From Security Weekly Wiki
Revision as of 00:05, 10 September 2015 by Kcrawford (talk | contribs)
Jump to navigationJump to search

Paul's Security Weekly - Episode 433 - 6:00PM

Episode Media


Intro, Sponsors & Announcements


This week the Security Weekly crew discusses how to convey the security message outside of the echo chamber, security news this week includes hacking satellites, lessons learned from cracking Ashley Madison web site passwords, and whole lot more so stay tuned!


Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, systems aren't the only things getting penetrated, functions are the only things getting wrapped, bits aren't the only things getting banged and the cocktails flow steady its Paul’s Security Weekly!

  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at http://securityweekly.com/tenablejobs. If you are listening to this show, check out the following two positions, both technical and both are work from home: Nessus Vulnerability Research Engineer and C Software Engineer
  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/


Now, fire up a packet capture, pour yourself an adult beverage, and give the intern control of your botnet...

Larry: Here's your host, a man that gives 50 cent blowjobs with pliers and a wet sock, Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 433 for Thursday, September 3rd 2015


  • Purchase Hack Naked T-Shirts and stickers online at http://shop.securityweekly.com get yours today! For a limited time only use the discount code "HACKNAKEDSUMMER" and get 50% your order! Its a summer blow-out sale and ends on September 23, 2015 (The first official day of fall).
  • Tenable is looking for a Technical Director (http://jobvite.com/m?3sIczhwH), works from home in the US.

Discussion Segment: Talk Security Outside The Echo Chamber - 6:05PM-6:55PM

EmbedVideo received the bad id "DAhtOhaQvk4"" for the service "youtube".

Jack received this comment and question recently:

"Jack... You gave a talk at BSides Cleveland and around the 56 minute mark, you mentioned getting out and giving businesses/executives high-level talks about security, DBIR, etc. I was curious if you had a rundown of some of the talking points you make sure you include. Maybe this would be a good side topic for the Security Weekly crew? Thanks, Dallas"

We've spoken a lot about how to talk to management about security, but lets expand the scope a bit:

  1. How do you communicate the challenges of security to management?
  2. How do the security challenges differ from other IT-related challenges?
  3. When referencing external works such as the DBIR, what are the top 3 points you want to cover with executives?
  4. Executives is a broad term, how do we best communicate security to 1) Founders of a technology company 2) C-level executives of a corporation 3) Small businesses 4) The general public?
  5. What are some tips when communicating security to systems and network administrators? Programmers?
  6. How do we reach areas outside of computer security with our message?

Stories of the Week - 7:00PM-8:00PM

EmbedVideo received the bad id "obnkQ9kVakY"" for the service "youtube".


  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!


  • Submit your B-Sides Tampa CFP here. This is a four night cruise, the conference is two full days at sea with a stop in Cozumel Mexico. Accepted talks receive a free cabin for two.
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Las Vegas, NV, September 14-19, and the Pentest Hackfest in November in Washington, DC and lots more places so be certain to check the SANS web site for more course offerings!

Paul's Stories

  1. Yes
  2. How CISOs can beat the information security skills-gap
  3. Victims Of US Government Mega-Breach Still Haven't Been Notified
  4. Ecuador Considered Smuggling Julian Assange In A Bag
  5. Netflix releases reflected XSS audit tool for biz
  6. The myth of the cybersecurity skills shortage
  7. What Windows Update for Business is
  8. Google Patches Critical Vulnerabilities in Chrome 45
  9. Secret Service agent pleads guilty to stealing money from Silk Road dealers
  10. Secret Service agent pleads guilty to stealing money from Silk Road dealers | Ars Technica
  11. Linux Foundation Releases Paranoid Internal Infosec Guide
  12. Goole
  13. TSA Master Key Duplication & Why ""Security Through (Not So) Obscurity"" Fails - TrustedSec - Information Security"
  14. ColdFusion Bomb: A Chain Reaction From XSS to RCE - Bishop Fox
  15. How to use Intel AMT and have some fun with Mainboards - Insinuator
  16. Sophisticated Security: What I learned from cracking 4000 Ashley Madison passwords
  17. It's Surprisingly Simple to Hack a Satellite | Motherboard
  18. These hackers warned the Internet would become a security disaster. Nobody listened. | The Washington Post

Santa's Stories

Jack's Stories

Larry's Stories

  1. wifi FCC
  2. fillet of firewall
  3. OSX keychain vulns