Difference between revisions of "Episode406"

From Security Weekly Wiki
Jump to navigationJump to search
(Created page with "{{Advertisements}} = Episode Media = [http://traffic.libsyn.com/pauldotcom/SecurityWeekly-406.mp3 MP3] < Not yet published! = Announcements = Paul's Security Weekly - Epi...")
 
Line 44: Line 44:
  
 
== Paul's Stories ==
 
== Paul's Stories ==
 
#[http://www.csoonline.com/article/2880595/data-protection/attackers-exploit-zeroday-flaw-in-popular-wordpress-plugin.html#tk.rss_all Wordpress Plugin vulnerability]
 
 
#[http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-ConnectedDrive-2540957.html Unlocking a BMW with no keys]
 
#[http://news.hitb.org/content/d-link-routers-vulnerable-dns-hijacking D-Link routers vulnerable to DNS hijacking]
 
#[http://arstechnica.com/gadgets/2015/01/welcome-to-my-sit-stand-desk-nightmare/ Welcome to my sit-stand desk nightmare | Ars Technica]
 
#[http://www.darkreading.com/3-disturbing-new-trends-in-vulnerability-disclosure/d/d-id/1318925 3 Disturbing New Trends in Vulnerability Disclosure]
 
#[http://www.darkreading.com/mobile/bmws-software-security-patch-a-sign-of-things-to-come/d/d-id/1318933 BMW's Software Security Patch A Sign Of Things To Come]
 
#[http://www.v3.co.uk/v3-uk/analysis/2393682/adobe-flash-zero-days-prove-signatures-are-dead Adobe Flash Zero Days Prove Signatures Are Dead]
 
#[http://threatpost.com/adobe-begins-patching-third-flash-player-zero-day/110865 Adobe Begins Patching Third Flash Player Zero Day]
 
#[http://www.theregister.co.uk/2015/02/05/siemens_sighs_scada_bugs_abound/ Siemens Sighs: SCADA Bugs Abound]
 
#[http://www.networkworld.com/article/2880613/attackers-exploit-zeroday-flaw-in-popular-wordpress-plugin.html Attackers exploit zero-day flaw in popular WordPress plug-in]
 
#[http://arstechnica.com/security/2015/01/critical-ghost-bug-could-haunt-wordpress-and-php-apps-too/ "Critical Ghost bug could haunt WordPress and PHP apps]
 
#[http://newschoolsecurity.com/2015/01/security-101-show-your-list/ Security 101: Show Your List!]
 
#[http://www.darknet.org.uk/2015/02/anthem-hacked-us-health-insurance-provider-leaks-70-million-records/ Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records]
 
#[http://krebsonsecurity.com/2015/01/yet-another-emergency-flash-player-patch/ Yet Another Emergency Flash Player Patch — Krebs on Security]
 
#[http://shadow-file.blogspot.com/2015/01/patching-emulating-and-debugging.html "The Shadow File: Patching]
 
#[http://blog.gdssecurity.com/labs/2015/1/26/badsamba-exploiting-windows-startup-scripts-using-a-maliciou.html?utm_campaign=Feed%3A+GdsSecurityBlog+%28GDS+Security+Blog%29&utm_medium=feed&utm_source=feedburner GDS - Blog - BadSamba - Exploiting Windows Startup Scripts Using a Malicious SMB Server]
 
#[https://github.com/delvelabs/vane delvelabs/vane · GitHub]
 
  
 
== Carlos's Stories ==
 
== Carlos's Stories ==

Revision as of 03:03, 11 February 2015


Episode Media

MP3 < Not yet published!

Announcements

Paul's Security Weekly - Episode 406 for February 12th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who is excited to be back touching python...again."

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.
    • B-Sides call for papers is open


Stories

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

Carlos's Stories

Joff's stories of his teenage mates of past days

Jack's lack of stories

  1. Warning – Microsofts Outlook app for iOS breaks your company security
  2. Canary Watch website
  3. The World’s Email Encryption Software (GPG) Relies on One Guy, Who is Going Broke so let's donate to GPG
  4. Skills shortage... Oh, my. Jack may rant.
  5. Marcus Ranum's comments on the breach at [$COMPANY_NAME$]