From Security Weekly Wiki
Revision as of 00:56, 15 May 2015 by Kcrawford (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Episode 418 - Intro, Sponsors & Announcements 6:00PM-6:05PM

Episode Media

MP3 <-- Not yet recorded!


[Cut to Paul Live Shot]

" This week we bring back Security Deathmatch and discuss some technical tips, industry trends and privacy issues. Stories of the week will talk about Venom, the latest named vulnerability to strike virtualized platforms. All that and more, so stay tuned..."

Not Kevin

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

[Cut to sponsor logo]

  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
    • Be sure to check out Paul and John's new SANS class, SANS 550: Active Defense, Offensive Countermeasures and Cyber Deception!
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com

[Cut to security weekly logo]

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

[Cut to live shot of Paul]

Larry: Here's your host, a man loves to do favor that are big AND easy (just like your penis)........Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 418 for Thursday May 14th, 2015

  • Introduce hosts and guests


[Cut to Announcement graphics]

  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
  • Don't forget to Register for SOURCE Boston coming up April 25-28th!

[Cut to shot on Paul]

Segment: Security Death Match - Round 2 6:05PM-7:00PM

EmbedVideo received the bad id "j10abN0liFs"" for the service "youtube".


  1. Technical topic: What is your most favorite tool or technique you've been using?
  2. Non-tech: Is vulnerability scoring useful? How do you or should you use vulnerability scoring/severity?
  3. Privacy: iPhones, should you enable location services? Find my iPhone? Use iCloud? What are the privacy ramifications of using Apple's technology?


Stories of the Week - 7:00PM-8:00PM

EmbedVideo received the bad id "srlTbMHF8d8"" for the service "youtube".

[Play music, Cut to sponsor logo, THEN START RECORDING]


  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/


[Cut to announcement Graphics]

  • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED', which now include Hack Naked Stickers! Visit http://shop.securityweekly.com and get yours today!
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27, and lots more places so be certain to check the SANS web site for more course offerings!
  • Santa, Paul and John are doing a webcast series titled Cracking The Code: How Security Nerds Become IT Leaders. Part 1, titled "From Penetration Testing Results To Improvement" will be held on June 10, 2015 at 2PM EST. You can get all the details at http://securityweekly.com/crackingthecode

[End Music]

Paul's Stories

  1. The latest five-letter acronym to hit the Security Industry claims to bite
  2. Compromised WordPress sites leaking credentials
  3. Vendors Step Up & Step Down
  4. License Plate Scanners Hidden in Fake Cactus
  5. "PHP Hash Comparison Weakness A Threat To Websites
  6. Skynet is real
  7. Home Automation Software Z-Way Vulnerable to Remote Attacks
  8. Taking A Security Program From Zero To Hero
  9. "Heartbleed
  10. Home routers co-opted into self-sustaining DDoS botnet
  11. Dan Kaminsky on VENOM
  12. Venom Bug Threatens Virtual Machines
  13. Malvertising strikes on dozens of top adult sites

Kevin's Stories

  1. Long-Range Iris Scanning Is Here
  2. In Landslide Vote, House Overwhelmingly Passes USA Freedom Act without Amendments
  3. Ruling May Stop Willy-Nilly Gadget Searches at US Borders
  4. Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked
  5. Amateurs Produce Amateur Cryptography