Difference between revisions of "Episode596"

From Security Weekly Wiki
Jump to navigationJump to search
Line 14: Line 14:
=== Hosts ===
=== Hosts ===

Revision as of 20:34, 26 February 2019

Recorded February 28, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor

  • Announcements

    • RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to securityweekly.com/webcasts.

    Interview: Allan Liska, Recorded Future - 6:00-6:30PM

    Allan Liskais a Threat Intelligence Analyst at Recorded Future

    Allan Liska is a Threat Intelligence Analyst at Recorded Future. Allan has more than 15 years’ experience in the world of security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the coauthor of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

    Tech Segment: David Marble, OSHEAN - 6:30 - 7:30PM

    David Marble
    is the President & CEO at OSHEAN.

    David Marble is the President and CEO of OSHEAN Inc. in North Kingstown, Rhode Island. David brings over 30 years of experience in technology companies. He is experienced in operations planning, budget development and management as well as technical planning and project management. David is also on the Board of Directors and Secretary for the Northeast Research and Education Network (NEREN) as well as on the Board of Directors and Chair of the CEO Roundtable for The Quilt (The National REN coalition). David was the co-founder and director of operations of the Association for Authentic, Experiential and Evidence-Based Learning (AAEEBL). AAEEBL established affiliations and collaborations with nearly all worldwide ePortfolio initiatives and cultivated membership of over one hundred academic institutions. He is also the founding member of MetaLearning, a strategic consulting group working in the use of technology for advanced learning environments. From 2001- 2007, David was the Chief Operating Officer and VP of Business Development for TAZZ Networks working in policy networking and prior to that was VP of Optical Networks for Lucent.

    Security News - 7:30PM-8:30PM

    Paul's Stories

    YouTube Controversy

    The examples in this post https://pedimom.com/youtube-kids-inappropriate-videos/ are enough to make anyone want to turn off YouTube in your house and for your children. There are benefits to watching YouTube (my son developed a love for Marvel super heroes, which is awesome). However, when does the negative outweigh the positive? Most importantly, what will YouTube do about this? What can we as the security community do to help? (I promised my 5-year-old son that I'd ask all my hacker friends to track down the "bad people" on YouTube, and there are few things that are more upsetting than an disappointed child).

    1. Harassment, hate and bile, suicide instructions for kids... anything else social media's good at? Ah yes, cybercrime
    2. YouTube loses advertisers over "wormhole into pedophilia ring" - The companies pulled advertising days after YouTuber Matt Watson posted a video detailing what he calls "a wormhole into a soft-core pedophilia ring on YouTube." "YouTube's recommended algorithm is facilitating pedophiles' ability to connect with each other, trade contact info, and link to actual CP [child pornography] in the comments," Watson reported. "I can consistently get access to it from vanilla, never-before-used YouTube accounts via innocuous videos in less than ten minutes, in sometimes less than five clicks."
    3. Cyber expert says deleting Momo 'is not as straight forward as we think'
    4. Parents: don't panic about Momo – worry about YouTube Kids instead - YouTube’s key failing here is that it relies on a “flagging” system to find and purge inappropriate content, which means someone has to actually see the video in question and report it before anything can be done. Pre-moderation, where videos don’t make it on to YouTube Kids until they’ve been watched in full by a human being, is realistically the only way to keep the platform safe from malicious pranksters. But YouTube has shown no appetite for this, instead emphasizing its “robust” content-reporting features in its responses to these continual controversies. Also, I hate the flagging system as what happens when a group of people has a bone to pick with someone or some channel?


    1. A Case Study in Wagging the Dog: Computer Takeover
    2. Cloudborne IaaS Attack Allows Persistent Backdoors in the Cloud - Far from a targetted attack: “While physical servers are dedicated to one customer at a time, they don’t stay that way forever,” researchers explained in a Tuesday posting. “Servers are provisioned and reclaimed over time and naturally move from customer to customer. The issue is that all too often, the servers’ firmware is not re-flashed (overwritten to factory settings, essentially) when a server is reclaimed by the cloud provider to be moved on to a new user. This allows the firmware to persist from customer to customer, including any changes a malicious user might make to it. In the Cloudborne scenario, an attacker can first use a known vulnerability in Supermicro hardware (present in many cloud providers’ infrastructure, the firm said), to overwrite the firmware of a Baseboard Management Controller (BMC). BMCs are a third-party component designed to enable remote management of a server for initial provisioning, operating system reinstall and troubleshooting.
    3. PDF zero-day samples harvest user data when opened in Chrome - Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the specially-crafted PDF files in December 2018.
    4. Cisco SOHO wireless VPN firewalls and routers open to attack - This is still happening: The flaw is in the devices’ web-based management interface and arose due to improper validation of user-supplied data. By sending a malicious HTTP requests to a vulnerable device, an attacker may be able to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.
    5. Researchers and businesses need to work together to expose IoT vulnerabilities - Don't mess with my coffee, there is no tech in my french press coffee maker: Two new vulnerabilities have been unocovered within connected devices that allow hackers access to the personal lives of consumers, according to McAfee researchers. A vulnerability within BoxLock smart padlock enables hackers to unlock the device within a few seconds, and a vulnerability within the Mr. Coffee brand coffee maker with Wemo grants hackers access to home networks.
    6. Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals - DMA strikes again, balancing security and performance is tricky.
    7. Ring Doorbell Flaw Opens Door to Spying - However, BullGuard researchers found that audio and video footage sent from the doorbell to the app was transmitted in plaintext – meaning that an attacker could extract that data. “The data seems sensible, and therefore we might be able to extract it,” they said. “Using our handy videosnarf [VoIP Sniffer and security tool] utility, we get a viewable MPEG file. This means anyone with access to incoming packets can see the feed! Similarly, we can also extract the audio G711 encoded stream.”
    8. Bots Plague Ticketing Industry
    9. Vulnerability exposes the location of thousands of malware C&C servers - LOVE this: Over the past few years, Cobalt Strike slowly became the go-to toolkit for many threat actors, such as the FIN6 and FIN7 (Carbanak) cyber-criminal gangs, but also nation-state hackers such as APT29 (Cozy Bear) But unbeknownst to all these hacker groups was that Fox-IT researchers discovered a bug in the Cobalt Strike server component. Built on NanoHTTPD, a Java-based web server, crooks didn't know that it contained a bug that allowed Fox-IT to track them since 2015. According to Fox-IT researchers, the NanoHTTPD server accidentally added an additional space in the server's HTTP responses, like in the image below. This extra whitespace allowed Fox-IT to detect Cobalt Strike communications between beacons and their C&C servers across the years, until January 2, 2019, when Cobalt Strike developers patched the bug and removed the extra space in version 3.13.


    1. A basic question about TCP - From the time the phone system was created in the 1800s up until the 2007 release of the iPhone, phone companies wanted to control the applications that users ran on their network. The OSI Model that you learn as the basis of networking isn't what you think it is: it was designed with the AT&T phone network and IBM mainframes being in control over your applications. The creation of TCP/IP and the Internet changed this, putting all the power in the hands of the ends of the network. The version of the OSI Model you end up learning is a retconned model, with all the original important stuff stripped out, and only the bits that apply to TCP/IP left remaining.
    2. LDAP for AWS without Servers - Could Amazon (and other) become viable alternatives to MS Active Directory?
    3. Becoming Better At RSA - Becoming better appears to be the theme, what can we do better as a security community and/or industry?
    4. The Huawei controversy: Everything you need to know - The Chinese telecom giant may have run into its biggest trouble yet in late January when the US Justice Department unsealed indictments that included 23 counts pertaining to the theft of intellectual property, obstruction of justice and fraud related to its alleged evasion of US sanctions against Iran. But the core issue with Huawei has been concerns over its coziness with the Chinese government and fears that its equipment could be used to spy on other countries and companies. It's the reason why the US banned companies from using Huawei networking equipment in 2012.
    5. Security Firm to Offer Free Hacking Toolkit

    Lee's Stories