Paul's Security Weekly - Episode 474 - 6:00PM

Recorded: July 21, 2016

Episode Audio

[] Coming Soon

Announcements

Interview: John Kindervag

With more than 25 years of high tech experience, John is best known for creating the highly influential “Zero Trust” model of information security. He currently advises both public and private sector organizations with the design and building of Zero Trust Networks. He holds, or has held, numerous industry certifications, including QSA, CISSP, CEH, and CCNA. John has a practitioner background, having served as a security consultant, penetration tester, and security architect before joining Forrester. He has particular expertise in the areas of secure network design, wireless security, and voice-over-IP hacking. He has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times. He has also appeared on television networks such as CNBC, Fox News, PBS, and Bloomberg discussing information security topics. John has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World.

1. How did you get your start in information security?
2. What is the Zero Trust network architecture?
3. Many people ask me what they can do to secure their Big Data deployments and databases and as for best practices, what is your advice?
4. The decisions people make about whether or not to put data in the cloud seem split, some say "No Cloud", some "Maybe" and some are all in, what advice do you have for those who say "No cloud"? What is the happy medium? Is all-in cloud too much?
5. How is hunting vampires (and werewolves) similar to looking for "cyber" threats?
6. What is the best way to "Know your network", we all say this, but what are the best ways to accomplish this goal?
7. Are we seeing the convergence of traditional IT and security? What are some of the most exciting trends you see in this area?
8. What advice do you have for those folks listening in search of the following solutions:
   1. DDoS mitigation
   2. Threat Hunting
   3. User behavior analytics
   4. Vulnerability management
   5. Data Loss Prevention

1. Three words to describe yourself.
2. If you were a serial killer, what would be your weapon of choice?
3. If you wrote a book about yourself, what would the title be?
4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
5. Choose two celebrities to be your parents.

Tech Segment: Bluetooth Scanning With The PwnPad 4

While many are focused on securing the network, it could be the devices within your location, not even on the network, that cause security issues. In this segment we talk about a new, open-source, Bluetooth hacking tool from Pwnie Express called "Blue Hydra". It has the unique capability to scan for Bluetooth and Bluetooth Low Energy all at the same time. I have begun analyzing the Bluetooth used on my new Segway MiniPro, and am really happy with the results.

I fired up the PwnPad 4 and the new fangled Dongle which supports Bluetooth and Low Energy. I started up Blue Hydra, told it to save the data locally. Here's some of the interesting stuff:

address            vendor       company               manufacturer               classic     le          le_address_type  last_seen                  classic_major_class                            classic_minor_class           classic_class                                                                                                                                         
-----------------  -----------  --------------------  -------------------------  ----------  ----------  ---------------  -------------------------  ---------------------------------------------  ----------------------------  --------------------------------------------------------------------------------------------------------------------                                  
40:B3:95:A6:59:27  Apple, Inc.  not assigned (19456)  Broadcom Corporation (15)  t           f                            2016-07-21T15:56:56-04:00  Computer (desktop, notebook, PDA, organizers)  Handheld PC/PDA (clam shell)  ["Networking (LAN, Ad hoc)","Capturing (Scanner, Microphone)","Audio (Speaker, Microphone, Headset)","Telephony (Cordless telephony, Modem, Headset)"]
C4:73:1E:66:67:E8  Samsung Ele  Broadcom Corporation  Broadcom Corporation (15)  t           f                            2016-07-21T16:09:33-04:00  Audio/Video (headset, speaker, stereo, video,  Video Display and Loudspeake  ["Capturing (Scanner, Microphone)"]                                                                                                                   
00:0D:4B:AC:7C:5A  Roku, Inc.                         Broadcom Corporation (15)  t           f                            2016-07-21T16:09:33-04:00  Audio/Video (headset, speaker, stereo, video,  Set-top box                   []                                                                                                                                                    
A0:E6:F8:88:23:98  Texas Instr  not assigned (33406)                             f           t           Public           2016-07-21T16:05:49-04:00                                                                                                                                                                                                                                     
D4:D9:A6:ED:B3:9A  N/A - Rando  Sony Ericsson Mobile  Nordic Semiconductor ASA   f           t           Random           2016-07-21T16:08:54-04:00                                                                                                                                                                                                                                     
61:AB:F7:06:D9:E2  N/A - Rando  Apple, Inc. (76)      Broadcom Corporation (15)  f           t           Random           2016-07-21T16:07:19-04:00                                                                                                                                                                                                                                     
7F:A0:01:B3:52:7F  N/A - Rando  Apple, Inc. (76)                                 f           t           Random           2016-07-21T16:09:06-04:00                                                                                                                                                                                                                                     
62:99:40:D5:24:B5  N/A - Rando  Apple, Inc. (76)      Broadcom Corporation (15)  f           t           Random           2016-07-21T16:09:30-04:00                                                                                                                                                                                                                                     
7D:A2:A2:BA:30:FC  N/A - Rando                        Broadcom Corporation (15)  f           t           Random           2016-07-21T16:08:54-04:00

Security News - 7:00PM-8:00PM

Paul's Stories

1. "Guest Diary
2. Everything You Need To Know About Web Shells
3. Drone operator arrested for flying over wildfire
4. SeaWorld hacker and bomb hoaxer escapes prison sentence
5. Alex Gibney on Stuxnet and why we need to talk about cyberwar
6. "Adobe
7. Gotta Catch ‘Em All! – WORLDWIDE! (or how to spoof GPS to cheat at Pokémon GO) - Insinuator
8. Is Cloud Computing Really Secure? A Pragmatic Approach
9. Update now: Macs and iPhones have a Stagefright-style bug!
10. Ransomware on the Cheap
11. 15 Vulnerabilities in SAP HANA Outlined
12. EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers
13. The Mr. Robot Easter Egg Hunt Has Begun
14. Bruce Schneier Joins The Tor Project
15. Cisco Gives You Two Nasty Bugs To Fix Before The Weekend
16. "Thanks
17. Hackers Claim Credit For Crashing Pokemon Go
18. IoT Insecurity: Pinpointing The Problems
19. The coolest US agency is starting a ‘revolution’ to get rid of computer viruses
20. WikiLeaks under 'sustained attack' after announcing release of Turkey docs - CNET
21. IoT spurs surprise surge in assembly language popularity | InfoWorld
22. Criminals plant banking malware where victims least expect it | Ars Technica

Larry's Stories

Joff's Stories

Jack's Stories

Kevin's Stories

Michael's (Santa) Stories