Episode361

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Episode Media

[MP3 pt1]

[MP3 pt2]

Announcements

Paul's Security Weekly - Episode 361 for Thursday February 6th, 2014

  • Security Weekly will be at the SANS ICS Summit from March 12-18th, doing a live podcast on Sunday night, covering the courses and attending the 2-day summit. Security Weekly subscribers can now enjoy a 20% off discount code! Use SecurityWeekly20 on checkout to get that discount applied. This conference will be held in Orlando at the Contemporary Resort & Convention Center in sunny Orlando, FL REGISTER NOW!
  • We are looking for sponsors for our weekly webcasts and shows. Contact paul -at- hacknaked.tv for details, there are still a few slots available!
  • SECURITY B-SIDES ORLANDO April 5-6th, 2014 : "COMMUNITY DRIVEN EVENT SEEKING TO BRING TOGETHER CENTRAL FLORIDA INFOSEC WITH A PASSION FOR MAKING, BREAKING, AND PROTECTING."
  • Paul will be speaking at this years Northeast Linux Fest which will be held on April 5 of 2014 at Harvard University and on April 6.

Guest Interview: Brian Richardson

Brian Richardson.png


Biography:

Brian Richardson is a Senior Technical Marketing Engineer with Intel Software and Services Group. After fifteen years of external experience with BIOS and UEFI, Brian joined Intel in 2011 to focus on industry enabling for UEFI. Brian has a Master's Degree in Electrical Engineering from Clemson University, along with five US patents and a variety of seemingly disconnected hobbies involving video production. Brian has presented at Intel Developer Forum, UEFI Plugfest, Windows Ecosystem Summit and WinHEC. Brian can be contacted via twitter at @Intel_Brian and @Intel_UEFI

  1. UEFI Forum website – www.uefi.org
  2. Intel UEFI Community Resource Center – www.uefidk.com
  3. Intel UEFI Community Resource Center Blog – www.uefidk.com/blog


Questions:

  1. What is UEFI?
  2. What is UEFI Secure boot?
  3. Is UEFI and UEFI secure boot going to be doing more with open platforms? linux,freebsd ect.
  4. What is a minnowboard?
  5. Have you seen any attacks on UEFI secure boot out there?



Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of Ass Grabby Grabby do you prefer to go first or second?
  5. Stranded in a desert island, which tablet would you bring along: a) iPad b) Surface c) Android d) All of the above e) None of the above?




Interview: Chris Taylor

Biography:

Chris has been in IT security since the late 90’s with his first role in network support by monitoring IDS and explaining how hackers were breaking into places and what they did once they were in. He now specializes in intrusion analysis and runs the professional services side of CyTech Services, overseeing the commercial consulting and managed security services.


  1. How did you get your start with forensics and Incident Response?
  2. Tell us about your experience with POS malware
  3. How are POS systems different in their defenses, than say, networks or computers?
  4. What kind of network or system artifacts have been the tell tale signs you've seen right away during a suspected breach?
  5. What are retailers NOT doing they should be paying more attention to?
  6. Some of the recent excuses by retailers affected by the malware is that it is "very sophisticated". Do you agree?
  7. What is the latest malware doing that you've found innovative or surprising?
  8. Tell us, in a general way, what comes to mind as you read about all these retail breaches. Is the reporting accurate or is there a lot more going on under the surface?
  9. One of the critiques about how the notifications and press releases are being issued is that the retailers actually know a lot more than they let on, but prefer to release the full extent in dribs and drabs until the public is either numb or uninterested in the final numbers. Do you find that accurate?

Stories


Paul's Stories

  1. "How I Lost My $50
  2. A chain is only as strong as its weakest link – DNS Hijack Monitoring | Corelan Team
  3. Reversing the WRT120N’s Firmware Obfuscation - /dev/ttyS0
  4. RFKiller/mass-deauth · GitHub
  5. DanMcInerney/wifijammer · GitHub
  6. SecUpwN/Android-IMSI-Catcher-Detector · GitHub
  7. Target Hackers Broke in Via HVAC Company
  8. Installing Nessus on Kali Linux and Doing a Credentialed Scan
  9. JavaScript: the one true language
  10. Exploring the Telephony Denial of Service (TDoS)
  11. Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: A Peek Inside a Customer-ized API-enabled DIY Online Lab for Generating Multi-OS Mobile Malware
  12. Mobile Malware Captures Keystrokes and Screengrabs | Threatpost - English - Global - threatpost.com
  13. Nest Team Will Become Google's Core Hardware Group
  14. Only Your Heartbeat Can Unlock This Bitcoin Wallet
  15. Wikipedia Remote Execution Vulnerability Patched | Threatpost - English - Global - threatpost.com
  16. Details Emerge on Latest Adobe Flash Zero-Day Exploit
  17. "Rare Twitter username ‘stolen’ | In2EastAfrica – East African news
  18. Target Hackers Used Stolen Vendor Credentials
  19. Chewbacca Attack Hits Shops In 11 Nations
  20. US Hotels Look Into Data Security Breach
  21. The Government Wants Our Cars To Talk To Each Other
  22. Windows XP Support Cut-Off Could Lead To Spam Boom
  23. "800
  24. Anyone Using POS Is At Risk
  25. Target traces security breach to stolen vendor credentials
  26. Toy Maker Hasbro’s Site Serving Drive-By Download Attacks
  27. "High-Volume DDoS Attacks Top Operational Threat to Businesses

Larry's Stories

Allison's Stories

  1. USA Still Global Spam King USA Number ONE
  2. DDoS attacks used to influence stock prices Interesting, and inevitable
  3. Obamacare, lol The Obamacare Security Nightmare: It Gets Worse

Jack's Stories of Hope and Joy

  1. Senators Introduce Bill to Protect Against Data Breaches (aka Trust us, we're from the government.) And I quote: "Under the proposal, businesses would receive incentives to adopt state of the art technologies [such as encryption]". Oh good. How about if you get back to us when your house (and senate) are in order.
  2. KPMG survey finds things you should hire KPMG to fix. If I had any faith in these kinds of surveys results like "85 percent of the 144 CFOs and CIOs questioned... said that they don’t know how to analyse the data they have already collected. Meanwhile, 54 percent said their greatest barrier to success was an inability to identify the data worth collecting" Full report available here. By the way, this report is a great example of why you should never use circular bar charts. Horrid dataviz.
  3. HVAC, Target, remote access and other updates from Brian Krebs.
  4. Good post from Dennis Fisher over at Threatpost on "Edward Snowden and the Death of Nuance".
  5. Oooh, Robocops for real. Well, ugly R2D2 wannabe robots for high crime areas, anyway.

Carlos Stories

Joff's Stories