTF & How The EFF Helped (Chris Hadnagy w/ Michelle) 3:00PM-3:50PM

EmbedVideo received the bad id "etpcYO8qtaQ"" for the service "youtube".

This interview is sponsored Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

Interview: Mike Poor, InGuardians 4:00PM-4:30PM

EmbedVideo received the bad id "SLB4kbTpZwI"" for the service "youtube".

This interview is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com

Mike was one of the first guests on the show back in 2005, and returns for the second time 394 episodes later!

Breaches: Top 5 4:45PM

EmbedVideo received the bad id "JYYEdwGvaHo"" for the service "youtube".

This breaches segment is sponsored by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

  • Guests:
    • Michael "Santa" Santarcangelo

With nearly two decades shaping information security, Michael Santarcangelo is known as the catalyst to develop IT leaders. With his guidance, leaders improve their ability to prioritize assets and efforts, measure and demonstrate wins, and effectively communicate their value to other leaders. Freed-up energy enables higher levels of performance and accelerates change.

Topics:

  • What are 5 questions organizations should be able to answer in order to avoid a breach?
    • Paul's List:
      • What are all of my systems and where are they?
      • Where is my most sensitive information stored?
      • What are the most interesting events on the network for a given day?
      • Who responded to the most interesting events in a given day?
      • What is the status of system hardening and patching in my organizations? (Ala, where am I most vulnerable?)
  • What are 5 questions organizations should be able to answer after a breach?
    • How?
    • Where?
    • Who? (meh)
    • What?
    • What did I learn and how did I fix it?

Stories of the Week 5:00PM-6:00PM

EmbedVideo received the bad id "rzKweoYqnD8"" for the service "youtube".

Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Guests:

  • SpaceRogue
  • Jayson Street

SpaceRogue takes over for this special HNN stories of the week (Sunglasses required). Special guest Jayson Street will also join us to talk about the security news!

Paul's Stories

Jack's Stories

Larry's Stories

Joff's Stories

Kris' Stories

  1. Tribler to replace Bittorrent with Anonymous Downloading
  2. Snort v3 is in beta