Paul's Security Weekly #551
Recorded March 15, 2018 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
- Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
- InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!
Interview: Patrick Laverty, Rapid7 - 6:00-6:45PM
Patrick is a pentester for Rapid7, has done SIRT work for Akamai and was a web application developer at Brown University. Patrick got his start in security as an intern for Security Weekly in 2013! He has been helping to organize conferences since he and Paul put on the first ever (and maybe last ever) BSides Rhode Island, which smashed box office records! Since then, he has been a part of the BSides Boston organizing team and decided to venture off on his own to create Social Engineering RI with Lea Snyder.
Security News - 6:45PM-7:45PM
- [remote MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution]
- What John Oliver gets wrong about Bitcoin
- Memcrashed Memcached DDoS Exploit Tool
- Flash, Windows Users: Its Time to Patch
- Pwn2Own 2018 Hackers Earn $162K for Safari, Edge, VirtualBox Exploit
- Microsoft Starts Buying Speculative Execution Exploits
- Linus Torvalds slams CTS Labs over AMD vulnerability report
- Pre-Installed Malware Found On 5 Million Popular Android Phones
- Hyperbole Swirls Around AMD Processor Security Threat
- VMware Releases Security Updates
- Now we know why Siri was so dumb for so long
- Newly discovered router malware is a masterpiece
- This Is What Happens When Bitcoin Miners Take Over Your Town
Interview: Dick Wilkins, Phoenix Technologies - 7:45PM-8:30PM
Richard ‘Dick’ Wilkins is an Associate Professor of Computer Science at Thomas College in central Maine and is Principal Technology Liaison for Phoenix Technologies, a USA based system boot firmware development company. He is active in several international standards bodies (TCG, UEFI, PCI-SIG, DMTF, ACPI, and others) and sits on the board of the Unified Extensible Firmware Interface (UEFI) Forum. He is a leader in the Institute for Electrical and Electronic Engineers (IEEE) and in their Computer Society and is active in the Association for Computing Machinery (ACM) and Project Management Institute (PMI). He has over 30 years’ industry experience in roles from software engineer to director of engineering at companies including Hewlett-Packard, Microsoft, Amazon, Digital Equipment Corp. and others.
Professor Wilkins travels extensively to Taiwan, Japan and around the USA to deliver presentations on Cyber Security of computing systems and consults with several multinational companies.
- What are some of the security implications for UEFI?
- Why do some people seemed to be freaked out about the security of UEFI?
- Isn't it a good thing to have a platform that can be easily updated?
- What is your experience with bootloaders on embedded systems?
- Why don't more embedded systems use UEFI?
- What is the UEFI forum?
- What are the goals of the UEFI forum?
- What are some of the really cool implementations of UEFI?
- What's next for UEFI?
- What would a replacement for UEFI look like in the future?