Difference between revisions of "Episode603"
|Line 21:||Line 21:|
= Announcements =
= Announcements =
*our .to /
and to ,
, the . will be .
= Interview: Lesley Carhart, Dragos Inc. - 6:00-6:30PM =
= Interview: Lesley Carhart, Dragos Inc. - 6:00-6:30PM =
Revision as of 15:43, 9 May 2019
Recorded May 9, 2019 at G-Unit Studios in Rhode Island!
- Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you’re interested in, we’ve created our new listener interest list! Sign up for list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Register for our upcoming webcasts with Kaseya & SaltStack by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!
- Attending KubeCon and CloudNativeCon Europe 2019 in Barcelona May 20-23, 2019? Join your peers at the Cloud-Native Transformation Summit 2019 hosted by Sysdig on May 20th. Our very own Matt Alderman will be emceeing the event. Pre-registration is required. You can add it on during your KubeCon + CloudNativeCon registration.
Interview: Lesley Carhart, Dragos Inc. - 6:00-6:30PM
]] Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Some people, certification companies, and awards presenters think she might be pretty okay at it. In her free time, she fights (willing?) people with knives, and answers people’s infosec questions on Twitter instead of sleeping. Her goal in 2019 is to earn enough exp to become a level 14 rogue.
Interview: Chris Sanders, Applied Network Defense & Rural Technology Fund - 6:30 - 7:30PM
Chris Sanders is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. He is the author of Applied Network Security Monitoring and Practical Packet Analysis. You can connect with Chris on his blog at http://www.chrissanders.org or on Twitter @chrissanders88.
Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense at http://www.appliednetworkdefense.com and the RTF at http://www.ruraltechfund.org.
Security News - 7:30PM-8:30PM
- Locked Computers - Schneier on Security - Best part is from the comments: The problem? Mice were stolen regularly. We've made a contraption: got out one unused backplate from each case, drilled two holes through it and ran mouse cable through them (plus some rubber padding). Then we screwed the backplates back in and closed the cases. The cable run from the serial port plug through the drilled backplate (in and out) and then to the mouse itself. You couldn't steal the mouse now without cutting the cable or opening the locked case. Problem solved - for some time.Some time later someone - probably out of frustration that he can't steal mice - stole all the balls from them. That was over the top. We've closed the venue and posted a message "Closed until all balls are returned". Some patrons must have got really angry at the thief and had a few pleasant words with him - the balls were found in a bag near the door next morning...
- Choosing Imagery for Your Security Awareness Program - If the only tip you take from this article is this, you are winning: Instead, look for imagery that works to evoke emotion. You can do this with imagery that is positive, colorful, and inviting. Unexpected image compositions can also help give a modern look and feel to your campaign.
- Top 5 Configuration Mistakes That Create Field Days for Hackers - Sometimes I believe we complicate security too much. This article highlights 1. Default passwords 2. Password re-use 3. Exposed remote management services 4. Missing patches 5. Logging disabled or non-existent.
- Quantifying Measurable Security - Okay, but so why is Android not-so-secure? Both Android and Chrome OS have dedicated security teams who are tasked with continually enhancing the security of these operating systems through new features and anti-exploitation techniques. In addition, each team leverages a mature and comprehensive security development lifecycle process to ensure that security is always part of the process and not an afterthought.
- Facial recognition will not ensure public safety and heres why - This is why it will never work: Detecting faces means also detecting emotions: if you look worried, angry or nervous, the machine will spot it, and think maybe, you’re up to no good…
- WordPress 5.2 Brings New Security Features | SecurityWeek.Com - For the first release, WordPress will (by default) soft-fail if the signature is not valid. In future releases, the default will be configured to a hard failure. The reason for this unsafe default is to ensure updates aren't blocked if there’s a bug in the update code, Okay great, you are validating software updates. WTF, is this really how attackers are exploiting Wordpress? No. It's through the plugins. Good solution, wrong problem to solve.
- Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware
- Securing satellites: The new space race - Help Net Security - Okay, sign me up: For hackers with deeper pockets, they could realistically launch their own CubeSat into orbit and then conduct hacking operations from there. The benefits are primarily related to proximity to other satellites and not having to wait for a satellite to pass over the ground station to perpetrate an attack. Whatever the method, compromising a satellite is now a realistic and attainable opportunity for hackers.
- MobileIron introduces zero sign-on technology to eliminate passwords - Help Net Security
- How to Communicate Privately in the Age of Digital Policing
- Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked - This is not a big deal for two reasons: 1) Most Alpine containers do not contain a shell (and certainly you can configure them that way), minimizing the likelyhood that PAM can even be accessed to exploit this flaw 2) This only gets you "root" inside the container, not the host system or any other containers.
- Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - VICE
- San Diego man arrested after rifle-shaped bong causes gun scare - I mean okay, for one marijuana is legal in CA. Two, I mean people in CA love their weed, so I can see people getting bored and being like "Dude, ya know man, we should get a bong that's a rifle, like a rifle bong". And if you do that in comfort of your own home, not having to drive or have much other responsibilities, I'm cool with it. However, they smoked out of this thing in a hotel room in full view of a WINDOW. Common sense was absent that day.
- 'Software delivered to Boeing' now blamed for 737 MAX warning fiasco
- Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers
- Extinguishing the IoT Insecurity Dumpster Fire
- Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2 - If you're going to run Linux, just run Linux... I do want to see a lower cost device, that actually works, that is a small computer that sits in a PCIe slot that you can run Linux on. Heck, I run Linux and I'd still buy one just to have an extra Linux box in my computer.
- Amazon workers purloin $100,000 worth of Apple Watches | Cult of Mac
- Tribe of Hackers Summit The event was live streamed, so here's the whole enchilada (I'm sorry, taco)
- Freedom Mobile Server Leak Exposed Customer Data Log files, that explains it. But why were they passed to a third party?
- No Reason to Ship Credit Card Data to Third Parties, Says Former Freedom Mobile CISO So much wrong with what is described here - and all fingers point to Freedom Mobile not the third party
- Microsoft WSL 2 Announced WLS 2 will include a Linux kernel, with better integration. Still includes Debian package manager.
- Discontinued Insulin pump with security flaw in high demand Users are hacking old Insulin pumps, using OpenAPS, to provide looping of insulin for better quality of life.