Difference between revisions of "Episode406"

From Security Weekly Wiki
Jump to navigationJump to search
 
(23 intermediate revisions by 6 users not shown)
Line 11: Line 11:
 
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
 
And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!
  
* This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
+
* This podcast is brought to you by the SANS Institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  
 
* And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
 
* And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
Line 19: Line 19:
 
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
 
"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."
  
"Here's your host, a man who is excited to be back touching python...again."
+
"Here's your host, a man who plays a 10 year old on the internet...10 year podcaster."
  
 
* Security Weekly Announcements:
 
* Security Weekly Announcements:
Line 29: Line 29:
 
** B-Sides Boston 2015 is May 9th in Cambridge, MA. Got a great topic, or fresh new idea? Share it with the community at BSB 2015 [http://www.securitybsides.com/w/page/91964571/BSidesBOS_CFP call for papers is now open, CFP deadline is March 1st]
 
** B-Sides Boston 2015 is May 9th in Cambridge, MA. Got a great topic, or fresh new idea? Share it with the community at BSB 2015 [http://www.securitybsides.com/w/page/91964571/BSidesBOS_CFP call for papers is now open, CFP deadline is March 1st]
  
<!--<center>{{#ev:youtube|7OW0YOa6CYs"}}</center>-->
+
= Guest Interview: Deviant Ollam =
 +
 
 +
<center>{{#ev:youtube|Jy-4J8IVK9c"}}</center>
 +
 
 +
== Bio ==
 +
 
 +
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers.  Every year at DEFCON and ShmooCon Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, SANS, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
 +
 
 +
You can reach Deviant at the following email:
 +
 
 +
deviant at deviating dot net
 +
PGP key on major servers
 +
FBED 2740 858D 4544 C4DA 4DFE DEF9 5F3C 48BC FD28
 +
 
 +
== Links ==
 +
 
 +
You can learn more about Deviant by checking out the following links:
 +
 
 +
http://enterthecore.net/new-core-group-student-training-equipment/
 +
 
 +
http://enterthecore.net/physical-penetration-training-orlando-fl/
 +
 
 +
http://deviating.net/firearms
 +
 
 +
http://deviating.net/lockpicking
 +
 
 +
= Guest Interview: Onapsis =
 +
 
 +
<center>{{#ev:youtube|k-kaFS7Q5dM"}}</center>
  
 
= Stories =
 
= Stories =
  
<!--<center>{{#ev:youtube|y71oSn7MoiY"}}</center>-->
+
<center>{{#ev:youtube|jr5mx-YzJDk"}}</center>
  
 
== Sponsors ==
 
== Sponsors ==
Line 44: Line 72:
  
 
== Paul's Stories ==
 
== Paul's Stories ==
# [http://www.pcmag.com/article2/0,2817,2476620,00.asp] Just in time for Valentine's Day: More than 60 percent of mobile dating apps are vulnerable to cyber attacks (Frank suggestion)
+
#[http://www.securityintelligence.com/datingapps Just in time for Valentine's Day: More than 60 percent of mobile dating apps are vulnerable to cyber attacks]
 +
#[https://xato.net/passwords/ten-million-passwords/ Today I Am Releasing Ten Million Passwords]
 +
#[http://www.darkreading.com/vulnerabilities---threats/a-winning-strategy-must-patch-should-patch-cant-patch/a/d-id/1319014 "A Winning Strategy: Must Patch]
 +
#[http://www.v3.co.uk/v3-uk/news/2394788/microsoft-plugs-41-internet-explorer-flaws-in-patch-tuesday-release Microsoft Plugs 41 Internet Explorer Flaws]
 +
#[http://threatpost.com/chinese-hackers-compromised-forbes-com-using-ie-flash-zero-days/110996 "Chinese Hackers Compromised Forbes.com Using IE]
 +
#[http://www.theregister.co.uk/2015/02/12/hacker_kicks_one_bit_xp_to_10_windows_scroll_goal/ Hacker kicks one bit XP to 10 Windows scroll goal]
 +
#[http://news.hitb.org/content/anthem-data-breach-cost-likely-smash-100-million-barrier Anthem data breach cost likely to smash $100 million barrier]
 +
#[http://news.hitb.org/content/hacker-finds-vulnerability-facebook-can-delete-your-photo-albums "Hacker finds vulnerability in Facebook]
 +
#[http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/ Anthem Breach May Have Started in April 2014]
 +
#[http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/ "Exploiting “BadIRET” vulnerability (CVE-2014-9322]
 +
#[http://www.tripwire.com/state-of-security/vulnerability-management/microsoft-packing-more-cves-into-fewer-security-bulletins/ Microsoft Packing More CVEs into Fewer Security Bulletins]
 +
#[http://www.pythonforpentesting.com/2015/01/nscan-fast-internet-wide-scanner.html Nscan: Fast Internet Wide Scanner | Python for Pentesting]
 +
#[http://blog.didierstevens.com/2015/02/02/airpcap-channel-hopping-with-python/ AirPcap Channel Hopping With Python | Didier Stevens]
 +
#[https://www.owasp.org/index.php/OWASP_Proactive_Controls OWASP Proactive Controls - OWASP]
 +
#[http://www.darknet.org.uk/2015/02/droopescan-plugin-based-cms-security-scanner/ Droopescan – Plugin Based CMS Security Scanner]
 +
#[http://1raindrop.typepad.com/1_raindrop/2015/02/the-year-the-security-dog-caught-the-car.html The year the security dog caught the car]
  
== Carlos's Stories ==
+
== Larry's Stories ==
  
== Joff's stories of his teenage mates of past days ==
+
#[http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/ Forbes targeted drive by]
 +
#[http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/ MS15-011]
  
 
== Jack's lack of stories ==
 
== Jack's lack of stories ==
 +
#[http://www.digitalmunition.me/2015/02/chinese-hacking-group-codoso-team-uses-forbes-com-watering-hole/ And now, from Adobe... "Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole"]
 +
#[http://1raindrop.typepad.com/1_raindrop/2015/02/the-year-the-security-dog-caught-the-car.html The year the security dog caught the car] A great take on the state of security from Gunnar Peterson
 +
#[https://threatpost.com/markey-car-security-report-just-the-start-for-automakers/110962 Markey Car Security Report Just the Start for Automakers] The car biz is  awretched hive of scum and villainy
 +
#[http://www.slate.com/blogs/future_tense/2015/02/10/samsung_s_smarttv_disabling_its_eavesdropping_could_violate_dmca.html Stopping a Smart TV From Eavesdropping On You Could Be a Felony]

Latest revision as of 17:38, 14 February 2015


Episode Media

MP3 < Not yet published!

Announcements

Paul's Security Weekly - Episode 406 for February 12th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This podcast is brought to you by the SANS Institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who plays a 10 year old on the internet...10 year podcaster."

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Follow us on Facebook and Twitter, join our Google Groups mailing list, and subscribe to our YouTube channel.
    • B-Sides Boston 2015 is May 9th in Cambridge, MA. Got a great topic, or fresh new idea? Share it with the community at BSB 2015 call for papers is now open, CFP deadline is March 1st

Guest Interview: Deviant Ollam

EmbedVideo received the bad id "Jy-4J8IVK9c"" for the service "youtube".

Bio

While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpick Village, and he has conducted physical security training sessions for Black Hat, SANS, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

You can reach Deviant at the following email:

deviant at deviating dot net PGP key on major servers FBED 2740 858D 4544 C4DA 4DFE DEF9 5F3C 48BC FD28

Links

You can learn more about Deviant by checking out the following links:

http://enterthecore.net/new-core-group-student-training-equipment/

http://enterthecore.net/physical-penetration-training-orlando-fl/

http://deviating.net/firearms

http://deviating.net/lockpicking

Guest Interview: Onapsis

EmbedVideo received the bad id "k-kaFS7Q5dM"" for the service "youtube".

Stories

EmbedVideo received the bad id "jr5mx-YzJDk"" for the service "youtube".

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

  1. Just in time for Valentine's Day: More than 60 percent of mobile dating apps are vulnerable to cyber attacks
  2. Today I Am Releasing Ten Million Passwords
  3. "A Winning Strategy: Must Patch
  4. Microsoft Plugs 41 Internet Explorer Flaws
  5. "Chinese Hackers Compromised Forbes.com Using IE
  6. Hacker kicks one bit XP to 10 Windows scroll goal
  7. Anthem data breach cost likely to smash $100 million barrier
  8. "Hacker finds vulnerability in Facebook
  9. Anthem Breach May Have Started in April 2014
  10. "Exploiting “BadIRET” vulnerability (CVE-2014-9322
  11. Microsoft Packing More CVEs into Fewer Security Bulletins
  12. Nscan: Fast Internet Wide Scanner | Python for Pentesting
  13. AirPcap Channel Hopping With Python | Didier Stevens
  14. OWASP Proactive Controls - OWASP
  15. Droopescan – Plugin Based CMS Security Scanner
  16. The year the security dog caught the car

Larry's Stories

  1. Forbes targeted drive by
  2. MS15-011

Jack's lack of stories

  1. And now, from Adobe... "Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole"
  2. The year the security dog caught the car A great take on the state of security from Gunnar Peterson
  3. Markey Car Security Report Just the Start for Automakers The car biz is awretched hive of scum and villainy
  4. Stopping a Smart TV From Eavesdropping On You Could Be a Felony