Difference between revisions of "Episode404"

From Security Weekly Wiki
Jump to navigationJump to search
 
(6 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
= Episode Media =
 
= Episode Media =
  
[http://traffic.libsyn.com/pauldotcom/SecurityWeekly-404.mp3 MP3] < Not yet published!
+
[http://traffic.libsyn.com/pauldotcom/SecurityWeekly-404.mp3 MP3]
  
 
= Announcements =
 
= Announcements =
Line 32: Line 32:
 
= Guest Interview: Michael Santarcangelo =
 
= Guest Interview: Michael Santarcangelo =
  
<!--<center>{{#ev:youtube|5pny3ag4ptM"}}</center>-->
+
<center>{{#ev:youtube|UVLwkqVQ0Ns"}}</center>
 
   
 
   
 
Topics:
 
Topics:
Line 65: Line 65:
  
 
== Questions/Topics ==
 
== Questions/Topics ==
 
+
#What is your mindset/approach?
 
+
#What can I automate?  
== Five Questions ==
+
#How much confidence do I have -- across people, process, and technology
 
+
#What can I learn from testing?
# Three words to describe yourself
+
#What happens when a breach happens?
# If you were a serial killer, what would be your weapon of choice?
 
# If you wrote a book about yourself, what would the title be?
 
# In the popular game of ass grabby grabby do you prefer to go first or second?
 
# Pick two celebrities to be your parents.
 
 
 
  
 
= Stories =
 
= Stories =
  
<!--<center>{{#ev:youtube|J7mo4M36epo"}}</center>-->
+
<center>{{#ev:youtube|yGgnmJ1G8UY"}}</center>
  
 
== Sponsors ==
 
== Sponsors ==
Line 87: Line 82:
  
 
* And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
 
* And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
 +
 +
** Today is the last day to purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity [http://www.booster.com/3ncryp7ion here] and get 10 dollars off a Hack Naked t-shirt. Forward invoice from booster to kris at security weekly dot com.
  
 
== Paul's Stories ==
 
== Paul's Stories ==
Line 95: Line 92:
 
#[http://threatpost.com/android-wi-fi-direct-vulnerability-details-disclosed/110650 Android Wi-Fi Direct Vulnerability Details Disclosed]
 
#[http://threatpost.com/android-wi-fi-direct-vulnerability-details-disclosed/110650 Android Wi-Fi Direct Vulnerability Details Disclosed]
 
#[http://news.hitb.org/content/mark-dowd-finds-bug-ultra-secure-blackphone-lets-attackers-stalk-users Mark Dowd finds bug in ultra secure BlackPhone that lets attackers stalk users]
 
#[http://news.hitb.org/content/mark-dowd-finds-bug-ultra-secure-blackphone-lets-attackers-stalk-users Mark Dowd finds bug in ultra secure BlackPhone that lets attackers stalk users]
#[http://threatpost.com/apple-patches-thunderstrike-bug-in-osx-fixes-more-than-30-flaws-in-ios/110699 "Apple Patches Thunderstrike Bug in OSX]
+
#[http://threatpost.com/apple-patches-thunderstrike-bug-in-osx-fixes-more-than-30-flaws-in-ios/110699 Apple Patches Thunderstrike Bug in OSX]
#[http://www.theregister.co.uk/2015/01/29/top_smut_site_contracts_flash_0day_infection/ "Top smut site Flashes visitors]
+
#[http://www.theregister.co.uk/2015/01/29/top_smut_site_contracts_flash_0day_infection/ Top smut site Flashes visitors]
 
#[https://nakedsecurity.sophos.com/2015/01/29/the-ghost-vulnerability-what-you-need-to-know/ The GHOST vulnerability – what you need to know]
 
#[https://nakedsecurity.sophos.com/2015/01/29/the-ghost-vulnerability-what-you-need-to-know/ The GHOST vulnerability – what you need to know]
 
#[http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee]
 
#[http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee]
Line 103: Line 100:
 
#[http://www.blogger.com/feeds/37798047/posts/default/5179380267255104373 Nobody thought BlackPhone was secure -- just securer]
 
#[http://www.blogger.com/feeds/37798047/posts/default/5179380267255104373 Nobody thought BlackPhone was secure -- just securer]
 
#[http://www.blogger.com/feeds/37798047/posts/default/3706066496546670505 Some notes on GHOST]
 
#[http://www.blogger.com/feeds/37798047/posts/default/3706066496546670505 Some notes on GHOST]
 
  
 
== Carlos's Stories ==
 
== Carlos's Stories ==
Line 109: Line 105:
  
 
== Joff's stories of his teenage mates of past days ==
 
== Joff's stories of his teenage mates of past days ==
 +
 +
#[http://krebsonsecurity.com/2015/01/the-internet-of-dangerous-things/ DDoS among us]
 +
#[http://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html GLIBC Affected - we should pay attention to this...]

Latest revision as of 22:14, 5 February 2015



Episode Media

MP3

Announcements

Paul's Security Weekly - Episode 404 for Thursday January 29th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.

Guest Interview: Michael Santarcangelo

EmbedVideo received the bad id "UVLwkqVQ0Ns"" for the service "youtube".

Topics:

  • What are 5 questions organizations should be able to answer in order to avoid a breach?
    • Paul's List:
      • What are all of my systems and where are they?
      • Where is my most sensitive information stored?
      • What are the most interesting events on the network for a given day?
      • Who responded to the most interesting events in a given day?
      • What is the status of system hardening and patching in my organizations? (Ala, where am I most vulnerable?)
  • What are 5 questions organizations should be able to answer after a breach?
    • How?
    • Where?
    • Who? (meh)
    • What?
    • What did I learn and how did I fix it?

Bio

With nearly two decades shaping information security, Michael Santarcangelo is known as the catalyst to develop IT leaders. With his guidance, leaders improve their ability to prioritize assets and efforts, measure and demonstrate wins, and effectively communicate their value to other leaders. Freed-up energy enables higher levels of performance and accelerates change.

Links

My book - Into the Breach

Twitter: @catalyst

My column at CSO Magazine: Translating Security Value

LinkedIn Profile (and writing there)

Questions/Topics

  1. What is your mindset/approach?
  2. What can I automate?
  3. How much confidence do I have -- across people, process, and technology
  4. What can I learn from testing?
  5. What happens when a breach happens?

Stories

EmbedVideo received the bad id "yGgnmJ1G8UY"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
    • Today is the last day to purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity here and get 10 dollars off a Hack Naked t-shirt. Forward invoice from booster to kris at security weekly dot com.

Paul's Stories

  1. WTF! It Should Not Be Illegal To Hack Your Own Car's Computer
  2. Building A Cybersecurity Program: 3 Tips
  3. Small Drone Found On White House Lawn
  4. Android Wi-Fi Direct Vulnerability Details Disclosed
  5. Mark Dowd finds bug in ultra secure BlackPhone that lets attackers stalk users
  6. Apple Patches Thunderstrike Bug in OSX
  7. Top smut site Flashes visitors
  8. The GHOST vulnerability – what you need to know
  9. Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee
  10. Java Patch Plugs 19 Security Holes — Krebs on Security
  11. Guest Blog: httpscreenshot - A Tool for Both Teams
  12. Nobody thought BlackPhone was secure -- just securer
  13. Some notes on GHOST

Carlos's Stories

Joff's stories of his teenage mates of past days

  1. DDoS among us
  2. GLIBC Affected - we should pay attention to this...