- 1 Paul's Security Weekly #583
- 2 Announcements
- 3 Interview: Jon Buhagiar, Sybex - 6:00-6:30PM
- 4 Tech Segment: John Moran, DFLabs - 6:30PM-7:00PM
- 5 Security News - 7:30 - 8:30PM
Paul's Security Weekly #583
Recorded November 15, 2018 at G-Unit Studios in Rhode Island!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to securityweekly.com/chronicle to register now! Did you miss one of our recent live webcasts? Not to worry, they are now available on-demand at securityweekly.com/ondemand.
- Sign up for Pandora Podcasting early access! Go to www.pandorapodcastbeta.splashthat.com to get access to our podcast on Pandora! The full release will be sometime in December.
Interview: Jon Buhagiar, Sybex - 6:00-6:30PM
Jon Buhagiar is responsible for Network Operations at Pittsburgh Technical College for the past 19 years. During this time, he has also taught Microsoft and Cisco certifications as an adjunct instructor for the School of Information Technology at PTC. During his teaching experience in higher education, he has developed and taught several of the networking certification tracks. He holds certifications in Cisco CCNA Routing and Switching, Microsoft NT4.0 MCSE, 2003 MCSE, 2008 MCITP, 2012 MCSE, CompTIA Network+, CompTIA A+ and a Bachelor of Science in IT Management. He has also published three books with Sybex; CCNA Routing and Switching Practice Tests: Exam 100-105, Exam 200-105, and Exam 200- 125, CompTIA Network+ Certification Kit: Exam N10-007, and CompTIA A+ Deluxe Study Guide 220-1002.
Originally working in the automotive industry as a corporate instructor, he taught business management systems to Goodyear employees. It was this passion of teaching others, which inspired him to learn networking and teach in a formal setting. His first teaching position was with Sawyer School for Microsoft certifications which he held for two years, during this time he became the department lead. Shortly after, he transitioned to a Network Administrator position at PTC and worked as an evening adjunct instructor. Over the past 19 years at PTC, he has successfully lead and executed projects for cost savings and service expansion such as: Virtualization (server and desktop), VOIP, Fiber Optic Buildouts (WAN and LAN) and Desktop Deployments.
The inspiration of teaching comes from a successful career of networking experience and his in depth knowledge of networking systems. Teaching this knowledge and sharing his experience in the classroom; is his motivation to continue to learn, teach, and develop Networking professionals for the IT industry.
Tech Segment: John Moran, DFLabs - 6:30PM-7:00PM
John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services. John’s background also includes various computer forensics and law enforcement roles.
John lives in Southern Maine with his two-year-old daughter. In his spare time, John enjoys good cigars and cheap whiskey.
Security News - 7:30 - 8:30PM
- Facebook flaw could have exposed private info of users and their friends
- 7 new Spectre, Meltdown attacks uncovered by security researchers - ARM and Intel said these new attacks can be mitigated by previously reported methods. Riiiiiight
- Japan's cybersecurity minister admits he's never used a computer - "If a hacker targets this Minister Sakurada, they wouldn't be able to steal any information. Indeed it might be the strongest kind of security!"
- WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities - Okay, this was for D-Link: As part of Defensics SafeGuard development, we uncovered a vulnerability in D-Link DIR-850L Wireless AC routers with hardware revision A. The vulnerability gives an attacker full access to a wireless network without needing credentials. Our method skips a critical step during access point connection, bypassing encryption altogether.
- Juniper Networks: Cryptomining Exploit Targeting Docker Containers - Yea, basically don't expose the Docker API, that's bad. https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
- Making PCI Requirement 8.3 Bulletproof and Simple - Why limit to just remote connections? Should be all authentication requests in my opinion.
- Should You Send Your Pen Test Report to the MSRC? - Wow, just Wow: Pen test reports sent to us commonly contain a statement that a product is vulnerable to an attack, but do not contain specific details about the attack vector or demonstration of how this vulnerability could be exploited. Often, mitigations are available to customers that do not require a change in the product code to remediate the identified security risk. I can't even believe we are having this conversation. The skills shortage seems to be with AD security, and its bad.
- Want To Hack An ATM For Free Cash? It's As Easy As Windows XP
- Firefox Will Start Alerting You To Recently Breached Sites
- Privacy advocates rank the creepiest tech gifts of 2018 - Very little evidence to support their claim of "creepy".
- Cybersecurity: Eight Ways You Can Boost Employee Buy-In
- AI Can Now Fake Fingerprints That Fool Biometric ID Scanners
- Some of the Most Popular Coding Languages Pose a Huge Security Problem - We need to shift ourselves from treating each memory unsafety vulnerability as an isolated incident, and instead treat them as the deeply rooted systemic problem they are. And then we need to invest in engineering research into how we can build better tools to solve this problem. hrm...
- Google Internet Traffic Hijacked by Russia and China?
- Mozilla Adds Website Breach Notifications to Firefox
- Bad news: 1-877-KARS4KIDS had a data breach. Worse news: now you’ll have that awful jingle stuck in your head all day
- Japan's cyber-security minister has 'never used a computer'
- U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service