Episode298

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Episode Media

MP3

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 298 for Thursday August 2nd, 2012

  • Episode 300 of PaulDotCom Security Weekly will be recorded and streamed live on Friday August 31st in support of of a cure for Breast Cancer. We will broadcast live from 10am until 6PM Eastern time and the show will feature tech segments, round table discussions and special guests. Mark it on your calendars today!
  • In other admin related news, we're leaving Ning and moving onwards. Ning was cool, but now its a haven for SPAM. I want to thank everyone for participating. In the meantime please follow us on Twitter (@pauldotcom), Facebook (https://www.facebook.com/therealpauldotcom), and add me on Google+ (Paul Asadoorian, I will have a good email account for that soon). Don't forget to join our mailing list http://mail.pauldotcom.com and look for a newsletter in the not-too-distant future.

Teasers & Plugs

Interview with Kevin Finisterre of Accuvant

Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.


  1. How did you get your start in information security?
  2. What advice do you have for others just getting started in information security?
  3. In 2004 you were involved with the trifinite group, many of us used the tools that came from this project, how did it start and what were the motivations for attacking Bluetooth?
  4. How big is the Bluetooth security problem today? Have we fixed stuff or is it now just flying under the radar, outshined
  5. You've also spent a good amount of time finding vulnerabilities, what are some of your favorite tools and techniques for finding vulnerabilities?
  6. What are some of the most funny and/or interesting vulnerabilities that you've found (that you are comfortable talking about)?
  7. So wait, you can't just release SCADA vulnerabilities and exploits, right?
  8. In your experience, what are some of the differences between how Apple handles vulnerability disclosure vs. Microsoft?
  9. So if one wanted to 0wn a cop car, how would they do it?

Five Questions!