From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 519

Episode Audio

Coming soon!

Recorded on June 22, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    Interview: Eric Conrad, SANS - 6:00PM-7:00PM

    Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.

    Five Questions

    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Tech Segment: Reverse Analyzing Attacks for Detection with Justin Henderson, SANS - 7:00-7:30PM

    Justin Henderson (@SecurityMapper) is a passionate security researcher with over a decade of experience in consulting. He is a SANS instructor and has had multiple opportunities to work on government contracts specializing in network monitoring systems and incident analysis. He also has had extensive experience in the healthcare industry. Justin is the 13th GSE to become both a red and blue SANS Cyber Guardian (less than 20 in the world) and holds over 50 industry certifications.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Bye Bye Chrome! Why We Switched to Firefox - I was skeptical, but pretty convincing. Also, I noticed FF was better at web site debugging, better views, get responses of all requests in a sortable tab, just better than Chrome.
    2. Talos Targets Disinformation with Fake News Challenge Victory
    3. Exclusive: Upcoming Windows 10 Version May Have Built-in EMET to Boost Security - See, better: However, we tried to reach out to two of the Microsoft researchers, one of them hasn't responded yet, while other denied commenting at this moment.
    4. Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits - Take away: make sure your software security "Audit" includes fuzzing.
    5. Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly - I gotta know more: The previous version of Brutal Kangaroo was named as EZCheese, which was exploiting a vulnerability that was zero-day until March 2015, though the newer version was using "unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system."
    6. No, WannaCry Is Not Dead! Hits Honda & Traffic Light Camera System
    7. Supreme Court Ignores EFF "Dancing Baby" Fair Use Case - The copyright owner in question is Universal Music Group, which issued a copyright takedown notice to Stephanie Lenz after she posted a video of her then three-year-old son, Holden, dancing to the Prince song "Let's Go Crazy." Universal is the copyright owner of "Let's Go Crazy." Lenz contested the video's removal, and it was eventually restored. But EFF sued Universal Music Group and said that Universal should be made to pay damages under a section of the Digital Millennium Copyright Act that bars false or misleading DMCA takedown notices.
    8. Mexico Spied On Journalists, Lawyers, And Activists
    9. No Recourse For The 200 Million Compromised Due To The RNC - "Affected people may not have a clear way to get recourse because most laws about data security and data breaches don't contemplate the kinds of harms we will see from what happened here," Monroe said. "Some states have laws requiring that businesses have reasonable security measures in place to protect personal information, but those laws are generally directed toward financial harms like identity theft. The information here, while many would consider it sensitive, probably wouldn't be subject to those laws." So, no recourse if your name, birthday and crap are leaked online. Sucks.
    10. GhostHook Attack Bypasses Windows 10 PatchGuard - This is neat, and no patch! The bypass, which has been nicknamed GhostHook, is a post-exploitation attack and requires an attacker already be present on a compromised machine and running code in the kernel. As a result, Microsoft said it will not patch the issue, but may address it in a future version of Windows, CyberArk said. And Microsoft's advice is SO LAME: “This technique requires that an attacker has already fully compromised the targeted system. We encourage our customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers,” a Microsoft representative said in a statement provided to Threatpost. Dear Microsoft, it would be better for you if you just didn't respond at all. A lame response is worse than no response, haven't you learned that from Apple?
    11. WannaCry Ransomware Blamed for Honda Car Plant Shutdown - Pure LOLZ: The plant was only shut down on June 19, with normal operations restored on June 20. Honda reportedly discovered the WannaCry infection on June 18 at Sayama, with no reports of its other plants being impacted.
    12. Drupal Patches Three Vulnerabilities in Core Engine - The YAML parser in Drupal 8, PECL, failed to handle PHP objects safely during operations with Drupal Core, according to the advisory. That could have opened it up to remote code execution. In case you were wondering...
    13. Microsoft Says Fireball Threat Overblown - Microsoft said it has been tracking Fireball infections since 2015 and that the malware has been consistently bundled with programs users are downloading when looking for apps, media, pirated games, or keygens that would activate certain software. The malware arrives in these “clean programs,” Microsoft said, which are used as host processes to load the malware and evade detection by security software. BUt, overblow...
    14. Average Cost of Breach Goes Down For the First Time Ever - The global average cost of a data breach last year dropped 11.4 percent from 2015 to $3.6 million. The reduction is attributed mostly to a strong U.S. dollar, with wins also offset by a 1.8 percent increase in the size of breaches in 2016. Pfft, Math. I think we are measuring the wrong thing. We should be measuring the impact of the breach, which may look like a different formula: Hard costs + reputation damage + customers lost as a result + ?, thoughts?
    15. Cisco Patches XXE, DOS, Code Execution Vulnerabilities - Fancy name: One of the issues, an XML External Entity (XXE) vulnerability, exists in versions 1.1 through 3.1.6 of Cisco’s Prime Infrastructure software. The vulnerability is dependent on an admin getting tricked into importing a malicious XML file. By doing so in the web-based user interface Cisco says an authenticated, remote attacker could achieve read and write access to data stored in vulnerable systems, or perform remote code execution.
    16. Two Arrested For Microsoft Network Intrusion - Over a three-month period earlier this year, the two men reportedly made repeated efforts to hack into Microsoft's network, according to the report. And while Microsoft notes no customer data was taken in the incident, it is not yet clear whether the group was able to access other information, the BBC noted. Big question: how did they do it? Bigger question: How do you do it without getting caught? Personal question: Do you own a wizard robe and how would you hack Microsoft?
    17. 2 handy yet hidden Chromebook security features - For me there is only one, A fresh Linux install :)

    Larry's Stories

    1. GirlScouts to get a Cyber Security Badge
    3. Cisco uses Machine Learning to "Solve" the encrypted traffic and malware problem
    4. The RNC Files...

    Jeff's Stories

    1. How an Entire Nation Became Russia’s Test Lab for Cyberwar