Paul's Security Weekly #572
Recorded August 23, 2018 at G-Unit Studios in Rhode Island!
- Make sure you register for our webcast with Javelin Networks entitled "How to Get Attackers to Contain Themselves", which will be airing on August 30th from 12 pm to 1pm EST. Go to securityweekly.com/javelin to sign up today!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
Interview: Tod Beardsley, Rapid7 - 6:00-6:45PM
Tod Beardsley is the Director of Research at Rapid7. He has over twenty five years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT Ops and IT Security positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod directs the myriad security research programs and initiatives at Rapid7, is a frequent speaker at industry conferences, and is a contributing author to a number of research papers produced by Rapid7. He can be uniquely identified at https://keybase.io/todb
https://opendata.rapid7.com/about/ <-- covers Sonar and Heisenberg, links can be followed from there.
https://www.rapid7.com/globalassets/_pdfs/research/rapid7-under-the-hoodie-2018-research-report.pdf <-- Under the Hoodie pentest report, I can yammer on that all day.
20/20/20 split, which will really be more like 40 sonar + heisenberg + national exposure (they all bleed into each other) and 20 on Under the Hoodie and pentesting stuff.
Tech Segment: Sven Morgenroth, Netsparker - 6:45PM-7:45PM
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.
- explanation of the different data types, like strings, integers, etc. and what they are used for
- Show an example of PHP code, where in certain scenarios, 0 == 'apples' returns true in PHP.
- Sven will explain why as such happens and also show other similar comparison examples that might lead to security issues., like the one in this article.
- This is when the fun starts. He will give a technical demo and show how these issues can lead to authentication bypass or be used for hash algorithm disclosure.
Security News - 7:45PM-8:30PM
- Artificial whiskey is coming, and one company is betting youll drink up
- Internet of Things (IoT): Cheat sheet
- 14 Of The Best Sex Toys For Treating Yourself (And Also Your Partner)
- The Untold Story of NotPetya, the Most Devastating Cyberattack in History
- How doorbell cameras are creating dilemmas for police, neighborhoods
- Spyware Company Leaves Terabytes of Selfies, Text Messages, and Location Data Exposed Online
- New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
- Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data
- Google sued for tracking you, even when 'location history' is off | ZDNet
- New Mirai Variants Leverage Open Source Project
- 6 Reasons Security Awareness Programs Go Wrong
- ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
- Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
- Study Shows Lax Security Leaves Rise-Sharing Apps Vulnerable to Attack
- Smart Kids Thermometer Coughs Up Digital Health Data to Hackers
- Malware Targeting Cash Machines Fetches Top Dollar on Dark Web
- Burp Suite 2.0 beta now available - And there is much rejoicing!
- Coffee delivery drone patented by IBM
- Facebook pulls its VPN from the iOS App Store after data-harvesting accusations
- Do we really need a CSO?