Paul's Security Weekly - Episode 470 - 6:00PM
Recorded June 23, 2016
This episode is dedicated to Jennifer Collis. Jen was a friend and co-worker to many of us here at Security Weekly. I worked with Jen for quite some time and she continues to be an inspiration for me to this day. Jen lost her husband to cancer just before starting to work at Tenable, where she had to work with me (Sometimes no small task in itself). Then disaster struck again and Jen was diagnosed with cancer. The last time we spoke she had words of encouragement for me on my new endeavors, despite her own situation. Thats just the kind of person Jen was. Jen leaves behind two children and a fund has been setup for donations. You can get all of the information at http://securityweekly.com/fsckcancer.
Interview: Cory Doctorow
Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger — the co-editor of Boing Boing (boingboing.net) and the author of the YA graphic novel IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE< and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER and novels for adults like RAPTURE OF THE NERDS and MAKERS. He works for the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles.
- With Google, Facebook, and Twitter being conduits to so much information on the Internet, how concerned are you the big tech giants will control said information?
- How do we prevent the government from implementing regulations that may further impact our freedom when it comes to technology and the internet?
- When you talk about making compromises when if comes to our privacy and security, what are some examples of the major ones?
- Do backdoors end up in software and hardware today because people don’t realize the repercussions, or because some people are truly evil and don’t care?
- Does security matter as a measurement when we compare open-source code vs. commercial code? Or are there larger issues that make it irrelevant?
- If we don’t like the practices of a company, security or otherwise, can’t we just stop buying stuff from them?
- Where do we stand today with the DMCA and what can we do now to protect the rights of security researchers?
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Interview with Rick Farina: Pwn Pad4
His main interests are low-level and wireless networking. He likes doing R&D and teaching people about the importance of security. He also enjoy nearly anything involving radio waves including WiFi, RFID, and Amateur Radio. Zero_Chaos is a well known wireless hacker who helps to run the Wireless Village at DEF CON and the Wireless Capture the Flag at numerous conventions (including DEF CON). Rick has settled comfortably into his backup career of Wireless Security. Specializing in Wifi security, he has also branched out into bluetooth, radio, and sdr. Currently, he is working on the best Linux distro to ever grace the face of the earth, Pentoo.
- ASUS UEFI Update Driver Physical Memory Read/Write - A thorough techincal deep-dive into this flaw.
- Verizon Patches Serious Email Flaw That Left Millions Exposed - “I confirmed a very serious vulnerability: any user with a valid Verizon account could arbitrarily set the forwarding address on behalf of any other user and immediately begin receiving his emails - Yikes! What's the recommendation, use Gmail? This is a case where the API was the cause, as it did not properly check requests.
- Email Servers For More Than Half of World’s Top Sites Can Be Spoofed - Looks like the world, or at least most of it, has not yet heard of SPF...
- WordPress Security Update Patches Two Dozen Flaws
- AirPort owners: Apple's patched a mystery vuln - "A remote attacker may be able to cause arbitrary code execution”, because of a memory corruption issue in DNS parsing.". Took them 9 months to come out with a fix, with no information. Is this acceptable?
- 'Plane Hacker' Roberts hacks cows - Roberts discovered that street lights were wireless-enabled. By turning a bank of street lights on and off, Roberts was able to send a hello followed by a rude message in Morse Code up into space. It's unclear whether or not the messages were received by astronauts. WHAAAAAT? Also, this artile reports all charges filed by the FBI against Roberts have been dropped.
- Stuxnet was the opening shot of decades of non-stop cyber warfare - Duh?
- T-Mobile Rep Sells 1.5 Million Customer Records There was also no word on how a single staffer, since sacked, could have had access to 1.5 million records and been able to siphon it off en masse. Dear IT, never say that could never happen....
- Google Turns To Codeless Tap Factor Authentication - I think Google is light years ahead of everyone with authentication, if you enable it. It can be a little bit of a PITA, but stuff like this helps.
- Mark Zuckerberg is paranoid about webcam spies – for good reason - SO WHAT? Zuck tapes over his webcam, big deal.
- Fraudsters are Buying IPv4 Addresses - This is awesome, IPv4 is a hot commodity!
- Tor coders harden the onion against surveillance
- Comodo attempting to register Let’s Encrypt as a trademark - Hey commode (Ironically this got autocorrected as commode), how about you knock it off
- From planes to Cows
- Best, Shatner, impression, blogpost, ever.
- Paul, don’t go to Utah - Utah police to use pr0n singing dogs. Is that why dogs always sniff my crotch?
- DC24 speakers list live What’s that you say? Larry Pesce? Yes, he’s on there.