Difference between revisions of "Episode416"

From Security Weekly Wiki
Jump to navigationJump to search
 
(17 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
== Episode Media ==
 
== Episode Media ==
  
[http://traffic.libsyn.com/pauldotcom/SecurityWeekly-416.mp3 MP3] <-- Not yet recorded!
+
[http://traffic.libsyn.com/pauldotcom/SecurityWeekly-416.mp3 MP3]
  
 
== Intro, Sponsors & Announcements ==
 
== Intro, Sponsors & Announcements ==
Line 11: Line 11:
 
=== Paul ===
 
=== Paul ===
  
''On Security Weekly tonight we have a special guest interview with Apollo Clark! He'll talk web application security, Kali Linux and be mixing drinks live in studio! Get our take on listener submitted Bash command line tips and tricks, and we'll cover stories of the week including some more massive D-Link fail. All that and more on this edition of Security Weekly, making the world a better place one episode at a time..."
+
[Cut to Paul Live Shot]
  
=== Larry ===
+
''On the show tonight we have a special guest interview with Dan McInerney! He'll show us how to script our life in Python and inject HTML or JavaScript into user sessions! Get our take on the RSA conference, and I can assure you that Jack is extra grumpy this week. Jeff Man joins us in studio, for extra grumpiness, and stories of the week will include, wait for it, Wordpress vulnerabilities! All that and more on this edition of Security Weekly."
  
''Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!''
+
[Cut to Jack Live shot]
  
''Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com''
+
=== Jack ===
  
''And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/''
+
''Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!''
  
''And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!''
+
[Cut to sponsor logo]
  
''Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...''
+
*This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more''
  
''Here's a man who looks good in pink, but only in an arizona prison,  Paul Asadoorian"
+
*And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com''
  
''Hello everyone and welcome to Paul's Security Weekly - Episode 416 for Thursday April 30th, 2015''
+
[Cut to security weekly logo]
  
* Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit [http://securityweekly.com/iot http://securityweekly.com/iot] to register today!
+
''Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...''
* Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
 
  
= Guest Interview: Dan McInerney - 6:05 PM =
+
[Cut to live shot of Paul]
  
<!--<center>{{#ev:youtube|LCoN5D9u6mg"}}</center>-->
+
'''Jack:''' ''Here's your host, a man who once taught a german shepherd how to bark in spanish, and won a fist fight, using only his beard.......Paul Asadoorian!"
 
== Bio ==
 
  
Dan wasted several years of life studying psychology in college before realizing that a.) he could teach himself everything he learned in college for free and more efficiently, and b.) he didn't actually want to go to school for another 12 years just a for a shot at a mediocre job. So he switched his router into WEP mode, cracked it, and was immediately and permanently addicted. His education from there on generally revolved around learning a security concept, then scripting it in Python to solidify the knowledge. This continued for the next several years until the end goal of his career was reached: getting onto PSW. Dan will likely cease all learning at this point as there is nothing left to achieve.
+
'''Paul:''' ''Hello everyone and welcome to Paul's Security Weekly - Episode 416 for Thursday April 30th, 2015''
  
== Questions/Topics ==
+
* Introduce hosts and guests
  
 +
== Announcements ==
  
== Five Questions ==
+
[Cut to Announcement graphics]
  
# Three words to describe yourself
+
* Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit [http://securityweekly.com/iot http://securityweekly.com/iot] to register today!
# If you were a serial killer, what would be your weapon of choice?
+
* Don't forget to [http://www.securitybsides.com/w/page/91025139/Boston Register for BSides Boston] coming up on May 9th!
# If you wrote a book about yourself, what would the title be?
 
# In the popular game of ass grabby-grabby, do you prefer to go first or second?
 
# Choose two celebrities to be your parents.
 
 
 
= Segment:  =
 
 
 
== Sponsors & Announcements ==
 
 
 
* Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at [http://securityweekly.com/tenablejobs http://securityweekly.com/tenablejobs]. If you are listening to this show, check out the following two positions, both technical and both are work from home:
 
** [https://careers.tenable.com/?jvi=o50y0fwn,Job Nessus Vulnerability Research Engineer]
 
** [https://careers.tenable.com/?jvi=oJjv0fwh,Job C Software Engineer]
 
* Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
 
 
* Don't forget to [http://sourceconference.com/boston/ Register for SOURCE Boston] coming up April 25-28th!
 
* Don't forget to [http://sourceconference.com/boston/ Register for SOURCE Boston] coming up April 25-28th!
  
== segment ==
+
[Cut to shot on Paul and Dan]
  
<!--<center>{{#ev:youtube|V7lCxWgpvjo"}}</center>-->
+
= Tech Segment: Dan McInerney - 6:05PM-6:35PM =
  
 +
''Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com''
  
 +
''And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/''
  
= Stories of the Week - 7:30PM-8:00PM =
+
''And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!''
  
<!--<center>{{#ev:youtube|hNmQhZD8w_g"}}</center>-->
+
<center>{{#ev:youtube|nukEMdt5ehs"}}</center>
 +
 +
== Bio ==
  
== Sponsors & Announcements ==
+
Dan wasted several years of life studying psychology in college before realizing that a.) he could teach himself everything he learned in college for free and more efficiently, and b.) he didn't actually want to go to school for another 12 years just a for a shot at a mediocre job. So he switched his router into WEP mode, cracked it, and was immediately and permanently addicted. His education from there on generally revolved around learning a security concept, then scripting it in Python to solidify the knowledge. This continued for the next several years until the end goal of his career was reached: getting onto PSW. Dan will likely cease all learning at this point as there is nothing left to achieve.
  
*This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more''
 
  
*And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com''
+
== Links ==
* Don't forget to [http://www.securitybsides.com/w/page/91025139/Boston Register for BSides Boston] coming up on May 9th!
 
  
 +
#[https://github.com/DanMcInerney Dan's Github]
 +
#[https://twitter.com/DanHMcInerney Dan on Twitter]
  
== Paul's Stories ==
+
= Stories of the Week - 7:00PM-8:00PM =
  
 +
<center>{{#ev:youtube|nIyPwGeX2E8"}}</center>
  
== Larry's Stories ==
+
== Sponsors ==
  
 +
* Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at [http://securityweekly.com/tenablejobs http://securityweekly.com/tenablejobs]. If you are listening to this show, check out the following two positions, both technical and both are work from home:
 +
** [https://careers.tenable.com/?jvi=o50y0fwn,Job Nessus Vulnerability Research Engineer]
 +
** [https://careers.tenable.com/?jvi=oJjv0fwh,Job C Software Engineer]
  
== Joff's Wallaby Stories ==
+
== Announcements ==
 
 
 
 
 
 
== Michael's Stories ==
 
  
 +
* Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
 +
* Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
  
 +
== Paul's Stories ==
 +
#[http://www.theregister.co.uk/2015/04/27/tesla_hijack/ Tesla Twitter Account And Website Hijacked]
 +
#[http://www.theregister.co.uk/2015/04/27/wordpress_zero_day_xss/ Comments considered harmful: WordPress web hijack bug revealed]
 +
#[http://www.v3.co.uk/v3-uk/news/2406023/wordpress-rushes-out-fix-for-zero-day-flaw-that-puts-one-in-five-sites-at-risk WordPress Rushes Out Fix For Zero-Day Flaw]
 +
#[http://www.theregister.co.uk/2015/04/28/packet_of_death_how_to_crash_a_surgical_robot/ Surgery Bot Can Be Hacked To Hack You To Pieces]
 +
#[http://www.darkreading.com/vulnerabilities---threats/note-to-vendors-cisos-dont-want-your-analytical-tools/a/d-id/1320185 Note To Vendors: CISOs Don't Want Your Analytical Tools]
 +
#[http://www.darkreading.com/rsa-highlighted-impending-iot-troubles/d/d-id/1320191 RSA Highlighted Impending IoT Troubles]
 +
#[http://arstechnica.com/security/2015/04/28/how-to-crack-any-master-lock-combination-in-8-tries-or-less/ How To Crack Many Master Lock Combinations In 8 Tries Or Less]
 +
#[https://threatpost.com/google-releases-password-alert-extension-for-chrome/112484 Google Releases Password Alert Extension for Chrome]
 +
#[https://threatpost.com/a-year-later-xss-vulnerability-still-exists-in-ebay/112493 A Year Later]
 +
#[https://threatpost.com/wordpress-ecommerce-plugin-vulnerability-details-disclosed/112500 WordPress Ecommerce Plugin Vulnerability Details Disclosed]
  
== Carlos' Stories ==
+
* Cool XSS Payloads [http://www.xss-payloads.com/ http://www.xss-payloads.com/]

Latest revision as of 01:15, 6 May 2015

Paul's Security Weekly - Episode 416 - 6:00PM

Episode Media

MP3

Intro, Sponsors & Announcements

Paul

[Cut to Paul Live Shot]

On the show tonight we have a special guest interview with Dan McInerney! He'll show us how to script our life in Python and inject HTML or JavaScript into user sessions! Get our take on the RSA conference, and I can assure you that Jack is extra grumpy this week. Jeff Man joins us in studio, for extra grumpiness, and stories of the week will include, wait for it, Wordpress vulnerabilities! All that and more on this edition of Security Weekly."

[Cut to Jack Live shot]

Jack

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

[Cut to sponsor logo]

  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com

[Cut to security weekly logo]

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

[Cut to live shot of Paul]

Jack: Here's your host, a man who once taught a german shepherd how to bark in spanish, and won a fist fight, using only his beard.......Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 416 for Thursday April 30th, 2015

  • Introduce hosts and guests

Announcements

[Cut to Announcement graphics]

  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
  • Don't forget to Register for BSides Boston coming up on May 9th!
  • Don't forget to Register for SOURCE Boston coming up April 25-28th!

[Cut to shot on Paul and Dan]

Tech Segment: Dan McInerney - 6:05PM-6:35PM

Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

EmbedVideo received the bad id "nukEMdt5ehs"" for the service "youtube".

Bio

Dan wasted several years of life studying psychology in college before realizing that a.) he could teach himself everything he learned in college for free and more efficiently, and b.) he didn't actually want to go to school for another 12 years just a for a shot at a mediocre job. So he switched his router into WEP mode, cracked it, and was immediately and permanently addicted. His education from there on generally revolved around learning a security concept, then scripting it in Python to solidify the knowledge. This continued for the next several years until the end goal of his career was reached: getting onto PSW. Dan will likely cease all learning at this point as there is nothing left to achieve.


Links

  1. Dan's Github
  2. Dan on Twitter

Stories of the Week - 7:00PM-8:00PM

EmbedVideo received the bad id "nIyPwGeX2E8"" for the service "youtube".

Sponsors

Announcements

  • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27

Paul's Stories

  1. Tesla Twitter Account And Website Hijacked
  2. Comments considered harmful: WordPress web hijack bug revealed
  3. WordPress Rushes Out Fix For Zero-Day Flaw
  4. Surgery Bot Can Be Hacked To Hack You To Pieces
  5. Note To Vendors: CISOs Don't Want Your Analytical Tools
  6. RSA Highlighted Impending IoT Troubles
  7. How To Crack Many Master Lock Combinations In 8 Tries Or Less
  8. Google Releases Password Alert Extension for Chrome
  9. A Year Later
  10. WordPress Ecommerce Plugin Vulnerability Details Disclosed