Episode414

From Security Weekly Wiki
Jump to navigationJump to search


Episode Media

MP3 <-- Not yet published!

Announcements

Paul's Security Weekly - Episode 414 for Thursday April 16th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'

Guest Interview: Jon Callas 6:05 PM

Bio

Jon Callas is a cryptographer, software engineer, and entrepreneur. He is the co-author of many crypto and security systems including OpenPGP, DKIM, ZRTP, Skein, and Threefish. He has co-founded several startups including PGP, Silent Circle, and Blackphone. He has worked on security and crypto for Apple, Tesla, Kroll-O'Gara, Counterpane, and Entrust. He is fond of Leica cameras, Morgan sports cars, and Birman cats.

Questions/Topics

  1. How did you get your start in information security?
  2. What prompted the decision to create PGP software?
  3. How did you go from creating awesome software to protect people's privacy to being investigated for violating the Arms Control Act?
  4. For those who are creating security software today, what advice do you have for them regarding open source and commercialization?
  5. In 2013 you stated The natural flow of technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. is this still true today?
  6. People use PGP today, I'd like to think mostly for good but certainly to hide evil doings. When this point comes under scrutiny, what is your response?
  7. Many have not implemented PGP, deeming it a geek/nerd tool and too difficult to use by the average user. Why haven't we seen more widespread adoption of email encryption by the average user?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?

Links

Guest Interview: Israel Barak 7:00 PM

Bio

Israel Barak is the co-founder of Sentrix, co-founding the company in 2011. He currently functions as Sentrix GM business operations for the Americas. Mr. Barak specializes in developing and assimilating innovative technologies and enhancing organizations’ capacity to withstand cyber-attacks. Mr. Barak draws from his extensive background in various security and military bodies, including founding and serving as the Head of the Israeli Defense Forces Cyber Red Team Unit for 5 Years. Mr. Barak also founded one of Israel's leading national cyber security consulting groups (now part of CITI Group). He is an active member of OWASP, the Cloud Security Alliance, and ISSA.

Questions/Topics

  1. How did you get your start in information security?
  2. What was your role in the development of Israel's "Red Team" capability?
  3. How did the team come about? What does it do? How did you construct, assemble, and lead that team? Any interesting stories you can relate from those days?
  4. Israel (the country) is recognized as a formidable power in Infosec R&D. Many breakthroughs have resulted. Tell us a bit about the development of that "Eco-system" of people, companies, & ideas? What's that culture like? How does it compare to the U.S. ?
  5. Stuxnet - Any thoughts on the topic? (careful! ;))
  6. Your recent talk on "Signals Intelligence & Counter Measures" in Boston was very interesting - What were the takeaways from that talk? Any chance we could see that presentation evolve further at DEFCON or DerbyCon?
  7. How pervasive are various government's surveillance efforts & capabilities? What does that imply for the individual in terms of personal privacy?
  8. Wordpress vulnerabilities have recently made news with attacks by ISIS & others. Can you take us through that attack vector, & some basic mitigations that organizations should put in place to defend against them? (see link #3)
  9. Your new company "Sentrix", is involved with a re-thinking of the old DMZ concept, into a new "Cloud Centric DMZ". Is the focus on the data? Tell us how this new approach to the architecture works?
  10. "BusinessWire" reports that your solution to "cloud based, context aware" website security, protects websites against data breaches; (DDoS, OWASP Top Ten, Defacement, & Zero Days). Can you explain how your solution is "Context Aware" ?
  11. As someone relatively new to "Infosec conference scene". - How do you see the culture of "sharing ideas", through the local user's groups; like OWASP, & CSA, up to the "BSides", "Derby", DEFCON levels?
  12. What's Peter Vogt really like?

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. Pick two celebrities to be your parents.
  5. In the proper game of as grabby-grabby, do you prefer to go first or second?

Links

  1. Israel Barak's LinkedIn page
  2. Sentrix - BusinessWire article gives Insight into the company
  3. Sentrix blog article addresses Wordpress vulnerabilities
  4. Cloud DMZ - Sentrix brief on Cloud DMZ - Web App Security
  5. * CIO Journal's "10 Young Infosec Companies to Watch in 2015"

Segment: Favorite Bash-ism's

Stories

Sponsors

  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Carlos's Stories

Paul's Stories

  1. FBI warms Patch Wordpress Plugins or expect ISIS

Larry's Stories

Joff's stories of his teenage mates of past days

Jack's Shameless Self Promotion and maybe some stories