Difference between revisions of "Episode409"

From Security Weekly Wiki
Jump to navigationJump to search
Line 77: Line 77:
== Joff's stories of his teenage mates of past days ==
== Joff's stories of his teenage mates of past days ==
== Jack's Shameless Self Promotion and Lack of Stories ==
There are BSides everywhere. CFPs are open, tickets available, magic is happening.

Revision as of 21:46, 12 March 2015

Episode Media

MP3 <-- Not yet published!


Paul's Security Weekly - Episode 409 for Thursday March 12th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'

Guest Interview: Keren Elazari


Keren Elazari is an international recognized cyber security expert. Since 2000, Keren has worked with leading Israeli security firms, government organizations, Big 4 and Fortune 500 companies. Keren holds a CISSP security certification, a BA in History and Philosophy and is currently a senior research fellow and with the Tel Aviv University Science, Security & Technology workshop. In 2012, Keren held the position of Security Teaching Fellow as part of Singularity University’a private think tank, founded by Dr. Ray Kurzweil and sponsored by Google & NASA amongst others. Since 2013, Keren is an industry analyst, covering emerging security trends for GIGAOM research, a leading media hub in California. In 2014, Keren became the first Israeli woman to be invited to speak at the prestigious annual TED conference. Keren’s TED talk has been viewed by 1.4 million people & translated to more than 24 languages and selected for TED’s ‘Most Powerful Ideas’ and Inc.com 'Top 10 TED Talks'.


  1. How did you get your start in information security?
  2. What does the word hacker mean to you? How do you define it?
  3. what does the world need hackers?
  4. Hackers have powers, how do we encourage people to use them responsibly and ethically?
  5. Full disclosure forces, in some cases, the companies to fix problems they would otherwise ignore, but it still breaks the law, how to we overcome this problem?
  6. Many will put down anonymous as being criminals, script kiddies, and the like, but what is the value of groups like anonymous in policing the Internet?

Four Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.



  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Carlos's Stories

Larry's Stories

  1. Rowhammer - Damn, just damn.
  2. Mandarin Oriental CC Breach - This caught my eye, as I have used my credit card there relatively recently - they make fantastic craft cocktails at the bar in Vegas. Looks like it was perpetrated by malware that evaded ant-virus. /me snickers. Now the interesting thing here is"Technology journalist Brian Krebs reported on Wednesday that he contacted the hotel group after financial industry sources identified a pattern of fraudulent charges on payment cards, all of which had been used recently at Mandarin hotels.” Wait, so Krebs is getting leaked insider information?
  3. Killer USB - This reminds me of the BoFH. So, instead of deploying malware, this one destroys the laptop by dropping 100V into the USB data lines. Hey, who let out the magic smoke?
  4. Podec, the captca busting trojan - Damn, the evolution of captcha busting is here apparently, and this one is terribly effective. It’s also neat in that it is some of the next generation mobile malware.
  5. Geotagging One Hundred Million Twitter Accounts with Total Variation Minimization - This was some of the stuff that @innismir and I postulated towards the end of our twitter metadata research - being able to find your location by analyzing the data of your friends. Yet another one that blows my mind this week.

Joff's stories of his teenage mates of past days

Jack's Shameless Self Promotion and Lack of Stories

There are BSides everywhere. CFPs are open, tickets available, magic is happening.