Difference between revisions of "Episode604"

From Security Weekly Wiki
Jump to navigationJump to search
 
(18 intermediate revisions by 5 users not shown)
Line 2: Line 2:
  
 
==Episode Audio==
 
==Episode Audio==
<!-- <div align="center">
+
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=496965687
+
|id=622542081
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 10: Line 10:
 
|visual=false
 
|visual=false
 
}}
 
}}
</div> -->
+
</div>
  
 
=== Hosts ===
 
=== Hosts ===
 
{{Template:Paul}}
 
{{Template:Paul}}
 +
{{Template:Matt}}
 
{{Template:Larry}}
 
{{Template:Larry}}
 
{{Template:LeeNeely}}
 
{{Template:LeeNeely}}
 +
{{Template:Jeff}}
  
 
<br><br>
 
<br><br>
  
 
= Announcements =
 
= Announcements =
*We just released our 2019 Security Weekly 25 Index Survey. Please go to [https://securityweekly.com securityweekly.com] and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
+
{{Template:Announcements}}
  
 
= Interview: Julian Zottl, Raytheon -  6:00-6:30PM =
 
= Interview: Julian Zottl, Raytheon -  6:00-6:30PM =
[[File:JulianZottl.jpg|right|250px|thumb|<center>'''[https://twitter.com/sabreofsd Julian Zottl]'''is the Cyber and Information Operations SME at [https://raytheon.com Raytheon]</center>]] Julian Zottl is a Cyber and Information Operations Subject Matter Expert (SME) for Raytheon Intelligence, Information and Services (IIS) business. IIS is a leader in intelligence, surveillance reconnaissance; advanced cyber solutions; weather and environmental solutions and information-based solutions for homeland security. It also provides training, logistics, engineering, product support, and operational support services and solutions for the mission support, homeland security, space, civil aviation, counter-proliferation and counterterrorism markets.
+
[[File:JulianZottl.jpg|right|250px|thumb|<center>'''[https://twitter.com/sabreofsd Julian Zottl]'''is the Cyber and Information Operations SME at [https://raytheon.com Raytheon]</center>]] Julian Zottl is a Cyber and Information Operations Subject Matter Expert (SME) for Raytheon Intelligence, Information and Services (IIS) business. IIS is a leader in intelligence, surveillance reconnaissance; advanced cyber solutions; weather and environmental solutions and information-based solutions for homeland security. It also provides training, logistics, engineering, product support, and operational support services and solutions for the mission support, homeland security, space, civil aviation, counter-proliferation and counterterrorism markets.<br><center>{{#ev:youtube|CYo74WzDTlM}}</center>
<!--<center>{{#ev:youtube|WJAiTXAvtRQ}}</center>-->
 
  
 
<br>
 
<br>
  
= Tech Segment: How to fix Identity and Access Management, Federico Simonetti - 6:30 - 7:30PM =
+
= Tech Segment: How To Fix Identity & Access Management, Federico Simonetti - 6:30 - 7:30PM =
[[File:FedericoSimonetti.jpg|right|250px|thumb|<center>'''[https://www.linkedin.com/in/backdream Federico Simonetti]'''is the CTO of [https://www.xiid.com/ Xiid Corporation]</center>]] - Former ethical hacker (DDT)<br>- Former professor of operating systems security at the University of Milan<br>- Developed software for the Italian anti-terrorism and anti-pedophile police<br>- Serial entrepreneur with several successful exits in his past<br>- Hardcore software designer, with award-winning software titles on his resume<br><br>Topic: How to fix Identity and Access Management<br> All IAM solutions are logically flawed from a security standpoint, they either ask for a synchronized copy of the identity database or for open inbound ports on the firewall. But there is a design that fixes all those issues, making IAM much safer.
+
[[File:FedericoSimonetti.jpg|right|250px|thumb|<center>'''[https://www.linkedin.com/in/backdream Federico Simonetti]'''is the CTO of [https://www.xiid.com/ Xiid Corporation]</center>]] - Former ethical hacker (DDT)<br>- Former professor of operating systems security at the University of Milan<br>- Developed software for the Italian anti-terrorism and anti-pedophile police<br>- Serial entrepreneur with several successful exits in his past<br>- Hardcore software designer, with award-winning software titles on his resume<br><br>Topic: How to fix Identity and Access Management<br> All IAM solutions are logically flawed from a security standpoint, they either ask for a synchronized copy of the identity database or for open inbound ports on the firewall. But there is a design that fixes all those issues, making IAM much safer.<center>{{#ev:youtube|LVLfl9LLlxs}}</center>
 
<br>
 
<br>
  
 
= Security News - 7:30PM-8:30PM =
 
= Security News - 7:30PM-8:30PM =
 
+
<center>{{#ev:youtube|rmaiXWFKw6U}}</center>
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
  
 
== Paul's Stories ==
 
== Paul's Stories ==
 
{{Template:PSWPaul604}}
 
{{Template:PSWPaul604}}
 +
 +
== Larry's Stories ==
 +
#[https://thrangrycat.com/ thrangrycat, Cisco 0-day, and the first exploit named with only emoticon….]
 +
#[https://mdsattacks.com/ MDS attacks, Rogue In-flight Data Load, and intel CPU hardware attacks.]
 +
#[https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ 0-day in Microsoft Remote Desktop Services, pre-authentication]
 +
#[https://arstechnica.com/information-technology/2019/05/the-radio-navigation-planes-use-to-land-safely-is-insecure-and-can-be-hacked/ Plane radio navigation can be hacked with a $600 SDR…easily thwarted, but this article puts all of the parts together.]
 +
#[https://arstechnica.com/information-technology/2019/05/google-warns-bluetooth-titan-security-keys-can-be-hijacked-by-nearby-hackers/ Google’s BLE titan security keys are easily hijacked]
 +
#[https://www-01.ibm.com/support/docview.wss?uid=ibm10883628 …and because IBM felt left 0ut RCE in WebLogic]
  
 
== Lee's Stories ==
 
== Lee's Stories ==
<br><br>
+
#[https://www.straitstimes.com/politics/parliament-fake-news-law-passed-after-2-days-of-debate Singapore passes anti-fake-news law] Requires debate to be based on a foundation of truth, honor and honesty. The definitions of falsehood and public interest in the bill remain concerns. This is one to watch.
 +
#[https://securityaffairs.co/wordpress/85426/hacking/gps-trackers-flaws.html White label GPS trackers hacked] Generic GPS trackers SIM can be reset by hackers to enable and change functionality such as enabling the microphone. Security appears to be an afterthought. Also the question of why these features exist in a GPS tracker comes to mind.
 +
#[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 Microsoft RDP/wormhole patch] Microsoft issues patch for RDP services to close RCE hole. Patch includes Windows XP update.
 +
#[http://arstechnica.com/information-technology/2019/05/whatsapp-vulnerability-exploited-to-infect-phones-with-israeli-spyware/ WhatsApp used to distribute malware] WhatsAPP on Android and iOS can be used to distribute malware. Update released 5.13 resolves the flaws.
 +
#[http://thehill.com/policy/cybersecurity/443152-lawmakers-offer-measure-requiring-cyber-it-training-for-house US House of Representatives requires Information Security trainng] The US House of Representatives is just requiring itself to complete annual cyber training. In today's threat environment, quarterly and monthly training is more the norm, and NIST SP 800-53 already requires it for federal information system users.
 +
#[http://www.fedscoop.com/supply-chain-threats-prompt-senate-legislation-training-acquisition-officials/ Supply Chain Security training legislated] Training proposed for acquisition officials on the heals of ASUS and other similar hardware issues. Supply chain defects bypasses traditional perimeter protections, and has to apply to anyone processing your dats.
 +
#[https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/ Cisco Router bug in boot Trust Anchor] While not being actively exploited, update your cisco routers NOW, check the [http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot Cisco Advisory] for specific products and updates
 +
#[https://www.computing.co.uk/ctg/news/3075802/zombieload-intel-security-flaw-speculative-execution New Zombieland Intel Security flaw using speculative execution] There are more and more flaws that exploit the speculative execution in Intel chips. They are getting media attention with sexy names and logos. Most are low-risk due to the level of direct intervention to exploit.
 +
#[https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/ Hackers add Magcart skimmer to Forbes online shopping cart] Hackers insert skimmer that collected card numbers, CCV, Expiration, home addresses, etc.
 +
 
 +
== Jeff's Stories ==
 +
Let's pause to remember one of the great Cryptologic Successes of World War II
 +
#[https://www.npr.org/2019/05/12/722629025/world-war-ii-veteran-and-navajo-code-talker-fleming-begaye-sr-dies-at-97 WWII Veteran and Navajo Code Talker Fleming Begaye Sr. Dies at 97]
 +
It's been a banner week for vulnerability disclosures...
 +
#[https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry Microsoft Issues Urgent Fix for Windows in First XP Patch since Wannacry] Wait, what? Nobody is still using XP are they???
 +
#[https://www.techradar.com/news/major-security-issues-found-in-cisco-routers Major Security Issues Found in Cisco Routers]
 +
#[https://arstechnica.com/information-technology/2019/05/whatsapp-vulnerability-exploited-to-infect-phones-with-israeli-spyware/ WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware]
 +
#[https://www.engadget.com/2019/05/15/intel-mds-exploit/ Install updates now to address a vulnerability in most Intel CPUs]

Latest revision as of 18:32, 10 July 2019

Recorded May 16, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Julian Zottl, Raytheon - 6:00-6:30PM

    Julian Zottlis the Cyber and Information Operations SME at Raytheon

    Julian Zottl is a Cyber and Information Operations Subject Matter Expert (SME) for Raytheon Intelligence, Information and Services (IIS) business. IIS is a leader in intelligence, surveillance reconnaissance; advanced cyber solutions; weather and environmental solutions and information-based solutions for homeland security. It also provides training, logistics, engineering, product support, and operational support services and solutions for the mission support, homeland security, space, civil aviation, counter-proliferation and counterterrorism markets.


    Tech Segment: How To Fix Identity & Access Management, Federico Simonetti - 6:30 - 7:30PM

    - Former ethical hacker (DDT)
    - Former professor of operating systems security at the University of Milan
    - Developed software for the Italian anti-terrorism and anti-pedophile police
    - Serial entrepreneur with several successful exits in his past
    - Hardcore software designer, with award-winning software titles on his resume

    Topic: How to fix Identity and Access Management
    All IAM solutions are logically flawed from a security standpoint, they either ask for a synchronized copy of the identity database or for open inbound ports on the firewall. But there is a design that fixes all those issues, making IAM much safer.


    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities - Help Net Security
    2. Passwords Are Dead, Long Live The Password
    3. A flaw in Google Titan Security Keys expose users to Bluetooth Attacks
    4. Severe Linux kernel flaw found in RDS
    5. Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability | US-CERT
    6. More Attacks against Computer Automatic Update Systems - Schneier on Security
    7. Google 0Day In the Wild project tracks zero-days exploited in the Wild

    Larry's Stories

    1. thrangrycat, Cisco 0-day, and the first exploit named with only emoticon….
    2. MDS attacks, Rogue In-flight Data Load, and intel CPU hardware attacks.
    3. 0-day in Microsoft Remote Desktop Services, pre-authentication
    4. Plane radio navigation can be hacked with a $600 SDR…easily thwarted, but this article puts all of the parts together.
    5. Google’s BLE titan security keys are easily hijacked
    6. …and because IBM felt left 0ut RCE in WebLogic

    Lee's Stories

    1. Singapore passes anti-fake-news law Requires debate to be based on a foundation of truth, honor and honesty. The definitions of falsehood and public interest in the bill remain concerns. This is one to watch.
    2. White label GPS trackers hacked Generic GPS trackers SIM can be reset by hackers to enable and change functionality such as enabling the microphone. Security appears to be an afterthought. Also the question of why these features exist in a GPS tracker comes to mind.
    3. Microsoft RDP/wormhole patch Microsoft issues patch for RDP services to close RCE hole. Patch includes Windows XP update.
    4. WhatsApp used to distribute malware WhatsAPP on Android and iOS can be used to distribute malware. Update released 5.13 resolves the flaws.
    5. US House of Representatives requires Information Security trainng The US House of Representatives is just requiring itself to complete annual cyber training. In today's threat environment, quarterly and monthly training is more the norm, and NIST SP 800-53 already requires it for federal information system users.
    6. Supply Chain Security training legislated Training proposed for acquisition officials on the heals of ASUS and other similar hardware issues. Supply chain defects bypasses traditional perimeter protections, and has to apply to anyone processing your dats.
    7. Cisco Router bug in boot Trust Anchor While not being actively exploited, update your cisco routers NOW, check the Cisco Advisory for specific products and updates
    8. New Zombieland Intel Security flaw using speculative execution There are more and more flaws that exploit the speculative execution in Intel chips. They are getting media attention with sexy names and logos. Most are low-risk due to the level of direct intervention to exploit.
    9. Hackers add Magcart skimmer to Forbes online shopping cart Hackers insert skimmer that collected card numbers, CCV, Expiration, home addresses, etc.

    Jeff's Stories

    Let's pause to remember one of the great Cryptologic Successes of World War II

    1. WWII Veteran and Navajo Code Talker Fleming Begaye Sr. Dies at 97

    It's been a banner week for vulnerability disclosures...

    1. Microsoft Issues Urgent Fix for Windows in First XP Patch since Wannacry Wait, what? Nobody is still using XP are they???
    2. Major Security Issues Found in Cisco Routers
    3. WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware
    4. Install updates now to address a vulnerability in most Intel CPUs