From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 464 - 6:00PM

Recorded May 12, 2016

Episode Audio

[] Coming Soon Douglas White, Ph.D. CEO / Product Architect


  • We will have Douglas White, Ph.D. in studio on the show today!

First segment 6:00PM-7:00PM

Our guest on the show will be Douglas White, Ph.D.

Professor of Networking, Security and Forensics, Director, FANS Lab Doug will be in the Studio with us. Dr. Douglas White has worked in the technology industry for 30 years and has worked as a programmer, networking admin, security specialist, and consultant. Dr. White teaches courses in Digital Forensics, Computer Networking, and any other class that comes along that involves computers and security. Doug is a core team member of the Rhode Island Cyber Disruption Team which is coordinated by the Rhode Island State Police. Doug White was the first certified instructor for the ISFCE digital forensics boot camps and has worked for a variety of professional training organizations and corporations teaching and working in technology.

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Tech Segment

Stories of the Week - 7:00PM-8:00PM

In the Press:

Paul's Stories

Larry's Stories

  1. Shakeup in the Endpoint security market - Virustotal changes the game.
  2. HackRF Jeep unlock replay attack - A simple capture and replay with a hacker can unlock older jeeps…no rolling code needed.
  3. Walmart sues - Over Chip and pin implementation, because it is chip and signature that os required, not chip and pin.
  4. FB CFT - Now opensource.

Joff's Stories

Jack's Stories

  1. Verizon DBIR and reactions

The 2016 Verizon DBIR is out. As always, there's some good stuff in there, but not much new- it is sadly a Report Card of Fail in many ways- how many times can we hear that folks need to use 2FA, patch their stuff, segment their networks, etc. etc.?
Jericho took exception to the vulnerability section of this year's DBIR and he isn't alone.
Jericho followed up after Kenna's response
Rob Graham was also unimpressed
A reponse from Kenna Security, who wrote most of the vulnerability section, doesn't seem to answer all of the questions
[http://blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/ and Dan Guido further dissassebles the vulnerability section.

  1. Lots of handy tiny apps thanks to the ever sexy Chris Nickerson for sharing this.
  2. VirusTotal changes the rules and some folks are gonna get hurt, and might deserve it.
  3. [The ThreatButt DZIR might appeal to you if the Verizon DBIR doesn't.

Kevin's Stories

Michael's (Santa) Stories

  1. Crooks Go Deep With ‘Deep Insert’ Skimmers