Recorded February 14, 2019 at G-Unit Studios in Rhode Island!
- 1 Episode Audio
- 2 Announcements
- 3 Interview: Harry Sverdlove, Edgewise - 6:00-6:30PM
- 4 Tech Segment: Enterprise-ish Network Security - Part 1 - The Components- 6:30 - 7:30PM
- 5 Security News - 7:30PM-8:30PM
- RSA Conference 2019 is coming up March 4 - 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request! Submission deadline for interviews or briefings is February 22nd @ 3:00pm ET.
- Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- OSHEAN is hosting RI Cybersecurity Exchange Day on March 13th at the O'Hare Academic Building at Salve Regina in Newport, RI! Register Now @ OSHEAN.org/events.
- SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting secureworldexpo.com and using the code 'SecurityWeekly'.
Interview: Harry Sverdlove, Edgewise - 6:00-6:30PM
Tech Segment: Enterprise-ish Network Security - Part 1 - The Components- 6:30 - 7:30PM
There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling and OPNSense and pfSense.
https://www.amazon.com/dp/B074XPR3VJ/?coliid=I1LUWJ263F88IR&colid=YNABNID4NRUW&psc=0&ref_=lv_ov_lig_dp_it - QOTOM Q355G4 w/ 8GB RAM 16GB SSD, Industrial PC Gateway Firewall Router for pfSense - Intel i5 AES-NI, 4 Gigabit NICs
https://www.amazon.com/dp/B00WD017BG/?coliid=I2GPE79Z669RDM&colid=YNABNID4NRUW&psc=0&ref_=lv_ov_lig_dp_it - Cat 6 Ethernet Cable 100 ft Flat White, Slim Long Internet Network Lan patch cords, Solid Cat6 High Speed Computer wire with clips & Rj45 Connectors for Router, modem, faster than Cat5e/Cat5, 100 feet
https://www.ebay.com/itm/Cisco-WS-C3560G-48TS-E-48-Port-10-100-1000-3560G-Switch-1-Year-Warranty/232160253731?hash=item360dd45723:g:6xYAAOSwB09YPziv:rk:1:pf:0 - Cisco WS-C3560G-48TS-E 48-Port 10/100/1000 3560G Switch - 1 Year Warranty
https://www.amazon.com/gp/product/B01D92SSX6 - Vilros Raspberry Pi 3 Kit with Clear Case and 2.5A Power Supply
Security News - 7:30PM-8:30PM
- How to Defend Against The runC Container Vulnerability - Lots of ways to detect this: identified the modification of both the container’s “/bin/sh” and the host’s “/usr/bin/docker-runc.” We also would have notified customers of the outbound network connection from the host for the reverse shell.
- InfoSec Institutes Top Podcasts to Take Your Computer Skills to the Next Level
- Ten Quotes to Get Your Boss to Take IT Security Seriously- I like this one: “One of the tests of leadership is the ability to recognize a problem before it becomes an emergency.” – Arnold H. Glasow Author & Businessman
- Oh Snapd! Gimme-root-now security bug lets miscreants sock it to your Ubuntu boxes - The vulnerability is found in Snapd, Canonical's open-source toolkit for packaging and running applications via systemd. Exploiting the flaw would allow an attacker to elevate their access from unprivileged process to that of the root user, essentially allowing a complete takeover of the system. Moberly found that, by abusing the way Snapd's API handles HTTP data requests, the tool could be tricked into believing the user has a uid of 0, aka the root user.
- IoT providers need to take responsibility for performance
- USB Cable with Embedded Wi-Fi Controller - When plugged into a Linux, Mac, or Windows computer, this cable is detected by the operating system as a HID or human interface device. As HID devices are considered input devices by an operating system, they can be used to input commands as if they are being typed on a keyboard. Created by security researcher Mike Grover, who goes by the alias _MG_, the cable includes an integrated WiFi PCB that was created by the researcher. This WiFi chip allows an attacker to connect to the cable remotely to execute command on the computer or manipulate the mouse cursor.
- Is Porn Becoming a Monopoly? Member Feature Stories
- Security Spills: 9 Problems Causing the Most Stress
- How to Create a Dream Team for the New Age of Cybersecurity - Alternatively, CISOs can choose to outsource parts of the security function to expert managed security service providers (MSSPs). No matter how you choose to assemble your team, it is critical that your security team understands your specific business and network context as well as your focus on improving cyber-resilience, and have the needed skills and tools to protect business-critical assets while continuously improving security posture.
- Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018
- Threatpost Poll: Over Half of Firms Asked Struggle with Mobile Security
- Big Themes Set to Emerge at RSA Conference 2019
- New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage
- Researchers hide malware in Intel SGX enclaves
- Valentine's Day PSA: No Sweethearts This Year!
- Why It's Way Too Easy to Sell Counterfeit Goods on Amazon Two-year old article but a continuing problem for No Starch Press
- RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts I'm not gonna say, "I told you so..."
- You CAN Get a Windows 95 Emulator for Windows 10, Linux, or MAC now I just have to find all my old 'Return to Zork' CD's
- DEF CON Goes to Washington
- Former US Counterintelligence Agent Charged with Espionage on Behalf of Iran
- Hacking cranes with RF
- Inside Ubiquiti discovery service, and finding bugs
- Company sues employee for falling for a phishing attempt
- Reverse RDP attack, running code on the clients
- Hacking android with just a PNG
- Guess what, I got nothing because Paul and Jeff took all the good ones.
- Happy Valentines day people. Hope you managed to avoid the romantic landmines that abound. Oh yeah, "Oh SNAP"... D! That made your day, and you know it.