Changes

From Security Weekly Wiki
Jump to navigationJump to search
5,351 bytes added ,  17:58, 13 May 2019
no edit summary
==Episode Audio==
<!-- <div align="center">
{{#widget:SoundCloud
|id=496965687618656553
|width=75%
|height=100
|visual=false
}}
</div> -->
=== Hosts ===
{{Template:Larry}}
{{Template:Jeff}}
{{Template:Joff}}
{{Template:LeeNeely}}
= Announcements =
*We just released Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you’re interested in, we’ve created our 2019 Security Weekly 25 Index Surveynew listener interest list! Sign up for list and select your interests by visiting: securityweekly. Please go com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to [https:/securityweekly.com/guests and enter your suggestions!*Register for our upcoming webcasts with Kaseya & SaltStack by going to securityweekly.com /webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com] /ondemand*Security Weekly is returning to Vegas this August for BlackHat and click the Survey link DefCon! If you would like to help us understand who's evaluatingrequest a briefing or sponsor an interview on-site at BlackHat, usingplease go to securityweekly.com/booking and submit your request!*Attending KubeCon and CloudNativeCon Europe 2019 in Barcelona May 20-23, or formerly used any of 2019? Join your peers at the Security Weekly 25 companiesCloud-Native Transformation Summit 2019 hosted by Sysdig on May 20th. The results Our very own Matt Alderman will be summarized and presented back to all responders in a private webcastemceeing the event. Pre-registration is required. You can add it on during your KubeCon + CloudNativeCon registration.
= Interview: Lesley Carhart, Dragos Inc. - 6:00-6:30PM =
[[File:LesleyCarhart.jpg|right|250px|thumb|<center>'''[https://twitter.com/hacks4pancakes Lesley Carhart]'''is the Principal Threat Analyst at [https://dragos.com/ Dragos Inc.]]</center>]] Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Some people, certification companies, and awards presenters think she might be pretty okay at it. In her free time, she fights (willing?) people with knives, and answers people’s infosec questions on Twitter instead of sleeping. Her goal in 2019 is to earn enough exp to become a level 14 rogue.<!--<center>{{#ev:youtube|WJAiTXAvtRQKRUKpPl841I}}</center>-->
<br>
* What has it been like moving from IT security to OT security?
* Do you find it difficult to earn the trust of OT folks in ICS? If you haven't walked a mile in their shoes, they tend to find people who have and trust them much more.
* DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?
* What are some common misconceptions that we can dispell about ICS security:
** The state of ICS security - is it totally horrible and like hacking in the 90s all over again?
** Why are there so many security issues in ICS? We are defending critical infrastructure, yet most financial organizations are light years ahead on the security front? True?
** How are the ICS industries dealing with the problems? Which industries are making the most progress? Which ones are making little progress?
** Why are so many legacy systems in use in ICS?
** Legislation will solve all of our problems, right?
** What ICS threats really keep you awake at night?
* Tell us about your crazy smart apartment antics
= Interview: Chris Sanders, Applied Network Defense & Rural Technology Fund - 6:30 - 7:30PM =
[[File:ChrisSanders.jpg|right|250px|thumb|<center>'''[https://twitter.com/LogRhythm Chris Sanders]'''<br>is the Founder of [https://chrissanders.org/about/ Applied Network Defense & Rural Technology Fund].</center>]] Chris Sanders is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. He is the author of Applied Network Security Monitoring and Practical Packet Analysis. You can connect with Chris on his blog at http://www.chrissanders.org or on Twitter @chrissanders88.<br><br>Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense at http://www.appliednetworkdefense.com and the RTF at http://www.ruraltechfund.org. <center>{{#ev:youtube|eHGJnGJwfWM}}</center>
<br><br>
 
# How did you get your start in information security?
# What prompted you to be a leader and a teacher in our field?
# Why did you set out to author "Applied Network Security Monitoring and Practical Packet Analysis"?
# With security shifting to applications, users and data, how important is network security when users are mobile? Apps are in the cloud? Data is accessed from all over?
# What network security concepts do you believe will carry forward into the future for years to come?
# I just have to know the story behind the free course on the Cuckoos Egg.
# What does Applied Network Security do? How many people? When did it start?
# What other courses do you offer? Do you teach them all?
# What is the most popular course and why?
# Tell us about the Rural Technology fund, what is its mission and how did it start?
# Is data destruction on old hardware an issue preventing companies from donating hardware?
# Is this a global or regional effort?
# How can the community get involved?
= Security News - 7:30PM-8:30PM =
 <!-- <center>{{#ev:youtube|iPHM80z9D9kEvyhDKGz5kc}}</center>-->
== Paul's Stories ==
== Larry's Stories ==
#[https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/ Tenants win rights to have physical keys over smart locks]
#[https://www.scmagazine.com/home/security-news/lightneuron-backdoor-receives-secret-commands-via-microsoft-exchange-email-servers-russian-link-suspected/ backdoor getting commands from exchange]
#[https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies Russians compromise three major AV companies]
#[https://www.cnet.com/news/ever-app-reportedly-trained-facial-recognition-tech-on-users-photos-without-telling-them/ Ever, a photo storage and backup app, reportedly used millions of images uploaded to the service to train a commercial facial recognition system that it offers to law enforcement and private companies. The problem, according to NBC News, Ever didn't disclose this to its app users.]
#[https://www.scmagazine.com/home/security-news/hackers-hold-275m-records-on-indian-citizens-for-ransom-after-removing-them-from-open-database/ One week after a researcher revealed a publicly configured database exposing more than 275 million sensitive records on Indian citizens, a hacking group removed that data and replaced it with an apparent ransom note.]
== Jeff's Stories ==
#[https://youtu.be/NLXqnCzFwY8 Tribe of Hackers Summit] The event was live streamed, so here's the whole enchilada (I'm sorry, taco)
#[https://techcrunch.com/2019/05/07/freedom-mobile-data-leak/ Freedom Mobile Server Leak Exposed Customer Data] Log files, that explains it. But why were they passed to a third party?
#[https://www.itworldcanada.com/article/no-reason-to-ship-credit-card-data-to-third-parties-says-former-freedom-mobile-ciso/417823 No Reason to Ship Credit Card Data to Third Parties, Says Former Freedom Mobile CISO] So much wrong with what is described here - and all fingers point to Freedom Mobile not the third party
#[https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/ “RobbinHood” ransomware takes down Baltimore City government network]
== Lee's Stories ==
#[https://devblogs.microsoft.com/commandline/announcing-wsl-2/ Microsoft WSL 2 Announced] WLS 2 will include a Linux kernel, with better integration. Still includes Debian package manager.
#[https://www.theatlantic.com/science/archive/2019/04/looping-created-insulin-pump-underground-market/588091/ Discontinued Insulin pump with security flaw in high demand] Users are hacking old Insulin pumps, using OpenAPS, to provide looping of insulin for better quality of life.
 
== Johnny's Stories ==
#[https://threatpost.com/airbnb-hidden-camera-bedroom/144508/ Airbnb Superhost Secretly Recorded Guests with Hidden Bedroom Camera] The article states: "The unfortunate guest told local news outlets that she worked in information security, and so was more vigilant than the average person when it came to always checking her hotel rooms for signs of surveillance devices. After inspecting and unscrewing the router, the guest found that there was a digital memory card inside." - Honestly, amazing discovery of a hidden camera. Who would think to look inside the router, finding a hidden cam, and then finding out the AirBnB host was filming people in the bedroom since March 19'. Hats off, and check your s#&*!!
 
<br><br>
1,067

edits

Navigation menu