paul@securityweekly.com

Paul's Security Weekly

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Interviews, How-Tos and more!
Paul's Security Weekly

Description

For the latest in computer security news, hacking, and research! We sit around, drink cocktails, and talk security.

Categories

Technology

Episodes

Jazz Hands - Paul's Security Weekly #561

May 26, 2018 02:00:46

Description:

This week, we interview Steven Bellovin, the Professor of Computer Science at Columbia University! For the Technical Segment, we're joined by Sven Morgenroth, Security Researcher at Netsparker! In the news, GDPR's impact on U.S. consumer privacy, DOJ Sinkholes, FBI seizes domain from Russia, Floridian man gets tasered while naked carrying cooking oil, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode561

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

I've Taken Over - Enterprise Security Weekly #92

May 24, 2018 51:46

Description:

This week, John Strand returns and runs the show solo, presenting his Technical Segment entitled "Build A Purple Team"! In the news, we have updates from Skybox, Wombat Security, McAfee, AlgoSec, and more, on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode92

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Just Go With It - Application Security Weekly #17

May 23, 2018 01:03:44

Description:

This week, Keith and Paul interview James Wickett, Head of Research at Signal Sciences! In the news, we have updates from Nest, Node.js, Google, F.Secure, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode17

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Rainbows and Skittles - Business Security Weekly #86

May 22, 2018 01:20:16

Description:

This week, Michael and Paul interview Corey Thuen and Kristopher Watts, Founders of Gravwell! In our second feature interview, Michael and Paul talk with Terry Mason on how to build a Third Party Risk Management program from the ground up! In Tracking Security Innovation, we have updates from Capital One, TransUnion, Auth0, Tanium, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode86

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sandy Lube - Paul's Security Weekly #560

May 19, 2018 02:20:26

Description:

This week, we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club! Paul will deliver the Technical Segment this week entitled "Configuring Your Own Travel Router with OpenVPN"! In the news, we have updates from Google, Nest, VMware, RedHat, ,and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode560

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

Very Special Friend - Enterprise Security Weekly #91

May 17, 2018 57:30

Description:

This week, Paul interviews Ron Gula, Co-Founder of Tenable and Founder of Gula Tech Adventures! In the news, we have updates from ServiceNow, Red Hat, ExtraHop, SailPoint, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode91

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Live at SOURCE Boston - Enterprise Security Weekly #90

May 16, 2018 57:19

Description:

Thomas Fischer joins us at Source Boston 2018. Thomas Fischer tells Paul about his talk at Source Boston on "GDPR: Why it Matters Now!". Michael Santarcangelo joins Paul Asadoorian at Source Boston 2018 for an Enterprise Security Weekly interview. Michael Santarcangelo is the Founder of Security Catalyst, author of "Into the Breach", creator of the Straight Talk Framework, and host of Business Security Weekly. Apollo Clark, a well-known name on the Security Weekly network, joins us at Source Boston to discuss his talk on Malicious User Stories.

 

Visit http://securityweekly.com/esw for all the latest episodes!

Happy Dances - Application Security Weekly #16

May 16, 2018 57:56

Description:

This week, Keith and Paul interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Uber, WhatsApp, Microsoft, and more on this episode of Application Security Weekly!

 

→Full Show Notes: https://wiki.securityweekly.com/ASW_Episode16

 

→Visit https://www.securityweekly.com/asw for all the latest episodes!

Tickling My Fancy - Business Security Weekly #85

May 15, 2018 01:23:25

Description:

This week, Michael and Paul interview George Finney, Chief Security Officer at Southern Methodist University! In the Article Discussion, "Why People Really Quit Their Jobs", "Why You Need an Untouchable Day Every Week", and more! In Tracking Security Innovation, we have updates from PhishLabs, Avast, SafeBreach, Red Canary, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode85

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Creating An Awesome Dish - Application Security Weekly #15

May 9, 2018 01:04:43

Description:

This week, Keith and Paul continue to talk about building your AppSec program! In the Learning and Tools Segment, Keith and Paul discuss Snipe-IT: Open Source Asset Management, Astra: Automated Security Testing for REST API's, GREP: A whiteboard by Julia Evans, and more! In the news, we have updates from Twitter, Meltdown, JavaScript, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode15

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Interruptions Are Bad - Business Security Weekly #84

May 8, 2018 01:17:22

Description:

This week, Michael and Paul interview Senior Attorney, Elizabeth Wharton! In the Article Discussion, the work required to have an opinion, why email is so stressful, productivity, and more! In Tracking Security Innovation, we have updates from Carbon Black, Trusted Key, Namogoo, IronNet Cybersecurity, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode84

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

WAF Out Loud - Paul's Security Weekly #558

May 4, 2018 01:53:58

Description:

This week, we interview Leonard Rose, Principal Security Archtiect of Limelight Networks! In the news, we have updates from Cisco, Drupalgeddon, Facebook, Twitter, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode558

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

On The Road - Enterprise Security Weekly #89

May 4, 2018 01:54:00

Description:

This week, Paul and John interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Cisco, IBM, LogRhythm, ServiceNow, and more! In our final segment, we are joined by Security Weekly's own Jeff Man, who will give us an RSA Vendor Wrap-Up! All that and more, on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode89

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Save The Developers Time - Application Security Weekly #14

May 3, 2018 58:08

Description:

This week, Paul and Keith discuss Building Your AppSec Program and how to get started! In the news, we have updates from Microsoft, Android, the FDA, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode14

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

That's What Keeps Me Going - Business Security Weekly #83

May 2, 2018 01:30:46

Description:

This week, in the Programming Update and Discussion, Michael and Paul discuss the Value Prop Scoreboard, Book Club Segment, Regular Audience-Driven Segment, and more! In Tracking Security Innovation, we have updates from Carbon Black, Avast, Scality, & Minim! In our final segment, we air our Pre-Recorded interview with CEO of DomainTools, Tim Chen, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode83

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Bigger Than My Home - Application Security Weekly #13

May 2, 2018 01:09:50

Description:

This week, Paul and Keith discuss Drupal 7 and 8 core critical releases, Irony of Leaky App at RSAC not lost on attendees, avoiding XSS in React is still hard, and more! In our Pre-Recorded interview, Paul and Keith sit down with Rami Sass, CEO and Co-Founder of WhiteSource, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode13

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

It Was An Honor - Paul's Security Weekly #557

Apr 29, 2018 02:33:32

Description:

This week, we interview Founder and Product Manager of Netsparker, Ferruh Mavituna! In the Topic Segment, our very own Jeff Man gives us a recap of RSAC! In the news, we have updates from Equifax, John McAffe, Amazon, GitHub, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode557

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

That Seems Political - Enterprise Security Weekly #88

Apr 27, 2018 01:22:53

Description:

This week, John Strand and I interview Lenny Zeltser and Eddy Bobritsky of Minerva Labs! In our Technical Segment, we're joined by the one and only Eyal Neemany of Javelin Networks to talk about how AD Domain Trusts and Forest Trusts operate! In the news, we have updates from RSA, Fortinet, Twitter, SANS, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode88

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Exceeded The Limit - Business Security Weekly #81

Apr 18, 2018 01:25:50

Description:

This week, Michael Santarcangelo is joined by Shawn Tuma, Cybersec & Data Privacy Attorney at Scheef & Stone, LLP! Shawn sticks around to sort the good advice from the misinformation surrounding attorney-client privilege! In the news, we have updates from Carbon Black, Bomgar, Palo Alto, SpyCloud, and more, on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode81

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Classy and Illustrious - Application Security Weekly #12

Apr 17, 2018 01:00:21

Description:

This week, Paul and Keith discuss Github's 10th Anniversary and talk about Open Source Software! In the news, we have updates from Rapid7, a new MacOS backdoor, your Windows PC can be hacked by just visiting a site, and more on this episode of Application Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode12

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Better In Half Speed - Paul's Security Weekly #555

Apr 14, 2018 02:29:15

Description:

This week, Ron Gula of Gula Tech Adventures joins us for an interview! Our very own Joff Thyer delivers the Technical Segment entitled: Got Privs? Extract and Crack the Creds! In the news, RTF bug finally gets patched, so many ways to bridge an air gap, attacking accountants, spoofing all the ports and Trollcave, and more on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode555

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

This Is What We Do - Enterprise Security Weekly #87

Apr 12, 2018 49:54

Description:

This week, John Strand and I interview Senior Solutions Architect at ObserveIT, Kevin Donovan! In the news this week, Product announcements from Infoblox, Infocyte, ObserveIT, ThreatQuotient, Cisco and Tufin. Symantec could be in hot water, and CA and Palo Alto both made a recent acquisition. All that and more, on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode87

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Awesome Technology - Business Security Weekly #80

Apr 10, 2018 01:03:21

Description:

This week, Paul is joined by the Wizard of Entrepreneurship, Matt Alderman! In the Article Discussion, five techniques to nail the marketing aspect of your investor pitch, 18 things you need to know before you quit your job & launch your own startup, and more! In Tracking Security Innovation, BetterCloud closes $60M funding round, Fyde raises $3M in seed funding, RSA Acquires Fortscale, expands NetWitness SIEM Platform, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode80

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Don't Pull My Nerd Card - Application Security Weekly #11

Apr 9, 2018 57:53

Description:

This week, Paul and Keith discuss One Language to Rule Them All: Node-Based Operating System, NodeOS! In the news, we have updates from Cloudflare, Slack, NASA’s Voyager 1 spacecraft, how Georgia passed an Anti-Infosec Legislation, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode11

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

That's My Own Medicine - Paul's Security Weekly #554

Apr 7, 2018 02:27:07

Description:

This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode554

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

It's Comfy In Here - Enterprise Security Weekly #86

Apr 5, 2018 58:11

Description:

This week, Paul is joined by our very own Doug White to discuss Security Threats from Virtual Machines! In the news, we have updates from SolarWinds, VMware, Sonatype, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode86

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

We Like Straight Talk - Business Security Weekly #79

Mar 28, 2018 01:17:35

Description:

Dan Wheatley, Partner and CEO at Straight Talk Agency, joins us for the interview this week. Tenable hires Morgan Stanley, Sift Science raised $53M Series D, and Virsec raised $24M Series B. This segment is about the companies making news with founding rounds, exits, and other impacts you need to know about in the industry.

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode79

 

Visit http://securityweekly.com/category/bsw for all the latest episodes!

You Stole My Sweater - Paul's Security Weekly #552

Mar 23, 2018 01:39:27

Description:

Paul gives a tech segment on How to find the most innovative tech at a security show. In the news, we have updates from Alex Stamos, Facebook harvesting information about YOU, Uber self-driving car hits and kills pedestrian, and more on this episode of Paul's Security Weekly!

→Full Show Notes: https://wiki.securityweekly.com/Episode552 

→Visit https://www.securityweekly.com/psw for all the latest episodes!

 

Totally Overwhelmed - Business Security Weekly #78

Mar 22, 2018 01:16:54

Description:

This week, Michael and Paul interview Fred Scholl, President of Monarch Information Networks! Then the articles of discussion and tracking security innovation! All that and more, on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode78

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

I'm A Tiger - Enterprise Security Weekly #84

Mar 22, 2018 53:56

Description:

This week, John Strand takes the show by the reigns and conducts an outstanding interview with Brian Honan, who is recognised internationally as an expert on cybersecurity! John also gives a tech segment on how enterprises defend against attacks! All that and more, here on Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode84

 

More Crypto, More Problems - Application Security Weekly #09

Mar 20, 2018 57:28

Description:

This week, Keith and Paul discuss Uber's open source tool for adversarial simulation, AMD processors, Hijacked MailChimp accounts  used to distribute banking malware, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode09

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Early Bird Gets The Worm - Application Security Weekly #08

Mar 13, 2018 53:39

Description:

This week, Paul and Keith talk about “The Phoenix Project”, Amazon admits Alexa is creepily laughing at people, Ethereum fixes serious ‘eclipse’ flaw, Kali Linux is now an app in the Windows App Store, Docker + Minecraft = Dockercraft, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode08

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Happy Anniversary - Paul's Security Weekly #550

Mar 10, 2018 02:03:03

Description:

This week, Stefano Righi of UEFI joins us for an interview! Sven Morgenroth, Security Researcher at Netsparker joins us for the Technical Segment! In the news, we have updates from FinFisher, Equifax, Facebook, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode550

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Once Upon A Time In Shaolin - Enterprise Security Weekly #82

Mar 8, 2018 01:10:45

Description:

This week, Paul and John are accompanied by Eyal Neemany, Senior Cyber Security Researcher at Javelin Networks! In the news, we have updates from Duo Security, SolarWinds, AlgoSec, Martin Shkreli, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode82

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Room To Walk - Business Security Weekly #76

Mar 6, 2018 01:20:29

Description:

This week, Michael & Paul interview Shawn Tuma, Cybersec and Data Privacy Attorney at Scheef & Stone, LLP! In the Article Discussion, Michael and Paul talk how to build trust with colleagues, simple concepts to free up innovation, and how to avoid death by committee! In the news, we have updates from PhishMe, Splunk, CyberX, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode76

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Everything Old Is New Again - Application Security Weekly #07

Mar 6, 2018 56:39

Description:

This week, Keith and Paul discuss Facebook’s mandatory malware scan, GitLeaks: Check git repos for secrets and keys, New York quietly working to prevent a major cyber attack, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode07

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

It's All Uphill From Here - Paul's Security Weekly #549

Mar 3, 2018 02:14:26

Description:

This week, Mary Beth Borgwing of Mach37, joins us for an interview! In our second feature interview, Paul speaks with Cybersecurity Journalist Bruce Sussman of SecureWorld! In the news, we have updates from Quickjack, GitHub, the 2018 Olympics, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode549

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Differentiating the Differentiators - Enterprise Security Weekly #81

Mar 2, 2018 01:01:49

Description:

This week, Paul is joined by Doug White to interview Ferruh Mavituna, Founder and Product Manager of Netsparker! In the news, we have updates from Atos, Trustwave, Radware, and more on this episode of Enterprise Security Weekly!   

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode81

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Wizards of Entrepreneurship - Business Security Weekly #75

Feb 27, 2018 01:30:21

Description:

This week, Michael is joined by Matt Alderman to interview Will Lin, Principal and Founding Investor at Trident Capital Security! In the Security News, Apptio raised $4.6M in Equity, Morphisec raised $12M in Series B, & Dover Microsystems raised $6M "Seed" Round! Last but not least, part two of our second feature interview with Sean D'Souza, author of The Brain Audit! All that and more, on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode75

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

It's Five O'Clock Somewhere - Business Security Weekly #74

Feb 20, 2018 01:35:43

Description:

This week, Michael and Paul interview Joe Kay, Founder & CEO of Enswarm! In the Tracking Security Information segment, IdentityMind Global rasied $10M, DataVisor raised $40M, & Infocyte raised $5.2M! Last but not least, our second feature interview with Sean D'Souza, author of The Brain Audit! All that and more, on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode74

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

It's Just Beautiful - Application Security Weekly #06

Feb 17, 2018 58:32

Description:

This week, Keith and Paul discuss Data Security and Bug Bounty programs! In the news, Lenovo warns of critical Wifi vulnerability, Russian nuclear scientists arrested for Bitcoin mining plot, remote workers outperforming office workers, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode06

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

They Stole My Shoes - Paul's Security Weekly #548

Feb 16, 2018 02:18:17

Description:

This week, Steve Tcherchian, CISO and Director of Product Management of XYPRO Technology joins us for an interview! In our second feature interview, Paul speaks with Michael Bazzell, OSINT & Privacy Consultant! In the news, we have updates from Google, Bitcoin, NSA, Microsoft, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode548

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Happy Valentine's Day - Enterprise Security Weekly #80

Feb 15, 2018 01:10:14

Description:

This week, Paul and John are accompanied by Guy Franco, Security Consultant for Javelin Networks, who will deliver a Technical Segment on Domain Persistence! In the news, we have updates from ServerSide, Palo Alto, NopSec, Microsoft, and more on this episode of Enterprise Security Weekly!  

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode80

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

This Is An Emergency - Business Security Weekly #73

Feb 13, 2018 01:09:34

Description:

This week, Michael and Paul interview Dawn-Marie Hutchinson, Executive Director of Optiv Offline! In the Article Discussion, security concern pushing IT to channel services, what drives sales growth and repeat business, and in the news, we have updates from Proofpoint, J2 Global, LogMeIn, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode73

 

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Jim Carrey Hacked My Facebook - Application Security Weekly #05

Feb 13, 2018 50:41

Description:

This week, Keith and Paul continue to discuss OWASP Application Security Verification Standard! In the news, Cisco investigation reveals ASA vulnerability is worse than originally thought, Google Chrome HTTPS certificate apocalypse, Intel made smart glasses that look normal, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode05

 

Visit https://www.securityweekly.com/ for all the latest episodes!

Walk The Plank - Paul's Security Weekly #547

Feb 9, 2018 02:00:44

Description:

This week, Zane Lackey of Signal Sciences joins us for an interview! Our very own Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! In the news, we have updates from Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode547

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Heinous Noises - Enterprise Security Weekly #79

Feb 8, 2018 01:04:32

Description:

This week, Paul is joined by Doug White, host of Secure Digital Life, to interview InfoSecWorld 2018 Speaker Summer Fowler! In the news, we have updates from Cisco, SANS, Scarab, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode79

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Put Your Dockers On - Business Security Weekly #72

Feb 6, 2018 01:17:18

Description:

This week, Michael and Paul interview Vik Desai, Managing Director at Accenture! Matt Alderman and Asif Awan of Layered Insight join Michael and Paul for another interview! In the news, we have updates from BehavioSec, RELX, DISCO, Logikcull, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode72

 

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Stay Classy - Application Security Weekly #04

Feb 6, 2018 58:43

Description:

This week, Keith and Paul discuss OWASP Application Security Verification Standard! In the news, Intel warns Chinese companies of chip flaw before U.S. government, bypassing CloudFair using Internet-wide scan data, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode04

 

Visit https://www.securityweekly.com/ for all the latest episodes!

It Was Wide Open - Paul's Security Weekly $546

Feb 3, 2018 02:18:33

Description:

This week, InfoSecWorld speakers Mark Arnold & Will Gragido join us for an interview! John Strand of Black Hills Information Security joins us for the Technical Segment on MITRE! In the news, we have updates from Discord, Bitcoin, NSA, Facebook, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode546

Visit https://www.securityweekly.com/psw for all the latest episodes!

Tactical Sweaters - Enterprise Security Weekly #78

Feb 1, 2018 01:21:54

Description:

This week, Paul and John interview Brendan O'Connor, Security CTO at ServiceNow, and John Moran, Senior Project Manager of DFLabs! In the news, we have updates from Twistlock, Microsoft, BeyondTrust, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode78

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Don't Touch The Mic - Business Security Weekly #71

Jan 28, 2018 01:03:19

Description:

This week in the Article Discussion, Michael is joined by Doug White, host of Secure Digital Life to discuss how to design an addictive product, yearning for the vast and endless sea, and five soft skills recruiters want most! In the news, we have updates from SheerID, Facebook, Amazon, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode71

Visit https://www.securityweekly.com/ssw for all the latest episodes!

The Doctor's Here - Application Security Weekly #03

Jan 27, 2018 59:15

Description:

This week, Keith is joined by Doug White, host of Secure Digital Life! Matias Madou of Secure Code Warrior joins us for an interview! In the news, Red Hat has now reverted CPU patches for Spectre, Russian Twitterbots are blaming the US shutdown on Democrats, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode03

 

Visit https://www.securityweekly.com/ for all the latest episodes!

Tom Brady with Six Fingers - Paul's Security Weekly #545

Jan 26, 2018 02:20:30

Description:

This week, Kevin Donovan, Senior Solutions Architect at ObserveIT joins us for an interview! John Strand joins us for the Technical Segment on Critical Security Control Resources! In the news, we have updates from Dell, Meltdown, Spectre, and OnePlus! Larry Pesce hosts this weeks episode, Carlos Perez makes his epic return, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode545

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

The Eternal Optimist - Enterprise Security Weekly #77

Jan 25, 2018 58:36

Description:

This week, Paul and John interview Lenny Zeltser, VP of Products for Minerva Labs! In the news, we have updates from ThreatMetrix, CrowdStrike, SmartBear, Carbon Black, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode77

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Armed & Ready - Business Security Weekly #70

Jan 21, 2018 01:08:48

Description:

This week, Paul and Michael interview Jennifer Minella, VP of Engineering with Carolina Advanced Digital, Inc.! In the article discussion, how absolute zero can heat up growth, three time management tips that work, and how to let go of the need to be perfect! In the news, updates from FireEye, WatchGuard, First Alert, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode70

 

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Voices In My Head - Paul's Security Weekly #544

Jan 20, 2018 02:17:21

Description:

This week, Adam Gordon from ItPro.TV joins us for an interview! Rebekah Brown, a Threat Intelligence Lead of Rapid7, joins us for another interview! In the news, we have updates from BIND, the latest Apple bug, Intel, YouTube, Skygofree, and more, on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode544

Visit https://www.securityweekly.com/psw for all the latest episodes!

Punishing Trojan Horses - Application Security Weekly #02

Jan 20, 2018 57:40

Description:

This week, Paul and Keith discuss the second half of the OWASP 2017 Top Ten! In the news, Facebook can track you by the dust on your camera lens, Apple health data used in murder trial, the stress of remote working, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode02

 

Visit https://www.securityweekly.com/ for all the latest episodes!

Studio on the Beach - Enterprise Security Weekly #76

Jan 18, 2018 01:11:54

Description:

This week, Michael Santarcangelo joins Paul to interview Clayton Fields, the Director of Javelin Networks joins us for an interview! In the news, we have updates from VIVOTEK, ServiceNow, Moneris, AlgoSec, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode76

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

They Like My Voice - Business Security Weekly #69

Jan 16, 2018 01:00:12

Description:

This week in the Article Discussion,  Paul and Michael discuss how to be more productive without burning out, what cybersecurity chiefs can learn from Warren Buffett, and the importance of explaining "Why" before "What" when you need help! In the news, we discuss SolarWinds acquired LOGGLY, Verizon acquired Niddel, Cyxtera Technologies acquires Immunity, and more on this episode of Business Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode69

 

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Pushing To Master - Application Security Weekly #01

Jan 16, 2018 01:01:08

Description:

This week, Paul and Keith will discuss the ten most critical web application risks! In the news, how malicious NPM packages could harvest credit card numbers and passwords, NVIDIA updates video drivers to help address CPU memory security, multiple vulnerabilities in PHP could allow for arbitrary code execution, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode01

 

Visit https://www.securityweekly.com/ for all the latest episodes!

Happy Streams - Paul's Security Weekly #543

Jan 14, 2018 02:19:38

Description:

Diana Kelley and Ed Moyle of Security Curve join us for an interview! Jake Williams, founder of Rendition Infosec and Senior Instructor at the SANS Institute joins us for another interview! In the news, fingerprinting digital documents, Skype finally getting end-to-end encryption, Apple set to patch yet another macOS password security flaw, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode543

Visit https://www.securityweekly.com/psw for all the latest episodes!

We Rock This Thing - Enterprise Security Weekly #75

Jan 11, 2018 01:15:14

Description:

This week, Matt Alderman joins Paul to interview Marci McCarthy, CEO and President of T.E.N. & CEO and Chairman of ISE®! Marci has over 20 years of business management and entrepreneurial experience! In the news, we have updates from Bitglass, WhiteHat, and Twistlock! Matt Alderman talks container security with Paul, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode75

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

I'm The Hammer - Startup Security Weekly #68

Jan 9, 2018 01:11:00

Description:

This week, Bam Azizi of NoPassword joins us for an interview! In the article discussion, we talk about why not to brainstorm in groups, the real reasons companies are so focused on short term, and how to break bad business habits! In the news, we discuss Barracuda Networks acquiring PhishLine for an undisclosed amount, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode68

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Where's My Starbucks - Application Security Weekly #00

Jan 9, 2018 53:13

Description:

Paul Asadoorian and Keith Hoodlet bring you our brand new show, Application Security Weekly! On our first episode, Paul and Keith will discuss the history of application security and software security! In the news, what you need to know about CPU vulnerabilities, negative results testing Intel CPU design, Mozilla Firefox patches, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Snowmageddon - Paul's Security Weekly #542

Jan 7, 2018 02:21:35

Description:

Marcello Salvati of Coalfire Labs joins us for our featured interview. John Strand delivers another killer Tech Segment about the new mimikatz event log clearing feature. Then in the security news, 10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! We also hear from Keith Hoodlet about our brand new show! All that and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode542

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Doctors Make The Best Rappers - Enterprise Security Weekly #74

Jan 6, 2018 42:20

Description:

This week, Doctors make the best rappers, 3 innovative security companies, Devops will be a thing, integrate products swimmingly, AI and Machine Learning in the hands of bad actors, and serverless security capabilities. Our topic segment today will discuss Patching Intel Vulnerabilities In The Enterprise. All that and more on Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode74

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Happy New Year - Startup Security Weekly #67

Dec 29, 2017 01:17:00

Description:

This week, Rick Olesek and Rich Walchuck of CryptoniteNXT join us for an interview! In the article discussion, we talk about startups most likely to succeed, how to pitch your app to investors, and calculating your total addressable market! In the news, we have updates from Thales, Amazon, Convercent, ADT, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode67

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Merry Christmas - Paul's Security Weekly #541

Dec 28, 2017 02:46:39

Description:

Bob Hillery, Co-Founder and Director of InGuardians joins us for an interview, and Kevin Finisterre, Principal of the Security Consultancy of Department 13 joins us to deliver the tech segment! In the news, Uber pays hacker to keep quiet, flaw in Intel processors allowing undetectable malware, Apple patches other High Sierra security holes, and more on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode541

Visit https://www.securityweekly.com/psw for all the latest episodes!

Christmas Directories - Enterprise Security Weekly #73

Dec 21, 2017 51:39

Description:

This week, Paul and John talk about Active Directory insecurity, how to solve problems with endpoint detection and response, and how to fix authentication issues! In the news, we have updates from Flexera, Amazon, ExtraHop, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode73

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #154 - December 19, 2017

Dec 20, 2017 21:32

Description:

Michael reports on a suspected North Korea Ransomware attack, Kaspersky federal software ban, compelled passwords, and 1 in 3 IT professionals looking for new jobs! Jason Wood of Paladin Security joins us for the expert commentary on Bitcoin, and more on this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode154

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Check the Soundstage - Startup Security Weekly #66

Dec 19, 2017 01:21:46

Description:

In our article discussion, we discuss managing risk, defining moments for your customers, ditching PowerPoint for better apps, and planning communications to avoid pitfalls! In the news, we have updates from Simility, Upstream, ShieldX, Atos, Menlo Security, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode66

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Spread Your Vegemite - Paul's Security Weekly #540

Dec 16, 2017 02:18:03

Description:

Joe Gray of the Advanced Persistent Security podcast joins us for an interview! Ed Skoudis of the SANS Institute joins us to discuss the SANS Holiday Hack Challenge and what he’s been up to in the cyber world! In the news, the team discusses on-demand webcasts, net neutrality, pen testing, and Vegemite with Joff!


Full Show Notes: https://wiki.securityweekly.com/Episode540

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

In the Clouds - Enterprise Security Weekly #72

Dec 14, 2017 59:14

Description:

Jeff Schilling, CSO of Armor joins us for an interview to discuss Cloud based security and incident response! In the news, updates from LogRhythm, Optiv Security, Fortinet, RiskSense, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode72

Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #153 - December 12, 2017

Dec 13, 2017 21:42

Description:

Paul reports on Google patches, vulnerability in two keyless entry locks, Mozilla security updates, and 1.4 billion plain-text leaked passwords found online! Jason Wood of Paladin Security joins us for the expert commentary, and more on this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode153

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Channeling Back - Startup Security Weekly #65

Dec 9, 2017 01:20:41

Description:

Todd O'Boyle of StrongArm joins us for an interview! In our article discussion, we discuss behaviors that can drive cultural change, the power of office back-channeling, and the five traits of successful teams at Google! In the news, we have updates from InterVision, Prevoty, Okta, and Riskonnect, and more on this episode of Startup Security Weekly


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode65

Visit https://www.securityweekly.com/ssw for all the latest episodes!

 

Paul's Security Weekly #539 - Dental Security Weekly

Dec 9, 2017 01:56:24

Description:

Lisa O'Connor of Accenture Labs joins us for an interview to discuss threat intelligence, advanced cyber hunting, active defense, and security of the Industrial Internet of things! Eyal Neemany of Javelin Networks joins us for the tech segment to discuss bypassing Two-Factor Authentication! Paul and Larry talk about Uber, vulnerable banking apps, and bluetooth on the news, on this weeks episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode539

Visit https://www.securityweekly.com for all the latest episodes!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #152 - December 5, 2017

Dec 6, 2017 22:30

Description:

Paul reports on a flaw found in Dirty COW patch, Apache Software security updates, more hacks in 2018, and a MailSploit e-mail spoofing flaw! Jason Wood joins us to give expert commentary on a Federal Data Breach Legislation, and more on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode152


Visit http://hacknaked.tv for all the latest episodes!

Startup Security Weekly #64 - Legal in Some States

Dec 6, 2017 01:29:35

Description:

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #538 - Enjoy the Taste

Dec 2, 2017 02:06:51

Description:

Allison Miller joins us for an interview, Mick Douglas of the SANS Institute shows us how to feed common and default logs into ELK stacks, and we report on the latest security news on this episode of Paul's Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode538

Visit https://www.securityweekly.com for all the latest episodes!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #71 - Call Me!

Nov 30, 2017 01:16:29

Description:

James Wilkinson joins us to discuss his transition from the military to the enterprise security space. In the news, updates from Docker, GuardiCore, Trend Micro, Barracuda Networks, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode71


Visit https://www.securityweekly.com/esw for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #151 - November 28, 2017

Nov 30, 2017 20:04

Description:

Paul and Michael report on an Exim-ergency, why Uber’s in hot water, Firefox’s new pwnage warnings, 1.7 million breached Imgur accounts, bidding farewell to SMS authentication, voting and security, and more on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode151


Visit http://hacknaked.tv for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #70 - We Have Foreigners Here

Nov 24, 2017 52:50

Description:

Ismael Valenzuela of the SANS Institute joins us. In the news, Rapid7 and Tenable announce new headquarters, Meg Whitman steps down, announcements for CA World ‘17, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode70


Visit https://www.securityweekly.com/esw for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #63 - In the Books

Nov 23, 2017 01:29:07

Description:

Darren Mar-Elia of Semperis joins us. In the news, deciding with speed and conviction, learning from unicorns, starting your social enterprise, and updates from ThreatQuotient, Symantec, Optiv, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode63

Visit https://www.securityweekly.com/ssw for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #150 - November 21, 2017

Nov 22, 2017 19:25

Description:

Don Pezet of ITProTV joins Paul to discuss Amazon S3 buckets, Google collecting Android data, secret spyware in smartwatches, and patches for Microsoft, Intel, HP, and more on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode150


Visit http://hacknaked.tv for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly #537 - Bacon Grease Volkswagen

Nov 18, 2017 02:49:37

Description:

Kyle Wilhoit of DomainTools joins us for an interview, Mike Roderick and Adam Gordon of ITProTV deliver a technical segment on VDI and virtualization, and we discuss the latest security news on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode537

Visit https://www.securityweekly.com for all the latest episodes!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #69 - Next Next-Generation

Nov 17, 2017 56:57

Description:

Tony Kirtley of SecureWorks joins us for an interview. In the news, free tools to remove website malware, next-gen CASBs, helping financial services with security, 10 steps to stop lateral movement, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode69


Visit https://www.securityweekly.com/esw for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #149 - November 15, 2017

Nov 17, 2017 30:08

Description:

Michael Santarcangelo and Jason Wood discuss Amazon Key’s launch, backdoors on phones, consumers distrusting businesses with data, IT professionals turning to cybersecurity, and more on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode149


Visit http://hacknaked.tv for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #62 - It's Been Good

Nov 15, 2017 01:17:48

Description:

Roi Abutbul of Javelin Networks joins us. In the news, myths about successful founders, side hustle, overwhelmed consumers, and updates from CrowdStrike, Skybox, Zscaler, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode62

Visit https://www.securityweekly.com/ssw for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly #536 - Cult of Good Wi-Fi

Nov 11, 2017 02:25:54

Description:

Amanda Berlin of NetWorks Group and Lee Brotherston of Wealthsimple join us, Sven Morgenroth of Netsparker delivers a tech segment on cross-site scripting, and we discuss the latest security news on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode536

Visit https://www.securityweekly.com for all the latest episodes!

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #68 - Wrong Show

Nov 9, 2017 01:25:51

Description:

Logan Harris of SpotterRF joins us for an interview. In the news, Juniper enhances Contrail Cloud, Microsoft LAPS headaches, Flexera embraces open-source, local market deception technology, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode68


Visit https://www.securityweekly.com/esw for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #148 - November 7, 2017

Nov 8, 2017 27:03

Description:

Doug White and Jason Wood discuss improvements to IoT, fooling millions of Android users, Google Play bug bounties, school boards being hacked by pro-ISIS groups, and more with Jason Wood on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode148


Visit http://hacknaked.tv for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #61 - Nice Ring

Nov 7, 2017 01:14:22

Description:

Paul and Michael discuss contribution margin, sales lessons from successful entrepreneurs, battling from idea to launch, and why the future will be won by the scientist. In our startup security news segment, we have updates from SailPoint, WatchGuard, ForeScout, Synopsys, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode61

Visit https://www.securityweekly.com/ssw for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly #535 - Naughty Bits

Nov 4, 2017 02:41:29

Description:

Richard Moulds of Whitewood Security and Gadi Evron of Cymmetria join us for interviews, and Tim Medin of the SANS Institute delivers a tech segment on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode535

Visit https://www.securityweekly.com for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #67 - Extra Dessert

Nov 3, 2017 53:02

Description:

Bryan Patton of Quest Software joins us for an interview. In the news, security horror stories, making cloud native a reality, and updates from Ixia, Lacework, Francisco, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode67


Visit https://www.securityweekly.com/esw for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #147 - October 31, 2017

Nov 1, 2017 27:45

Description:

Michael Santarcangelo discusses platform security architecture, Kaspersky, the Cyber Peace Corps, and more with Jason Wood on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode147


Visit http://hacknaked.tv for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News #146 - October 24, 2017

Oct 25, 2017 19:18

Description:

Kaspersky has “nothing to hide”, the internet wants YOU, OS X malware runs rampant, WHOIS database slip-ups, and more. Jason Wood discusses an attack on critical US infrastructure on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode146


Visit http://hacknaked.tv for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #60 - It's An Exit

Oct 24, 2017 01:20:29

Description:

Ten sales rules you should break, how to pitch a venture capitalist, guiding employees towards mental health, and updates from Duo Security, Contrast Security, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode60

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #534 - Pizza the Hut

Oct 21, 2017 02:32:16

Description:

Wendy Nather of Duo Security is our featured interview, Joe Vest and Andrew Chiles of MINIS deliver a tech segment on borrowing Microsoft metadata and digital signatures to “hide” binaries, and in the security news, Microsoft hypocritically mocks Google, hacking child safety smart watches, five steps to building a vulnerability management program, Google Play introduces a bug bounty program, and why is technology outing sex workers?


Full Show Notes: https://wiki.securityweekly.com/Episode534

Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #66 - Forget I Said That

Oct 19, 2017 51:03

Description:

Richard Moulds of Whitewood Security joins us to discuss the return of the ROCA crypto bug. In the news, Tanium expands their security platform, Carbon Black and IBM team up for a rapid response tool, improved container threat detection from StackRox, Illusive Networks introduces new mainframe deception, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode66


Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #145 - October 17, 2017

Oct 18, 2017 24:48

Description:

What you should know about the KRACK WiFi vulnerability, information on the ROCA attack, emptying ATMs, Google removes malicious extensions, and more. Don Pezet of ITProTV delivers expert commentary on the KRACK and ROCA on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode145


Visit http://hacknaked.tv for all the latest episodes!

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly #65 - Fire Sale

Oct 18, 2017 47:51

Description:

Splunk goes shopping, ForeScout joins forces with an endpoint vendor, Carbon Black makes an announcement, ManageEngine has some new integrations, Microsoft is announcing some new security features, and ZoneFox launches a new UEBA platform in the cloud. Matt Alderman joins us for this episode and our topic is how to secure your Cloud services AKA SaaS offerings on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode65


Visit https://www.securityweekly.com/esw for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #59 - Spooky Scary Startups

Oct 16, 2017 01:40:38

Description:

Don Pezet of ITProTV joins us. In the startup security news, defining traits of leaders, the realities of stealth mode, and updates from Attivo Networks, CloudZero, Akami, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode59

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #533 - The Next Room

Oct 14, 2017 02:12:16

Description:

Matthew Toussain of the SANS Institute and Spectrum Information Security joins us, Mick Douglas of SANS shows us how to use PowerShell to pause and resume processes, and we discuss the latest information security and hacking news on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode533


Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #144 - October 10, 2017

Oct 13, 2017 27:21

Description:

Doug White and Jason Wood discuss Kaspersky, social security, Duqu 2.0, and the Equifax breach on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode144


Visit http://hacknaked.tv for all the latest episodes!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Startup Security Weekly #58 - Put On Your Business Hat

Oct 12, 2017 01:33:48

Description:

Elizabeth Lawler of CyberArk joins us for an interview. In the articles for discussion, we discuss leveling the playing field for entrepreneurs, using storytelling to increase sales, online crowdfunding, and more. In the startup security news for the week, Slack and Oracle team up, ForeScout files for an IPO, and updates from Social Capital, Guidewire, Forensic Logic, and more on this edition of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode58

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #532 - That's Australian

Oct 7, 2017 02:29:36

Description:

Don Pezet of ITProTV and Ran Levi of Podcast Israel Media join us, and we discuss the latest information security and hacking news on this episode of Paul’s Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/Episode532


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #64 - Saved By Hello Kitty

Oct 5, 2017 48:06

Description:

Mary Chaney of ICMCP joins us. In the news, John McAfee finally reveals his hack-proof system, ShieldX and Webroot join forces, a biometrics company teams up with Honeywell, and what percentage of successful attacks are caused by phishing? Paul and John discuss the ethics of hacking back on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode64


Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #143 - October 3, 2017

Oct 4, 2017 26:56

Description:

The internet isn’t ready for DNS sec, Netgear patches away, Whole Foods is the latest victim of a credit card breach, and more. Ferruh Mavituna and Sven Morgenroth of Netsparker join us to discuss Apache Struts vulns and the Equifax breach on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode143


Visit http://hacknaked.tv for all the latest episodes!

Startup Security Weekly #57 - The Sand Hobo Himself

Oct 3, 2017 01:27:23

Description:

Barrett Lyon of Neustar joins us. In the news, funding your business with no experience, buying and selling strategy and tactics, taking a sabbatical, and updates from Google, Vimeo, CA Technologies, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode57

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #531 - Trevor Forget

Sep 30, 2017 02:58:39

Description:

Jim Nitterauer of AppRiver and Ed Skoudis of Counter Hack & SANS Institute join us, and we discuss the latest information security and hacking news!


Full Show Notes: https://wiki.securityweekly.com/Episode531


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #63 - Temporal Tempura

Sep 28, 2017 41:11

Description:

Paul and John discuss network security architecture. In the news, Google Cloud acquires Bitium, Ixia extends cloud visibility, Lacework now supports Microsoft Windows Server, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode63


Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #142 - September 26, 2017

Sep 28, 2017 19:51

Description:

Tracking cars, iOS 11 patches eight vulnerabilities, Equifax dumps their CEO, High Sierra gets slammed with a 0-day, and more. Jason Wood of Paladin Security discusses an email DDos threat on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode142


Visit http://hacknaked.tv for all the latest episodes!

Startup Security Weekly #56 - A Huge Week

Sep 25, 2017 01:43:19

Description:

Don Pezet and Tim Broom of ITProTV join us. In the news, building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode56

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Enterprise Security Weekly #62 - Heat Death of the Universe

Sep 21, 2017 45:45

Description:

Paul and John discuss insights into the Equifax data breach. In the news, CyberGRX and BitSight join forces, YARA rules explained, Riverbed teases an application networking offering, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode62


Visit https://www.securityweekly.com/esw for all the latest episodes!

Hack Naked News #141 - September 18, 2017

Sep 20, 2017 21:36

Description:

CCleaner is distributing malware, rogue WordPress plugins, Equifax replaces key staff members, and more. Jason Wood of Paladin Security discusses malicious WordPress plugins on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode141


Visit http://hacknaked.tv for all the latest episodes!

Startup Security Weekly #55 - Bald, Beautiful Men

Sep 18, 2017 01:29:38

Description:

Jason Brvenik of NSS Labs joins us. In the news, attributes of a scalable business, founder struggles, how to grow your startup, and updates from AppGuard, Securonix, CashShield, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode55

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul’s Security Weekly #530 - That’s a Grand Slam

Sep 16, 2017 02:31:25

Description:

Ted Demopoulos and Mike Assante of the SANS Institute join us, and we discuss the latest information security and hacking news!


Full Show Notes: https://wiki.securityweekly.com/Episode530


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #61 - Crying Uncle

Sep 14, 2017 01:03:57

Description:

Tom Parker of Accenture joins us. In the news, Bay Dynamics and VMware join forces, confessions of an insecure coder, Flexera acquires BDNA, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode61


Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #140 - September 12, 2017

Sep 13, 2017 20:16

Description:

Bypassing Windows 10 security software, Android is vulnerable (go figure), hacking syringe infusion pumps to deliver fatal doses, and more. Jason Wood of Paladin Security discusses iOS 11 on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode140

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #54 - Here We Go with Witness Protection

Sep 12, 2017 01:26:57

Description:

Gary Golomb of Awake Security joins us. In the news, changing a prospect's mind, the MVP paradox, commodifying SaaS, and updates from ForgeRock and Michael and Paul's startup journeys!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode54

Visit https://www.securityweekly.com/ssw for all the latest episodes!

Paul's Security Weekly #529 - Security is a Religion

Sep 9, 2017 02:31:25

Description:

Michele Jordan of Under the Oak Consulting joins us, Chris Crowley of SANS Institute discusses mobile application security, and we discuss the latest information security and hacking news!


Full Show Notes: https://wiki.securityweekly.com/Episode529


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #60 - Live From Gainesville

Sep 7, 2017 56:17

Description:

Don Pezet of ITProTV and Doug White join us to discuss network security architecture. In the news, SealPath and Boldon James join forces, following the money, AI in the cloud, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode60

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #139 - September 5, 2017

Sep 6, 2017 21:32

Description:

AT&T customers at risk, WikiLeaks gets vandalized, catching hackers in the act, going to jail over VPNs, and more. Jason Wood of Paladin Security discusses wheeling and dealing malware on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode139

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #53 - Pulling Your G-String

Sep 4, 2017 01:28:18

Description:

Matt Alderman of Automox joins us. In the news, changing your audience’s perceptions, improving sales efforts, letting your kids fail, and updates from Facebook, Juniper, Qadium, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode53


Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #528 - DDos Campaign for Memes

Sep 2, 2017 01:48:08

Description:

Larry Pesce and Dave Kennedy hold down the fort in Paul’s absence! Kyle Wilhoit of DomainTools delivers a tech segment on pivoting off domain information, Dave talks about the upcoming DerbyCon, and we discuss the latest information security news!


Full Show Notes: https://wiki.securityweekly.com/Episode528


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #59 - Protect the Data

Sep 1, 2017 01:07:14

Description:

Michael and Matt join Paul to discuss security operations, endpoint protection, enterprise networking monitoring, and the latest enterprise security news on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode59

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #138 - August 29, 2017

Aug 30, 2017 22:05

Description:

Sparring government agencies, Microsoft patches a patch of a patch, Intel chips and backdoors, SMS authentication begone, and more. Jason Wood of Paladin Security discusses scaling back data demand on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode138

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #52 - Security Startups Taste So Good

Aug 29, 2017 01:18:18

Description:

Michael and Paul discuss de-risking risk. In the news, ten tools to streamline your processes, why cash conversion matters, creating psychological safety, and updates from Cisco, Nationwide, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode52


Visit https://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #527 - The Dirty Secret

Aug 26, 2017 02:13:01

Description:

Richard Moulds of Whitewood Security joins us, Larry delivers a surprise technical segment, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode527


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #58 - A Game Changer

Aug 24, 2017 53:27

Description:

Paul and John discuss developer awareness, security training, and vulnerability tracking and reporting. In the news, diving deep into threat intelligence, GeoGuard and Skyhook team up, securing mobile devices, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode58

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #137 - August 22, 2017

Aug 23, 2017 20:43

Description:

Zero-days in PDF readers, updates to Debain Stretch, killer robots are coming, and more. Jason Wood of Paladin Security discusses sexually charged sonar-based attacks on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode137

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #51 - Whiskey For Gold Diggers

Aug 22, 2017 01:12:45

Description:

Tarah Wheeler joins us. In the news, how much your startup needs to raise, 6 steps to surviving 3 years, documenting failures, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode51


Visit https://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #526 - Lemonade and Salad Dressing

Aug 19, 2017 02:47:38

Description:

Bryson Bort of GRIMM joins us, Sven Morgenroth of Netsparker deploys filters for web applications, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode526


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #57 - They're Talking About Us!

Aug 18, 2017 01:00:38

Description:

Mike Nichols of Endgame joins us, we explore Paul’s IoC enchanting quadrants, and cover the latest enterprise news on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode57

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #136 - August 15, 2017

Aug 17, 2017 21:16

Description:

Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode136

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #50 - Bootstrapped

Aug 15, 2017 59:21

Description:

Matt Alderman joins us for a recap of Black Hat and Hacker Summer Camp. In the news, how not to botch your pitch, why VCs love insurance, and updates from OpenText, WatchGuard, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode50


Visit https://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #525 - Baked-In Security

Aug 12, 2017 02:15:05

Description:

Aram Jivanyan of BeSafe joins us, our tech segment covers Paul’s recent printer hacking adventures, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode525


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #56 - Tunable Discriminator

Aug 11, 2017 40:52

Description:

Paul and John discuss security policies and procedures. In the news, WatchGuard acquires Datablink, Cylance brings enterprise technology to home users, Oracle and SafeLogic join forces for OpenSSL, 12 security startups that raised new funding in 2017, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode56

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #135 - August 8, 2017

Aug 9, 2017 24:06

Description:

Shame on Disney, shooting down customer drones, flaws in solar panels, Chrome extensions spreading adware, and more. Doug White of Roger Williams University joins us to discuss hacking back on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode135

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #49 - Speak Your Truth

Aug 8, 2017 01:17:23

Description:

Glenn Chisholm and Ben Johnson of Obsidian Security join us. In the news, how to keep your head without losing your heart, what aspiring founders need to know, supercharging sales, and how NOT to start a startup. Michael and Paul deliver updates from Callsign, Juvo, Awake Security, and more on episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode49

Visit https://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #524 - The Secret Sauce

Aug 5, 2017 02:22:26

Description:

Danny Miller of Ericom Software joins us, Larry and his intern Galen Alderson exfiltrate data from networks with inexpensive hardware, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode524


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #55 - Wheatland, Wyoming

Aug 5, 2017 01:20:09

Description:

Ping Look of Optiv joins us, John delivers a tech segment on RITA, and we discuss the latest enterprise security news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode55

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #134 - August 2, 2017

Aug 3, 2017 25:05

Description:

No more VPNs in Russia, hacking luxury cars, stolen Game of Thrones scripts, your Echo is spying on you, and more. Jason Wood of Paladin Security joins us to discuss Chrome plugin phishing attacks on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode134

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #47 - Cupcakes For Breakfast

Jul 24, 2017 01:18:47

Description:

Ronnie Feldman of Learnings & Entertainments joins us. In the news, how to be “customer first”, four components of a successful sales strategy, and updates from Symantec, Nok Nok Labs, Flashpoint, HyTrust, and more!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode47

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #48 - Exiting Stealth

Jul 24, 2017 57:46

Description:

Ali Golshan of StackRox and special guest host Doug White join us on this containerized episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode48

Visit https://www.securityweekly.com for all the latest episodes!

Pauls Security Weekly 523 - Hack My NAS

Jul 22, 2017 02:24:40

Description:

Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA, Sven Morgenroth of Netsparker bypasses corporate firewalls, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode523


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #54 - Complete Gibberish

Jul 21, 2017 01:18:32

Description:

Thomas Fischer of Digital Guardian joins us to discuss GDPR, Paul talks about monitoring infrastructure with Nagios, and we discuss the latest enterprise security news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode54

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #133 - July 18, 2017

Jul 19, 2017 25:26

Description:

Forgetting your Windows password, bidding farewell to SMS authentication, reviewing Black Hat USA 2017, Ubuntu Linux for Windows 10, and more. Jason Wood of Paladin Security joins us to discuss companies being breached due to misconfiguration on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode133

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #522 - It's a Nerdgasm!

Jul 15, 2017 02:09:16

Description:

Joe Desimone of Endgame joins us to discuss fileless attacks, Don Pezet of ITProTV delivers a technical segment on hardening weak software RNGs and hardware entropy sources, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode522


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #53 - Look At the Beards

Jul 13, 2017 01:03:58

Description:

Ferruh Mavituna of Netsparker joins us to discuss CI level automated web security, Paul talks about hardening Docker containers, and the latest enterprise security news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode53

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #132 - July 11, 2017

Jul 12, 2017 23:32

Description:

Solving artificial stupidity, Petya’s decryption key is released, sleeping with the enemy, burned laptops for DEF CON, and more. Jason Wood of Paladin Security joins us to discuss the FTC shutting down a loan application firm on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode132

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #46 - All Black Everything

Jul 10, 2017 01:26:00

Description:

James Jardine of Jardine Software joins us. In the news, the hells of being a founder, killing projects before they kill you, intellectual property 101, and updates from Auth0, Upstream, Palo Alto Networks, Symantec, and more!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode46

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #521 - Bad Guy Walmart

Jul 8, 2017 02:29:53

Description:

Tim Helming of DomainTools joins us, Paul Ewing of Endgame demystifies the art of hunting, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode521


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #52 - Sweaty Lawyers

Jul 7, 2017 01:05:58

Description:

Doug White joins us to discuss network hardening using egress filtering, and we discuss the latest enterprise news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode52

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #520 - Pickle Your Python

Jul 1, 2017 02:11:53

Description:

Moses Hernandez of Cisco Systems joins us, our friends at Javelin Networks discuss admin hunting and methods of credential theft for high privileged accounts, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode520


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #51 - Idempotency

Jun 30, 2017 01:22:16

Description:

Apollo Clark joins us to discuss managing AWS cloud resources, docker security in the enterprise is our topic for the week, and we discuss the latest enterprise news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode51

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #131 - June 28, 2017

Jun 29, 2017 23:55

Description:

DoD networks have been compromised, the Shadow Brokers continue their exploits, a Pennsylvania healthcare system gets hit with Petya, and more. Jason Wood of Paladin Security joins us to discuss nations' offensive technical strengths and defensive weaknesses on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode131

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #45 - Walking In Pajamas

Jun 26, 2017 01:24:13

Description:

Fred Kneip of CyberGRX joins us. In the news, why most startups fail, conference season tips, the question you need to ask before solving any problem, and updates from GreatHorn, Cybereason, Amazon, and more!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode45

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #519 - Whiskey Tango Foxtrot

Jun 24, 2017 02:33:56

Description:

Eric Conrad of SANS joins us, Justin Henderson reverse analyzes attacks for detection purposes, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode519


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #50 - Losing More Hair

Jun 23, 2017 51:29

Description:

Brian Ventura of SANS Institute and Ted Gary of Tenable join us. In the news, five ways to maximize your IT training, pocket-sized printing, 30 years of evasion techniques, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode50

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #130 - June 20, 2017

Jun 21, 2017 24:25

Description:

Hacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old Linux bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode130

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #518 - Floppy Lemons

Jun 17, 2017 02:03:43

Description:

Trey Forgety of NENA joins us, Carrie Roberts of Black Hills Information Security shows us how to prevent blacklisting while password spraying with Burp and ProxyCannon, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode518


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #49 - 7 Layers

Jun 16, 2017 45:13

Description:

Paul and John discuss malware and endpoint defense. In the news, Carbon Black releases Cb Response 6.1, what to ask yourself before committing to a cybersecurity vendor, Malwarebytes replaces antivirus with endpoint protection, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode49

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #129 - June 13, 2017

Jun 14, 2017 19:02

Description:

How to delete an entire company, GameStop suffers a breach, Macs do get viruses, Docker released LinuxKit, and more. Jason Wood of Paladin Security joins us to discuss the military beefing up their cybersecurity reserve on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode129

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #43 - Never Stop Believing

Jun 12, 2017 01:09:40

Description:

The six secrets to starting smart, a startup’s guide to protecting trade secrets, knowing what your customers value, and more articles for discussion. In the news, updates from Netskope, Yubikey, CybelAngel, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode43

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #44 - Selling Ice to an Eskimo

Jun 12, 2017 01:17:51

Description:

Tarun Desikan of Banyan joins us alongside guest host Matt Alderman. In the news, negotiation mistakes that are hurting your deals, hiring re-founders, updates from Hexadite, Amazon, Sqrrl, and more on this episode of Startup Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/SSWEpisode44

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #517 - Welcome To Reality

Jun 10, 2017 02:13:22

Description:

Graham Cluley joins us, our friends at Javelin Networks explain how to defend against performing one-click domain admin attacks, and we discuss the latest information security news!


Full Show Notes: https://wiki.securityweekly.com/Episode517


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #48 - Making Everybody Mad

Jun 9, 2017 45:18

Description:

Paul and John discuss building an internal penetration testing team. In the news, automating all the things, Juniper Networks opens a software-defined security ecosystem, millions of devices are running out-of-date systems, Duo and McAfee join forces, and more in this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode48

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #128 - June 6, 2017

Jun 7, 2017 20:08

Description:

Exploiting Windows 10, mimicking Twitter users, vulnerabilities in new cars, security issues surrounding virtual personal assistants, and more. Jason Wood of Paladin Security joins us to discuss sniffing out spy tools with ridesharing cars on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode128

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #42 - A Holistic Startup Approach

Jun 5, 2017 01:16:18

Description:

Matt Alderman joins us. In the news, how startups can stand out, Honeywell launches a $100 million venture fund, why you should think twice about listening to business gurus, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode42

Visit https://www.securityweekly.com for all the latest episodes!

Paul's Security Weekly #516 - What's The Deal With Backups?

Jun 3, 2017 02:29:27

Description:

Don Pezet of ITPro.TV joins us, Moses Hernandez of Cisco/SANS Institute delivers a tech segment on Node.js, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode516


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #47 - You Burn, You Learn

Jun 2, 2017 01:02:15

Description:

Corey Bodzin of Tenable joins us. In the news, the power of exploits, Carbon Black’s open letter to Cylance, security measures increase due to ransomware attacks, and more in this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode47

Visit https://www.securityweekly.com for all the latest episodes!

Hack Naked News #127 - May 30, 2017

May 31, 2017 24:29

Description:

Bugs found in pacemaker code, NTP is more secure, the most polite hackers ever, Microsoft is patching away, and more. Jason Wood of Paladin Security joins us to discuss government regulation on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode127

Visit https://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #41 - From a Startup Perspective

May 29, 2017 01:07:08

Description:

Don Pezet and Tim Broom of ITPro.TV join us. In the news, starting up on the right foot, the key to growth, marketing automation, financial modeling, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode41

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #515 - Crankin’ Out the Dubs

May 27, 2017 02:05:05

Description:

Dr. Branden R. Williams joins us, Almog Ohayon of Javelin Networks delivers part two of Javelin’s active directory series, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode515


Visit https://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #46 - Sexy Cryptography

May 26, 2017 01:00:11

Description:

Atif Ghauri of Herjavec Group joins us. In the news, stopping insider threats with machine learning, uncovering encrypted threats, end-user experience matters everywhere, and are too many SEIM alerts overwhelming your staff? All that and more in this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode46

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #126 - May 23, 2017

May 24, 2017 22:01

Description:

Booby-trapped subtitles, Netgear is recording your IP and MAC addresses, net neutrality is on the chopping block, and more. Jason Wood of Paladin Security joins us to explain why companies should hack back on this episode of Hack Naked News!

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode126

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #40 - I’m On a Roll

May 22, 2017 01:01:39

Description:

How to come up with worthy startup ideas, why your explainer video matters, and what does “Minimum Viable Product” actually mean, anyway? Paul and Michael give updates on their startup journeys and report on Karamba, Crowdstrike, Wandera, and more on this episode of Startup Security Weekly!


Full Show Notes: https://wiki.securityweekly.com/SSWEpisode40

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #514 - Sausage Asadoorian

May 20, 2017 02:04:16

Description:

Joel Scambray of NCC Group joins us, we show you how to disable SMBv1, and we discuss the latest security news!


Full Show Notes: https://wiki.securityweekly.com/Episode514

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #45 - The Memes Were Great

May 19, 2017 01:08:29

Description:

April Wright of Verizon Enterprise and Matt Ploessel of Markley Group join us to discuss vendor response to WannaCry. In the news, Identropy and Exabeam team up, five pitfalls to avoid during a CASB evaluation, FirstWave partners with Fortinet, and more in this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode45

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #125 - May 16, 2017

May 18, 2017 18:30

Description:

Netflix blocks rooted devices, HP laptops are logging your keystrokes, Google Chrome is vulnerable, and more. Jason Wood of Paladin Security joins us to discuss a global tech support scheme on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode125


Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #124 - The Ransomware Special

May 17, 2017 21:58

Description:

Amanda Rousseau of Endgame joins us to discuss ransomware and malware protection on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode124


Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #39 - Listen With Intent

May 16, 2017 01:13:06

Description:

Bonnie Halper of StartupOneStop joins us. In the news, why companies aren’t startups, how to be insanely well-connected, CyberArk acquires Conjur, and more!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode39

Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

Paul’s Security Weekly #513 - Two iPhones & A Pocket Full of Dongles

May 13, 2017 02:01:45

Description:

Steve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513

Visit http://www.securityweekly.com for all the latest episodes!

Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg

Security Weekly Website: http://securityweekly.com

Follow us on Twitter: @securityweekly

Enterprise Security Weekly #44 - What Are We Bethesing Today

May 13, 2017 56:48

Description:

Ryan Hays of TBG Security joins us. In the news, VMware falls out with Tanium, machine learning at Invincea, the war on legacy IT, Cisco Cloudlock releases an apps firewall, and more in this episode of Enterprise Security Weekly!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode44

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #123 - May 9, 2017

May 10, 2017 19:48

Description:

Phishing in Google’s waters, HandBrake has been compromised, Dell releases patches galore, and more. Jason Wood of Paladin Security delivers expert commentary on how ultrasonic beacons can track your phone on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode123


Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #38 - We Need To Pivot!

May 8, 2017 01:19:29

Description:

Steven Grossman of Bay Dynamics joins us. In the news, why your startup doesn’t necessarily need early stage funding, Cisco acquires Viptela, the risks of startup debt, and why do chefs and soldiers make the best product managers?


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode38

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #512 - It’s All About Length

May 6, 2017 02:32:40

Description:

Javvad Malik of AlienVault joins us, Ferruh Mavituna of Netsparker delivers a demo on second order attacks, and we discuss the security news for the week!


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode512

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #43 - There’s Always Time For Lube

May 6, 2017 53:30

Description:

Don Pezet of ITPro.TV talks about deception technologies and honeypots. In the news, Duo launches its MSP program, Fortscale beefs up its partner programs, integrating threat intelligence into your operations, and more in this episode of Enterprise Security Weekly!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode43

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #122 - May 2, 2017

May 3, 2017 19:49

Description:

Microsoft VB macro barriers have been penetrated, the website that doesn’t let you change your password, IBM flash drives have malware, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on NATO’s cyberwar games on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode122


Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #42 - Patents Like Candy

May 2, 2017 01:01:42

Description:

Paul, John, and Michael discuss building a bug bounty program. In the news, LockPath and SailPoint join forces, Skyhigh Networks announces a cloud security partnership, Acalvio is building deception farms, and more in this episode of Enterprise Security Weekly!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #37 - Speaking the Startup Language

May 2, 2017 01:05:53

Description:

Mike Simon of Cryptonite NTX joins us. In the news, how to drive maximum performance in your business, 6 reasons your small business will fail, how McAfee is securing its future, and how well do you know the language of startups?


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode37

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #511 - HACKER PANTS!!1

Apr 29, 2017 02:40:53

Description:

Mimi Herrmann of Taylor and Francis joins us, Paul delivers part two of his tips on staying secure at conferences, and we discuss the security news for the week!


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode511

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #121 - April 27, 2017

Apr 28, 2017 18:57

Description:

Windows boxes are getting pwned, vulnerabilities in SugarCRM, Ashley Madison is back in the news, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on hacking cars with radio gadgets on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode121

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #36 - A Mousetrap Will Do

Apr 24, 2017 01:06:21

Description:

Roger Courville of EventBuilder joins us. In the news, the number one trait of successful entrepreneurs, SoftBank is investing, the “store of the future,” Jeff Bezos’s annual letter, and more!


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode36

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #510 - Interrupting Myself

Apr 22, 2017 02:19:02

Description:

Phil Zimmermann of Silent Circle and PGP joins us, Paul drops knowledge on staying secure at hacker conferences, and we discuss the security news for the week!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode510

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #41 - Solving Problems

Apr 21, 2017 53:37

Description:

Rami Essaid of Distil networks joins us for an interview. In the news, Cylance battles the malware testing industry, Tanium’s CEO issues an apology, Malwarebytes integrates with ForeScout, and more in this episode of Enterprise Security Weekly!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode41

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #120 - April 18, 2017

Apr 19, 2017 26:20

Description:

Doug White and Jason Wood discuss Cyberpatriot, Shadow Brokers, and more on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode120


Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #35 - Miracle on Startup Street

Apr 17, 2017 01:31:51

Description:

Paul, Michael, and guest host Jeff Man discuss buyer perspective in the startup ecosystem. In the news, Comcast has a new investment, how to close investors, launching startups in crowded markets, and more!


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode35

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #509 - Oh So Nefarious

Apr 15, 2017 02:06:58

Description:

Alex Horan of Onapsis rejoins us, our own Carlos Perez shows us the basics of WMI events, and we review the security news for the week!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode508

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #40 - Huge, Gaping Hole

Apr 14, 2017 58:13

Description:

Gabriel Gumbs of STEALTHbits joins us for an interview. In the news, virtualization-based security, the road to Twistlock 2.0, Trend Micro embraces machine learning, and more in this episode of Enterprise Security Weekly!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #119 - April 11, 2017

Apr 12, 2017 22:25

Description:

Signal patches vulnerabilities, hackers target tornado sirens in Texas, a Microsoft Word 0-day is being used to spread malware, and more. Don Pezet of ITPro.TV offers his expert commentary on this episode of Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode119

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #39 - Aware of the Breach

Apr 11, 2017 54:41

Description:

Paul and Doug discuss incident response and how to disclose the public. In the news, Cisco has new certs, 5 things to consider when building an SOC, CounterTack announces new data loss prevention measures, and more!

Full show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode39

Visit http://www.securityweekly.com for all the latest episodes!

Startup Security Weekly #34 - The Anti-Drone

Apr 10, 2017 01:09:48

Description:

James Gellert of RapidRatings joins us. In the news, 5 reasons to slow or stop the growth of your business, Walmart is working with startups, Cloudera goes public, and more!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode34

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #508 - I’ve Been Overseas Pt. 2

Apr 8, 2017 01:54:30

Description:

Anna Manley of Manley Law Inc. joins us, our very own Jeff Man briefs us on his trip to IBM InterConnect 2017, and we review the security news for the week!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode508

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #118 - April 4, 2017

Apr 5, 2017 29:55

Description:

Doug White fills in in the studio, while the awesome, sheer naked power of Jason Wood fills the airwaves. Anonymous FTP, the Russians, Skynet activates in Connecticut, and the return of Van Eck Phreaking!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/HNNEpisode118

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #33 - Throwing Spaghetti at the Fridge

Apr 3, 2017 01:20:16

Description:

Ira Winkler of Secure Mentem joins us. In the news, how to hire remote employees effectively, the periodic table of security startups, why no business is bulletproof, and more!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/SSWEpisode33

Visit http://www.securityweekly.com for all the latest episodes!

Paul’s Security Weekly #507 - Who’s Your Daddy?

Apr 1, 2017 02:15:53

Description:

Brad Antoniewicz of OpenDNS and BSides NYC joins us, Paul demonstrates how to block ads and malware using Pi-hole, and we discuss the security news for the week!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/Episode507

Visit http://www.securityweekly.com for all the latest episodes!

Enterprise Security Weekly #38 - It’s a Virtual Thing

Mar 31, 2017 38:54

Description:

Paul and John discuss configuration management. In the news, enSilo adds NGAV support, the cure for infectious malware, and what percentage of malware attacks are 0-days? Stay tuned!

Full show notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode38

Visit http://www.securityweekly.com for all the latest episodes!

Hack Naked News #117 - March 28, 2017

Mar 29, 2017 22:29

Description:

LastPass fixes vulnerabilities, Instagram adds 2FA, scammers target iOS porn viewers, and more. Israel Barak of Cybereason joins us to deliver expert commentary on unifying industrial control system security operations into an enterprise SOC. Stay tuned!

Startup Security Weekly #32 - The Greatest Horn of All

Mar 27, 2017 01:09:48

Description:

Kevin O’Brien of GreatHorn joins us. In the news, 5 challenges most entrepreneurs don’t anticipate, 6 ways marketing can shrink the sales cycle, what you need to know about raising seed funding, and more. Stay tuned!

Paul’s Security Weekly #506 - Cut That Thing Free

Mar 25, 2017 01:18:59

Description:

Ferruh Mavituna of Netsparker makes his triumphant return, Paul shows us how to secure your Arlo wireless camera system, and Don Pezet of ITPro.TV gives tips on securing your online backups. Stay tuned!

Hack Naked News #116 - March 21, 2017

Mar 23, 2017 25:09

Description:

The Fappening 2.0 is upon us, hackers escape VMware, thieves are caught using facial recognition software, and more. Don Pezet of ITPro.TV joins us to deliver expert commentary on safe backups. Stay tuned!

Startup Security Weekly #31 - Low Pressure

Mar 20, 2017 01:21:55

Description:

Michael Figueroa of the Advanced Cyber Security Center joins us. In the news, machine learning from an investor’s perspective, 5 skills entrepreneurs need to succeed, AdEspresso joins Hootsuite, and more. Stay tuned!

Paul’s Security Weekly #505 - No Special Flowers

Mar 18, 2017 02:28:14

Description:

Andrew Whitaker of Rapid7 and Render Man of the Internet of Dongs Project join us for interviews, and we discuss the security news for this week. Stay tuned!

Enterprise Security Weekly #37 - You’ve Been Hacked!

Mar 18, 2017 53:10

Description:

Michael Dalgleish of LogRhythm joins us. In the news, LookingGlass debuts a new partner portal, F-Secure acquires Inverse Path, Skyhigh Networks has new CASB patents, and more. Stay tuned!

Hack Naked News #115 - March 15, 2017

Mar 16, 2017 25:51

Description:

Patch Tuesday returns, Android devices have malware, a government spyware maker doxes itself, and more. Jason Wood of Paladin Security delivers expert commentary on the Wikipedia for spies. Stay tuned!

Startup Security Weekly #30 - It’s All Good

Mar 14, 2017 01:02:07

Description:

Steve Tout and Stan Bounev of VeriClouds join us. In the news, AI startups are winning, 8 funding alternatives, CA Technologies acquires Veracode, and more. Stay tuned!

Paul’s Security Weekly #504 - Math is Dead Sexy

Mar 11, 2017 02:15:20

Description:

Hyrum Anderson of Endgame and Keith Hoodlet of Rapid7 and InfoSec Mentors Project join us for interviews, and we cover the latest security news. Stay tuned!

Enterprise Security Weekly #36 - The Programmer’s Workout

Mar 10, 2017 01:01:08

Description:

Don Pezet of ITProTV and Jason Wood of Paladin Security join us to discuss cloud and virtual infrastructure security. In the news, Arista containerizes itself, the CIA slams Wikileaks, Okta buys Stormpath to add identity control, and more. Stay tuned!

Hack Naked News #114 - March 7, 2017

Mar 9, 2017 19:39

Description:

Google and Microsoft announce bug bounty programs, HackerOne releases open source projects, less spam for all of us, and more. Jason Wood of Paladin Security delivers expert commentary on ransomware for dummies. Stay tuned!

Startup Security Weekly #29 - Kickass Folklore

Mar 7, 2017 01:30:31

Description:

Frank Wank of Cybersecurity Factory joins us. In the news, PowerPoint slides that will save you hours on your next deck, 5 of the biggest first-time founder struggles, Palo Alto acquires LightCyber, and when is less more? Stay tuned!

Paul's Security Weekly #503 - Intense, Passionate, Grindr

Mar 4, 2017 02:09:44

Description:

Alan White of Dell SecureWorks and the U.S. Army joins us, our very own Doug White delivers a tech segment on incident response and forensic reporting, and we cover the latest security news. Stay tuned!

Enterprise Security Weekly #35 - Here’s Johnny!

Mar 4, 2017 57:18

Description:

Chris Clymer, Jack Nichelson, and Jason Middaugh of InfoSec World join us. In the news, the first threat intelligence platform compliant with STIX 2.0 is here, LightCyber joins Palo Alto, Flowmon teams up with Ixia, and more. Stay tuned!

Hack Naked News #113 - February 28, 2017

Mar 1, 2017 19:52

Description:

Microsoft browsers are hit with a 0-day, Apple severs ties with Supermicro, IoT toy are spying on kids, and more. Jason Wood of Paladin Security joins us to talk about how the NSA is using cyberattacks for defense!

Startup Security Weekly #28 - Buzzword Compliant

Feb 28, 2017 01:08:28

Description:

Mike Kail of Cybric join us. In the news, Verizon closes in on Yahoo, 8 key ingredients to a profitable consulting business, building a repeatable sales process, and when should you fire yourself? Stay tuned!

Paul’s Security Weekly #502 - Get Off My Virtual Lawn

Feb 26, 2017 02:26:22

Description:

Don Pezet of ITPro.TV joins us, David Fletcher of Symantec delivers a technical segment, and we cover the security news for the week. Stay tuned!

Enterprise Security Weekly #34 - Routh Like South

Feb 25, 2017 01:09:39

Description:

Jim Routh of Aetna and InfoSec World joins us. In the news, Cisco touts next-generation firewall gear, a new decryption tool from Avast, Centrify stops breaches in real time, and more. Stay tuned!

Hack Naked News #112 - February 21, 2017

Feb 23, 2017 21:38

Description:

A lone hacker breaches 60 universities and federal agencies, Yahoo loses $350 million from breaches, more bug bounty programs for porn sites, and is your child a hacker? Jason Wood of Paladin Security joins us to talk about smart city technology that could make military bases more secure!

Startup Security Weekly #27 - The Brown Liquor Edition

Feb 21, 2017 01:30:32

Description:

Scott Kannry and Jason Christopher of Axio join us. In the news, Sophos acquires Invincea, the startup fundraising dictionary, five tough lessons every solopreneur needs to know, and how much is a Shark Tank appearance worth? Stay tuned!

Paul’s Security Weekly #501 - The Christian Slater Hacking Edition

Feb 18, 2017 02:12:47

Description:

David Conrad of ICANN joins us, Carrie Roberts of Black Hills InfoSec breaks all the firewalls, and we discuss the security news for the week. Stay tuned!

Enterprise Security Weekly #33 - I’ve Seen Things

Feb 18, 2017 38:45

Description:

Paul and John review the CISO Manifesto and deliver the top 10 rules for security vendors. In the news, Nerdio partners with CensorNet, ThreatConnect reveals a new threat intelligence product suite, free cyberthreat hunter and defender tools for security analysts, and more. Stay tuned!

Hack Naked News #111 - February 14, 2017

Feb 16, 2017 20:44

Description:

Microsoft delays Patch Tuesday, WordPress continues to fail at failing, Valve eradicates a Steam bug, ransomware that makes you do terrible things, and more. Jason Wood of Paladin Security joins us to talk about a father and son who created access to a supercomputer via voice commands!

Enterprise Security Weekly #32 - Sell It on eBay

Feb 15, 2017 01:39:35

Description:

Lior Frenkel of Waterfall Security joins us. In the Enterprise News, CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more. Stay tuned!

Startup Security Weekly #26 - Investing is a Marriage

Feb 14, 2017 01:25:19

Description:

William Lin of Trident Capital Cybersecurity joins us. In the news, 12 KPIs you need to know before pitching your startup, VC firms back a record number of cybersecurity startups in 2016, and why should entrepreneurs think like farmers? Stay tuned!

Paul’s Security Weekly #500 - NUMBER 500!

Feb 11, 2017 01:58:33

Description:

Paul and a dozen infosec professionals celebrate episode 500 by hosting roundtable discussions on IoT security and penetration testing. Stay tuned!

Hack Naked News #110 - February 7, 2017

Feb 9, 2017 18:13

Description:

Android vulnerabilities are patched, your TV is watching you, iOS apps are vulnerable, the lamest crypto bug, and more. Jason Wood of Paladin Security joins us to talk about a former NSA contractor who may have stolen 75% of TAO’s elite hacking tools!

Startup Security Weekly #25 - Bald is Beautiful

Feb 7, 2017 01:16:01

Description:

Archie Agarwal of ThreatModeler joins us. In the news, how to prevent startup burnout, five IoT cybersecurity predictions for 2017, three tips to help entrepreneurs make the right sacrifices, and what exactly is your income statement telling you? Stay tuned!

Paul’s Security Weekly #499 - 126,253 Somersaults

Feb 4, 2017 02:18:07

Description:

Katherine Teitler of MISTI joins us, Nathaniel "Q" Quist of LogRhythm delivers a technical segment, and we cover the latest security news. Stay tuned!

Enterprise Security Weekly #31 - It’s For the Screams

Feb 4, 2017 01:06:27

Description:

Matt Alderman of Tenable joins us. In the Enterprise News, Distil Networks wants to leverage device fingerprints, Exabeam reveals its latest security intelligence program, HPE acquires Niara, and more. Stay tuned!

Hack Naked News #109 - January 31, 2017

Feb 1, 2017 24:03

Description:

Don Pezet of ITPro.TV joins us to discuss why a luxury hotel has gone analog, ransomware shutting down security cameras, and more hacking news. Stay tuned!

Startup Security Weekly #24 - Keep It Simple

Jan 31, 2017 01:17:09

Description:

Eddy Bobritsky of Minerva Labs joins us. In startup news, GFI acquires Kerio, why 2017 will be tough for seed startups, the MVP you’ve probably never heard of, why your product team is failing, and more. Stay tuned!

Paul’s Security Weekly #498 - Cable Management 101

Jan 28, 2017 02:29:07

Description:

Chris Kubecka of HypaSec joins us, our very own Jeff Man documents his trip to HP's headquarters, and we discuss the security news for the week! Stay tuned!

Enterprise Security Weekly 30 - The Bringer of Bad News

Jan 27, 2017 01:01:07

Description:

Jayne Groll and Alan Shimel join us. In the news, SyferLock announces a technology alliance with OpenIAM, RiskIQ strengthens their digital threat mitigation capabilities, RiskSense Platform 7.0 is here, and more. Stay tuned!

Hack Naked News #108 - January 25, 2017

Jan 26, 2017 16:43

Description:

Firefox attempts to protect users, Android threats that matter (and one that doesn't), Cisco patches a critical flaw, and more. Jason Wood of Paladin Security joins us to discuss the Attorney General's stance on encryption. Stay tuned!

Startup Security Weekly #23 - Watching Neurons Pop

Jan 25, 2017 01:13:53

Description:

Ron Gula joins us. In startup news this week, we talk about 9 ways to distance your business from cyber attacks, lessons learned from Target, 11 free tools every first-time entrepreneur should use, and can your startup generate venture-scale returns? Stay tuned!

Paul’s Security Weekly #497 - This One Time at ShmooCon

Jan 21, 2017 02:17:38

Description:

Jason Blanchard of SANS and Bruce Potter of ShmooCon join us, and we discuss the security news for this week. Stay tuned!

Enterprise Security Weekly #29 - Tell Us How You Really Feel!

Jan 20, 2017 57:09

Description:

Zane Lackey of Signal Sciences joins us. In this week’s news, how to choose the right distributed ledger program, Ixia and K2 integrate IoT platforms, SyferLock announces multi-factor authentication integration, and is a new antivirus program really the next generation of security?

Hack Naked News #107 - January 17, 2017

Jan 18, 2017 27:22

Description:

Israel Barak of Cybereason joins us to discuss endpoint security, malware, ransomware, and more news stories in this week’s episode of Hack Naked News!

Startup Security Weekly #22 - Happy Friday the 13th!

Jan 16, 2017 01:25:27

Description:

Bob Stratton of Mach37 joins us. In startup news this week, we talk about getting your metrics together, why founders fail to market their products, and does communication determine the success of your business? Stay tuned!

Paul’s Security Weekly #496 - Hacking Pancakes

Jan 14, 2017 01:52:42

Description:

Lesley Carhart of Motorola Solutions joins us, Beau Bullock delivers a tech segment on bypassing antivirus programs using Android, and we discuss the security news for this week. Stay tuned!

Hack Naked News #106 - January 11, 2017

Jan 12, 2017 31:55

Description:

The world’s easiest bug bounty program, Shamoon’s capabilities spread to desktops, the fridge who loved me, and are Geek Squad techs working for the FBI? Find out in this week’s edition of Hack Naked News!

Startup Security Weekly #21 - Foster Your Thinking

Jan 10, 2017 01:14:40

Description:

Justin Foster of Foster Thinking joins us In startup news this week, we talk about DIY home security suites, a cybersecurity company’s biggest 2016 failure, and what should you expect as a tech startup in 2017? Stay tuned!

Paul’s Security Weekly #495 - Two Drops

Jan 7, 2017 02:25:34

Description:

Joe McCray of Strategic Security joins us, Doug White will give us an introduction to forensic data carving using FTK, and we discuss the security news for this week. Stay tuned!

Enterprise Security Weekly #28 - Cyber Insurance

Jan 6, 2017 56:14

Description:

Michael Santarcangelo joins Paul and John to discuss cyber insurance. In this week’s news, HP debuts new IoT devices, Bitdefender’s second BOX is here, FireMon announces support for Check Point R80, and more!

Hack Naked News #105 - January 3, 2017

Jan 5, 2017 10:47

Description:

0day vulnerabilities in storage devices, why VMware sucks at key management, how to un-ransomware your Google TV, and did Russia really tamper with the 2016 election? All that and more on this edition of Hack Naked News!

Hack Naked News #104 - December 28, 2016

Dec 29, 2016 06:52

Description:

Two critical vulnerabilities you will want to patch before 2017 and a free tool to keep ransomware off the new gadgets you received over the holidays.

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_104_December_28_2016

Visit http://hacknaked.tv to get all the latest episodes!

Paul's Security Weekly #494 - Three-Part Staffs and Self-Heating Toilets

Dec 24, 2016 02:20:06

Description:

Eric “Munin” Rand of Brown Hat Security joins us, Joshua Marpet and Scott Lyons deliver a tech segment on credit cards escaping the Cardholder Data Environment, and we cover the security news for the week. Stay tuned to our last episode of 2016!

Enterprise Security Weekly #27 - Using Ubuntu With Windows 10

Dec 23, 2016 12:38

Description:

Our very own John Strand delivers a technical segment on integrating Ubuntu with Windows 10. Learn this invaluable skill here on Enterprise Security Weekly!

Startup Security Weekly #20 - Pivot or Adjustment?

Dec 19, 2016 01:22:40

Description:

Chad Boeckmann of Secure Digital Solutions joins us for an interview. In startup news this week, we talk about why many boom-time startups are fizzling out, the average age of startup founders, why Johnson & Johnson is getting into startups, and much more. Stay tuned!

Paul’s Security Weekly #493 - The Dishwasher Analogy

Dec 17, 2016 01:54:27

Description:

Dave Shackleford of Voodoo Security and SANS joins us, Paul delivers a tech segment on his new Linux laptop, and we cover the security news for the week. Stay tuned!

Enterprise Security Weekly #26 - The Art of the Scrum

Dec 16, 2016 52:36

Description:

Don Pezet of ITPro.TV is back to talk about non-security skills for the enterprise security professional and the enterprise news for the week. Stay tuned!

Startup Security Weekly #19 - Burning Ten Million Dollars

Dec 12, 2016 01:14:10

Description:

Josh Lefkowitz and Chris Camacho of Flashpoint join us for an interview. In startup news this week,promising equity against issuing equity, why someone burned $10 million so you don’t have to, and we ask the age-old question: are you taking enough risks?  and more. Stay tuned!

Paul’s Security Weekly #492 - I Agree

Dec 10, 2016 01:51:13

Description:

Ferruh Mavituna of Netsparker joins us, Ofri Ziv of GuardiCore shows us how the Oracle of Delphi will steal your credentials, and we discuss the security news for this week. Stay tuned!

Enterprise Security Weekly #25 - Bridging The Gap

Dec 9, 2016 49:18

Description:

Don Pezet of ITPro.TV joins us for an interview regarding the IT security skills gap, and we discuss the enterprise news for the week. Stay tuned!

Hack Naked News #103 - December 6, 2016

Dec 8, 2016 09:49

Description:

The USB killer is on the loose, why you shouldn’t use Visa, Obama challenges the Trump administration (sorta), the dumbest car thief of the week, and much more on this edition of Hack Naked News!

Startup Security Weekly #18 - Crime In Meatspace

Dec 5, 2016 01:18:36

Description:

Michael Tanji of Wapack Labs joins us for an interview. In startup news, what mistakes to avoid in product development, how to measure success, the 5 habits you should abandon as your startup grows, and much more. Stay tuned!

Paul's Security Weekly #491 - Embrace Change

Dec 3, 2016 02:12:09

Description:

John Hurd and Alex Valdivia of ThreatConnect join us, Jimmy Mesta of Invoca and OWASP gives tips on containerizing your security operations center, and we talk security news for the week. Stay tuned!

Enterprise Security Weekly #24 - Goatse Authentication

Dec 2, 2016 51:03

Description:

SecureAuth aims to protect mobile users, Palo Alto Networks automates cloud security deployment on AWS, the cybersecurity skills shortage (and what you can do about it), and more. Our topic for this week is defending against attackers and pen testers. Stay tuned!

Hack Naked News #102 - November 29, 2016

Nov 30, 2016 10:36

Description:

WordPress security gets another black mark, free transit rides for all in San Francisco, routers are hacked again, NTP is vulnerable, why buy when you can rent....a botnet, that is, backdooring Android, and a popular porn site is the victim of a data breach. Stay tuned!

Take the Security Weekly Survey: www.securityweekly.com/survey

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_102_November_29_2016

 

Hack Naked News #101 - November 23, 2016

Nov 24, 2016 06:25

Description:

Rumors of a new director of national intelligence, ATMs spill money into the streets of China, real security requires a hedgehog, and Oracle buys a now famous DNS company, all that and more on Hack Naked News!

eph2nih8

Startup Security Weekly #17 - Not Afraid To Make A Mistake

Nov 22, 2016 01:17:24

Description:

Tyler Shields of Signal Sciences joins us for an interview, we review some listener feedback, and discuss the startup news for the week. Stay tuned!

Paul's Security Weekly #490 - Lobotomized Cocktails

Nov 19, 2016 02:22:23

Description:

Jen Ellis and Harley Geiger of Rapid7 join us, Alex Horan and Sebastian Bortnik of Onapsis will be giving a trends report for 2016, and we discuss the security news for the week. Stay tuned!

Enterprise Security Weekly #23 - An Open Source Enterprise Security Program?

Nov 19, 2016 51:00

Description:

Can you use open-source firewalls, IDS, networking monitoring, SEIM, and more to defend your enterprise? Find out with Paul and John on Enterprise Security Weekly!

Hack Naked News #100 - November 16, 2016

Nov 17, 2016 11:31

Description:

Chinese company installed secret backdoor on hundreds of thousands of phones, hacking team back for your Android, major linux holes gapes open, and much more, here on Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_100_November_2016#Hack_Naked_News_Announcement

Take the Security Weekly Survey: www.securityweekly.com/survey

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #16 - I'm Not Paul

Nov 15, 2016 01:14:36

Description:

Michael is joined by Joshua Marpet and Scott Lyons to talk about their experience building and supporting security startups. In the news, Owler's Cryptzone profile, Illumio releases new templates that offer better security, and why the top entrepreneurs are seeking corporate venture money. Stay tuned!

Paul's Security Weekly #489 - Crotches On Fire

Nov 12, 2016 02:00:24

Description:

Greg Foss of LogRhythm joins us, our tech segment covers a Outlook Web Access two-factor authentication bypass, and we chat security news for the week. Stay tuned!

Enterprise Security Weekly #22 - Magical Unicorns

Nov 12, 2016 46:27

Description:

Our topic is incident response in the enterprise. We also discuss OneLogin acquiring Sphere Secure Workspace, Synopsys acquiring Cigital, Codiscope bolstering its security portfolio, Gartner's latest report on the CASB market, and much more here on Enterprise Security Weekly!

Paul's Security Weekly #488 - Thank God I Dont Have A Soul

Nov 5, 2016 01:50:35

Description:

David Koplovitz of ProXPN joins us, our technical segment covers considerations for using Intel SGX, and we talk about the security news for this week. Stay tuned!

Enterprise Security Weekly #21 - Using Bro In The Enterprise

Nov 5, 2016 47:57

Description:

Rapid 7 makes a strategic integration, should you use artificial intelligence in your enterprise to replace your workforce?, what is your DDoS mitigation strategy?, a big social media company sets out to create an open-source project that will stick it to Cisco, and Amazon sucking it in the cloud (but not like that). Stay tuned!

Startup Security Weekly #15 - Efflux Capacitor

Nov 5, 2016 54:51

Description:

Adam Bixler of Efflux Systems joins us. In startup news, the 3 most abstract tips to make your startup succeed, the 5 best presentation apps for your startup needs, non-expensive ways to make your small business feel big, and much more. Stay tuned!

Hack Naked News #99 - November 3, 2016

Nov 4, 2016 07:00

Description:

A popular cloud based website hosting company could become the next myspace, more powerful IoT botnet, browser vendors lack trust in 2CAs, and some, including myself about an election day hack. All that and more, so stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_99_November_2016

Take the Security Weekly Survey: www.securityweekly.com/survey

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #14 - Relocating For Gigabit Networks

Nov 1, 2016 54:58

Description:

Brian Beyer of Red Canary joins us, and we discuss updates on Paul's and Michael's startup journeys, the 22 most active celebrity startup investors, and much more. Stay tuned!

Paul's Security Weekly #487 - Jack's Security Weekly

Oct 29, 2016 01:56:00

Description:

Chris Roberts of Acalvio Technologies joins us, Mark Dufresne of Endgame tells us why signatures suck, and we discuss the security news for the week. Stay tuned!

Enterprise Security Weekly #20 - Multi-Factor Authentication

Oct 29, 2016 51:05

Description:

Carahsoft adds Okta ID, FireMon acquires FortyCloud, why Juniper Networks stock soared today, and much more. Stay tuned!

Hack Naked News #98 - Don Pezet, ITPro.TV

Oct 27, 2016 18:10

Description:

Don Pezet joins us from ITPro.TV, to talk about how to secure those devices that hackers have been taking advantage of.


Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #13 - Gimme Some Moore

Oct 23, 2016 01:11:49

Description:

HD Moore, founder of the Metasploit project, joins us for an interview. In startup news, we talk about  the differences between Angel and VC investments, expanding the concept of entrepreneurship, is running a startup for you?, how to become a cybersecurity entrepreneur in a crowded market, and making your elevator pitch more memorable. Stay tuned!

Paul's Security Weekly #486 - Gimme Some Wood

Oct 22, 2016 01:42:06

Description:

Adrien de Beaupre joins us to discuss "So You Wanna Be A Pen Tester?", we cover fixing pen test findings and XMLRPC, and talk security news. Stay tuned!

Hack Naked News #97 - October 18, 2016

Oct 19, 2016 06:56

Description:

Microsoft and Adobe, Guccifer, and ransomware! Hack Naked News with Aaron Lyons!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_18_2016

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #12 - A Handwritten Thank You

Oct 18, 2016 01:00:49

Description:

We tell you how to spot a bad Kickstarter, inside the mind of a venture capitalist, how to be disruptive with your startup, and how to stop hackers from destroying your startup. Stay tuned!

Paul's Security Weekly #485 - Thank You, Greenland

Oct 18, 2016 02:14:28

Description:

Scott Lyons of WarCollar Industries and Joshua Marpet of CyberGRC join us, our listener feedback segment discusses drinking from the infosec fire hose, and we talk security news for the week. Stay tuned!

Enterprise Security Weekly #19 - Defending IoT Devices

Oct 14, 2016 43:34

Description:

Securing your data, an account security solution or ASS?, and securing IoT in the Enterprise!

Hack Naked News #96 - October 11, 2016

Oct 12, 2016 06:38

Description:

Tons and tons of Ransomware and Cisco! All that and more with Aaron Lyons on Hack Naked News!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_11_2016

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #11 - The Magic of Momentum

Oct 11, 2016 01:01:33

Description:

We discuss magical momentum, how to build online trust, pivotal stories every startup leader should be able to tell, and more. Stay tuned!

Paul's Security Weekly #484 - SECOND LIFE

Oct 8, 2016 01:39:28

Description:

Cody Pierce from Endgame will talk about pre-exploit prevention. Security news will discuss Yahoo! spying, Mirai source code lessons learned, and more! Our interview this week is with Ed Skoudis of Counterhack Challenges and the SANS Institute. Stay tuned!

Enterprise Security Weekly #18 - Darkweb Monitoring

Oct 8, 2016 42:50

Description:

Juniper's bug push into security, a big endpoint player goes IPO, and a firewall company enters the Anti-Virus game. The topic for this week is Darkweb monitoring, is it really worth it and how can it help your enterprise? Stay tuned!

Hack Naked News #95 - October 4, 2016

Oct 6, 2016 05:44

Description:

WoSign, Cisco, Ransomware, and Linux crash! All that and more, so stay tuned!
Visit http://hacknaked.tv to get all the latest episodes!

Paul's Security Weekly #483 - Jack Hacks Back

Oct 1, 2016 01:53:32

Description:

We interview Ferruh Mavituna of Netsparker, discuss shadow IT in our listener feedback, and discuss our security news. Stay tuned!

Enterprise Security Weekly #17 - Security Training For Enterprises

Oct 1, 2016 49:21

Description:

A behavior analytics company has a new release, endpoint security for vulnerabilities and threats, outsource your threat hunting, get with the flow on your network, and waiting in the wings to get bought. Plus, John and I discuss security training for the enterprise, what will work work best for you?

Hack Naked News #94 - September 27, 2016

Sep 28, 2016 06:40

Description:

Hack Naked coversthis week, CompTIA Security, CISSP, CEH v9, and Red Hat Linux. All that and more on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Startup Security Weekly #10 - Technical Debt

Sep 28, 2016 01:12:41

Description:

A listener feedback segment on technical debt, we delve into more listener requests, and in our news stories, we discuss how freemium can work for you, seven common mistakes entrepreneurs make, and more. Stay tuned!

Enterprise Security Weekly #15 - "Documentation"

Sep 28, 2016 01:06:41

Description:

Microsoft partners with Ping, CyberArk gets a new patent, yet even more behavior based endpoint protection, Intel sells McAfee, teaming up with MSPs, and embracing change in the cloud. Stay tuned!

Security Weekly #482 - Shell Yeah

Sep 24, 2016 01:29:45

Description:

Kobi and Doron Naim of Cyberark Labs join us, Paul shows us how to try to make a secure shell script, and we discuss TMobile's free network, Cisco's injection flaw warning, and more, so stay tuned!

Enterprise Security Weekly #16 - Privileged Alphabet Soup

Sep 24, 2016 57:58

Description:

Runtime application self-protection market shows growth, cloud-based access provider new single sign-on for SAS, Oracle bought someone, and privileged identity management. Stay tuned!

Security Weekly #467 - It's Not About the Gin

Sep 24, 2016 01:58:47

Description:

This week we interview Jon Searles and Will Genovese, the founders of the NESIT hacker space and organizers of Bsides Connecticut.

Security Weekly Web Site: http://securityweekly.com
Follow us on Twitter: @securityweekly

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode467#Interview:_Jon_Searles_and_Will_Genovese_from_BSidesCT_and_NESIT

Hack Naked News #93- September 22, 2016

Sep 23, 2016 09:02

Description:

Lots of Ransomware, Cisco, Lauri Love news, S.W.I.F.T, and Yahoo! gets hacked! All that and more on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Security Weekly #481 - "I've Been Overseas! I've Been To Canada!"

Sep 17, 2016 02:06:17

Description:

Josh Abraham of Praetorian and co-host Matthew Alderman of Tenable join us in-studio and we discuss internet-connected vibrator lawsuits. Stay tuned!

Hack Naked News #92 - September 15, 2016

Sep 16, 2016 06:33

Description:

Malware, Mysql exploits, and ransomeware ransomeware ransomeware! Here on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked News #91 - September 13, 2016

Sep 14, 2016 06:37

Description:

Aaron Lyons tells us what he does here on Hack Naked TV. Tyler interviews Aaron Lyons on this subject.

Visit http://hacknaked.tv to get all the latest episodes!

Enterprise Security Weekly #14 - Super Cyberman

Sep 10, 2016 54:56

Description:

McAfee trademark dispute, customers want large security vendors, do you trust your pin in the cloud, CyberArk struggles, and embrace change! Enterprise Security User Awareness Training and Paul dancing!

Security Weekly #480 - "Cyber Hygiene Is Bullsh*t"

Sep 10, 2016 02:08:08

Description:

We chat with Marcus J. Ranum of Tenable, pit ODROID against Raspberry Pi, and introduce you to USBee in our security news. All that and more, so stay tuned!

Hack Naked News #90 - September 8, 2016

Sep 9, 2016 04:51

Description:

Gucifer, Sophos Blue Screen, and Sundown Exploit Kit here on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Security Weekly #479 - "Encryption Decreases Security"

Sep 3, 2016 02:07:34

Description:

Joshua Corman of Cyber Statecraft Initiative joins us, our listener feedback segment covers "Magic Wiffle Dust", and in our security news, Dropbox has been breached (again). Stay tuned!

Hack Naked News #89 - September 1, 2016

Sep 2, 2016 12:16

Description:

Aaron talks with Paul Paget, CEO of Pwnie Express, about the Pwn Phone being on the USA network hit show Mr. Robot.

Full Show Notes:
http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_September_01_2016

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked News #88 - August 30, 2016

Aug 31, 2016 05:54

Description:

Ios Zero Days, Russian Hacker convicted in the US, and a certificate authority makes a blunder. Here on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Enterprise Security Weekly #13 - To MSSP or not to MSSP

Aug 28, 2016 43:48

Description:

Threat Intelligence gets funding, Security products in the cloud, incorporating virus totaling in your products, two factor authentication for voice-over IP. To MSSP or not to MSSP is the question. All that and more on Enterprise Security Weekly! 


Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode13

Visit http://securityweekly.com/esw for all the latest episodes!

Security Weekly #478 - "Making Love With Kangaroos"

Aug 27, 2016 01:57:01

Description:

We interview Heather Mahalik from SANS Institute on mobile phone forensics, our listener feedback segment will be The Host's Perspective, and our security news covers Facebook facial recognition, hacking smart cities, and why Ashley Madison has agreed to a security overhaul. Stay tuned!

Hack Naked News #87 - August 25, 2016

Aug 27, 2016 05:58

Description:

Updates on the Shadowbroker dump, Malware on Wiki Leaks, and some brand new ransomware!

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked News #86 - August 24, 2016

Aug 25, 2016 06:31

Description:

Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON.

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked TV - August 22, 2016

Aug 23, 2016 15:39

Description:

Event Viewer UAC bypass, AppWhitelisting Bypass, 80% of Android Devices vulnerable to Hijacking, PowerShell Open Sourced, and Tool of the Week! - DataSploit.

Visit http://hacknaked.tv to get all the latest episodes!

Security Weekly #477 - "Learning Kung Fu By Getting Your Ass Kicked"

Aug 20, 2016 02:03:25

Description:

We interview Alex Horan from Onapsis, discuss pros and cons of being a contractor, and talk about why Snowden thinks it's Russia's fault. Stay tuned!

Enterprise Security Weekly #12 - Detecting Rogue In The Enterprise

Aug 19, 2016 41:35

Description:

Integration in the enterprise security space, Cisco cuts its work force, and Pwnie Express Paul Paget.

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode12

Visit http://securityweekly.com/esw for all the latest episodes!

Hack Naked TV - August 18, 2016

Aug 19, 2016 06:33

Description:

Well the “shortage” of IT and InfoSec Professionals made have just been solved by Cisco. Yesterday Cisco announce it is planning to cut 5,500 jobs from its workforce. The layoffs will supposedly allow the company to invest in key priorities such as security, IoT, collaboration, next generation data center and cloud.

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked TV - August 16, 2016

Aug 17, 2016 06:18

Description:

NSA hacked by the "Shadowbrokers", Scolex malware, Cerber ransomware, and hacking naked! News on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Security Weekly #476 - "Why Am I So Sticky?"

Aug 13, 2016 02:17:42

Description:

Lance James of Flashpoint joins us in-studio this week, Joff walks us through TachyonNet, and we discuss this year's Pwnies. All that and more, so stay tuned!

Enterprise Security Weekly #11 - Documentation and Quotes

Aug 13, 2016 44:38

Description:

This week Logrhythm has a free network monitoring tool, SAP HANA, the hottest technology you didn't see at Blackhat, free anti-ransomware, Beyondtrust product announcement and traps.

Visit http://securityweekly.com/esw for all the latest episodes!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode11

Hack Naked TV - August 11, 2016

Aug 12, 2016 05:56

Description:

This week on Hack Naked TV, Aaron Lyons discusses all the news during Hacker Summer Camp. So stay tuned!

Security Weekly #475 - "An Unbalanced Balance"

Jul 30, 2016 01:53:50

Description:

This week, Federico Kirschbaum of Infobyte and Faraday joins us. Our Listener Feedback segment discussing balancing life and work. In security news, Verizon buys Yahoo, hackers sniffs your keystrokes from nearby, and vulnerabilities and light bulbs. Stay tuned!

Enterprise Security Weekly #10 - It's For Stupid People

Jul 29, 2016 40:51

Description:

User behavior analytics wins and fails, the top 10 emerging security vendors (according to some), and virtually testing your network, all that and more so stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode10

Hack Naked TV - July 28, 2016

Jul 29, 2016 06:13

Description:

Aaron Lyons discusses Lastpass, Malicious Insider, and Hacker Summer Camp! Watch all the latest security news every week, here on Hack Naked TV!

Visit http://hacknaked.tv to get all the latest episodes!

Hack Naked TV - July 26, 2016

Jul 27, 2016 05:26

Description:

This week Aaron Lyons talks about Powerware, no more Ransomware, and HIPAA! All that and more on Hack Naked TV!

Security Weekly #474 - "Segway Segue"

Jul 23, 2016 01:57:26

Description:

This week on Security Weekly, John Kindervag from Forrester joins us! Paul and Rick Farina demonstrate Bluetooth scanning using the PwnPad4 and Blue Hyrda. In security news, we show you how to cheat in Pokemon Go. Stay tuned!

Hack Naked TV - July 21, 2016

Jul 22, 2016 05:12

Description:

This week on Hack Naked TV, Aaron Lyons talks about httpoxy, Neutrino Exploit Kit, and Ubuntu. All that and more, so stay tuned!

Hack Naked TV - July 19, 2016

Jul 21, 2016 10:40

Description:

This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.

Security Weekly #473 - "Blackholing Your Python"

Jul 20, 2016 02:05:13

Description:

This week on Security Weekly, Bob Stratton of Mach37 joins us. Joff will write a Python script that can download malware domain name lists from a URL, and create a DNS blackhole bind9 based configuration file on the domain names obtained. In security news, we discuss Pokemon Go, an FDIC hack, and more. Stay tuned!

Enterprise Security Weekly #9 - Sniffing Each Others' Farts

Jul 16, 2016 27:08

Description:

This week in the news no excuses to go Phish yourself, a services vendor helps you identify risk, the #1 privileged identity management solution (According to some), and a huge blow to the Endpoint Security Agent market. And we'll talk about how to secure your SDLC. All that and more so stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode8

Hack Naked TV - July 14, 2016

Jul 15, 2016 05:44

Description:

This week on Hack Naked TV, Aaron Lyons talks about Sundown exploit kit, Store Communications Act, and FDIC Hacked. All that and more, so stay tuned!

 

Hack Naked TV - July 12, 2016

Jul 13, 2016 06:44

Description:

Aaron Lyons will be talking about S.W.I.F.T. Network, Ransomware, Angler Exploit Kit, and Pokemon Go! Here on Hack Naked TV!

Security Weekly #472 - "Ten Points to Gryffindor"

Jul 9, 2016 01:53:43

Description:

Tonight on Security Weekly, we chat with Elizabeth Gossell, a Product Strategist at Tenable. Paul shows us how to block ads and malware using Bind DNS. Stay tuned!

Hack Naked TV - July 7, 2016

Jul 9, 2016 06:18

Description:

I’m your host Aaron Lyons and today I’ll be talking about Palo Alto’s upcoming CTF, Update on Symantec’s most recent vulnerabilities, and password sharing conviction.

Hack Naked TV - July 5, 2016

Jul 6, 2016 06:03

Description:

Welcome to another episode of Hack Naked TV recorded July 5th 2016. Your host, Aaron Lyons, will be covering Zepto, Facebook, and Privacy Shield. All that and more, so stay tuned!

Security Weekly #471 - "Bash vs Python"

Jul 2, 2016 02:05:15

Description:

This week on Security Weekly, SANS instructor Mark Baggett joins us for an interview! Our tech segment covers how to build your own PfSense firewall. Paul, Larry, and Joff cover their security news stories of the week. Stay tuned!

Hack Naked TV - June 30, 2016

Jul 1, 2016 04:46

Description:

I'm your host Aaron Lyons and today I'll be covering password re-use attackes, symantec, and another SWIFT bank heist.

Enterprise Security Weekly #8 - Securing "Air Gapped" Networks

Jul 1, 2016 38:40

Description:

Cisco makes an acquisition in cloud security, Palerra claims a first in the same space, Crowdstrike bundles prevent breaches? And Barracuda makes it easier to give them money for Next-Gen firewalls, all that and more so stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode8

Security Weekly #470 - "Fsck Cancer"

Jun 25, 2016 02:16:33

Description:

This episode is dedicated to Jennifer Collis. This week on Security Weekly, Cory Doctorow of craphound.com joins us to discuss all things security! Pentoo dev Rick Farina stops in to talk about the new Pwn Pad4 as well. Stay tuned!

Hack Naked TV - Interview with Don Pezet

Jun 24, 2016 21:18

Description:

Welcome to another Hack TV, this episode we have a special interview with Don Pezet from IT Pro. Stay Tuned!

Full Wiki Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_June_23_2016

Enterprise Security Weekly #7 - Web Application Scanning

Jun 23, 2016 36:59

Description:

This week on Enterprise Security Weekly, tenable makes a strategic partnership to ease authenticated vulnerability scanning, avast announces a much faster antivirus engine, Risksense unveils cyber risk scoring that allows some other kind of scoring that you might be familiar with, and alert logic goes into the cloud. All that and more, so stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode7

Hack Naked TV - June 21, 2016

Jun 23, 2016 09:33

Description:

This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV!

Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16

Security Weekly #469 - "I Thought It Was Beer"

Jun 18, 2016 02:12:48

Description:

This week on Security Weekly, we welcome Paul back to the studio! Doug White and Jeff Mann join us in-studio to pick Russell Beauchemin's brain about his telepresence robot. Security news covers GitHub's password woes, the BadTunnel vulnerability, and Microsoft OLE. All that and more, so stay tuned!

Hack Naked TV - June 16, 2016

Jun 17, 2016 06:53

Description:

I'm your host Aaron Lyons and today I'll be covering Microsoft, hard drive decryption, ISIS hackers, and GitHub.

Hack Naked TV - June 14, 2016

Jun 15, 2016 05:40

Description:

Welcome to another episode of Hack Naked TV. Recorded June 14th 2016. Aaron Lyons will be covering Symantec buying Bluecoat, Microsoft buying linkedin, Michael Thomas and the CFAA, and the Pentagon bug Bounty.

Security Weekly #468 - Chris Poulin, X-Force

Jun 14, 2016 01:47:06

Description:

This week on Security Weekly, Larry serves as our interim host alongside co-host Russell Beauchemin, who will be in studio with our guest Chris Poulin. Larry will discuss with Russell about his new Hololens! They talk about Typo squatting package managers, 20 years of red teaming, Spear Phishing, how InfoSec is a sham, and GPS DoS.

Hack Naked TV - June 9, 2016

Jun 10, 2016 06:01

Description:

Welcome to another episode of Hack Naked TV recorded June 9th 2016. I’m your host Aaron Lyons and today I’ll be talking about Ransomare, Angler, and the Swift Network.

Hack Naked TV - June 2, 2016

Jun 5, 2016 07:20

Description:

Hack Naked News covers Team Viewer, Myspace gets hacked, Infoblox, Ransomware, and Darkode! Here on Hack Naked TV!

Enterprise Security Weekly #6 - IDS/IPS

Jun 4, 2016 38:31

Description:

This week is, well, rough, ServiceNow buys threat intelligence company, memory scanning in the hypervisor, and next-generation network segmentation and NAC, and John and I discuss the evolution of IDS and IPS!

Full Show Notes Here: http://wiki.securityweekly.com/wiki/index.php/ES_Episode6

Visit http://securityweekly.com/esw for all the latest episodes!

Hack Naked TV - May 31, 2016

Jun 2, 2016 07:16

Description:

Hack Naked TV, hosted by yours truly, Aaron Lyons! This week he will bring up the Bangladesh Heist, the battle between Google VS Oracle, Rob Graham's Port Scanning, and he'll rant on Ransomware!

Security Weekly #466 - "8-Inch Floppy"

Jun 2, 2016 01:57:16

Description:

This week on Security Weekly, we interview Wade Baker, Vice President of ThreatConnect! Paul, Jack, Jeff, and Larry address listener feedback and questions. Paul discusses, Jeremiah Grossman, Apple hiring crypto-wizard Jon Callas to beef up security, Google killing passwords on Android, and lots more in Security News.

Hack Naked TV - May 26, 2016

Jun 1, 2016 05:35

Description:

Do you know who Guccifer is? He could hack your email! Aaron Lyons talks about Guccifer, the Bangladesh Heist, and $12 million was stolen from an Ecuadorean bank.

Enterprise Security Weekly #5 - "SEIM"

Jun 1, 2016 40:23

Description:

"Cyber Deception" comes to Defcon and IoT, Cisco makes a push for Voice over WiFi, Sumo Logic monitors your Lambdas, and identity management integrates with SEIM? All that and more so stay tuned!

http://wiki.securityweekly.com/wiki/index.php/ES_Episode5

Enterprise Security Weekly #2 - Threat Intelligence

May 29, 2016 43:51

Description:

Do you know what Macworld and Cloudflare are? Paul and John Strand talk about these topics and Threat Intelligence!

http://wiki.securityweekly.com/wiki/index.php/ES_Episode2

Security Weekly Web Site: http://securityweekly.com
Follow us on Twitter: @securityweekly

Enterprise Security Weekly #3 - Vulnerability Management

May 27, 2016 39:01

Description:

Pwnie Express secures a $12.9 million funding round, Palo Alto forms strategic partnership with HardwareSolutions, Sophos introduces a new tool to combat ransomeware, webroot introduces a new IoT Security Gateway and Paul and John discuss some of the latest topics around vulnerability management.

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode3

Hack Naked TV - May 24, 2016

May 26, 2016 06:44

Description:

This week on Hack Naked TV, Aaron talks about Ransomware, Bangladesh, and US Cyber Tech!

Security Weekly #465 - "Make Me A Drink"

May 25, 2016 02:07:42

Description:

This week we interview Neil Wyler aka Grifter. We liked listener feedback so much, we're going to do it again and talk about disclosure and evil domain squatting. In the stories of the week Chrome blocks flash and things get hacked.

Enterprise Security Weekly #1 - Threat Hunting

May 24, 2016 43:01

Description:

Paul and John Strand begin a new series here on Security Weekly. They delve into Threat Hunting, FireEye, Tripwire IP360, and much more. Check this prime OG Episode of Enterprise Security Weekly!

Security Weekly Web Site: http://securityweekly.com
Follow us on Twitter: @securityweekly

Hack Naked TV - May 19, 2016

May 24, 2016 08:26

Description:

Ransomware again? I think so! Hear other great news stories and he will give some special advice! Here on Hack Naked TV!

Hack Naked TV - Beau Bullock

May 23, 2016 11:57

Description:

Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.

Hack Naked TV - May 12, 2016

May 22, 2016 06:50

Description:

Need the Security News for the Week? Here on Hack Naked TV, Aaron Lyons gives the top news for the week in Security and Hacking!

Hack Naked TV - May 5, 2016

May 21, 2016 06:54

Description:

Ever wonder what Image Magick is? We don't know either! That's why Aaron is here to inform you about Image Magick among other more interesting topics! Stay tuned here on Hack Naked TV!

Hack Naked TV - May 3, 2016

May 20, 2016 08:10

Description:

Do you know what Cyber warfare? Hear what Aaron Lyons has to say about Cyber warfare! He rants on this Hack Naked TV.

Hack Naked TV - April 28, 2016

May 19, 2016 06:25

Description:

Welcome to another episode of Hack Naked TV recorded April 28th 2016. Aaron covers Cyberbombs, the next scan from Robert Graham, professional cyclists hacking their bikes, and more.

Security Weekly 464 - Dr. Douglas White, Ph.D

May 14, 2016 01:51:03

Description:

Doug White was the first certified instructor for the ISFCE digital forensics boot camps and has worked for a variety of professional training organizations and corporations teaching and working in technology.

Security Weekly #463 - Interview with Ferruh Mavituna, CEO of Netsparker

May 7, 2016 01:50:19

Description:

Do you want to know the inside scoop of Netsparker? Listen to us interview Ferruh Mavituna, who has been in the security industry for well over a decade and his ambition to ease the process of automatically detecting web application vulnerabilities led him to build Netsparker, and pursued it to the point of commercial reality. Ferruh is also Netsparker’s Product Architect.

Security Weekly #462 - Interview with Sean Metcalf, Microsoft Certified Master

Apr 30, 2016 01:43:46

Description:

Sean Metcalf (@PyroTek3) is a Microsoft Certified Master (MCM) / Microsoft Certified Solutions Master (MCSM) in Directory Services (Active Directory Windows Server 2008 R2) which is an elite group of Active Directory experts (only about 100 worldwide). As of 2016, he is also a Microsoft Most Valuable Professional (MVP). We ask him about his start in information security and PowerShell. Listen in now!

Security Weekly #461 - Jeff's Round Table

Apr 23, 2016 01:41:34

Description:

This week, Jeff comes on the show and hosts Jeff's Round Table. He talks about Google Play Music, Jedi Conference, vulnerability management vendors, and integration into asset discovery. All that and more, here on Security Weekly!

Hack Naked TV - April 21, 2016

Apr 22, 2016 08:16

Description:

Aaron Lyons will be covering the recent sentencing of some malicious insiders, and the creators of the the SpyEye botnet creator.

Security Weekly #460 - Interview with Lee Holmes, Lead Security Architect of Microsoft's Enterprise Cloud Group

Apr 17, 2016 01:24:40

Description:

Lee Holmes is the lead security architect of Microsoft's Enterprise Cloud Group, covering Windows Server, Azure Stack, System Center, and Operations Management Suite. He is author of the Windows PowerShell Cookbook, and an original member of the PowerShell development team.

Hack Naked TV - Beau Bullock

Apr 16, 2016 11:57

Description:

This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.

Hack Naked TV - April 14, 2016

Apr 15, 2016 05:56

Description:

This week on Hack Naked TV, Aaron Lyons talks about Badlock, Ransomware, Russian Prison for Hackers, and Ransomware. Check out Beau Bullock's Hack Naked for more in depth detail on Badlock.

Hack Naked TV - April 8, 2016

Apr 13, 2016 07:06

Description:

Welcome to another episode of Hack Naked TV recorded April 8th 2016. Aaron covers the Panama Papers, Cyber-Insurance, Ransomware, Hacking Team, and the Pentagon's bug bounty program.

Security Weekly #459 - Interview with James Lyne, Instructor at SANS Institute

Apr 9, 2016 01:34:29

Description:

We interview James Lyne from SANS. He comes from a background in cryptography but over the years has worked in a wide variety of security problem domains including anti-malware and hacking. James spent many years as a hands-on analyst dealing with deep technical issues and is a self-professed "massive geek".

Hack Naked TV - April 7, 2016

Apr 8, 2016 04:35

Description:

This week Paul takes the place of Aaron Lyons who is busy fighting Ninja Lamas. Paul discusses Car future Malware, Ubuntu Patches Kernel Vulnerabilities, OSVDB Shuts Down For Good, Flash zero-day in the wild to be fixed by Adobe, and FBI: $2.3 Billion Lost to CEO Email Scams. Check out the Security Weekly Wiki for more information!

Security Weekly #458 - Interview with Alex Horan, Product Manager at Onapsis

Apr 3, 2016 01:25:36

Description:

This week we talk with Alex Horan from Onapsis. He is a security focused IT professional with strong experience leading and motivating IT teams and departments.

Hack Naked TV - March 31, 2016

Apr 2, 2016 07:31

Description:

This week on Hack Naked TV Aaron Lyons talks about FBI vs Apple, the new Android bug, Cisco Firepower/Snort IDS, and ransomware.

Security Weekly #457 - Interview with Ferruh Mavituna, CEO of Netsparker

Mar 26, 2016 01:44:00

Description:

This week on Security Weekly, we talk with Ferruh Mavituna from Netsparker. He explains how he can scan 1,000 websites simultaneously and what he does with the information he collects from the websites. Ferruh gives advice on threat modeling and how to understand the surface. For this week's Tech Segment, Paul talks about scanning websites with Nmap.

Hack Naked TV - March 24, 2016

Mar 26, 2016 07:12

Description:

This week on Hack Naked TV, Aaron Lyons give you the update on Apple vs FBI, iMessage Encryption, FBI's cyber most wanted updated, and Badlock the newest named logo vulnerability.

Hack Naked TV - March 24, 2016

Mar 25, 2016 10:20

Description:

This week Beau reviews SANS Netwars. He also talks about CTFs.

Security Weekly #456 - Interview with Jared Atkinson, Hunt Capability Lead of Adaptive

Mar 19, 2016 01:42:26

Description:

Jared Atkinson is the Hunt Capability Lead with Veris Group’s Adaptive. Passionate about PowerShell and the Open Source community, Jared is the lead developer of the PowerForensics project, an open source forensics framework for PowerShell, and maintains a DFIR focused blog.

Security Weekly #443 - Interview with Micah Zenko, Council on Foreign Relations

Mar 19, 2016 01:43:17

Description:

Micah Zenko, a senior fellow at the Council on Foreign Relations and author of the new book "Red Team: How to Succeed By Thinking Like the Enemy." We talk to Micah about techniques to prevent domestic terrorism, parallels between physical security and computer security and red teaming. They also discuss software security, how to create more secure code, legacy code, IoT devices and more!

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Like is on Facebook: https://www.facebook.com/secweekly

Hack Naked TV - March 17, 2016

Mar 18, 2016 10:14

Description:

This week on Hack Naked TV, Aaron Lyons talks about FBI's most wanted hackers, Google's Bug, the Home Depot data breach, man-in-the-middle attacks, and ransomware.

Security Weekly #455 - Interview with Dennis Fisher, Security Evangelist at Kaspersky Lab

Mar 12, 2016 01:51:38

Description:

Paul, Larry, and Jack talk with Dennis Fisher from Pindrop and On the Wire. Dennis expalins what are some of the more interesting trends in security news and how to overcome major problems in his industry. All that and more, so stay tuned!

Hack Naked TV - March 10, 2016

Mar 11, 2016 06:35

Description:

Aaron Lyons talks about Tor, Apple ransomware, the banning of Kali, and fake facebook profiles. Check all that and more, here on Hack Naked TV!

Hack Naked TV - 3/3/2016

Mar 8, 2016 08:20

Description:

This week on Hack Naked TV, Aaron Lyons does a follow up on Apple and the FBI, Cross-site Scripting, the Drown Attack, and a brief blurb about Infosec.

Security Weekly #454 - Paul's Big News, Perimeter Protection w/ InGuardians

Mar 5, 2016 01:39:30

Description:

This week, Paul makes a big announcement! We are lucky to have several of the fine folks at InGuardians come on the show and share their wisdom and knowledge on the topic of perimeter protection. Stories of the week include DROWN, cool tools for analyzing firmware and Z-Wave, and much more!

Security Weekly #453 - Jeff Frisk & Jeff Pike, Global Information Assurance Certification

Feb 27, 2016 01:51:38

Description:

This week on Security Weekly we interview Jeff Pike and Jeff Frisk from SANS GIAC. Paul and Larry talk about digital badges, CPEs, and SANS training. On Security Weekly, Paul, Larry, and Mike talk about the Hacker Summer Camp Planning Guide, Open DNS Blogs, wireless mics and keyboards, and excessive amounts of lube! The best place to get information about security! Stay tuned for the best in security news.

Hack Naked TV - February 18, 2016

Feb 24, 2016 08:42

Description:

Norse Corp followup, DHS and FBI Employee info leak, ENCRYPT Act, and Hackers aren't smart.

Show notes for this episode: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_February_18_2016

Security Weekly #452 - Joff Thyer, Security Consultant at Black Hills Information Security

Feb 21, 2016 01:27:48

Description:

This week, Joff talks with Paul, Carlos, and Michael about building DIY Linux-based routers.

Security Weekly #451 - Mike Strouse, CEO of ProXPN

Feb 16, 2016 01:23:59

Description:

This week on Security Weekly, we introduce Mike Strouse who is the CEO of ProXPN. He explains how he got started in ProXPN and more!

 

Security News of the week talks about:

5 Big Incident Response Mistakes D-Link DSL-2750B Remote Command Execution ASUS Router Administrative Interface Exposure A theory? - From a discussion at work I’d love some feedback on. Mass deployments of crypto locker using compromised crews, why the increase? Some thoughts: After OPM breach Chinese sponsored mercenaries are out of work and are now looking to pay the bills with resources that nation states don’t seem to care about. Mistakes get made, and things get tracked to weird places but who cares? Another thought is, maybe nation states are willing to share information, as some of them have more than enough date for the time being, so spreading the love with other compromised hosts and those other nations don't have the same agenda; pain and profit versus information gathering Power Grid Honeypot Puts Face on Attacks

Hack Naked TV: February 12, 2016

Feb 13, 2016 06:35

Description:

Today on Hack Naked TV, Beau talks about Cash for Creds, Gmail Warnings, IRS PIN Compromise, and Cisco ASA RCE. Here on Hack Naked TV!

Hack Naked TV: February 4, 2016

Feb 13, 2016 04:53

Description:

This week on Hack Naked TV, Aaron will be talking about Norse Co., Java, Cyber Terrorism, and Safe Harbor.

Hack Naked TV: January 22, 2016

Feb 12, 2016 12:30

Description:

Beau talks about Backdoor in AMX, Linux Kernel Vuln, Apple Sharing Cookies, Hot Potato, Backhat 2016 Course, BSides Orlando.

Security Weekly #450 - Interview with Patrick Heim

Feb 9, 2016 01:41:17

Description:

This week, we interview Dropbox's head of security, Patrick Heim. Paul, Larry, Jack, Joff, Carlos and Not Kevin talk about automating vulnerability scans, hackable kids toys and much more!

Security Weekly #449 - Interview with Essobi

Feb 4, 2016 01:29:00

Description:

The Security Weekly crew interviews Essobi on his techniques for scanning the Internet and some of the interesting results!

Security Weekly #448 - The Vulnerability Management Maturity Curve

Jan 30, 2016 01:44:10

Description:

Organizations tend to fall somewhere on a scale of 0 through 100 (with 100 being the best) when it comes to the maturity of their vulnerability management program. Starting at 0 for those who don't do any type of vulnerability management or scanning, to those higher up on the scale integrating 3rd party products and producing business-based metrics. Find out all the different levels, some of the pitfalls, and most importantly how go from 0 to hero in your vulnerability management program.

Security Weekly #447 - Interview with Chris Domas

Jan 29, 2016 01:29:46

Description:

This week on Security Weekly with Carlos, Jack, Michael, Joff, Paul and Larry talk about Windows updates, Sean Penn, WordPress XSS, Windows compatibility issues, TrendMicro's node.js password manager (now featuring arbitrary command execution), and a whole lot more!

We also interview Chris Domas. Chris is a researcher interested in reverse engineering and exploitation. He joins us to talk about visualizing binaries, accessing ring -2 and making reversers sad.

Security Weekly #446 - Interview with Adrien DeBeuapre

Jan 14, 2016 01:33:09

Description:

This week we interview Adrien de Beaupre, a SANS instructor and
Internet Storm Center handler. Adrien has been researching the security
of HTTP/2 and even does a live demo! We put out a call to action for the
security community to become more pro-active in researching this protocol.

In Stories of the Week Paul, Larry, John, Joff and special guest star Adrien talk
about Juniper backdoors, the "biggest" security threats for 2016, axing
Internet Explorer and Uber fines for data breaches.

 

Hack Naked TV: Januray 8, 2016

Jan 13, 2016 09:58

Description:

This week Beau talks about malicious Google Play apps, Comcast home security systems, attacking ICS and MS15-132.

Security Weekly #445 - Sharon Goldberg and Security News

Jan 5, 2016 01:35:01

Description:

Sharon Goldberg joins us to talk about her research into NTP, BGP and DNS protocol security. Then, in Security News, Paul, Joff and Not Kevin talk about registering zones, reply to all, CISA and much more!

 

Hack Naked TV: OSCP Review

Jan 2, 2016 07:52

Description:

Aaron reviews the Penetration Testing with Kali Linux course and OSCP test.

Hack Naked TV: December 10, 2015

Jan 1, 2016

Description:

The lost episode! YouTube flagged this video as inappropriate, removed the video, and put our YouTube channel in bad standing. Now you can view the video for yourself, and see just how "bad" the content is to cause YouTube to flag us YET AGAIN for so-called "inappropriate" content. YET AGAIN, we have filed an appeal and are waiting to get our YouTube channel back in good standing. In the mean time, many features of our YouTube channel have been disabled, including the ability to upload videos longer than 15 minutes. This really puts a cramp in our style, and is an example of just how bad a job of YouTube is doing policing videos and channels.

Hack Naked TV December 17, 2015

Dec 22, 2015 06:16

Description:

Welcome to another episode of Hack Naked TV recorded December 17th 2015. Aaron talks about the FBI using 0-Days, Drone Registration, Root DNS attack, and RCE in FireEye.

Security Weekly #444 - Ed Skoudis, John Strand, Security News

Dec 18, 2015 02:02:02

Description:

Ed Skoudis joins us to talk about the Holiday Hack Challenge.

 

John Strand does a segment on penetration testing and answers 5 of Paul's questions on the topic.

 

Security News is entertaining as always!

 

Security Weekly Web Site: http://securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - December 4, 2015 - The Banned Episode

Dec 17, 2015 09:28

Description:

The lost episode! YouTube flagged this video as inappropriate, removed the video, and put our YouTube channel in bad standing. Now you can view the video for yourself, and see just how "bad" the content is to cause YouTube to flag us YET AGAIN for so-called "inappropriate" content. YET AGAIN, we have filed an appeal and are waiting to get our YouTube channel back in good standing. In the mean time, many features of our YouTube channel have been disabled, including the ability to upload videos longer than 15 minutes. This really puts a cramp in our style, and is an example of just how bad a job of YouTube is doing policing videos and channels.

Hack Naked TV December 10, 2015

Dec 12, 2015 08:49

Description:

Welcome to another episode of Hack Naked TV recorded December 10th 2015. Today Aaron talks about Cybersecurity Information Sharing Act, Kazakhstan, Flash updates, encryption backdoors, and cyber espionage.

Hack Naked TV: December 2, 2015

Dec 11, 2015 12:05

Description:

Welcome to another episode of Hack Naked TV recorded December 2nd 2015. Today Aaron talks about Dell root certificate fiasco, Hacking Back being reviewed by the government, the LANDesk breach, new tool releases, and more!

For a full list of stories, visit our wiki here.

Security Weekly #442 - Interview with Ferruh Mavituna

Nov 25, 2015 01:39:13

Description:

Interview with Ferruh Mavituna

Security Weekly brings back Ferruh Mavituna to discuss SLDC and writing vulnerable command injection in PHP. For a full list of topics discussed, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode442#Guest_Interview:_Ferruh_Mavituna_-_6:05PM-6:45PM

 

Failed Windows 3.1 and Hacking Back

Security news this week we talk about the latest iThing, this one brews your coffee. Find out why its a bad idea to run Windows 3.1 in your environment, or Windows NT. Paul goes back in time, talking about OpenVMS.


http://wiki.securityweekly.com/wiki/index.php/Episode442#Stories_of_the_Week_-_7:00PM-8:00PM

 

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - November 20, 2015

Nov 22, 2015 07:52

Description:

Welcome to another episode of Hack Naked TV recorded November 20th 2015. Today Beau talks Bitlocker bypass, Gmail address spoofing and more. For a full list of stories covered, visit the wiki here: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_20_2015#Beau.27s_Stories

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - November 19, 2015

Nov 21, 2015 05:55

Description:


Welcome to another episode of Hack Naked TV recorded November 19th 2015. Today Aaron talks about encrypted communications in the Paris terrorist attacks, Google security news, Comcast password resets, and the Well Fargo Cybersecurity Survey.

For a full list of stories, visit our wiki here: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_19_2015#Aaron.27s_Stories

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #441 - Interview with Marton Linvy & Barton Miller from SWAMP

Nov 14, 2015 01:41:22

Description:

Interview with Miron Livny and Barton Miller

This week, we interview Miron Livny and Barton Miller of SWAMP. SWAMP simultaneously alleviates the costs, maintenance and licensing burdens of tools, while also eliminating the need to learn numerous tool interfaces. You can read more about SWAMP here: https://continuousassurance.org/

 

IoT Security In Alarm Clocks

Security news this week features the unmasking of TOR users, an alarm clock that slaps you around and more. For a full list of stories, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode441#Stories_of_the_Week_-_7:00PM-8:00PM


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #440 - Interview with Michael Bazzell, Stories of the Week

Nov 11, 2015 01:22:46

Description:

Interview with Michael Bazzell


This week we interview Michael Bazzell author of "Open Source Intelligence Techniques", "Hiding from the Internet" and the technical advisor for TV hacker drama "Mr. Robot" on the USA network.

For a list of relevant links, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode440#Interview:_Michael_Bazzell

 


Security News - Canadian Encryption

This week, Paul and the crew discusses the million dollar bug bounty for iPhones and why it may be legal to hack your car. For a full list of stories talked about during the show, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode440#Stories_of_the_Week_-_7:00PM-8:00PM


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - November 9, 2015

Nov 10, 2015 07:20

Description:

Today Beau talks about vBulletin RCE, PageFair serving malware, and a million dollar bug bounty for iOS 9. For a full list of stories visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_November_9_2015#Beau.27s_Stories.

For a directory of all Hack Naked TV shows visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_Show_Notes.

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow Security Weekly on Twitter: @securityweekly

Follow Beau on Twitter: @dafthack

Security Weekly #438 - 10 Year Anniversary Part 2

Oct 26, 2015 00

Description:

Bug Bounty and Responsible Disclosure


We bring back Samy Kamkar "Samy's My Hero," and bring on special guests Casey Ellis from BugCrowd and Katie Moussouris from HackerOne. We talk about the tough ethical questions and the future of bug bounties in 5 years.


Interview with Ron Gula


We interview Ron Gula, one of the first interviews conducted on Security Weekly. Ron is a leading cybersecurity thinker, innovator, and visionary in the information security industry.


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #439 - Making The Most Of Threat Intelligence

Oct 25, 2015 00

Description:

Special Segment: Making The Most Of Threat Intelligence


This week, Paul and Mike discuss the current state of threat intelligence. In this segment, Paul and Mike dive deep in using threat intelligence properly.


Security News: Chip and Pin Hacked

This week in the news we learn about how chip and pin was hacked in France and are you fooled by fake online reviews? For a full list of stories including links, visit the wiki http://wiki.securityweekly.com/wiki/index.php/Episode439#Stories_of_the_Week_-_7:00PM-8:00PM.


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - October 23, 2015

Oct 25, 2015 08:05

Description:

Today Beau talks about MITM NTP, chip and pin vulnerabilities. and encrypting all the things by default.

For a full list of stories discussed today, visit our wiki: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_23_2015

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - October 20, 2015

Oct 24, 2015 05:27

Description:

Today Aaron talks about the E-Trade breach, China still hacking the US, CyberInsurance, and More.

Visit the wiki for a full list of stories: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_20_2015

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #438 - 10 Year Anniversary Part 3

Oct 23, 2015 00

Description:

Interview wth Peiter "Mudge" Zakto

Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. Peiter talks about his start in information security, rather him starting information security. Peiter talks about his early involvment in BGP and how to take down the internet.


Mobile Security and Privacy

We get Simple Nomad and David Schwartzberg to join us for a panel discussion on Mobile Security and Privacy. David Schwartzberg is a Sr. Security Engineer at MobileIron and Simple has been doing hacker and security-related things for over 30 years, wearing black, white, and gray hats at various points.


Hacker Jeopardy

Hacker Jeopardy includes popular topics such as famous hackers and decimal to binary conversions. Test your knowledge now!


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #438 - 10 Year Anniversary Part 1

Oct 23, 2015 00

Description:

Interview with Mikko Hypponen

To kick off our ten-year anniversary we interview Mikko Hypponen of F-Secure. We talk about the first virus discovered, reviewing printed viruses, and more.

Visit our wiki for list of important links including the one that got him banned from Twitter: http://wiki.securityweekly.com/wiki/index.php/Episode438#Guest_Interview:_Mikko_Hypp.C3.B6nen_10:05_AM

 

L0pht Heavy Industries Panel


L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. We learn about the history of the L0pht and the future.

 

 

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - October 13, 2015

Oct 21, 2015 05:01

Description:

Today Aaron talks about breaches of LoopPay, Uber, and Dow-Jones. For a full list of stories, visit http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_13_2015.

Hack Naked TV - October 8, 2015

Oct 14, 2015 06:18

Description:

This week on Hack Naked TV, Aaron talks about breaches of LoopPay, Uber, and Dow-Jones.


Visit our wiki for a complete list of articles and links covered in the show: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_13_2015

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #437 - Interview with Dafydd Stuttard

Oct 12, 2015 01:41:38

Description:

Interview with Dafydd Stuttard

This week, we interview Dafydd Stuttard the creator of Burp Suite and the author of the Web Application hacker's Handbook. We talk about the source of the name "Burp" and the future of webapp scanning.

 


Security News - Facebook Sex tapes and rooting the OnHub

This week in security news, we talk about Stagefright 2.0, how to root your very own Google OnHub, breaking SHA-1, and AWS WAF's.

For a full list of stories, vist our wiki: http://wiki.securityweekly.com/wiki/index.php/Episode437#Stories_of_the_Week_-_7:00PM-8:00PM

 

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #436 - Password Cracking with Larry

Oct 7, 2015 00

Description:

Password Cracking With Larry

This week on Security Weekly, we are joined by none other than Larry Pesce. After his recent DerbyCon talk, Larry gives us some insight on his 600 dollar password cracking machine.

 

Security News

Today in the news, Kevin recaps the T-Mobile breach. Do we now let the fox watch the henhouse? Larry dives into a Nest (TM) of IoT (drink) devices. Paul tries to keep it together with a blog post on MS08-067.


For a full list of stories and links, visit the wiki: http://wiki.securityweekly.com/wiki/index.php/Episode436#Stories_of_the_Week_-_7:00PM-8:00PM


Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - October 1, 2015

Oct 2, 2015 07:16

Description:

Today Aaron talks about BitPay, OPM, Volkswagen, and new TrueCrypt Flaws. For a full list of stories, visit the wiki: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_October_1_2015#Aaron.27s_Stories

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Hack Naked TV - September 23, 2015

Sep 24, 2015 07:50

Description:

This week on Hack Naked TV Beau talks iOS malware, Kaspersky vulnerabilities in their AV engine and more. Links to all stories are below.
Android Screen Lock Bypass - http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

iOS malware - https://isc.sans.edu/forums/diary/Detecting+XCodeGhost+Activity/20171/

Zerodium Million Dollar Bug Bounty - https://threatpost.com/zerodium-hosts-million-dollar-ios-9-bug-bounty/114736/

Kaspersky Vulns - http://googleprojectzero.blogspot.co.uk/2015/09/kaspersky-mo-unpackers-mo-problems.html

 

Security Weekly Web Site: http://securityweekly.com

Hack Naked Gear: http://shop.securityweekly.com

Follow us on Twitter: @securityweekly

Security Weekly #435 - Interview with Josh Pyorre and Exploding Chips

Sep 18, 2015 00

Description:

This week interview Josh Pyorre from OpenDNS on honeypots and malware. Josh  is a security analyst with OpenDNS. Josh has presented at Defcon, multiple Bsides across the USA and Source Boston.

In this interview, we find Josh's secret weapon against attackers and why he goes second in ass-grabby-grabby.

For links to Josh's blog and Twitter, visit our wiki:

http://wiki.securityweekly.com/wiki/index.php/Episode435#Interview:_Josh_Pyorre_-_6:05PM-6:55PM


Today in the news we discuss an Apple iOS directory traversal vulnerability in AirDrop. Also in Security News is the Facebook 'Dislike' button. Not to be confused with with a downvote, more along the line of sympathy or empathy. Do you ever wish you could remotely detonate resistors? Well now you can (kind of).

For a full list of stories, visit our wiki:

http://wiki.securityweekly.com/wiki/index.php/Episode435#Stories_of_the_Week_-_7:00PM-8:00PM

Hack Naked TV - September 15, 2015

Sep 16, 2015 06:12

Description:

Brought to you by Black Hills Information Security and Cybrary!

This week Aaron talks about the Ubiquity email scam, the Excellus BCBS breach, Netflix dumping antivirus, McAfee for President, and more.

 

Hack Naked TV Web Site: http://hacknaked.tv

 

Security Weekly Web Site: http://securityweekly.com

Security Weekly #434 - Interview with Micah Hoffman

Sep 14, 2015 00

Description:

This week Jack joins Paul in studio, Joff, Carlos, John, and Michael are on via Skype. Jack mixes up some fabulous cocktails and we are off.

 

Paul and the crew interview Micah Hoffman. Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations.

 

In the news, we talk about John McAfee for President, responsible disclosure, and 10 things to do before your laptop is stolen.

 

Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode434

 

Security Weekly Web Site: http://securityweekly.com

 

Hack Naked Gear: http://shop.securityweekly.com

Hack Naked TV - September 11, 2015

Sep 12, 2015 13:53

Description:

Brought to you by Black Hills Information Security and Cybrary!

 

Today, Beau talks more about the Ashley Madison password dump, responsible disclosure to FireEye, and shiny new Android Ransomware. Also as promised on last week's episode, a quick demo of Powershell Empire. 

 

 

http://tinyurl.com/HNTV-AM-PASSWORD-CRACKING

http://tinyurl.com/HNTV-FIREEYE-VULNS

http://tinyurl.com/HNTV-ANDRIOD-RANSOM

http://tinyurl.com/HNTV-EMPIRE

 

 

Hack Naked TV Web Site: http://hacknaked.tv

Security Weekly Web Site: http://securityweekly.com

Hack Naked TV - September 8, 2015

Sep 10, 2015 05:14

Description:

Brought to you by Black Hills Information Security and Cybrary!

 

This week Aaron talks about the OPM breach, Windows 10 data collection being back-ported, HP no longer sponsoring Pwn2Own, and vulnerabilities in FireEye's products being sold.

 

Hack Naked TV Web Site: http://hacknaked.tv

 

 

Security Weekly Web Site: http://securityweekly.com

 

Twitter: @securityweekly

Security Weekly #433 - Outside The Echo Chamber

Sep 8, 2015 00

Description:

This week Larry and Jack join Paul in studio, Carlos is on via Skype without a shirt and none other than Google-Image-Search-John-Strand joins us...from his car none the less! 

 

Jack recently gave a talk at B-Sides Cleveland and was approached by a listener on how exactly you should talk to high-level execs about security, the DBIR and more. Then, well, tangents...

 

We talk about a recent article describing how to crack the passwords resulting from the Ashley Madison breach. Paul's prediction of UPnP being used for evil is in the news, this time the bad guys will turn all of your routers into a botnet, a bigger, better, faster botnet.

 

Show Notes:http://wiki.securityweekly.com/wiki/index.php/Episode433

 

Security Weekly Web Site: http://securityweekly.com

 

Hack Naked Gear: http://shop.securityweekly.com

 

 

Follow us on Twitter: @securityweekly

Hack Naked TV - September 1, 2015

Sep 3, 2015 04:44

Description:

Brought to you by Black Hills Information Security and Cybrary!

This week Aaron talks about the Ubiquity email scam, the resignation of the Ashley Madison CEO, the NSA’s bulk collection extension, NSA backdooring encryption and MORE!

 Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_TV_September_1_2015

Hack Naked TV Web Site: http://hacknaked.tv

Security Weekly Web Site: http://securityweekly.com

Hack Naked TV - Favorite Hacking Tools

Sep 2, 2015 12:27

Description:

This week on Hack Naked TV, Beau talks about his top 5 favorite pentest and hacking tools as seen at BlackHat/DefCon/B-Sides.

 

tinyurl.com/HNTV-EMPIRE

tinyurl.com/HNTV-SSTI

tinyurl.com/HNTV-BLEKEY

tinyurl.com/HNTV-NETRIPPER

tinyurl.com/HNTV-CRACKLORD

 

Also, be on the lookout for Chrome pausing all flash-based ads on September 1, 2015. You can read the full article at tinyurl.com/HNTV-FLASH-KILLER.

Paul's Security Weekly #432

Aug 29, 2015 01:29:39

Description:

Jack's Uplifting Rants, Stories of the Week - Episode 432 - August 27, 2015

In our first segment: No seriously, Jack was in rare form: Uplifting, sympathetic, offering help, and dare I say trying to be positive! After 45 minutes of this, we just wanted the old Jack back...

 

Jack gets into full rant mode in this segment, where we cover some more news about the epic Ashley Madison breach, Smart fridge that gets hacked, and more!

 

Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode432

Security Weekly Web SIte: http://securityweekly.com

Security Weekly #431 - Interview with Phil Young and Chad Rikansrud

Aug 23, 2015 01:39:38

Description:

This week we interview Phil Young and Chad Rikansrud on the topic of hacking mainframes and their recent Defcon presentation. Stories of the week will include Barbie Swiss Army knives, evil Cisco firmware, and some possible ways to give your security team a fighting chance. All that and more so stay tuned!

Security Weekly #430 - Interview with Daniel Miessler

Aug 16, 2015 01:21:25

Description:

Security Weekly #429 - Defcon is Coming!

Aug 2, 2015 01:22:31

Description:

This week we kick it old school and talk about the upcoming Defcon, Blackhat and Bsides conferences. Then we chew the fat on the stories of the week including Adroid vulns and more!

Hack Naked TV July 28th 2015

Jul 29, 2015 03:20

Description:

This week we talk about stagefright, the Hacking Team and OPM breaches and more!

Security Weekly #428 - Interview with Samy Kamkar

Jul 29, 2015 01:50:06

Description:

This week we interview Samy Kamkar who [redacted]. All that and more so stay tuned!

Security Weekly #427 - Interview with Matt Duren

Jul 19, 2015 01:42:56

Description:

HNTV-20150714

Jul 15, 2015 02:44

Description:

Security Weekly #426 - Interview with Andrew Hay

Jul 13, 2015 01:33:05

Description:

Security Weekly #425 - Interview with Shay Chen

Jul 5, 2015 01:59:56

Description:

Security Weekly #424 - Interview with Rick Farina

Jun 29, 2015 01:39:51

Description:

This week we talk wireless security with Rick Farina and discuss rolling your own password management. All that and more so stay tuned!

Security Weekly #423 - Interview with Patrick Wardle

Jun 21, 2015 01:48:35

Description:

This week we talk OS X security with Patrick Wardle, the vintage bearded man Jack Daniel is back in studio and stories of the week include topics such as bug bounty programs, are they worth it?, the latest big Apple security bug, and hacking LastPass. All that and more so stay tuned!

Security Weekly #422 - Interview with Ferruh Mavituna

Jun 14, 2015 01:56:37

Description:

This week we interview Ferruh Mavituna, CEO of Netsparker to talk about web application scanning, Apollo joins us in studio to discuss security for startups, and this week's stories include the crowd favorites: Wordpress vulnerabilities and exploiting home routers!

Security Weekly #421 - Interview with Stephen Sims

Jun 11, 2015 01:33:20

Description:

Security Weekly #420 - Interview with Byron Cleary

Jun 1, 2015 01:31:25

Description:

We interview Byron Cleary to talk about virtual honeynets, the dreamy Trey Ford joins us in studio, and we'll talk about a whole bunch of security news!

Security Weekly #419 - Interview with Gavin Millard

May 24, 2015 01:43:01

Description:

This week we interview Gavin Millard from Tenable Network Security, put an end to the "wake up Mehreen" meme, and talk about jamming logs in our stories of the week.

Security Weekly #418 - Security Deathmatch

May 17, 2015 01:34:42

Description:

Security Weekly #417 - Interview with Chris Roberts

May 17, 2015 01:27:24

Description:

Security Weekly #415 - Tech Segment with Dan McInerney

May 4, 2015 01:25:42

Description:

Security Weekly #415 - Interview with Apollo Clark

Apr 27, 2015 01:52:32

Description:

Security Weekly #414 - Interview with Jon Callas and Israel Barak

Apr 20, 2015 02:02:40

Description:

Security Weekly #413 - Interview with Steve Crocker

Apr 13, 2015 02:19:31

Description:

Security Weekly #412 - Interview with John McAfee

Apr 7, 2015 01:56:37

Description:

Security Weekly #411 - Interview with Russ McRee

Mar 28, 2015 01:36:03

Description:

Pablos Holman, Seth Geftic, Matt Alderman, Stories of the Week - Episode 410 - March 19, 2015

Mar 24, 2015 02:10:28

Description:

Security Weekly #409 - Interview with Keren Elazari

Mar 16, 2015 01:42:13

Description:

Security Weekly #408 - Interview with Jayson Street

Mar 10, 2015 01:26:55

Description:

Security Weekly #407 - Security Deathmatch

Feb 23, 2015 01:31:16

Description:

Security Weekly #406 - Interview with Deviant Ollam

Feb 15, 2015 01:49:46

Description:

Security Weekly #405 - Sniffing GSM with RTL-SDR & GNU Radio

Feb 8, 2015 01:11:14

Description:

Security Weekly #404 - Interview with Michael Santarcangelo

Feb 1, 2015 01:32:24

Description:

Security Weekly #403 - Interview with Paul Henry

Jan 26, 2015 01:45:50

Description:

Security Weekly #402 - Interview with Kimberly Crawley

Jan 19, 2015 01:25:30

Description:

Security Weekly #401 - Interview with Reuben Paul

Jan 10, 2015 01:26:07

Description:

Security Weekly #400 - Security News Gone Wild

Dec 24, 2014 01:12:44

Description:

Security Weekly #400 - Interview with Mike Poor and DEF CON SECTF

Dec 24, 2014 01:06:26

Description:

Security Weekly #400 - Electronc Frontier Foundation, Vulnerability Panel

Dec 24, 2014 01:29:06

Description:

Security Weekly #400 - Interview with Marcus Ranum and Billy Rios

Dec 24, 2014 01:14:35

Description:

Security Weekly #399 - Interview with Valerie Thomas & Bill Gardner

Dec 15, 2014 01:38:41

Description:

Security Weekly #398 - Security News

Dec 7, 2014 52:34

Description:

Security Weekly #397 - Interview with Paul Coggin

Nov 27, 2014 01:46:08

Description:

Security Weekly #396 - Interview with Adrian Wade

Nov 24, 2014 01:32:20

Description:

Security Weekly #395 - Tech Segment with Elliott Brink

Nov 18, 2014 01:23:18

Description:

Security Weekly #394 - Interview with Ming Chow

Nov 10, 2014 01:32:18

Description:

Security Weekly #393 - Interview with Chris Crowley

Nov 3, 2014 01:23:27

Description:

Security Weekly #392 - Interview with Russell Butturini

Oct 28, 2014 01:29:18

Description:

Security Weekly #391 - Security News

Oct 20, 2014 59:20

Description:

Security Weekly #390 - Interview with Joe Vest and Ben Clark

Oct 15, 2014 01:13:41

Description:

Security Weekly #389 - Interview with Don Murdoch

Oct 6, 2014 01:55:15

Description:

Security Weekly #388 - Interview with Michael Gough

Sep 21, 2014 01:52:15

Description:

Security Weekly #387 - Interview with Women’s Society of Cyberjutsu

Sep 15, 2014 01:09:55

Description:

Security Weekly #386 - Interview with Mike Murray, Powercat Demonstration, News

Sep 6, 2014 01:31:05

Description:

Interview with Corey Thuen and Ken Shaw, Stories of the Week - Episode 385 - August 28, 2014

Sep 5, 2014 01:23:06

Description:

Interview with Sarah Edwards, Guest Appearance by Dave Kennedy, Stories of the Week - Episode 384 - August 21, 2014

Aug 23, 2014 01:41:44

Description:

Adrien de Beaupre on Multi-Post XSRF Attacks, Daniel Ayoub Introduces iGuardian, Stories of the Week - Episode 383 - August 14, 2014

Aug 19, 2014 01:39:31

Description:

Interview with Dan King, Stories of the Week - Episode 382 - August 3, 2014

Aug 4, 2014 01:23:35

Description:

Come see us this week at DEF CON!

Art of Memory Forensics, Stories of the Week - Episode 381 - July 24, 2014

Jul 28, 2014 01:32:07

Description:

Stories of the Week - Episode 380, Part 2 of 2 - July 10, 2014

Jul 13, 2014 58:55

Description:

Bill Swearingen's Meat - Episode 380, Part 1 of 2 - July 10, 2014

Jul 13, 2014 30:33

Description:

Stories of the Week - Episode 379, Part 2 of 2 - July 3, 2014

Jul 9, 2014 40:46

Description:

Disrupting Opprotunistic SSH Scanners - Episode 379, Part 1 of 2 - July 3, 2014

Jul 9, 2014 30:52

Description:

Stories of the Week - Episode 378, Part 3 of 3 - June 26, 2014

Jun 30, 2014 39:43

Description:

Chris John Riley Demos Android Hacking - Episode 378, Part 2 of 3 - June 26, 2014

Jun 30, 2014 17:29

Description:

Interview with Onapsis - Episode 378, Part 1 of 3 - June 26, 2014

Jun 30, 2014 34:40

Description:

Stories of the Week - Episode 377, Part 3 of 3 - June 19, 2014

Jun 23, 2014 35:44

Description:

Interview with Steve Christy - Episode 377, Part 2 of 3 - June 19, 2014

Jun 23, 2014 41:48

Description:

Interview with Chris Hadnagy - Episode 377, Part 1 of 3 - June 19, 2014

Jun 23, 2014 51:16

Description:

Stories of the Week - Episode 376, Part 3 of 3 - June 5, 2014

Jun 9, 2014 39:33

Description:

Scanning DNS with Nmap - Episode 376, Part 2 of 3 - June 5, 2014

Jun 9, 2014 19:57

Description:

Interview with Michael Ossman - Episode 376, Part 1 of 3 - June 5, 2014

Jun 9, 2014 59:51

Description:

Stories of the Week - Episode 375, Part 2of 2 - May 29, 2014

Jun 2, 2014 48:45

Description:

Interview with Pwnie Expresss - Episode 375, Part 1 of 2 - May 29, 2014

Jun 2, 2014 01:03:08

Description:

Stories of the Week - Episode 374, Part 3 of 3 - May 22, 2014

May 26, 2014 38:37

Description:

Embedded Security - Episode 374, Part 2 of 3 - May 22, 2014

May 26, 2014 30:39

Description:

Interview with OJ Reeves - Episode 374, Part 1 of 3 - May 22, 2014

May 26, 2014 34:29

Description:

Stories of the Week - Episode 373, Part 3 of 3 - May 15, 2014

May 19, 2014 39:14

Description:

Writing Shell Code with Ty Miller - Episode 373, Part 2 of 3 - May 15, 2014

May 19, 2014 25:40

Description:

Interview with James Jardine - Episode 373, Part 1 of 3 - May 15, 2014

May 19, 2014 39:03

Description:

Stories of the Week - Episode 372, Part 3 of 3 - May 8, 2014

May 12, 2014 39:41

Description:

Larry Rocks the Vote with Burp - Episode 372, Part 2 of 3 - May 8, 2014

May 12, 2014 15:15

Description:

Interview with Eddie Mize - Episode 372, Part 1 of 3 - May 8, 2014

May 12, 2014 39:50

Description:

Stories of the Week - Episode 371, Part 3 of 3 - May 1, 2014

May 6, 2014 25:42

Description:

Interview with Ed Skoudis - Episode 371, Part 2 of 3 - May 1, 2014

May 5, 2014 32:48

Description:

Interview with Adam Shostack - Episode 371, Part 1 of 3 - May 1, 2014

May 5, 2014 53:34

Description:

Interview with Rob Fuller - Episode 370, Part 1 - April 17, 2014

Apr 21, 2014 25:26

Description:

Stories of the Week - Episode 370, Part 1 - April 17, 2014

Apr 21, 2014 54:29

Description:

Drunken Security News - Episode 369, Part 2 - April 10, 2014

Apr 14, 2014 51:09

Description:

Interview with Michael Santarcangelo - Episode 369, Part 1 - April 10, 2014

Apr 14, 2014 49:30

Description:

Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.

Drunken Security News - Episode 368, Part 2 - April 3, 2014

Apr 5, 2014 49:54

Description:

Interview with Josh Abraham - Episode 368, Part 1 - April 3, 2014

Apr 5, 2014 35:55

Description:

At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.

Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.

Live from Mid-Atlantic Collegiate Cyber Defense Competition - Episode 367 - March 27, 2014

Apr 1, 2014 01:33:28

Description:

Drunken Security News - Episode 366 - March 20, 2014

Mar 24, 2014 37:48

Description:

Wordpress Defacement: Lessons Learned - Episode 366 - March 20, 2014

Mar 24, 2014 21:33

Description:

On March 14, 2014 the securityweekly.com website was defaced (index.php was modified) by an attacker at approximately 6:30AM EST. We discovered this attack, via Twitter in fact, at 8:00AM that morning. Our web site was restored and operational by 11:00AM that morning, and forensics investigations are continuing.

Interview with Gary McGraw - Episode 366 - March 20, 2014

Mar 24, 2014 39:16

Description:

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

Live from SANS ICS - Episode 365 - March 16, 2014

Mar 24, 2014 01:01:06

Description:

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency.

Michael Assante is an internationally recognized thought leader in cyber security of industrial control systems. Assante held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cyber security standards across the North American electric power industry.

Matthew E. Luallen is a well-respected information professional, researcher, instructor, and author. Mr. Luallen serves as the president and co-founder of CYBATI, a strategic and practical educational and consulting company. CYBATI provides critical infrastructure and control system cybersecurity consulting, education, and awareness.

Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security.

Drunken Security News - Episode 364, Part 3 - March, 6, 2014

Mar 9, 2014 46:09

Description:

Perl Compatible Regular Expressions - Episode 364, Part 2 - March, 6, 2014

Mar 9, 2014 14:11

Description:

In this tech segment we're going to talk about regular expressions in python. We're going to be using perl-style regular expressions, which is usually referenced as "PCRE". PCRE is used in many places outside of Python, such as snort and other IDS signatures, and most places you see regular expressions, it will be PCRE. Regex is a language, but it's far more restricted than a normal programming language.

If you need to perform any complex string search and replace, you're probably going to use regular expressions. As the famous saying goes,
Some people, when confronted with a problem, think “I know, I'll use regular expressions.” Now they have two problems.

So I'm going to teach you how to create some problems for yourself.

I'm going to put the testing strings in the show notes. If you want to play along, you don't need to install python, we're going to use pythex, an online regular expressions tester. I think this is the best way to demonstrate regular expressions without getting too bogged down in the context of code.

Interview with Eve Adams - Episode 364, Part 1 - March, 6, 2014

Mar 9, 2014 46:30

Description:

Eve Adams (@HackerHuntress) is Senior Talent Acquisition Expert at Halock Security Labs, a full-service information security advisory in Schaumburg, IL. Eve leverages her security staffing experience to drive recruitment for both internal Halock roles and client placement. She also spearheads Halock’s social media presence and counts Twitter as one of her most powerful recruiting tools. Eve’s passionate about information security, thinks most recruiters are doing it wrong, and naively believes technology can change the world for the better. In past lives, she has been a writer, translator and reptile specialist, among other things. While she is officially OS-agnostic, Eve usually runs Ubuntu at home.

Hack Naked TV 14-15

Feb 26, 2014 07:51

Description:

FTP Passwords!! They are everywhere!!
http://tinyurl.com/HNTV-FTP-Creds

Chargeware.. It is legal, but it can still get you shot.
http://tinyurl.com/HNTV-EULA

Target breach and the state of phishing:
http://tinyurl.com/HNTV-Target-Email

SANS 560 Orlando April 7th - 12th

http://tinyurl.com/SANS-560-Orlando

Please note the link and the dates in the video are wrong for SANS Orlando.

Drunken Security News - Episode 363, Part 2 - Febuary 20, 2014

Feb 23, 2014 49:53

Description:

Interview with Kat Sweet - Episode 363, Part 1 - Febuary 20, 2014

Feb 23, 2014 26:26

Description:

Kat Sweet is a geek-of-all-trades: maker, musician, ham (call sign K7FTW), and firm advocate of NSFW 3D printing. She presented on the latter, giving a talk titled "The Sensual Side of 3D Printing" at BSidesLV and SkyTalks in 2013. She can be followed on twitter at @TheSweetKat.

Drunken Security News - Episode 362, Part 3 - February 13, 2014

Feb 17, 2014 37:55

Description:

Joff Thyer on Django Static Code Analysis - Episode 362, Part 2 - February 13, 2014

Feb 17, 2014 15:54

Description:

DjangoSCA is a python based Django project source code security auditing system that makes use of the Django framework itself, the Python Abstract Syntax Tree (AST) library, and regular expressions. Django projects are laid out in a directory structure that conforms to a standard form using known classes, and standard file naming such as settings.py, urls.py, views.py, and forms.py.
DjangoSCA is designed for the user to pass the root directory of the Django project as an argument to the program, from which it will recursively descend through the project files and perform source code checks on all python source code, and Django template files.

Interview with Paul Paget from Pwnie Express - Episode 362, Part 1 - February 13, 2014

Feb 17, 2014 31:59

Description:

Paul Paget was appointed CEO of Pwnie Express in August 2013 to help grow it into the leader for testing the security of remote operations. Joining Dave Porcello, the founder, and his outstanding team. The PWN Plug has created a hit and they aim to make it a standard around the world. It radically simplifies and reduces the cost of assessing security, especially in hard to reach out of the way part of an organization such as bank offices, stores and off shore facilities.

Interview with Brian Richardson, Interview with Chris Taylor, Drunken Security News - Episode 361 - February 6, 2014

Feb 11, 2014 01:25:06

Description:

Brian Richardson is a Senior Technical Marketing Engineer with Intel Software and Services Group. After fifteen years of external experience with BIOS and UEFI, Brian joined Intel in 2011 to focus on industry enabling for UEFI. Brian has a Master's Degree in Electrical Engineering from Clemson University, along with five US patents and a variety of seemingly disconnected hobbies involving video production. Brian has presented at Intel Developer Forum, UEFI Plugfest, Windows Ecosystem Summit and WinHEC. Brian can be contacted via twitter at @Intel_Brian and @Intel_UEFI.

Chris has been in IT security since the late 90’s with his first role in network support by monitoring IDS and explaining how hackers were breaking into places and what they did once they were in. He now specializes in intrusion analysis and runs the professional services side of CyTech Services, overseeing the commercial consulting and managed security services.

Plus, the stories of the week!

Drunken Security News - Episode 360, Part 2 - January 30, 2014

Feb 3, 2014 55:03

Description:

Interview with Jared DeMott, Windows Meterpreter's Extended API - Episode 360, Part 1 - January 30, 2014

Feb 3, 2014 46:21

Description:

Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course.

Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. He added support for:
*Interacting with the Clipboard
*Query services
*Window enumeration
*Executing ADSI Queries
We will cover in this Technical Segment the ADSI interface since it gives us a capacity in enterprise environments not available previously in meterpreter other than a module from Meatballs called enum_ad_computers.

802.11 Packet Injection with Scapy, Drunken Security News - Episode 358, Part 2 - January 16, 2014

Jan 27, 2014 01:02:22

Description:

Drunken Security News - Episode 359, Part 2 - January 23, 2014

Jan 27, 2014 40:11

Description:

Interview with James Arlen, Kristian Hermansen on Healthcare.gov - Episode 359, Part 1 - January 23, 2014

Jan 27, 2014 59:32

Description:

Interview with Peter Van Eeckhoutte, Special Guest Joel Yonts - Episode 358, Part 1 - January 16, 2014

Jan 19, 2014 59:21

Description:

Peter Van Eeckhoutte is the founder of Corelan Team, author of exploit writing tutorial series and free tools. He started working in IT and security in 1995, and currently works as a CISO.

Joel Yonts is a seasoned security executive with a passion for information security research. He has over 20 years of diverse Information Technology experience with an emphasis in Information Security. Joel is currently the Chief Information Security Officer for Advanced Auto Parts and maintains a blog at Malicious Streams.com.

Drunken Security News - Episode 357, Part 2 - January 9, 2014

Jan 13, 2014 59:12

Description:

Drunken Security News with Rob, Larry, Jack, and guest host Joff Thyer. Joff is a security researcher for the consulting division of Security Weekly, Black Hills Information Security, and is on to add some Aussie flavor to the podcast. His loves are Beer, Hacking, Math and Wireless.

Interview with Ian Iamit, SANS SIFT with Rob Lee - Episode 357, Part 1 - January 9, 2014

Jan 13, 2014 01:07:52

Description:

Ian Iamit is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.

Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm.

Drunken Security News - Episode 356, Part 2 - December 12, 2013

Dec 15, 2013 47:57

Description:

Security News with Paul, Rob, and Carlos

Interview with Champ Clark - Episode 356, Part 1 - December 12, 2013

Dec 15, 2013 53:38

Description:

Champ Clark, also know as "Da Beave" in some circles, is the CTO of Quadrant Information Security headquartered in Jacksonville, Florida. He is one of the founding members of the VoIP hacking group Telephreakand runs the Deathrow OpenVMS cluster. He has co-authored books published by Syngress Publishing and has been interviewed by various magazines. He has spoken at conferences on topics such as "war dialing" the world with VoIP, exploring X.25 networks around the world, and most recently, real time log analysis with "Sagan", software he developed.

Drunken Security News - Episode 355, Part 2 - December 5, 2013

Dec 12, 2013 47:58

Description:

Drunken Security News

Interview with Jens 'Atom' Steube, ScriptAlert1 with Thomas KacKenzie & Ryan Dewhurst - Episode 355, Part 1 - December 5, 2013

Dec 12, 2013 01:05:20

Description:

Before Jens 'Atom' Steube wrote hashcat, he was a bug hunter for fun, focusing on open source software. After 2005 he only did bug hunting on commercial software and therefore not allowed to disclose product names. In 2010 he started hashcat and since that time it's the only project he's been working on.

Thomas MacKenzie works for NCC Group as a Security Consultant, conducting all different types of security assessments. Ryan Dewhurst works for NCC Group as a Security Consultant, conducting all different types of security assessments. ScriptAlert1.com is a very simple and concise platform to explain Cross-Site Scripting, it's dangers and mitigation. Our aim is for penetration testers to include a link in their pen test reports to the resource and to get it to be the de facto description for semi-technical/tech savvy managers.

Interview with Martin Roesch, Drunken Security News - Episode 354 - November 21, 2013

Nov 24, 2013 01:21:28

Description:

Martin Roesch is the VP and chief architect, Security Business Group at Cisco.A respected authority on intrusion prevention and detection technology and forensics, he is responsible for the technical direction and product development efforts for Sourcefire's commercial and open source product offerings. Roesch, who has nearly 20 years of industry experience in network security and embedded systems engineering, is also the author and lead developer of the Snort® Intrusion Prevention and Detection System (www.snort.org) that forms the foundation for the Sourcefire Next-Generation IPS.

Drunken Security News - Episode 353, Part 2 - November 14, 2013

Nov 16, 2013 52:49

Description:

Drunken Security News

Interview with Kyle "esSOBI" Stone, Deciphering Episode 350's Crypto Challenge - Episode 353, Part 1 - November 14, 2013

Nov 16, 2013 46:02

Description:

Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.

Walkthrough the Episode 350 Crypto Challenge puzzle with Mike Connor, a senior member of the Analysis team at Dell SecureWorks. He is a big supporter of all things Chicago, specifically THOTCON , BsidesChicago, and all of the different Burbsec groups.

Interview with Dan Philpot, Stealing Tokens for Privilege Escalation, Exploit Development with Mona.py - Episode 351 - October 28, 2013

Nov 16, 2013 01:21:42

Description:

Dan Philpott is a Solutions Architect with Natoma Technologies working with Federal customers on cloud computing and federal information security projects. His work focuses on federal information security initiatives including FISMA, cybersecurity, FDCC, USGCB, HSPD-12, risk management and other federal information assurance initiatives. Has worked on federal cloud computing security with the Cloud Security Alliance and has participated in Federal CIO Council cloud and FedRAMP efforts. Founder of FISMApedia.org, information security instructor with Potomac Forum and co-author of "FISMA and the Risk Management Framework" from Syngress. He is fully buzzword compliant and an owner of the coveted Application Security Specialist baseball cap, known in security circles as the ASS hat.

Interview with Winn Schwartau, Preserving Security Research w/ The Calvary - Episode 352 - November 7, 2013

Nov 10, 2013 01:23:45

Description:

Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He is well known for his appearances at DEFCON as the host for the game Hacker Jeopardy.

Somebody's Watching: The Future of Privacy - Episode 350, Part 6 - October 25, 2013

Nov 4, 2013 58:41

Description:

Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a World War II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.

Dan Auerbach is a Staff Technologist who is passionate about defending civil liberties and encouraging government transparency. Dan works on EFF's various technical projects and helps lawyers, activists, and the public understand important technologies that might threaten the privacy or security of users.

Corey Thuen is co-founder of Southfork Security, a security services company specializing in ICS. Corey recently found out first-hand how fragile privacy can be when a large corporation decides to sue you over your open source software.

Military Veterans in Information Security - Episode 350, Part 5 - October 25, 2013

Nov 3, 2013 41:26

Description:

Nik Seetharaman is a consultant for a government client in the DC area. He spent 11 years in the United States Air Force where he served in the intelligence and joint special operations communities.

Nate Kenyon (@L2Nate) spent 5 years in the Marine Corps doing everything from pulling cable to configuring routers and switches. After leaving the USMC he worked for several defense contractors working with the US Navy and Defense Logistics Agency doing firewall, IPS and network configurations. He currently works for a large corporation working on wired and wireless intrusion detection systems and security product evaluations.

Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle).

Dave Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. He also holds the World Record for most hugs given at a conference and is founder and principal security consultant of TrustedSec - An information security consulting firm located in Cleveland Ohio.

RazorEQX is a A CEH, OSCP certified Security professional with over 25 years’ experience and a proven leadership track record. Experience in most aspects of Information Technology, in a wide range of industries and disciplines; specializing in in-depth Malware, intelligence collaboration the past 4 years.

Sno0ose (@Sno0ose) served as Combat medic for a combat aviation unit. Was wounded overseas during a 1 year tour of duty. Now a consultant with focus on incident response, vulnerability assessment, reverse-engineering malware, and penetration testing. Co-host of Grumpysec, and lead coordinator of BSidesMSP.

Interview with Jayson Street, Interview with Kevin Finisterre - Episode 350, Part 4 - October 25, 2013

Nov 3, 2013 56:23

Description:

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street.” He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;)

Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.

Java Whitelisting, Honeynet Project, HTTP Comments Displayer - Episode 350, Part 3 - October 25, 2013

Nov 2, 2013 42:11

Description:

As with most sizable organizations it is near impossible to uninstall or completely disable Java which sent us on a hunt for a feasible way to contain Java based attacks. What we came up with was restricting it to run only in trusted zones. This worked for APPLET tags when encountered in IE.

What this does is block any applet from running if it is not part of a trusted internet zone. First thing is to identify all the internal trusted zones and add them. Next allow the user to trust their own zones. Most of the time it seemed they knew when there was an applet they wanted to run.

The Honeynet Project is a lnon-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.

Why would use use HTTP Comments displayer? This nmap script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within these comments. While this does not necessarily represent a breach in security, this information can be leveraged by an attacker for exploitation.

SCADA: Attack & Defense: Securing Critical Infrastructure - Episode 350, Part 2 - October 25, 2013

Nov 1, 2013 52:54

Description:

SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing.

Joel Langill is the SCADAhacker. His expertise was developed over nearly 30 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.

Dale Peterson is the founder and CEO of Digital Bond, a control system consulting and research practice. He performed his first SCADA assessment in 2000, and Dale is the program chair for the S4 conference every January in Miami Beach.

Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as Partner and Managing Principal of the Anfield Group.

Support Wounded Warriors, Active Defense: Taking The Fight To Attackers: Should We? - Episode 350, Part 1 - October 25, 2013

Oct 31, 2013 01:16:44

Description:

Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!

Active Defense: Taking The Fight To Attackers: Should We?

We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?

Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer.

Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.

Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group.

Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.

HP Protect Interviews - Episode 349 - October 17, 2013

Oct 22, 2013 50:06

Description:

As the Security Weekly crew gears up for the Episode 350 marathon for our charity Wings for Warriors next week on October 25th, enjoy this episode featuring pre-recorded interviews from HP Protect.

Heather Mahalik on Smartphone Forensics Course, Drunken Security News - Episode 348 - October 10, 2013

Oct 17, 2013 01:02:22

Description:

This segment was broken in two parts as the technical segment with Heather Mahalik happened in the middle of it. Heather is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.

Ok, on to the stories of the week with Paul, Larry, Allison and Jack. What'd you do this summer? Disney? Six Flags? Big Data Land? After much chatter in the Twittersphere (logged here by Space Rogue) last week, Jack brings up the "Popping Penguins" article from Forbes. The article talks about this super vulnerable program that is going to be the downfall of Linux. It's called bash. Would you believe you can use bash to start a listener on your machine and then send some commands over telnet to have someone else's machine connect back to you? Uh oh. Also, beware of another application, one that runs from the desktop that lets you connect to other computers and pull down files from a machine you don't own. Yeah, that one's called a browser. Sounds equally dangerous, no? Should we uninstall bash as a security measure?

Larry threw out there an article on 5 WiFi security myths to abandon. But Larry mentioned that some of these might not actually be very new. Things like don't hide SSID as some newer systems will see them anyway and digging deeper to find the SSID isn't that hard. Plus, if its owner took the steps to hide it, wouldn't that pique your interest that there may be something good running there? Sending out a weak signal may sound like a good idea as if someone can't reach it, they can't connect to it, right? But all that does is annoys its intended users and if someone really wants to get on the network, they'll simply use an antenna. The article ends with the non-myth that if you truly want WiFi security, make sure you use good encryption and a strong password. Simple, eh?

Jack was looking forward to going on a good patch rant. He and Paul have done webinars about really stretching things and getting your patch cycle down to five days from the day of release. Jack said during the good old days, he'd challenge himself to getting his systems patched within 72 hours. Patch Tuesday was to be completed by Friday. In this article by Dr. Anton Chuvakin, he does indicate how it would be good for some big corporations to get their patch cycle down from 90 days to 30 days, but then argues if the bad guys only need 3, then what's the point of all that effort? Jack's feeling is that even the 30 days should be enough in many cases, but it's often politics and other "can't do" attitudes that prevent it from happening. Why is that? Get those patches in place people!

One quick note on a tangent the team went off on. In their experience as pentesters, Larry and Paul mention that all to often the way they end up pwning a system is through some machine that no one knew was running, with services that no one knew were running, with an account that no one knows why it still exists. Do you have a good inventory of where your data is? What machines are in your data center? What services and accounts are on each? If those are gold to a pentester, who has to respect a customer's defined scope, guess what a malicious user is going to do to your network.

Paul's looking for advice on what new phone he should get? Android? iPhone? What say you? Tweet him up with your suggestion at @securityweekly.

Remember that Yahoo bug bounty program? $12.50 credit toward the Yahoo store? A little update from the rants and ridicule from last week, it was actually one guy , Ramses Martinez, Director, Yahoo Paranoids, who was very appreciative of people reporting bugs and was paying them out of pocket. He would send researchers a Yahoo tshirt but would then find out the recipient already had multiple Yahoo shirts. Martinez's idea then was to give the reporter a credit in the Yahoo store matching the value of the shirt, our of his own pocket. Since the uproar, Yahoo has installed its own bug bounty program and Martinez is no longer paying for the reports himself. Good on ya, Yahoo and even better, thank you Ramses Martinez for caring about security.

Speaking of bug bounties, Google has started a bug bounty program for open source software. Repeat that, it's not just Google software that they're paying bounties for, it's software that there really is no organization behind and normally count on volunteers to fix things. Now Google is putting their money behind that effort. As Allison mentions, there hasn't ever been any motivation for anyone to report bugs and now there is.

estrada-sm.jpgPaunch, the alleged author of the Blackhole exploit kit was arrested in Russia last week. Or at least we think so. Some unconfirmed reports have indicated this and Blackhole has not been updated since this time. Or maybe the guy just decided to take an extended vacation and threw the story out there himself. Either way, it might be time for Evil Bob to find a new exploit kit. (Note: Erik Estrada is not "Paunch", he's Ponch, as in Frank Poncharello)

Microsoft has a new disk cleanup where it removes all the old and outdated updates. Jack gained more than 6 GB of space after running the cleanup but a word of caution, it take a concerning long time for the next reboot. You might think you killed your computer but no, it really does take that long.

Check out "Tails" a security and privacy distribution and let us know what you think. Is it good? What makes it a better choice than some others? Though the number of security updates in recent versions is a little concerning. Yeah, I get it that it's good that security holes are fixed and that it's to software that the distro is including. But it's just a little concerning when you pitch it as being for security and privacy yet there are piles of security updates. It makes me wonder just how secure it is and whether it's any better than a secure version of your favorite distribution anyway. But you can certainly let me know and I'll post some comments from you in upcoming week. Tweet me at @plaverty9

There was also some discussion on iOS7 image identification, Larry has a colleague at Inguardians who wrote up an intro to using rfcat and Jack suggests taking a deeper look for yourself before jumping into the patch for MS13-81 and whether your system needs it. If it does, test thoroughly. It's got some deep stuff on it.

Interview with Thierry Zoller - Episode 348 - October 10, 2013

Oct 17, 2013 44:39

Description:

Thierry has 14 years experience in information security, designing resistant architectures and systems, managing development and information security teams, ISM policies and high profile penetration tests. Thierry has a security blog over at blog.zoller.lu . Thierry is currently now working as a Practice Lead for Threat and Vulnerability Management at Verizon Business.

Drunken Security "News" - Episode 347 - October 3, 2013

Oct 6, 2013 44:03

Description:

Drunken Security "News"

Jamie Filson on gitDigger, Jared DeMott on C/C++ Auditing - Episode 347 - October 3, 2013

Oct 6, 2013 49:15

Description:

Jaime "WiK" Filson enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village.

Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.

Drunken Security News - Episode 346 - September 19, 2013

Sep 25, 2013 39:23

Description:

Drunken Security News

Interview w/ Vivek Ramachandran - Episode 346 - September 19, 2013

Sep 25, 2013 50:41

Description:

Vivek Ramachandran is a world renowned security researcher and evangelist. His expertise includes computer and network security, exploit research, wireless security, computer forensics, embedded systems security, compliance and e-Governance. He is the founder of Security Tube and Pentester Academy.

PFCLObfuscate, DerbyCon, Drunken Security News - Episode 345 - September 12, 2013

Sep 15, 2013 49:09

Description:

Pete Finnigan works as an independant Oracle security consultant for his own company PeteFinnigan.com Limited . Pete specialises in performing detailed Oracle security IT Health checks against Oracle databases using a detailed methodology developed by Pete from many years of experience in securing databases.

We've got a good one for you this week. Paul and Jack were in studio we were treated with a visit from the DerbyCon organizers. Dave "Rel1k" Kennedy, Adrian "Irongeek" Crenshaw, Martin "PureHate_" Bos and Nick "Nick8ch" Hitchcock. Derby is one of those cons that that sells out within minutes or less, so they're surely not here to sell tickets for the September 25-29th even in Louisville, Kentucky. Listen to find out all the great things they have in store for this year's event. They've expanded with six tracks this year, two nights of big events and will have The Crystal Method playing on Saturday night! Dave also mentioned that his choice of Weird Al Yankovic got vetoed, but if I had any kind of vote, I'd love to see Al. In addition to some of the best talks on the planet, you'll see some games such as "Are You Smarter Than a CISSP?" and "Whose Slide Is It Anyway?" One of the other great things about DerbyCon is they make many, if not all of the videos available for people to view, in near real time, thanks to the kickass video guy Adrian.

Then on to the stories. Talking with the Derby guys is always so much fun, and with the weekly Stogie Geeks podcast immediately after, there wasn't much time left for stories. Paul and Jack got into Marissa Mayer not locking her iPhone and people trying to board commercial aircraft with hand grenades. Yeah. According to the article, TSA found 83 people with hand grenades in either their carry-on or checked luggage. But when we dig a little deeper in the article, we see those 83 also included "The majority of these grenades were inert, replica, or novelty items". The basically took away toys. I guess that sounds silly at first until you figure the hassle someone could cause by pulling out a toy but real-looking grenade mid-flight. Who's going to confirm that it's just a toy? It'd make for one heckuva stressful flight. So leave your grenades at home.

The only other story the guys talked about was Yahoo! CEO Marissa Mayer and how she avoids the hassle of locking her iPhone with a passcode. The article is an interesting one where one side wonders why she takes mobile security so casually? If hers fell into the wrong hands, first imagine the phishing that someone could pull off. But also what kind of trove of data is available on there from upcoming plans at Yahoo! (a publicly traded company) to private email conversations with other executives at the company. But then the other side wonders if the security advice for Mayer has the same level of appropriateness as for an average user. Maybe Mayer takes better physical precautions with her iPhone than a typical 16 year old high school student. Is her point valid that the extra step of entering a passcode isn't worth the ease of getting into her device many times a day to conduct business? Seems like an interesting question at least.

Interview with Rich Mogull - Episode 345 - September 12, 2013

Sep 15, 2013 50:32

Description:

Rich has twenty years experience in information security, physical security, and risk management. He is the founder of Securosis and specializes in data security, application security, emerging security technologies, and security management.

Active Defense with Honey Badger, Drunken Security News - Episode 344 - September 5, 2013

Sep 9, 2013 50:36

Description:

Have you heard of those scam phone calls from "Windows" where the person on the other end of the phone claims to know there's a problem with your computer ("Is it running more slowly lately?") and they even have you test it out by running some commands and referring to common files as viruses. Then they're so friendly that if you simply go to their web site and download a couple files, they'll clean it all up for you. Maybe one of the worst people they could possibly call would be the head guy at Black Hills Information Security, John Strand. Yep, and John was only too happy to give them just enough rope to hang themselves. Listen along for how John was also able to irritate the scammers.

Then we tried to get going on the stories of the week and were off to a great start but very quickly got derailed with a story from Australia. Apparently the Australian government is looking to put a filter on the internet in their country that would completely block all perceived porn sites. If someone wants to be able to access porn web sites from inside Australia, they'd need to "opt out" of the filter by simply contacting the government. What could possibly go wrong with this idea? I'm certain that there wouldn't be any privacy issues whatsoever. Additionally, wasn't the internet basically invented for the purpose of porn consumption? Ok, back to the rest of the stories discussed.

Remember a few weeks ago when we talked about a scumbag who intruded upon a family through their baby monitor and was able to shout at the baby and parents through the monitor. Well, the Federal Trade Commission (FTC) has slapped down a manufacturer of different brand of baby monitor and said they may no longer market their product as being "secure" until they fix these flaws. The flaws being that they say the feeds are private while anyone can view them on the internet at least in part because the authentication from the internet is clear-text and needs to be encrypted. Here we are already seeing where it seems like a great idea for manufacturers to internetify their product but don't completely understand all aspects of that or at least don't understand basic security needs. I don't know which is the chicken and which is the egg yet, but with the promise of IPv6, we're going to eventually see just about everything we own trying to have some sort of presence on the internet and these basic security precautions will need to be met.

Allison alerted us to the fact that Burp Suite got an upgrade this week. I'm constantly amazed at how much Burp can do especially when you consider the $300 price. Sure, there's also ZAP available from OWASP for even cheaper (free) but I think Burp is one of those tools that just about everyone uses because of its awesomeness. If I had to pick out just one of the new features, I'd mention the "Plug 'n Hack". According to Portswigger: "This enables faster configuration of the browser to work with Burp, by automatically configuring the browser to use Burp as its proxy, and installing Burp's CA certificate in the browser."

We also found out more details this week about another trojan called FinFisher by Gamma. The existence of FinFisher had been previously revealed but in a presentation by Mikko Hypponen, he talked about some of the things that the tool can do, including cracking WPA1 and WPA2, decrypting common email sites and even copying over a whole drive encrypted with TrueCrypt via a USB stick. Reportedly, the tool had only been available to governments in order to conduct their own national intelligence, but by now there's no way of knowing whether this has slipped out into the wild and in the hands of just anyone.

At Black Hat this year, Mike Shema from Qualys talked about a new way to possibly prevent CSRF. As we've seen in the past, the only way to reliably prevent the attack is to place a token in the action and have the server validate that token. This requires that the developer of the application understand CSRF and understand an API for creating the token, and to also implement it properly. If you're in the training or penetration testing business, this sounds like a great thing for job security. However there are millions of developers worldwide and training all of them may take a while. Heck, look at how prevalent much simpler attacks like SQL injection and Cross Site Scripting are. Do we really think that we'll be able to "train away" CSRF? This is where Shema has the idea of "Session Origin Security" and put the token in the browser. Now instead of training millions of developers, we simply get about five browser developers to jump on board. But the gang was a little skeptical about other plugins to work around this as well as breaking valid sessions and backward compatibility. We also wondered whether it may make more sense to allow the browser to choose whether it wants the CSRF protection and turn it on by default and let the user turn it off if there's a good reason to. These all seem to be questions that Shema and his team are looking into.

Jack told us about a post from Gunnar Peterson and the "Five Guys Burgers Method of Security". I don't think it means where it's so good for the first ten minutes and then you feel like crap about it for the next few hours. It's the idea that when you go to a Five Guys (and if you haven't yet, you should) they have two things, burgers and fries. They do these two things exceptionally well. They haven't morphed into also being a chicken place, and a fish place and a milkshake place and a coffee place and then letting the overall quality slip. They are focused on doing their two things and doing them extremely well. And I wondered if this is where so many in the security industry get frustrated and eventually burned out. As John brought up, the frustration often comes when there is so much compliance and documentation required, which yeah, I can see that as well. Who likes checking boxes and meeting with guys in ties to explain how you meet the PII, PCI, SOX and whatever other acronyms? I also wonder if there's also frustration in that we're hired to be "the security person" and we have areas that we're good at and enjoy. Whether that's network security, mobile security, web security or whichever. But due to budgets and many other reasons, we are expected to be experts in all areas, much unlike Five Guys. The Five Guys philosophy is if you want a great chicken sandwich, go to a chicken place. If you want a great milkshake, go to a milkshake joint. However in our jobs, we are the burgers and fries and chicken and fish and milkshakes and we're expected to be perfect at all of them. Anyway, it's an interesting take.

Do you have a Web site? No? Ok, then you're probably safe. Robert "Rsnake" Hansen put together an infographic about all the different things that you need to worry about today when securing your web site. It started out as a joke but then got a bit too close to reality and finally just got head-shakingly scary.

Finally, if you haven't already, check to see if your web site is "locked." Simply do a whois on your site and see if you have at a minimum a status of "ClientTransferProhibited." Some have said the recent NY Times hack was able to happen because the domain was not locked and the Syrian Electronic Army (SEA) was able to get the DNS credentials from someone and then change the DNS records to their own server. But if your DNS is locked, it'll take a bit more work to make the updates. Your registrar will go through additional validation steps before the DNS records are updated. This is likely enough that if someone is looking to hijack web sites, they'll realize yours isn't worth the both and move on to an easier target. With Congress possibly authorizing an attack on Syria and with the twelfth anniversary of the September 11, 2001 attacks upcoming, it would not be surprising to see another round of attacks on web infrastructure. So take this very easy step and protect your site.

Interview with Richard Stiennon - Episode 344 - September 5, 2013

Sep 9, 2013 46:22

Description:

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He relaunched the security blog ThreatChaos.com and is the founder of IT-Harvest.

Enumerating a Domain Using ASDI in PowerShell, Drunken Security News - Episode 343 - August 29, 2013

Sep 7, 2013 55:30

Description:

Carlos Perez is also known as @DarkOperator, He spends his time reverse engineering, and practicing PowerShell Kung-Fu. Known by his motto "Shell is only the Beginning".

The show was missing its usual sunshine and unicorns as Jack was unable to attend the show but fear not, Paul and Larry took us all through the stories of the week!

First, Larry found an article telling us why we should never trust geolocation values. The article talks about how the major geolocators (Google and Apple) will keep a database of where wifi hotspots exist and their mapping systems use these known values. But what if one of those "known values" moves? What if a hotspot that was in downtown Providence gets moved to Paris? We'd probably have another person drive their car into the ocean! But the part that Larry is talking about that he'd like to get is actually the reverse. Rather than knowing where the hotspots are and get an address back, have a way to submit the address and get a list of known hotspots in the area.

Stop us if you've heard this one before...there's a Java 0-day in the wild. Well, at least this one was for Java 6. Worried about how to remedy this? Wondering when the patch will be released? Well, it kind of has, it's called "upgrade to Java 7" which then throws a gray area into the whole "it's a 0-day" thing.

Ok, so here is the reason that we listen to the stories of the week. The experience that Paul and Larry have in the business is priceless in itself so when a story can spin off into an interesting story from the field, it's worth *at least* what you pay for the show. Paul tells us about WebAntix, a shell script that someone wrote that uses a Nessus NBE to take a list of URLs and go take a screenshot of each site and create a web site with those screenshots. Really useful on a pentest, right? Paul also mentions how Tim (@LaNMaSteR53) had written something similar called Peeping Tom. But what got spurred on here is Larry's story about a pentest that he was on. He was using a tool to spider through the client's site and realizing it was going to take a while, he went to lunch. In the meantime, the tool hit a page that it couldn't authenticate into. The tool didn't know when to quit and it would continue to try the page, failing each time. With each failure, a new log entry was created. However the company had a log watcher that would send an email to many people on each individual failed auth. 1.2 million emails later, the Exchange server was dead.

There's also this BYOD thing. Employers are wrestling with this problem in how they deal with employees bringing in their own laptops, mobile devices, tablets and who knows what else. Paul talks about how back in the days when Jack was probably only middle-aged, you could go to work at a place like IBM and they'd supply you with a far more expensive, far more powerful machine than you could probably afford on your own. So you almost looked forward to going to work just to use this souped up computer. Here lies the BYOD problem for businesses. On one hand, they can save money knowing that people have all this stuff on their own and they're going to use it so there's no longer a need to buy them the latest and greatest super strong computer. But, can that also be used in the reverse? What if a business wants to fight the whole BYOD thing by putting people back on super strong machines to where they won't even want to bring their own in anymore? It may be an interesting thought, but it really isn't going to keep the leakiest of machines out of the office, also known as the mobile phone.

How about if you ever need to get sudo on a Mac OSX machine and don't have the password? As long as someone has ever successfully done a sudo on the machine, you can simply do a sudo -k in the Terminal window, set the date back to the epoch and voila, you now have sudo on that machine. Or simply use Dave Kennedy's python script to do it all for you. Ok, this is one where I have to tell a story of my own. One time in a job, someone emailed me about how to get elevated privileges on a machine and I wrote back in email that he should go ask the system admin team for sudo access. Well, apparently he thought I was an idiot or didn't know how to spell or something because he promptly wrote to the unix administrator and said that I suggested he ask for some kind of "pseudo-access" to the box. Much laughter ensued.

What good would it be if I simply recap the whole show for you. Of course we want you to listen, so let's go quick with a few more. You can use an unauthenticated API to access some functions and interact with a Tesla automobile. The Register is telling us that the Poison Ivy RAT is the AK-47 of attacks. Learn to break Android apps with tutorials and sample sites for learning! An ISP was caught tracking mouse clicks! The horrors! Well, they were tracking where users were clicking on their support page. I can at least see the defense here. They wanted to know how effective their support page was and whether people were able to quickly and easily find the right answers, and where they were clicking around on the screen, hopefully in an attempt to make it more efficient. At least that's the story I'd believe.

Interview with Matt from BruCON, Inerview with Ira Winkler - Episode 343 - August 29, 2013

Sep 7, 2013 47:21

Description:

Matt is a long time volunteer of BruCON and is going to let us know all the great things in store for 2013.

Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally, and has been named a "Modern Day James Bond" by the media.

Exploiting Embedded Systems, Drunken Security News - Episode 342 - August 22, 2013

Aug 25, 2013 01:01:54

Description:

Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before embracing a lifestyle of ripped jeans and untucked shirts, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.

Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster.

Interview with Phil "Soldier of Fortran" Young - Episode 342 - August 22, 2013

Aug 25, 2013 46:38

Description:

Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.

Denying Service to DDoS Protection Services, Drunken Security News - Episode 341 - August 16, 2013

Aug 21, 2013 01:00:21

Description:

After her presentation at Black Hat 2013, Allison is back in studio and will do a tech segment titled "Denying Service to DDOS Protection Services"

Are you not keeping your firmware up to date? Any chance that you're setting yourself up to be hit by the HP Integrated Lights-Out authentication bypass? If you're not going to be diligent about updating firmware and must have these things on the internet, then as Paul says, firewall the hell out of it and keep it away from the rest of your network.

Using a new scanning interface from Paul and Jack's employer, Tenable, you're able to see if your desktop software is out of date. Everyone's browser seemed to need updates and as we learned with some help from Carlos, you even need to update your pooty (PuTTY).

One of the many good lessons that can be gained from watching Security Weekly is "Don't screw with people's kids." Let's go one step further and say it's probably in poor form to call some random stranger's two year old a "slut". Larry and Paul tell us about a story where one of those baby monitor camera systems was "hacked" because it was on the internet and using the default (ie. no password) password. So someone was able to log in to the camera and shout expletives through the speakers, at the sleeping child and eventually at the parents. Ok, first as Jack already mentioned, don't screw with people's kids. Second, as Larry mentioned, why put this thing on the internet? Third, if you are going to put it on the internet, make it easier or more obvious that a default password needs to be changed. Or finally, as Jack mentions, it might be a little harder to support, but go with a handful of default passwords and put a sticker on the system to let people know what it is. That's a whole lot better than no password when this thing goes on the internet.

Leave it to Expert Steve to start a fire right in the Security Weekly studios.

Rob Graham over at Erratasec gives a nice behind-the-scenes account of the Blaster worm as it was already 10 years ago that the outbreak first happened. Rob talks about how he found out about the possibility, was soundly mocked even in his own company about the upcoming outbreak and even how he launched his own bloodless coup in his company. He simply told the CEO that a major problem was coming, that he knew how to fix it and he was taking over immediately. In spite of much preparation for a big fight, the CEO simply said "ok" and Rob was off and running. While it only took his in-house developers to create an exploit for the vulnerability, it took much longer than expected for it to be seen in the wild. It was eventually first seen on August 11, 2003. And Rob was vindicated.

So the Transcend SD WiFi Card is completely vulnerable to all kinds of bad things. The tiny little card runs Linux and even has netcat installed! There's a web server on there where you can upload more fun scripts that let you do all kinds of things you shouldn't be able to. Things like see the user's password in the web page source code or remote file includes. But to leave netcat installed and leave open the ability to get a shell on an SD card? As Larry asks "The smaller the device, the less attention that is paid to security??"

While out at Black Hat, Allison got to play with the Hot Plug. No no, in spite of the name this is not some kind of sex toy. Instead, it's a great device that allows you to remove the power plug from a wall socket but still leave the device powered on. According to Allison, it's a male-to-male plug where you just slightly remove the plug from the socket, connect the Hot Plug and then remove the plug from the socket.

There are more discussions and articles but finally, Paul brought up this Dark Reading article by Maxim Weinstein called The More Things Change. This article goes into how many millions of malware variants we've seen through the years, but in the end, all of these hacks require at least one of three things: "exploiting a vulnerability, compromising user credentials, and/or tricking the user." The real question is how we fix these?

Ok, one more. There's an add-on to the Leap Motion device where you can simply use hand (or other) gestures to log in to your Windows machine. Oh so many ways that we could log in...

There are all these stories and more this week on the Security Weekly Drunken Security News!

Interview with Dr. Whitfield Diffie - Episode 341 - August 16, 2013

Aug 21, 2013 50:08

Description:

Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption"

Drunken Security News - Episode 340 - August 8, 2013

Aug 10, 2013 01:05:53

Description:

Drunken Security News

HoneyPorts Automated Blocking, Threat Analytics w/ Ty Miller - Episode 340 - August 8, 2013

Aug 10, 2013 51:12

Description:

If you've seen one of mine, or John Strand's, presentations on offensive countermeasures, you know about Honeyports. If you've taken our class or read our book, you've seen this too! Just to recap:

If you tell your host to listen for connections on a port, and make certain the client is making a full TCP connection, you can "shun" or block the remote IP address. A Honeyport is a port that nothing should be listening on. When something, or someone, makes a connection to this port, you create and implement a local firewall rule on the host to block that IP address.

Previously we had shell scripts and a Windows command to make this happen. I wanted to extend this functionality, but quickly ran into limitations. So, I decided to write a Python script to implement this on all 3 platforms.

Ty Miller is CEO and Founder of Threat Intelligence , has had many TV appearances, radio interviews, print newspaper and magazine articles, and regular online commentary & BlackHat Trainings. Ty Miller's experience not only covers penetration testing, it also expands into regulations like PCI, developing and running industry benchmark accreditations, performing forensic investigations, as well as creating and executing security training ranging from introductory security through to highly advanced security concepts and skillsets. Today he is here to do a tech segment on his product Threat Analytics.

OSWAP Top 10 with Dave Wichers, Drunken Security News - Episode 339 - July 18, 2013

Jul 20, 2013 01:04:52

Description:

The OWASP Top Ten is an awareness document for web application security, representing broad consensus about the most critical web application security risks as determined by the OWASP community. The OWASP Top 10 is one of the earliest and longest running OWASP projects, first published in 2003, and updates have been produced in 2004, 2007, 2010, and now 2013.

Interview with Troy Hunt - Episode 339 - July 18, 2013

Jul 20, 2013 01:01:12

Description:

Troy Hunt is a Software architect and Microsoft MVP, you'll usually find him writing about security concepts and process improvement in software delivery on his blog. He also has a free e-book out "OWASP Top 10 for .NET developers"

Interview with Team Onapsis, Schuyler Towne on X-Locks Project, Drunken Security News - Episode 338 - July 11, 2013

Jul 15, 2013 01:49:36

Description:

Selena Proctor, Alex Horan and Mariano Nunez join us from Onapsis.

Schuyler Towne is on a mission to recover as much information as possible about the lock-related patents that were lost to the patent office fire of 1836. His primary interest is in the history and the story of the creators of the lost locks, but his goal is to conduct all of the research in public, using Zotero, so everyone can follow along and those particularly inclined can even participate. That rough research will remain available indefinitely, but he will go on to curate and organize the work for publication on the website. Depending on what we recover we could potentially restore entire patents to the patent record, or 3D print working locks based on their drawings. We could solve a mystery, or rewrite history.

Interview with Matt Bergin, Kati Rodzon & Mike Murray's Social Engineering War Stories, Drunken Security News - Episode 337 - July 4, 2013

Jul 13, 2013 01:22:39

Description:

Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client's network environments. Before joining CORE, Matt became well recognized in the industry through his activities in the US Cyber Challenge and publications of vulnerability research such as his discovery of the Microsoft IIS 7.5 FTP Heap Overflow.

Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last nine years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in reinforcement can drastically change individual behavior, Kati has spent the better part of a decade learning how humans work and now applies that to security awareness.

Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization.

Liam Randall & Seth Hall on Bro IDS, Drunken Security News - Episode 336 - June 20, 2013

Jun 23, 2013 01:02:10

Description:

Bro is a passive, open-source network traffic analyzer and was originally developed by Vern Paxson, who continues to lead the project now jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL. Liam Randall and Seth Hall are on to give us additional insight into how Bro IDS is used.

Interview with Pete Lindstrom from Spire Security - Episode 336 - June 20, 2013

Jun 23, 2013 46:04

Description:

Pete Lindstrom is Principal and Vice President of Research for Spire Security, an industry analyst firm providing analysis and research in the information security field. Pete operated as the deputy to the Chief Information Security Officer for Wyeth Pharmaceuticals and honed his finance and technology skills in the United States Marine Corps where he was one of two disbursing officers in theater during the First Gulf War.

Interview with Bill Stearns, Phil Hagen on logstash - Episode 335 - June 13, 2013

Jun 18, 2013 59:44

Description:

Security Weekly #335 (Part 2)
Interview: Bill Stearns
Tech Segment: Phil Hagen on logstash

Dave Kennedy on Bypassing AV, CycleOverride with JP Bourget & Bruce Potter - Episode 335 - June 13, 2013

Jun 18, 2013 43:28

Description:

Security Weekly 335 (Part 1)
Special Segment with Dave "Rel1k" Kennedy: Connecting the Dots on Bypassing AV
CycleOverride with JP Bourget and Bruce Potter

Andy Ellis, Software Restriction Policies, Drunken Security News - Episode 334 - June 6, 2013

Jun 11, 2013 01:28:13

Description:

Andy Ellis is Akamai's Chief Security Officer, responsible for overseeing the security architecture and compliance of the company's massive, globally distributed network. He is the designer and patentholder of Akamai's SSL acceleration network, as well as several of the critical technologies underpinning the company's Kona Security Solutions.

Greg is an Intern with Security Weekly and a Senior Security Engineer for a financial services firm. Greg specializes in Vulnerability management, penetration testing and security architecture. He's on tonight to cover his blog post on Windows Software Restriction Policies.

Chris Tuncer on Veil, Drunken Security News - Episode 333 - May 30, 2013

Jun 4, 2013

Description:

Chris Truncer is a Penetration Tester at Veris Group where he performs a variety of assessments for Federal and commercial customers. Currently Chris is supporting DHS and their development of a operational Penetration Testing team to support civilian government agencies. He currently helps to develop the overall program while also leading pen testing teams for other customers. His specialties include wireless network assessments and network level penetration testing. Recently, Chris became interested AV evasion methods, which led to the development of Veil.

Interview with Gunnar Peterson - Episode 333 - May 30, 2013

Jun 4, 2013 57:18

Description:

Gunnar Peterson does security consulting, training and research on Identity and Access Management, Cloud, Mobile and software security. He is a Microsoft MVP for Application security, an IANS Research Faculty member, and a Securosis Contributing Analyst. He maintains a popular information security blog at http://1raindrop.typepad.com.

333 Part 2

Jun 4, 2013 51:00

Description:

Tim Conway, Drunken Security News - Episode 332 - May 16, 2013

May 21, 2013 59:44

Description:

Tim Conway is the Technical Director of the Industrial Control Systems and SCADA programs at SANS, where he is responsible for developing, reviewing, and implementing technical components of the ICS and SCADA product offerings. Tim was formerly the Director of Compliance and Operations Technology at the Northern Indiana Public Service Company (NIPSCO).

Interview with Brian Snow - Episode 332 - May 16, 2013

May 21, 2013 01:05:40

Description:

Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA's Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.

Kurt Baumgartner, Drunken Security News - Episode 331 - May 9, 2013

May 13, 2013 59:21

Description:

Kurt Baumgartner of Kaspersky Labs joins us to talk about Red October, a research paper that he co-authored, along with the other areas that he works on at Kaspersky.

It's time for another Drunken Security News. Much of the gang was on the road this week so Patrick Laverty sat in with Paul and Engineer Steve for the show, plus Jack's epic beard called in via Skype from lovely Maryland.

First, Paul admitted it was a stretch to bring this into a security context but he wanted to talk about an article that he found in The Economist (via Bruce Schneier) about one theory that if the US would simply be nicer to terrorists, release them from Guantanamo Bay, Cuba and stop hunting them down around the world, that they would in turn be nicer to us. Also, fewer would pop up around the world. The thinking is that jailing and killing them turns others into terrorists. So here's the leap. Can the same be said for black hat hackers? If law enforcement agencies stop prosecuting the hackers, will they be nicer and will there be fewer of them? I think we all came to the same conclusion. "Nah."

Paul also found an Adam Shostack article about how attention to the tiniest details can be important to the largest degree. The example given was the vulnerability to the Death Star in the original Star Wars movie was so small and the chances of it being exploited were so remote that the Empire overlooked it, Grand Moff Tarkin even showing his arrogance shortly before his own demise. The same can be said for our systems. It might be a tiny hole and maybe you think that no one would look for it and even if they do, what are the chances they both find it and exploit it? In some cases, it can have quite dire consequences. The Empire overlooked a small vulnerability that they shouldn't have. Are you doing the same with your systems?

Did we happen to mention that Security BSides Boston is May 18 at Microsoft NERD in Cambridge, MA and Security BSides Rhode Island is June 14th and 15th in Providence, RI. Good seats and good conference swag are still available. We all hope to see you there!

The Onion's Twitter account was breached by the Syrian Electronic Army and they handled it a way that only The Onion can, making light of both themselves and the SEA. Additionally, possibly for the first time ever, The Onion published a non-parody post about exactly how the breach occurred.

Additionally, the National Republican Congressional Committee (NRCC) web site got spam hacked/defaced with Viagra ads. The only thing we were wondering is, are we sure it was hacked and not just a convenient online pharmacy for their members?

A new whitepaper was released from MIT talking about "Honeywords". The problem being solved here is creating a way for server admins to know sooner when a passwords file has been breached on a server. In addition to the correct password, this new system would add a bunch of fake passwords as well. When the attacker starts trying usernames and passwords, if they use one of the fake passwords, the server admin would be notified that someone is doing that and it is very likely that the passwords file has been breached. It's an interesting concept to ponder.

Jack had an article from Dennis Fisher at Threatpost, asking the question about what's the point of blaming various people for cyberespionage if we don't have a plan to do something about it.

The NSA also has its own 643 page document telling its members how to use Google to find things like Excel documents in Russian that contain the word "login". Wait, I feel like I've heard of this somewhere before. Oh yeah, that's right. Johnny Long was talking about Google Hacking at least as far back as 2007. It's just interesting some times to see things that the media gets wind of and without the slightest bit of checking, thinks something is "new".

Interview with Rob Cheyne - Episode 331 - May 9, 2013

May 13, 2013 49:17

Description:

Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur.

He was the co-founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998.

Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations.

Andrew Righter, Banasidhe on BSidesLV, Drunken Security News - Episode 330 - May 2, 2012

May 7, 2013 01:28:23

Description:

After 5 years of diving into the Security world head first, Andrew has finally come up bruised, beaten and a little less stupid. Like most hackers, he has ripped apart, modified and rewritten every electron and every bit possible - and under proper supervision has even gotten to play with a few really expensive toys. He now spends his time bootstrapping his DARPA CFT project (Netoko), hacking automotive networks (GoodThopter), or playing with academics as a Visiting Scholar at the University of Pennsylvania.

Sumit Siddharth, Free Amazon Socks Proxy, Drunken Security News - Episode 329 - April 25, 2013

Apr 30, 2013 55:22

Description:

Paul's Security Weekly #329
Sumit Sumit Siddarth - "The Art of Exploiting Injection Flaws"
Free Amazon Socks Proxy to Tunnel to Freedom
Drunken Security News

Interview with Brad Bowers - Episode 329 - April 25, 2013

Apr 30, 2013 50:02

Description:

Paul's Security Weekly #329
Interview with Brad Bowers

Drunken Security News, Jeremy Zerechak - Episode 328 - March 18, 2013

Apr 21, 2013 01:22:47

Description:

Drunken Security News, Jeremy Zerechak

Drunken Security News - Episode 327 - March 11, 2013

Apr 15, 2013 42:19

Description:

Drunken Security News

Interview with Richard Bejtlich - Episode 327 - March 11, 2013

Apr 15, 2013 01:02:11

Description:

Richard Bejtlich is Mandiant's Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat.

Python for Penetration Testers, Drunken Security News - Episode 326 - April 4, 2013

Apr 9, 2013 59:59

Description:

Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS.

Yet another Paul's Security Weekly Drunken Security News! Can I Stop Typing In Caps Yet?

Please follow along at home and check out the show notes to see the stories that Paul, Larry, Jack and Allison have decided to talk about this week! Additionally, have you heard yet that Paul is putting on BSides Rhode Island? Got your ticket yet? Plus, Larry is teaching SEC616 for SANS in May in sunny San Diego. Don't miss that!

And did you check out the latest HackNaked TV by John Strand? It's an introduction to getting started with Recon-NG the new tool by Tim Tomes. If you've ever wanted a great reconnaissance tool that feels a bit like Metasploit, then give Recon-NG a try.

What are the guys busting Steve the Engineers chops about at the beginning? They thought that Steve had deleted the just-completed interview with Bill Cheswick. Much to Paul's pleasant surprise, the raw video survived and we have the interview available for you.

Paul found a story about upgrading a router by removing chips and resoldering new ones and additional ones back on. Want an overview of how this works? Larry educates us on the necessary tools and techniques. Remember, it's all about the tip size and always practice on hardware you don't care about as it's likely you'll screw it up the first time you try.

Larry also discovered the "Dave" video. Dave is a Belgian mindreader that brings people in off the street, into his New Age-y looking tent, invokes various dances, chants and feels people's energy. In the end, he is able to determine what seems like way too much personal information about these strangers. How does Dave do it? I won't reveal the trick here, but you can see the two and half minute video on YouTube for yourself. Be careful out there.

Jack gives a shoutout to Rackspace for taking on the patent trolls and Allison finds an ISP in Texas that is injecting ads in their customers' traffic. She also wonders what would happen if a customers, seeing these ads, were to simply click on them incessantly, driving up the cost to the advertisers, defeating the purpose of the advertising budget.

Hey, you know that whole "hacking back", offensive countermeasures thing? Yeah, so a guy in Russia actually tried it as we know everything's legal in Russia, right? He set up a honeypot on one of his machines that loaded malware on your machine if you went to it. Ok, maybe that doesn't sound very nice, but the only way you could get into it is if you did some SQL injection on the box. So it's not like the people affected had innocent intentions.

If you're reading this far, you're probably a security practitioner to some degree and you're aware of ATM skimmers and give an extra look for them. But do you look anywhere else other than ATMs? Skimmers are starting to pop up in all kinds of credit card terminals from the local grocery store to taxis. So be aware and maybe just pay cash.

Other stories include farting on servers, dressing like a cyberwarrior, the return of Archer and Arrested Development, sniffing, scapy and getting the government to hire security professionals who may not exactly have a pristine past.

See you next week with Mandiant's CSO Richard Bejtlich!

Interview with Bill Cheswick - Episode 326 - April 4, 2013

Apr 9, 2013 51:40

Description:

Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored with Steve Bellovin, which help train the first generation of Internet security experts.

Simon Bennetts, Drunken Security News - Episode 325 - March 28, 2013

Apr 1, 2013 01:13:14

Description:

Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. Simon is on to discuss OWASP's Zed Attack Proxy v2.0.0.

From the OWASP site: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Drunken Security News - Episode 324 - March 21, 2013

Mar 25, 2013 59:02

Description:

Are you here to learn something about infosec? Well, you're in luck because this week you get even more. You even get Paul and Larry's beer trivia and find out who has the oldest trademark anywhere!

Can you guess the password on your first try? Of course you'd simply try the default password for the device, right? So would that be illegal to log in to that device and install software/malware? Of course it would be illegal, but it's still pretty neat that they were able to find approximately 1.2 million unprotected devices and turn about 420,000 of those into their botnet, which allowed them to scan the entire IPv4 address space in one hour. Also interestingly, this scan estimated that only about one-third of the IPv4 addresses are actually in use.

Along the same lines, Allison and Paul chatted about an article explaining how the botnet business is booming. One group is paying as much as $500 for 1,000 infections. Also discussed are the costs of a DDOS or 20,000 spam emails. Larry also pulls out $9 and some pocket lint wondering how many people he can spam with his resume.

Allison also brought up the Brian Krebs SWATing story and explains her own forays into this underground black-market subculture. Very interesting explanations of how easy it is to get enough personal information about someone in order to trick various businesses or services into helping the impersonator access their target's account.

NATO decided and published a report that they are justified in killing hackers. John offered his opinion on this that it makes sense. As war moves into new grounds and countries are using hackers to attack other countries, it makes sense that country is going to defend itself against this type of attacker.

Did you finally get your own 3D printer? Can you legally print out your own guns? Would that be legal? I would guess as long as you're the Vice-President and simply creating a double-barrel shotgun to scare people away, then it's all good. Maybe.

How's this for bottom-up economics? Larry tells us about a couple guys who owned a Subway sandwich shop and decided to get into the PIN pad business and eventually become a distributor to the parent Subway company. Except that these guys pre-installed remote admin access, and you can guess the rest.

Stick around 'til the end of the show for even more of Paul's beer trivia!

Interview with Jason Fossen - Episode 324 - March 21, 2013

Mar 25, 2013 44:39

Description:

Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute's week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998.

Drunken Security News - Episode 323 - March 7, 2013

Mar 11, 2013 39:14

Description:

Drunken Security News

Jonathan Ness, Michael Farnum - Episode 323 - March 7, 2013

Mar 11, 2013 59:40

Description:

Jonathan leads the Microsoft Security Response Center Engineering team in investigating externally-reported security vulnerabilities and ensuring they are addressed appropriately via Microsoft's monthly security update process. Jonathan also acts as one of the engineering technical leads for the Microsoft company-wide Software Security Incident Response Process. The most important aspect of his work is helping customers find ways to reduce attack surface and protect themselves. Outside Microsoft work, Jonathan participates as a member of a reserve military unit helping to protect DoD networks and has written three-part "Gray Hat Hacking" book series.

Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle). Michael has worked at Accuvant as a solutions manager and is the founder of HouSecCon, THE Houston Security Conference, which will hold its 4th annual event in October.

Joe McCray, Building a Security Lab, Drunken Security News - Episode 322 - February 28, 2013

Mar 4, 2013 01:44:27

Description:

Joe McCray is an Air Force Veteran and has been in IT security for over 10 years. His background includes both Network and Web Application penetration testing as well as incident response and forensics within the DoD and commercial sector.

Having a home lab is really key in our field. There always seems to be projects you want to work on that require a specific OS or software. You just need hardware at home, whether you are pen testing or doing security research. I grew tired of using laptops, and especially my own laptop. Having some low-cost servers will open up the possibilities.

Adrian "IronGeek" Crenshaw, Joey Peloquin - Episode 321 - February 21, 2013

Feb 25, 2013 01:22:06

Description:

Adrian joins the show to talk about his history in security, his co-creation of Derbycon, a primer into how he gets conference videos online so quickly and other tales of fun at conferences.

Joey Peloquin came on to talk about his recent findings with mobile security testing, and the platform he prefers, among iOS, Android and the new MS Surface. Plus, Paul and Larry are in studio to talk about the stories of the week.

Craig Heffner, Josh Wright, Drunken Security News - Episode 320 - February 12, 2013

Feb 14, 2013 01:22:00

Description:

Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has 6 years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses.

Have you ever jumped on a random WiFi connection and you didn't know where it was coming from? Probably. Most people have. But if you're one of Josh Wright's neighbors, or even if he's sipping coffee at the local shop, you might want to be careful about which wireless connection you're jumping on. But if you start seeing images that are out of focus or getting a page that seems about five years out of date or even end up on kittenwars.com, Josh might be the one responsible. Or at least his VM. You can get it on his site http://neighbor.willhackforsushi.com/

Josh is also working on something great for BSides Rhode Island. Check out the video below and he'll explain it. But if you hate the long lines at places like Cheesecake Factory and those stupid little buzzers that notify you when your table is ready, Josh might have some help for that. But you'll need to be at BSides RI to hear about it.

As for the stories of the week, we had a little bit of a lean week. However jokes about Jack's balls, I mean bells, were frequent and fun. After all, it was Mardi Gras and Jack brought beads for the whole crew with the one stipulation that we had to keep out clothes on.

Did you know that on Monday, February 18 at 2 pm, Paul and John will hold a free webinar with SANS. Titled "Active Defense Harbinger Distribution - Defense is Cool Again" the guys will be talking about the new offensive security distro that was built by Black Hills Infosec's Ethan Robish and John Strand. It's free, so sign up at the link above.

As for some of the stories, we knew it was going to be a rough week when Paul showed us the 10 ways to reduce security headaches in a BYOD world and #1 was to secure your data. Ohhhhkayyy. Moving on.

Paul also played the audio from a news broadcast from out west where the zombie apocalypse has begun. It's like a modern day War of the Worlds where people were actually calling the police to see if the story was true.

Jack explained how Mega's KimDotCom (isn't it quite egotistical to just take your first name and stick "dotcom" after it? I mean, seriously) continues to show his brilliance. Where else can you get a solid, top to bottom pentest for only about 10,000 euros. He challenged anyone to hack his site and after a few bugs, he began paying up. Pretty smart.

One story that actually didn't get mentioned on the show but is in the show notes is a quote from Bit9 after their hack this week: "There is no easy answer to a world where there are sophisticated actors continuously targeting every company and individual and whose primary goal is to steal information, whether for profit, power or glory. This is not fear-mongering or hype--everyone in the security business knows this fact. This is the state of cybersecurity today, and we are all frustrated and angered by it." Isn't this exactly why security firms get paid? Because there are bad people out there looking to steal information? If those people didn't exist, then would Bit9 need to exist? That's biting the hand that feeds you.

That's it for this week. We'll be back next week on the usual day, Thursday, February 21 at 6 pm EST! Until then, stay calm and hack naked!

ADHD with Ethan Robish, Drunken Security News - Episode 319 - February 7, 2013

Feb 11, 2013 52:03

Description:

Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys.

A lean week in episode 319's Drunken security news, but at least the house was full with PDC staff. With Paul, Larry, Allison and Jack in-studio and John and Carlos via Skype to fill us in on all the fun.

But first, make sure to not miss the other two segments from episode 319. First was 451 Research's Wendy Nather to talk with the team, and then Ethan Robish and John Strand came on to talk about a brand new distribution. If you like distributions like Samurai, Backtrack and others, you might be interested in this one. Titled ADHD (Active Defense Harbinger Distribution) this has been three years in the making and takes on offensive security with many of the tools you love.

As for the stories of the week, Paul started off with a couple quick hits, including a joke about the Federal Reserve hack and bugs in hospital embedded devices. Then follow along as Jack goes a long way to make a joke about prime numbers, after one of the largest only-divisible-by-one-and-itselfs was discovered.

The first story they dig into is one that Larry brought along, about SSL/TLS being broken. After some explanation on the Oracle padding issue and the use of the same key, John and Larry bring up Wright's Law (to be discussed in episode 320 on Tuesday). Larry wonders, who is working on fixing SSL and if there is someone with a fix today, it could take five years until it is fully implemented.

Do you need anything more than six seconds? Apparently if you use Vine for Twitter, that's all you'll need. It's a new video sharing service, but all you get is six seconds of video. And what happens on Vine stays on Vine, right? Umm, no.

What would you do if you were Adobe's CISO? Take the staff out to lunch? Quit? Or actually get things cleaned up. I guess at least they're not Sony.

Congratulations to Allison who is Gold GCIA certified after her paper on digital watermarking to help prevent leaks. You can read the entire thing in the SANS Reading Room.

Lastly, Larry drops an "I told you so" with regard to Universal Plug and Play (uPnP). As Larry wrote, now there is a single Packet UDP exploit for it, for almost every device - of which there are millions of devices connected to the internet based on HD Moore's scanning.

Oh and if your company is looking for their next great employee (or if you get a referral bonus) contact Larry with the opportunity.

Interview with Wendy Nather - Episode 319 - February 7, 2013

Feb 11, 2013 46:47

Description:

Wendy Nather is Research Director of the 451 Research Enterprise Security Practice. With over 20 years of IT experience, she built and managed the IT security program at the Texas Education Agency, where she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She has also provided security guidance for the datacenter consolidation of 27 Texas state agencies.

Interview with Dr. Gene Spafford - Episode 318 - January 31, 2013

Feb 4, 2013 56:48

Description:

Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987.

Thug with Ben Jackson, Drunken Security News - Episode 318 - January 31, 2013

Feb 4, 2013 01:09:17

Description:

Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware.

But with all that in the books, the conversation quickly turn to porn, smut and "sextortion." Yup, this was the first time that word had ever been uttered on the Paul's Security Weekly, which required a visit to Urban Dictionary. As Allison noted, you can now get your very own sextortion coffee mugs, bumper stickers and magnets. The article described talks about how someone hacks into girls' computers (password guessing?), finds risqué photos and then uses those to get the girls to either send more pictures or go on video. Another man was recently charged with a similar crime where he'd talk to boys in IRC, get them to reveal themselves in a video chat where he'd then grab screenshots and use that against the victims. Lessons learned? If you are going to take a nude picture of yourself, DON'T INCLUDE YOUR FACE! But if push comes to shove, profit off it. As Paul said, it worked for the Kardashians and the Hiltons.

Did you know you're 182 times more likely to get malware on a news site than on a porn site?

China hacked the New York Times! Or did they? Wait, China did it? How in the world did a country of one billion people hack the NY Times. Isn't that the same thing as my blog getting hacked by the kid down the street and saying "The United States did it!" Maybe it was someone in China, maybe it was someone hired by Chinese government officials maybe it was someone who does things the same way that Chinese hackers have done it in the past. But as Allison and Jack noted, it's good that the Times is being so public with the situation.

As we begin adding more technology to embedded devices like televisions, we're not paying any additional attention to the security on them. Researchers are reporting having seen televisions and CCTV cameras pop up in their honeypots.

Paul talked about fifty million Universal Plug and Play network devices being open to packet attack. As he noted: "This is not a shock to me at all. UPnP is horrible, there just had to be a flaw in there somewhere. HD Moore found some, and turns out there are millions of vulnerable devices on the Internet. I am so happy to see this research come to light, it needs to happen. Free tools exist to check for the vulnerabilities, and details are forthcoming."

Speaking of forthcoming, the new version of Backtrack Linux is coming...

Oracle now cares about fixing the flaws in Java. Really? What could have possibly spurred this on? Maybe when the US Department of Homeland Security is telling everyone to stop using it? Maybe when they say they're patching the flaws and then a few minutes later, someone already has a new vulnerability for it? Good to know that this is what it takes for Oracle to finally care about security. Now imagine if such a company were involved in things like databases? Oh wait.

Wrapping this up with just a few more things. Paul talks about an XSS vulnerability in the VMware Management Interface. Free environment snapshots? Yes please!

Allison brings up the new law making it more illegal to jailbreak your mobile device if the carrier says you can not. But what about if you buy an unlocked phone for full price? That's ok, right?

Oh yeah, that grad student who was expelled from a Canadian university for telling them about their bad security practices? Well, it's actually a little worse. According to his expulsion letter, he was twice caught and admitted to using SQL injection to break into their informational systems. Yeah, that's a little more than just informing the school about their bad security practices, that's rubbing their nose in it. So lesson for the day, if you're paying someone thousands of dollars for a graduate degree, don't rub their nose in their bad security practices and expect to stick around.

Did you hear that Security BSides Rhode Island tickets are now on sale? Get them at http://bsidesri.eventbrite.com

Alissa Torres, Drunken Security News - Episode 317 - January 24, 2013

Jan 30, 2013 01:00:11

Description:

Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She's on tonight to talk to us about Bulk Extractor.

Cisco responds to the WRT54GL Linksys router hack. They're working on a fix for people being able to remotely get a root shell, but their recommendation in the meantime? Only let friends use your router. Oh yeah, with friends like these...

Have you signed up for the SANS webinar titled "Uninstall Java? Realistic Recommendation? No. Insanity? Yes!" with John Strand, Paul Asadoorian and Eric Conrad? It's coming up, this Tuesday at 2 pm EST.

Do you have all the HTTP response codes memorized? Someone is proposing a new range of 700-level codes Some that might be helpful: HTTP 725: It Works On My Machine. And I fear how often the Security Weekly web server will return an HTTP 767. It simply reads "Drunk".

Former Dawson College graduate student, Ahmed Al-Khabaz, who was expelled for allegedly hacking the university's infrastructure, has received multiple job offers. The guys talks about the situation with a little more detail than is often reported. He found a vulnerability and reported it. So far, so good. But then a little while later, he pointed a scanner at the vulnerability that he found, presumably setting off alarms. Even worse, the noise from the scanner pointed back to him. Once he reported the vulnerability, what's he doing going back to it, and as "evil" Jack mentions, why didn't Al-Khabaz cover his tracks better when he switched his hat color? Nonetheless, lots of weirdness abounds in this story. The university overreacted (what?!? a university overreacted? never!) instead of using this as a learning opportunity. Plus, the student may have made some mistakes along the way, yet he comes out better for it. So is the lesson here to hack your way to a job? Is that what the universities are for? Umm, no. Never go after something that you don't have explicit, written permission to hack. Plus there's Paul's suggestion of punishment here, the student should have been required to work the help desk for three months. That's enough to teach anyone a good lesson.

Drunken Security News - Episode 316 - January 17, 2013

Jan 21, 2013 46:17

Description:

Hacking x-ray machines, comparing vulnerabilities to gun violence, unplugging java from a browser (in Paul's experience), making good money on bug bounties from IE and Adobe, condoms, castles, blaming PSY for additional Korean hacks and the best innovation story that we've heard in a while. Meow.

Gene Kim & Josh Corman - Episode 316 - January 17, 2013

Jan 21, 2013 01:02:40

Description:

Gene and Josh talk about burnout in the infosec industry and what's being done about it. Plus Gene has a new book released that's getting rave reviews: "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win"

Drunken Security News - Episode 315 - January 10, 2013

Jan 14, 2013 44:53

Description:

Drunken Security News

Kati Rodzon & Mike Murray, CSRF Primer - Episode 315 - January 10, 2013

Jan 14, 2013 57:12

Description:

This is an awesome interview with Kati Rodzon and Mike Murray from MAD Security about the psychology being social engineering engagements. Kati and Mike talk about the importance of confidence and playing a role. Plus, our newest intern's first project, presenting on Cross-Site Request Forgery.

BSidesRI, Drunken News - Episode 314 - January 3, 2013

Jan 8, 2013 01:28:37

Description:

Eric Cole on APT and more!

BSidesRI, Drunken News - Episode 313 - December 20, 2012

Jan 8, 2013 58:28

Description:

Christmas Special!

BSidesRI, Drunken News - Episode 312 - December 13, 2012

Dec 18, 2012 01:01:40

Description:

Bsides comes to RI, tons of security news!

GISKismet, Drunken News - Episode 311 - December 6, 2012

Dec 11, 2012 01:07:32

Description:

Interesting usage of GISKismet, and some great drunken security news stories!

Minipwner, Drunken News - Episode 310 - November 29, 2012

Dec 4, 2012 01:08:08

Description:

Create your own embedded pen test device w/ MiniPwner, Security fail dominates drunken security news.

Database Security, Drunken News - Episode 309 - November 20, 2012

Nov 27, 2012 01:27:26

Description:

Database security & Security news drunken style!

Firmware Hacking, Drunken - Episode 308 - November 15, 2012

Nov 19, 2012 01:01:34

Description:

Firmware reverse engineering & Security news drunken style!

Mobile Hacking, Drunken - Episode 307 - November 1, 2012

Nov 8, 2012 01:16:08

Description:

Hacking mobile phone web browsers & Security news drunken style!

Drunken Security News - Episode 306 - October 25, 2012

Nov 8, 2012 01:31:22

Description:

Security news drunken style!

Drunken Security News - Episode 305 - October 18, 2012

Oct 24, 2012 01:02:48

Description:

Incident Response in 3.08 MB - Always nice to see folks, like our good friend and Stogie Geeks co-host Tim Mugherini, writing about tools that work. This product just sounds useful: The idea behind Carbon Black (CB) is to monitor code execution. A small Windows agent is deployed to each host throughout the enterprise. This agent hashes each process, monitors the sub processes, module loads, registry edits, file writes, and network connections. Digital signatures and the activity of each binary is stored on the CB server.

National Weather Service Hacked - In other news, snow storms are reported in Miami, earthquakes in the mid-west, and its been raining in San Diego for 3 weeks straight, but sunny and 75 in Seattle. CSRF and XSS strike again!
The Importance of Security Awareness - User awareness is still kicking around, and everyone seems to have a different take. One thing we all agree on is that it leaves gaps, which is why you need other stuff to protect your organization. After exploring this topic, I am of the opinion that you need an awareness program. There are several companies providing this type of service, go seek them out, get a solution to educate your users that fits you, and your budget/ROI, and run with it. I firmly believe this is something everyone needs to have, just like a firewall or IDS (as lame as that sounds). Know how much return each defensive measure provides and use it accordingly.

Zero-day attacks last much longer than most would believe - This speaks to the huge problem we have with software security. On average, its takes 10 months to uncover a 0day vulnerability. Yikes, 10 months is a long time and a lotof damage will occur.

Pacemaker hacker says worm could possibly 'commit mass murder' | Computerworld Blogs - Barnaby Jack strikes again, in what could be a huge problem. This is something that has always bothered me, what happens when criminals take advantage of technology to damage people? Sure, many evil hacking groups launch DoS attacks and break into places like Sony. Thats the least of our worries, as when attacks can affect people's health and well-being on a mass scale, its a game changer. We've seen some car hacking stuff, but pacemakers hit the "heart" of the matter. The response seems to be as much diluted as it always has been, lots of finger pointing and disbelief.

Dan Kuykendall - Episode 305 - October 18, 2012

Oct 24, 2012 53:14

Description:

Interview Dan Kuykendall

Dan manages NT OBJECTives’ software development and has an extensive background in web application development and security and is co-host of "An Information Security Place" Podcast.

How did you get your start in information security?
We are seeing the proliferation of apps using JSON, AJAX, REST, etc. These apps have vulns that aren't being tested by scanners and people don't know how to test them, yet there are serious vulns there.
What about HTML5, what are the new vulnerabilities and protections? How can we test them?
What are the challenges, and solutions, for an automated scanner to overcome authentication?
How do you handle technologies such as Flash?
Which seems to have more vulnerabilities, in-house written apps, open-source or commercial? Or are they all even? What advice do you have for folks looking to acquire an application to solve a business problem?
Scanners traditionally have trouble with certain vulnerabilities, which ones are the most problematic?
Are people testing them by hand? If so, what can you do to be the most efficient?
Scanners haven't really kept up with the application technology and the coverage gap is widening. Scanners need more application coverage. They will never cover all of the app, but they should cover more. What are your thoughts on that as pen testers? How do you balance manual and automated testing?
Which vulnerability, with respects to web applications, goes unnoticed and unlatched the most?
What training options are available for application developers?
What advice do you have for folks who want to get started and learn how to test web applications for security?

Wordpress Insecurity, Drunken Security News - Episode 304 - October 11, 2012

Oct 17, 2012 01:18:49

Description:

Guest Tech Segment: Charlie Eriksen on Wordpress plugin security

In this technical segment, we will look at Charlie Eriksens research into Wordpress plugin security. By searching large amounts of code for code that is often insecurely written, it is possible to find a large amount of vulnerabilities in plugins running on thousands of Wordpress sites across the internet.

Stories

How Your #Naked Pictures Ended Up on the Internet
The Security-Conscious Uncle - Yea, I'm talking about ATM card security. After reading this, and hearing my thoughts and views on Debit cards, I want to keep my money in my own safe. Banks make it so hard to keep your money secure. I don't want a Debit card, its a ridiculous concept that only benefits the bank. I want more than a 4-digit pin number too. My best advice is to only tie your ATM card to an account with a small amount of cash to limit damages, if your bank even allows you to do that.
No homecoming queen vote if you don't wear RFID tag? - I'm sorry, I don't want to wear an RFID tag. Tracking students has gotten way out of control. I proved how you can clone RFID tags in a MA CCDC compition. So, students, if you want a lesson on how to become any one of your classmates, please come find me.
Hacker wins $60 - Don't get me wrong, I think this is a good thing. The more we encourage legit folks to find vulnerabilities, the better.
Firefox 16 pulled offline following security flaw find - Firefox is becoming the new IE!
Mobile Brings a New Dimension to the Enterprise Risk Equation - I think I've solved the BYOD problem, just buy all employees brand new iPhone 5s, manage them with an MDM (like Apple Profile Manager) and everyone is happy. I think this comes down to giving the people what they want.
Reporting Mistakes - I agree that we need to be forthcoming about where security has failed. I don't get First, talking about the exact way to exploit an 0day makes it easier for more people to exploit it. Learning of a 0Day exploit, and the details, gives us a fighting chance to defend ourselves. I think there has to be some quiet time if you want to involved the vendor, then you gotta tell people. It also depends on the nature of the 0day, maybe the vendor won't listen, or maybe its 0Day in the DNS protocol.
James Bond's Dry Erase Marker: The Hotel PenTest Pen - SpiderLabs Anterior - This is just way too super cool, best usage of Arduino and Dry Erase marker EVER (maybe the only usage of the two together).
HP Communities - CISO Concerns - Security vs. Usability - CISOs love to bat around terms like security, usability, compliance, affordability, ROI, etc... These are fine, in the right context, but lets not forget, you have the word security in your title, and at some level you have to prevent people from getting pwned. Sometimes I think we lose site of that.

Daniel Suarez - Episode 304 - October 11, 2012

Oct 17, 2012 54:23

Description:

Interview Daniel Suarez

Daemon and Freedom were fairly epic. How difficult was it to begin Kill Decision knowing that you had a gang of fans with such high expectations for your next book?
Tell us about Kill Decision
There was a fair amount of drone usage in FreedomTM). Was there a particular event or news story which inspired you to concentrate on drone warfare for Kill Decision?
What was the germination like for Kill Decision? Was it formulated before or after Daemon and Freedom(TM)
What kind of research did you do to get the drone hardware to be realistic in the book?
In a recent interview, you indicated that technology was being siphoned out of high tech meccas into other parts of the world via both Globalization as well as good old fashioned Espionage. Do you think, at least for the US, we're past the point of no return when it comes to ensuring that we're not giving away our intellectual property when we farm out our manufacturing overseas?
Similar to the above, one of the warnings in Freedom(TM) appeared to be that a nation has to safeguard its food sources - not to be complacent about the importance of being able to grow your own food to feed its citizens. Do you feel that the government is aware of this issue or that more needs to be done?
Where do you see the future of drone warfare going?
Since the book has been published, have you been given any additional information concerning how close we are to the reality seen in Kill Decision?
There was one term which we're told gives a lot of writers "grief": making love. How tough was the love scene to write in Kill Decision? :)

Drunken Security News - Episode 303 - October 4, 2012

Oct 11, 2012 01:03:19

Description:

Drunken Security News

Mark Russinovich - Episode 303 - October 4, 2012

Oct 11, 2012 44:43

Description:

Mark Russinovich

Drunken Security News - Episode 302 - September 13, 2012

Sep 19, 2012 49:56

Description:

Paul's Stories

A Guide To Network Vulnerability Management - Dark Reading - If you want the "training wheels" approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn't even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment?

Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn't have a patch. You can implement some security, but it doesn't really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help.

Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception.

Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can't just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless.

Domino's Pizza says website hacked - One of the most useful things the Internet has ever given birth to, aside from access to free porn, is the ability to order pizza online. So back off! Oh, then there is this: "This is a very unfortunate event which has happened despite the security ecosystem that we have created around our online assets. Some security "ecosystem" you got there.

More SSL trouble - SSL is broken, again, Drink!

Apple unveils redesigned iPhone 5 with 4-inch display - I did not see any mention of improved security, but what a sexy device. Wireless now supports dual band n, which is awesome.

Google helps close 163 security vulnerabilities in iTunes - iTunes is a beast, I use it all the time and well at the end of the day its kind of a resource pig, but gets the job done. However, its pretty crappy software, tons of vulnerabilities, and new ones found by Google! Webkit was to blame for many...#Antivirus programs often poorly configured - New study finds AV is not configured correctly. No huge surprises there... Do weneed to make it easier to configure or are people just lazy or both?

Larry's stories

Who's your GoDaddy - [Larry] - Yup, GoDaddy dns was down for the count. This included their own authoritative DNS as well as for those for the hosted stuff. Of course, now folks are talking about DoS against root name servers, and OMG the sky is falling. Of course, a single Anonymous member took credit, and GoDaddy, said along the lines of "Ooops, we tripped on a cable and corrupted our routing tables". Who do you believe… In other notes, a leaf fell from a tree and an individual member from anonymous took credit.

What happens when your encryption is EOL-ed - [Larry] - Victorinox (the Swiss Army folks) are offering full refunds if you return the secure usb thumb drives. Why? As of September 15th the certificate will expire, and they have no intent on renewing and are stopping support for the software. If you don't get your data out of the encrypted volume before then, you'll allegedly lose it. So, what happens when we have something else like this that is significantly more mission critical, we have significant investment and no upgrade path. Choose wisely.

Judge rules WiFi Sniffing Legal - [Larry] - Basically it boils down that is you have an open network and the data is in the clear, you should be able to sniff it. Don't want someone to sniff it? Encrypt it - and yes, WEP would be sufficient for word of law here. So, why did the judge rule this way? Wireless is a shared medium. If you are not allowed to sniff traffic that is not destined to you, then how are you able to determine that the traffic on said network is destined for you? Ruling against it would make all WiFi networks illegal, just by nature of the technology.

ACTUAL Stego in the wild for "legitimate purpose" - [Larry] - I just put this story in for Darren to bust John's stones. But, it appears that Blizzard has been embedding information about the user via stegonaography into screenshots taken by the WoW clients.

Jack's Ruminations

Half of all Androids have Vulns? Also, water is wet. I'm surprised at this, I would have expected much higher. Android phones are at the mercy of their carriers for updates. And carriers are not noted for their mercy.

Chip and Pin, er, PWN Chip and pin research shows that this bandage for the fundamentally obsolete and insecure payment card systems. The EMV protocol has crypto issues, as in "programmers may not be using cryptographic random number generator algorithms to create UNs, and instead may be using counters, timestamps or homegrown algorithms that are not so random."

New FBI Facial Recognition program what could possibly go wrong? From the article "nabbing crooks after a crime is only part of the appeal. The technology also foreshadows upcoming security enhancements that will stop many offenses before they start". That "before they start" bit sounds pretty damned scary to me.

Jason Lam Interview - Episode 302 - September 13, 2012

Sep 19, 2012 44:11

Description:

Interview with Jason Lam

Jason is the head of global threat management at a major financial institution based in Canada. Jason specializes in Web application security, and shares his research findings and experiences by teaching at the SANS Institute. His recent SANS courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion.

How did you get your start in information security? Tell us something no one knows about Defending Web Apps...

Drunken Security News - Episode 301 - September 6, 2012

Sep 19, 2012 01:06:21

Description:

Show Notes: http://securityweekly.com/wiki/index.php/Episode301

Answers to Allison's Puzzle Contest, Paul's Stories:

100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a "shit ton" of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters.

Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don't store it in the cloud. Similarly, if you care about the security of anything, don't just obscure it, secure it. Wow, that sounds even cheesier than I thought.
Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I'm baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn't cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world...

The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. « - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying "Disable Java" or "Disable Flash". There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep "security" needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage.

Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g - Nice crack...ing.

BYOD creates generation of workaholics - Saying that BYOD adds 20 hours to your work week is ridiculous. How much work can you really get done on your smartphone? If your spending that much time in email or some such thing, you need to re-evaluate your strategy. Devices and technology should make you more productive or your doing it wrong. However, it does increase the threat landscape.

3 security mistakes your management is making now - I have to say, and this usually never happens, I agree with Roger, at least on the first point of testing vendor products. I think a lot of people get this wrong. It goes deeper than what Roger stated. Sure, you should test out products before you buy them, and even use them on real production networks. Also, you have to understand your problems, develop requirements, and research the right way to test, install and configure the said products. Many don't do this and end up with the wrong products for the wrong reasons. Along these lines, products that work for others may not work for you, so don't put too much stake in what works for others. I also agree that priorities couldn't be more wrong. Attacker are successfully phishing you, so lets buy an IPS and firewall. WTF? The whole thing about "drift" is bit puzzling, but I think it just needs better clarification. Configuration management is important. The first thing most do wrong is never define a secure configuration. If you've made it that far, most don't do much to keep the systems in a secure state. The toughest organizations to break into are ones that have a secure config and work to keep systems that way.

[papers - How to Use PyDbg as a Powerful Multitasking Debugger] - Love the Python debugger, just sayin'.

Marc Maiffret - Episode 301 - September 6, 2012

Sep 19, 2012 41:36

Description:

Interview with Marc Maiffret

Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security.

How did you get your start in information security? Tell us about your work at eEye and your work in the early days there.
Back in 2007, you left eEye to start work on a mobile phone application - what would do you think is needed in the Mobile arena now that is NOT security related? What research do you think needs to be done that no one is doing now?

Hack Your Car! - Episode 300 Pt.8 - August 31, 2012

Sep 19, 2012 16:34

Description:

Hack your Car with CANBUS

A little into in a few minutes. yes, as implied, it is a BUS and you can gain access to it from the ODB-II port. Think a hub. All messages on a segment go to all devices on the segment. Messages can be filtered with a gateway (think firewall) between various busses, which may or may not be exposed at the ODB-II port. A little bit different from networks that we are familliar with. First off, the message do not have source field, but do have a destination in the form of a one byte arbitration ID, these arbitration IDs also indicate priority - the lower the Arbitration ID destination, the higher priority the message. So the ArbID 0 would be processed prior to 73febeef. Now, each message is sent to the bus with an ArbID, and each device LISTENS for specific ArbIDs that is concerned about. With that, Gateways can pass specific messages, and each Device can look for multiple messages. Oh, those messages? Either 11 or 29 bytes, so fairly easy to fuzz.

Is PenTesting Worth It? - Episode 300 Pt.7 - August 31, 2012

Sep 19, 2012 36:32

Description:

Guests: Ed Skoudis, Alex Horan, Ron Gula, Weasel

Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he…). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice.

(strange sci-fi sound)

In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP.
First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not?

What benefits to you receive from a "good" penetration test and what are the qualities of a "good" penetration test? If someone were to give you a "penetration test", then run a couple of automated tools and provide the stock report, is this a bad thing in all cases? If we don't test our defenses in a controlled experiment, how do we really know they work? Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point?

Automate Wifi, pfSense for Pentesting - Episode 300 Pt.6 - August 31, 2012

Sep 19, 2012 25:03

Description:

Automating Wifi Attacks by John Strand - In this Tech Segment we will talk about one of the easiest ways to create an evil access point to steal credentials. We will be using the very cool utility called easy-creds.

PFSense for pentesters - We use PFSense every day and love it. I also love the nice red Alix box that we built. After using it day to day, we've found that it is great, and has a few things that drive us nuts. Specifically, when you put two guys behind that doing two pentests or vuln scans, the box just cant stand up unless properly configured. We're gonna to install it on a real PC. This PC we happened to pull from the trash, and is some 64bit AMD system with 2 gig of ram. Total cost? Free. It is probably way more horses than we need for this situation, but is is what we got.

Defending Your Network - What really works? - Episode 300 Pt.5 - August 31, 2012

Sep 19, 2012 39:51

Description:

Guests: Wendy Nather, Iftach Amit, David Mortman, Dan Crowley, RSnake, David Maynor

"We have a firewall". "All of our systems use Anti-Virus software" "We've implemented the latest web application firewalls and intrusion prevent systems" "We have a patching cycle, weekly maintenance windows and a 30-day patch turn-around" These are things we've all heard before. These are things I often hear right before we are about to start a penetration testing. Depending on how you define success, these things do little to stop attackers.

What are we doing wrong when it comes to defense? What is the number one thing that organizations miss when it comes to defense? Should we even bother, and just know that a certain percentage of attackers will be successful? Can't we just do the easy and cheap security "things" and get by as long as we don't get owned as badly as our competition?

Dual Core Interview - Episode 300 Pt.4 - August 31, 2012

Sep 18, 2012 22:08

Description:

Eighty from Dual Core

Data Mining ETW, AWSIEM - Episode 300 Pt.3 - August 31, 2012

Sep 18, 2012 34:42

Description:

Data Mining ETW - In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information.

AWESIEM - After years of making security databases, I realized that Security Information doesn't match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it's called AWESIEM. Here's my intro on how to use ontologies for infosec knowledge.

End User Security Awareness Panel - Episode 300 Pt.2 - August 31, 2012

Sep 11, 2012 48:54

Description:

Donate to Breast Cancer Research at http://securityweekly.com/300, Panel: End User Security Awareness: Hot or Not with Dave Aitel, Lance Spitzner, Javvad Malik, Dameon Welch-Abernathy (aka "Phoneboy"), SpaceRogue.

Donate to Breast Cancer Research - Episode 300 Pt.1 - August 31, 2012

Sep 8, 2012 01:04:09

Description:

Donate to Breast Cancer Research at http://securityweekly.com/300, Allison introduces her puzzle, and a panel called "Mobile Security - How Bad Does it Suck and How Do We Fix it?" featuring Charlie Miller, Collin Mulliner, Zach Lanier, Josh Wright

Drunken Security News - Episode 299 Pt.2 - August 9, 2012

Aug 17, 2012 01:01:01

Description:

Drunken Security News!

Interview with Wade Alcorn - Episode 299 Pt.1 - August 9, 2012

Aug 17, 2012 45:34

Description:

Interview with Wade Alcorn

Interview with Kevin Finisterre - Episode 298 - August 3, 2012

Aug 17, 2012 29:27

Description:

Interview with Kevin Finisterre

Metasploit Pivoting, Blackhat, BSides & Defcon - Episode 297 - August 2, 2012

Aug 6, 2012 01:09:21

Description:

Pivoting w/ Metasploit, Blackhat, BSides & Defcon Wrap-up & Round-up

Pentesticles, Wireless Honeypots - Episode 296 - July 12, 2012

Jul 17, 2012 01:30:41

Description:

Ben and Lawrence joins us to talk shop, tell us what its like to be pen testers in the UK, tips, tricks and more! Ben Jackson shows us how to create a wireless honeypot in Python, so says Santa, 10 things not to do.

Drunken Security News - Episode 295 - July 5, 2012

Jul 12, 2012 56:16

Description:

Drunken Security News #295

Randy Marchany - Episode 295 - July 5, 2012

Jul 12, 2012 50:57

Description:

Randy Marchany interview

Kon-Boot, Drunken Security - Episode 294 - June 28, 2012

Jul 3, 2012 01:16:49

Description:

Kon-Boot meets PXE, drunken security rants, raves, and more!

Marcus Sachs Interview - Episode 294 - June 28, 2012

Jul 3, 2012 55:38

Description:

Marcus Sachs on critical infrastructure, Wordpress password cracking.

Drunken Security News - Episode 293 - June 21, 2012

Jun 26, 2012 58:14

Description:

Tripping, Puking, and so much more!

Jonathan Cran, Fiddler2 - Episode 293 - June 21, 2012

Jun 26, 2012 49:44

Description:

Jonathan Cran is the CTO of Pwnie Express. Previously, he built and ran the quality assurance program for Metasploit, where he focused on automated testing, bug smashing and release engineering. He blogs at Pentestify.com.

How do you intercept HTTP or HTTPS traffic from an application other than a browser? We have seen this on a number of different penetration tests in the past few months and thought we should talk a bit about one of our favorite tools for the task, fiddler.

Drunken Security News - Episode 292 - June 14, 2012

Jun 19, 2012 01:02:14

Description:

Drunken Security News #292 FAIL topics include BigIP, MySQL & grid certificates

Thomas Ptacek - Episode 292 - June 14, 2012

Jun 19, 2012 58:39

Description:

We talk to Thomas about web security, encryption, and so much more!

Cheap Wireless Pen Testing, Web Server Enum - Episode 291 - June 8, 2012

Jun 12, 2012 55:43

Description:

Software Defined Radio on the cheap for penetration testing. What's That Web Server?

Metasploit RFI exploits, Drunken Security News - Episode 290 - May 31, 2012

Jun 5, 2012 01:04:22

Description:

More SQL injection, exploiting RFI in Metasploit, and Drunken Security News.

Anti-Forensics, SQL Injection - Episode 290 - May 31, 2012

Jun 5, 2012 55:16

Description:

Forensics contest released, how to do some cool network forensics, and overcome anti-forensic techniques, and an SQL injection primer.

Zach Lanier, Playbook Hacking - Episode 289 - May 24, 2012

May 30, 2012 01:08:20

Description:

Audio Feeds:

Video Feeds:

Zach Lanier's Awesome Tech Segment - Reverse Engineering Blackberry Playbook Firmware:

Episode 289 Show Notes

Episode 289 (mp3)

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

RF Detector, Skipfish & Drunken Security News - Episode 289 - May 17, 2012

May 22, 2012 50:39

Description:

RF detector that sucks, Skipfish for web application pen testing, security news.

Cedric Blancher, Social Engineering Using Product Packaging - Episode 288 - May 17, 2012

May 22, 2012 01:02:30

Description:

Cedric Blancher talks Wifi Security, Aaron Crawford talks about using Product Packaging in Social Engineering Attacks.

Dr. Anton Chuvakin - Episode 287 - May 10, 2012

May 17, 2012 42:54

Description:

Dr. Anton Chuvakin is a Research Director at Gartner's IT1 Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance and author of "Security Warrior" and "PCI Compliance".

Dradis & Drunken Security News - Episode 287 - May 10, 2012

May 17, 2012 53:23

Description:

Daniel Martin is a member of the Dradis Framework Core Team and founder of Security Roots Ltd. He blogs at usefulfor.com and can be found on Twitter as @etdsoft. Dradis is an open source framework to enable effective information sharing, specially during security assessments.

Pen Testing, Exploits & Vulnerabilities Oh My! - Episode 286 - May 3, 2012

May 8, 2012 01:01:09

Description:

Audio Feeds:

Video Feeds:

Alex Horan & Mife Yaffe Discussion:

Episode 286 Show Notes

Episode 286 Part 1 (mp3)

Episode 286 Part 2 (mp3)

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Drunken Security News - Episode 286 - May 3, 2012

May 8, 2012 59:27

Description:

Audio Feeds:

Video Feeds:

Drunken Security News #286:

Episode 286 Show Notes

Episode 286 Part 1 (mp3)

Episode 286 Part 2 (mp3)

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Drunken Security News - Episode 285 - April 26, 2012

May 2, 2012 01:26:11

Description:

Audio Feeds:

Video Feeds:

Nick Farr Interview:

Drunken Security News #285:

Episode 285 Show Notes

Episode 285 (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Carlos Perez, Host of Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Drunken Security News - Episode 284 - April 19, 2012

Apr 25, 2012 01:23:54

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Martin Bos Interview:

Password Auditing with Nessus & Metasploit:

Drunken Security News #284:

Episode 284 Show Notes

Episode 284 (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Night John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol

Audio Feeds:

Video Feeds:

Drunken Security News - Episode 283 - April 12, 2012

Apr 17, 2012 01:03:09

Description:

The real story behind Goatse:

Episode 283 Show Notes

Gene Kim - Episode 283 - April 12, 2012

Apr 17, 2012 41:47

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Gene Kim Interview:

Episode 283 Show Notes

Episode 283 - Part 1 with Gene Kim - Direct Audio Download (mp3)

Episode 283 - Part 2 with Goatse - Direct Audio Download (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Night Jack Daniel, Security B-Sides, Most epic beard in information security. John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol Audio Feeds:
Video Feeds:

Alan Paller - Episode 282 - April 5, 2012

Apr 10, 2012 01:26:18

Description:

Alan Paller comes on the show to tell us how to give great presentations, moderate panels, influence the youth of America, and how to get involved with CyberQuest, a program for college students in information security!

Episode 282 Show Notes

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Night

Jack Daniel, Security B-Sides, Most epic beard in information security.

John Strand, Host of Hack Naked TV

Carlos Perez, Host of Security Weekly Espanol Audio Feeds:
Video Feeds:

Dan Geer - Episode 282 - April 5, 2012

Apr 10, 2012 49:08

Description:

Dan Geer comes on the show to talk about security, metrics, APT, breaches, and more!

Episode 282 Show Notes

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Night

Jack Daniel, Security B-Sides, Most epic beard in information security.

John Strand, Host of Hack Naked TV

Carlos Perez, Host of Security Weekly Espanol Audio Feeds:
Video Feeds:

Live from SANS Orlando - Episode 281 - March 23, 2012

Apr 3, 2012 45:53

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Episode 281 Featuring Paul, John, and an awesome small crowd of fans at SANS 2012!

Audio Feeds:

Video Feeds:

Live from CCDC - Episode 280 - March 16, 2012

Mar 21, 2012 54:24

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Episode 280 Featuring Raphael Mudge:

Episode 280 Show Notes

Episode 280 - Direct Audio Download (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Night

Darren Wigley, Host of Hack Naked At Night

John Strand, Host of Hack Naked TV

Audio Feeds:


Video Feeds:

Drunken Security News - Episode 279 - March 8, 2012

Mar 15, 2012 01:00:05

Description:

Testing virtual data centers, 10 movies scenes of authentication, PC is dead and we killed it, A/V is like smallpox vaccine (but not really).

Tonya Bacam, Security Onion - Episode 279 - March 8, 2012

Mar 15, 2012 01:04:26

Description:

Interview with SANS instructor & course author Tanya Baccam and Guest Tech Segment with Doug Burk on Security Onion

Jeremiah Grossman, Security News - Episode 278 - February 16, 2012

Feb 23, 2012 01:33:16

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Jeremiah Grossman Interview:

Video coming soon…

Drunken Security News Weekly #278:

Video coming soon...

Episode 278 Show Notes

Episode 278 - Direct Audio Download (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Night

Darren Wigley, Host of Hack Naked At Night

John Strand, Host of Hack Naked TV

Audio Feeds:

Video Feeds:

Adam Shostack, Security News - Episode 277 - February 9, 2012

Feb 15, 2012 01:28:49

Description:

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Adam Shostack Interview:

Drunken Security News Weekly #277:

Episode 277 Show Notes

Episode 277 - Direct Audio Download (mp3)

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Night

John Strand, Host of Hack Naked TV

Carlos Perez, Security Weekly Espanol

Audio Feeds:

Video Feeds:

Drunken Security News - Episode 276 - February 2, 2012

Feb 11, 2012 01:01:03

Description:

Drunken Security News Weekly - #276:

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Nigh John Strand, Host of Hack Naked TV Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:
Video Feeds:

Joe Stewart on Malware Analysis - Episode 276 - February 2, 2012

Feb 11, 2012 55:49

Description:

Joe Stewart on Malware Analysis:

UPnP Hacking with Backtrack 5 & Python:

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nigh

John Strand, Host of Hack Naked TV

Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Jon "maddog" Hall - Episode 275 - January 26, 2012

Jan 31, 2012 01:17:03

Description:

Jon "maddog" Hall - Linux, Open-Source, Beer:


Free, as in free beer.

Episode 275 Show Notes

Episode 275 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

SET and Drunken Security - Episode 274 Part 2 - January 19, 2012

Jan 24, 2012 53:03

Description:

Dave Kennedy and SET - The Social Engineering Toolkit (And Derbycon stuff):


Dave gives the best man-hugs.

Drunken Security News Weekly - #274:


The latest in the security world, from the drunken people you trust!

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

John Strand, Host of Hack Naked TV

Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

HD Moore on Metasploit - Episode 274 Part 1 - January 19, 2012

Jan 24, 2012 01:09:49

Description:

HD Moore on Metasploit new features and changes and other cool stuff:


HD Moore is my hero.

Episode 274 Show Notes

Episode 274 - Part 1 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

John Strand, Host of Hack Naked TV

Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Building a pfSense Access Point - Episode 273 Part 2 - January 12, 2012

Jan 19, 2012 43:41

Description:

Building Your Own pfSense Wireless Access Point:


Use off-the-shelf parts and open source software to build your very own robust access point!

Drunken Security News Weekly - #273:


The latest in the security world, from the drunken people you trust!

Episode 273 Show Notes

Episode 273 - Part 1 - Direct Audio Download

Episode 273 - Part 2 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

John Strand, Host of Hack Naked TV

Jack Daniel, Security B-Sides

Carlos Perez, Security Weekly Espanol

Social Engineering Framing - Episode 273 Part 1 - January 12, 2012

Jan 19, 2012 49:58

Description:

Framing in Social Engineering - Chris Hadnagy:


Use Framing to be more successful in Social Engineering

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

John Strand, Host of Hack Naked TV

Jack Daniel, Security B-Sides

Carlos Perez, Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Bruce Schneier - Episode 272 Part 1 - January 5, 2012

Jan 11, 2012 51:57

Description:

Bruce Schneier comes on the show to discuss security, privacy, and his new book "Liars and Outliers":


Bruce Schneier Interview - Episode 272 - Part 1

Robin Wood & Drunken Security News - Episode 272 Part 2 - January 5, 2012

Jan 11, 2012 56:27

Description:

Robin "Digininja" Wood talks about "zonetransfer.me":


Robin Wood on DNS Zone Transfer Testing - Episode 272 - Part 2

Drunken Security News Segment (Cut short due to Ustream problems):


Drunken Security News - Episode 272 - Part 3

Drunken Security News - Episode 271 Part 2 - December 22, 2011

Jan 3, 2012 35:54

Description:

Drunken Security News Segment:

Jason Fossen - Episode 271 Part 1 - December 22, 2011

Jan 3, 2012 56:25

Description:

Jason Fossen:

Drunken Security News - Episode 270 - December 15, 2011

Dec 20, 2011 01:17:49

Description:

Tim Medin on Smart Ways To Crack Password Hashes:

Drunken Security News Segment:

Episode 270 Show Notes

Episode 270 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

Jack Daniel, Security B-Sides

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Drunken Security News - Episode 269 - December 8, 2011

Dec 13, 2011 58:46

Description:

Paul and Jack try to hold things together for the stories of the week, and fail:

Episode 269 Show Notes

Episode 269 Part 1- Direct Audio Download

Episode 269 Part 2- Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Nite Jack Daniel, Security B-Sides John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:
Video Feeds:

Katie Moussouris Interview, CSRF How-To - December 8, 2011

Dec 13, 2011 51:01

Description:

Katie Moussouris, leader of the Security Community Outreach and Strategy team at Microsoft:

Video for this segment was missing some audio and video was out of sync, apologies to our viewers!

John Strand does a Tech Segment on CSRF:

Episode 269 Show Notes

Episode 269 Part 1- Direct Audio Download

Episode 269 Part 2- Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Nite Jack Daniel, Security B-Sides John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:
Video Feeds:

Drunken Security News - Episode 268 - December 1, 2011

Dec 6, 2011 49:00

Description:

Paul, Larry, and Jack talk about the stories for the week:

Episode 268 Show Notes

Episode 268 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Nite Jack Daniel, Security B-Sides John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:
Video Feeds:

Hard Drive Forensics with Scott Mouton - Episode 268 - December 1, 2011

Dec 6, 2011 01:06:25

Description:

Scott Moulton on hard drive forensics:

Core Security Technologies research team tell us about bypassing the OS X sandbox:

Episode 268 Show Notes

Episode 268 - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Larry Pesce, Host of Hack Naked At Nite

Jack Daniel, Security B-Sides

John Strand, Host of Hack Naked TV

Carlos Perez, Host of Security Weekly Espanol

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Simple Nomad - Episode 267 - November 17, 2011

Nov 21, 2011 01:11:35

Description:

Simple Nomad talks "APT", and Chris Pogue talks "Sniper Forensics":

Episode 267 Show Notes

Episode 267 - Simple Nomad, Chris Pogue - Direct Audio Download

Episode Hosts:

Paul Asadoorian, Host of Security Weekly and Stogie Geeks

Darren Wigley, Host of Hack Naked At Nite

Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Nite episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Drunken Security Horror - Episode 265 - October 28, 2011

Nov 8, 2011 01:07:51

Description:

Drunken security horror!

ESX passwords, brute forcing, Metasploit - Episode 265 - October 28, 2011

Nov 8, 2011 01:00:41

Description:

ESX Password recovery, web directory brute forcing, Metasploit post-exploitation

Pushpin & Hacking Smartphones - Episode 265 - October 28, 2011

Nov 8, 2011 33:12

Description:

John on Pushpin, Georgia on Hacking Smartphones

Robert Graham - Episode 265 - October 28, 2011

Nov 8, 2011 43:36

Description:

Robert Graham from ErrataSec

Volume Shadow Copies - Episode 265 - October 28, 2011

Nov 8, 2011 31:32

Description:

Mark Baggett & Tim Tomes on Volume Shadow Copies

Jeff Moss - Episode 266 - November 3, 2011

Nov 8, 2011 01:04:32

Description:

Interview with Jeff Moss:

266-Part2

Nov 8, 2011 51:42

Description:

Kevin Mitnick - Episode 265 - October 28, 2011

Nov 4, 2011 01:04:58

Description:

Interview with Kevin Mitnick:

Ron Gula - Episode 265 - October 28, 2011

Nov 2, 2011 31:17

Description:

Part 3 - Interview with Ron Gula:

Marcus Ranum - Episode 265 - October 28, 2011

Nov 2, 2011 41:18

Description:

Part 2 - Interview with Marcus Ranum

Marcuscutting

Johnny Long - Episode 265 - October 28, 2011

Nov 2, 2011 23:11

Description:

Part 1 - Interview with Johnny Long:

Paul's Security Weekly - Episode 264 Part 2 - October 20, 2011

Oct 25, 2011 55:43

Description:

Part 2 - Drunken Security News:

Paul's Security Weekly - Episode 264 Part 1 - October 20, 2011

Oct 25, 2011 47:13

Description:

Part 1 - Interview with Mike Poor and Tom Liston:

Paul's Security Weekly - Episode 263 Part 3 - October 13, 2011

Oct 19, 2011 43:23

Description:

Part 3 - Drunken Security News for the Week:

Paul's Security Weekly - Episode 263 Part 2 - October 13, 2011

Oct 19, 2011 52:24

Description:

Part 2 - Interview with Rich Perkins and Mike Tassey on DIY UAVs:

Paul's Security Weekly - Episode 263 Part 1 - October 13, 2011

Oct 19, 2011 53:06

Description:

Part 1 - Interview with Dave Porcello, CEO of Pwnie Express:

Paul's Security Weekly - Episode 262 Part 2 - October 6, 2011

Oct 12, 2011 01:11:58

Description:

The crew talks about the stories for the week!

Episode 262 Show Notes

Episode 262 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Jack Daniel

Larry Pesce

John Strand

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 262 Part 1 - October 6, 2011

Oct 12, 2011 01:07:15

Description:

Charlie Miller, pwn2own champion, Interview:

Alessandro Acquisti Interview:

Episode 262 Show Notes

Episode 262 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Jack Daniel

Larry Pesce

John Strand

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 261 - September 29, 2011

Oct 12, 2011 45:33

Description:

Brian Kennish on Facebook Privacy:

Paul and Jack bat around the stories for the week:

Episode 261 Show Notes

Episode 261 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Jack Daniel

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 260 Part 2 - September 22nd 2011

Sep 28, 2011 55:51

Description:

Paul, Darren, and Jack bat around the stories for the week:

Episode 260 Show Notes

Episode 260 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Jack Daniel

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 260 Part 1 - September 22nd 2011

Sep 28, 2011 58:55

Description:

Jennifer Granick Interview:

Raphael Mudge, author of Armitage, a front-end tool for Metasploit:

Episode 260 Show Notes

Episode 260 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Jack Daniel

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 259 Part 2 - September 15th 2011

Sep 21, 2011 46:35

Description:

Drunken Security News:

Episode 259 Show Notes

Episode 259 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

John Strand

Larry Pesce

Carlos Perez

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 259 Part 1 - September 15th 2011

Sep 21, 2011 01:07:57

Description:

Dino Dai Zovi Interview:

Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers:

Episode 259 Show Notes

Episode 259 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

John Strand

Larry Pesce

Carlos Perez

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 258 Part 2 - September 8th 2011

Sep 14, 2011 59:11

Description:

Paul, Larry, Jack, and the gang talks about the latest news for the week, including APT, cyber criminals, SSL, and how to pick a good password (Just kidding, we actually did talk about stuff that you may care about):

Episode 258 Show Notes

Episode 258 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

John Strand

Larry Pesce

Jack Daniel

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 258 Part 1 - September 8th 2011

Sep 14, 2011 01:06:58

Description:

Alex Hutton Interview:

Chris Greer - The Commoditization of Malware Distribution:

Episode 258 Show Notes

Episode 258 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

John Strand

Larry Pesce

Jack Daniel

Darren Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 257 Part 2 - September 1st 2011

Sep 14, 2011 41:33

Description:

Drunken Security News for episode 257 features SSL certs gone wild, attacking the PHY layer, undercovering social media, and more!:

Episode 257 Show Notes

Episode 257 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

Jack Daniel

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 257 Part 1 - September 1st 2011

Sep 9, 2011 01:18:20

Description:

In this episode's first part we interview Don Bailey on Hacking Cars with "War Texting":

Then onto Hacking Prisons with John Strauchs, Tiffany Rad, & Teague Newman:

We also talk about "Sneakers"!

Episode 257 Show Notes

Episode 257 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

Jack Daniel

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 256 Part 2 - August 26th 2011

Sep 6, 2011 58:44

Description:

In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel

Episode 256 Show Notes

Episode 256 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

"Intern Ian"

Jack "I have senior moments" Daniel

Darren "The Sound Man" Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 256 Part 1 - August 26th 2011

Sep 2, 2011 01:10:23

Description:

Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006 and is author of the high tech thriller Zero Day: A Novel. We interview Mark in this segment, and kill some bugs:

Episode 256 Show Notes

Episode 256 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

"Intern Ian"

Jack Daniel

John Strand

Darren "The Sound Man" Wigley

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 255 Part 2 - August 18th 2011

Aug 25, 2011 55:34

Description:

Live from the Security Weekly out door studios, Paul, Darren, Ian, and Carlos are joined by "Thor", Martin Mckeay, and Josh Corman! What a line-up! We talk passwords, PCI, things most people do wrong when it comes to security, and more!

Episode 255 Show Notes

Episode 255 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

"Intern Ian"

Jack Daniel

Special Guest #1: Martin Mckeay (Network Security Podcast)

Special Guest #2: Josh Corman (From the world of "awesomesauce")

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 255 Part 1 - August 18th 2011

Aug 22, 2011 56:41

Description:

In Part 1 we interview Timothy "Thor" Mullen. As Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."

Episode 255 Show Notes

Episode 255 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

"Intern Ian"

Jack Daniel

Special Guest #1: Martin Mckeay (Network Security Podcast)

Special Guest #2: Josh Corman (From the world of "awesomesauce")

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 254 Part 2 - August 11th 2011

Aug 16, 2011 55:52

Description:

In Part 2 of this episode we hear from more the fine folks of Trustwave's Spider labs and are amazed by:

Traps of Gold with Andrew Wilson:

Then we attempt to do the drunken stories of the week and reveal the special "adult" guests to our booth at Defcon:

Episode 254 Show Notes

Episode 254 Part 2 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

Larry Pesce

John Strand

"Intern Ian"

Jack Daniel

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 254 Part 1 - August 11th 2011

Aug 16, 2011 01:05:33

Description:

In this episode we hear from the fine folks of Trustwave's Spider labs. They appear on the show to give three, that's right, three special technical segments on various topics. In part 1 we are astounded by:

Amazingly True Stories from Real Penetration Tests:

We also hear from our good friend Dan Crowley on cryptographic Oracles:

Episode 254 Show Notes

Episode 254 Part 1 Direct Audio Download

Episode Hosts:

Paul Asadoorian

Carlos Perez

Larry Pesce

John Strand

"Intern Ian"

Jack Daniel

Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

Audio Feeds:

Video Feeds:

Paul's Security Weekly - Episode 253 Part 2 - July 28th 2011

Aug 9, 2011 54:54

Description:

Paul, Larry, Jack, and Nick Selby talk about the stories for the week! Including hacking cars, mod_security challenge results, router pwn web sites, drug smuggling.

Episode 253 Show Notes

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 253 Part 1 - July 28th 2011

Jul 31, 2011 52:54

Description:

In part 1 we interview Nick Selby, a newly minted police officer of the Dallas-Fort Worth area. He was formerly an information security analyst and consultant for nine years, and worked in physical security and intelligence consulting in various roles since 1993 and was a travel writer for European destinations in a previous life.

selby1.png

Episode 253 Show Notes

Episode 253 Part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 252 - July 21st 2011

Jul 27, 2011 01:07:09

Description:

In this episode we interview Matt Yoder! Matt is a lover of fine pens and paper, and a pencrafter. He has also spent time, in multiple stints, performing direct security consulting, including assessment and auditing, security systems support, and firewall deployment. He currently spends his days, and earns something resembling an income, assisting with server administration for a major University in the midwest, which prefers to go unnamed. (Due to audio problems we are unable to release the video, sorry about that!)

Then we discuss How wide open is your voicemail, the rise of security monkeys, rent-a-laptop, orange cartoon octopus virus, stroke development, a hacking epidemic, attacking small firms during the drunken security news segment:

Episode 252 Show Notes

Episode 252 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez, John Strand, & Jack Daniel

Audio Feeds:

Paul's Security Weekly - Episode 251 part 2 - July 14th 2011

Jul 23, 2011 01:14:42

Description:

David Kennedy, Jim O'Gorman, Devon Kearns, join us to talk about their new book! (Mati Aharoni is also an author but could not make it). "...while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors."

Drunken security news, including: Hacking femtocell, Wifi hacker sent to jail, losing your phone at the airport, RIP Win XP, long live "Hef", binary C&C over HTTP, fresh PuTTY, Loki explained, RFID bootable distro, process injection, shoulder surfing FTW.

Episode 251 Show Notes

Episode 251 Part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 251 part 1 - July 14th 2011

Jul 23, 2011 49:02

Description:

In part 1 we interview Claudio Criscione a security test engineer at Google. Before joining the company in 2011, Claudio was a penetration tester for most of his career, assessing the security of large infrastructures as well as holding roles in webapp and virtualization security.

Video of the interview with Claudio:

Episode 251 Show Notes

Episode 251 Part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 250 part 2 - July 7th 2011

Jul 20, 2011 01:27:17

Description:

Part 2 of episode 250 was a wild ride! Our friends, including Caitlin Johansen from Core Security, Bill and Trent from i-hacked, and Dave "I give big hugs" Kennedy join us to reflect on the past 250 epsiodes of SecurityWeekly:


"What I Learned on SecurityWeekly"


"Top Ten Things I Learned on SecurityWeekly"

Then, we get really drunk and talk about security news:

Episode 250 Show Notes

Episode 250 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 250 part 1 - July 7th 2011

Jul 18, 2011 01:02:52

Description:

Sorry for the long delay! Our new production system is still in process, and you will see episodes released more timely. Our 250th episode was extremely special, featuring Randal Schwartz, and a host of good friends and familiar faces!

In part 1 we interview Randal Schwartz:

Episode 250 Show Notes

Episode 250 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Paul's Security Weekly - Episode 249 part 2 - June 23rd 2011

Jul 6, 2011 01:11:20

Description:

Welcome back after our break for the birthday of the U.S. and not having a live episode last Thursday here is part 2 of episode 249. Kevin Fiscus from NWN STAR team and all around GREAT guy joins us to discuss his work to detect base64 on the network using snort and why it may be important. Then we recap the news the only way we know how.

Episode 249 Show Notes

Episode 249 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 249 part 1 - June 23rd 2011

Jun 29, 2011 35:43

Description:

Chris "carnal0wnage" Gates joins the crew and explains what a Army Signal officer is, what can be done to help companies scope properly to get the most out of a pentest. Also discussion around wXf. Enjoy.

Episode 249 Show Notes

Episode 249 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 248 part 2 - June 16th 2011

Jun 23, 2011 01:18:51

Description:

Eric Fiterman discuses his black hat training that will help you 'OWN' the data center. Virtualization Forensics is included at no charge to you... download the podcast today.
Of course we have security news the only way PDC knows how to do it.

Episode 248 Show Notes

Episode 248 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 248 part 1 - June 16th 2011

Jun 22, 2011 01:16:30

Description:

Here it is episode 248. Part one leads us off with Joshua "jduck1337" Drake and his contributions to the metasploit project.
Then we have a bearded Unix guy who hates firewalls to talk about his project, Shibboleth.

Episode 248 Show Notes

Episode 248 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 247 - June 9th 2011

Jun 13, 2011 01:50:31

Description:

Peter Zerechak the creator of the upcoming doucmentary CODE: 2600 a look at the hacker community, joins us for a discussion on his work filming and what kind of a film he wanted to make.

Watch the blip.tv video for a special 10 min trailer that was made for the Paul's Security Weekly episode.
We do have a fine tech segment from Tim Thomes (LaNMaSteR53) and using Google to brute force subdomains. Of course we also have security news and review of this week in the blog..

Episode 247 Show Notes

Episode 247 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 246 - June4th 2011

Jun 5, 2011 01:18:00

Description:

Friday Night episode from Casa Assadoorian. Wee bit of a tech segment on some PenTesting basics... like screen, ls, grep, tail, also some NMAP basics.
Of course we have Security news and review of this week in the blog..

Episode 246 Show Notes

Episode 246 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 245 part 2 - May 26th 2011

Jun 3, 2011 01:31:46

Description:

And now for your downloading enjoyment we have Moxie Marlinspike as he shares with us the going ons at Whipser Systems and attempts to make Android do the right thing. Don't miss a discussion on finding Mary Jane on a beach and in the middle of the ocean.
Of course we have Security news and review of this week in the blog..

Episode 245 Show Notes

Episode 245 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 245 part 1 - May 26th 2011

Jun 1, 2011 39:10

Description:

Sorry for the late release... holiday and all. Here it is Episode 245 part 1 with our interview with A.P. Delchi as he tells us his epic tails from the world of security world. Sit back and enjoy.

Episode 245 Show Notes

Episode 245 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 244 part 2 - May 19th 2011

May 25, 2011 01:22:12

Description:

It came from the blog the recap. Then weekly security news the only way we know how to do it. Listen in as John Strand schools us on a Sponge Bob Square pants vulnerability that allows code execution.

Episode 244 Show Notes

Episode 244 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 244 - May 19th 2011

May 24, 2011 45:42

Description:

Cesar Cerrudo is this weeks interview concerning by passing windows protection mechanisms.

Episode 244 Show Notes

Episode 244 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 243 - May 12th 2011

May 16, 2011 01:32:20

Description:

Marcia Hofmann from the EFF drops by to get all legal on us in the event your devices are confiscated. Some good advice if you are traveling with devices that contain data that would rather not get seen. Then join us for drunken news of the week.
Drunken security news style:

Episode 243 Show Notes

Episode 243 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Paul's Security Weekly - Episode 242 - May 6th 2011

May 9, 2011 01:11:56

Description:

Paul, Larry, and Carlos tell us how to use Nmap to perform stealthy host and service discovery on a network:

Drunken security news style:

Episode 242 Show Notes

Episode 242 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce

Audio Feeds:

Security Weekly #241 - April 28th 2011

May 1, 2011 01:31:53

Description:

Andrew Case discusses de-anonymizing Live CDs using analysis of the memory

 

Then better than last week we have security news from the week only half drunk... Larry is sick at home but at least he has skype.

 

Episode 241 Show Notes

Episode 241 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 240 - April 21th 2011

Apr 26, 2011 01:26:06

Description:

Welcome to episode 240...

Here we have a tech segment on Web Labyrinth
While it was a quiet week we drink and do the news anyway.

Episode 240 Show Notes

Episode 240 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 239 part 2 - April 14th 2011

Apr 20, 2011 01:30:17

Description:

Adrian "IronGeek" Crenshaw talks about his violation and penetration with his USB stick.

Then Security news... drunken style... cause there really is no other way.

Episode 239 Show Notes

Episode 239 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 239 part 1 - April 7th 2011

Apr 19, 2011 46:16

Description:

Here is what you have been waiting all week for episode 239 part 1. Dave Kennedy and Adrian 'IRON GEEK' Crenshaw, PureHate and SecMania all join us to tell us about derby con and why you all should go. And we have an actual girl with us live in studio. A very special one at that.. so you should download this episode and find out who.

Episode 239 Show Notes

Episode 239 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 238 - April 7th 2011

Apr 10, 2011 01:41:50

Description:

Here is our fabulous 238th episode.

Random dude (Chris Palmer) from the EFF tells us its time to fix SSL its done broken.
Ryan Barnett drops us into a XSS street fight.
And of course drunken idiots discussing news stories from the week. Our best advice in stories is to burry it deep.

Episode 238 Show Notes

Episode 238 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 237 part 2 - March 31st 2011

Apr 7, 2011 01:35:50

Description:

Deral Heiland joins us for a tech segment on how to use multi-function printers on a pentest.

Then we talk about some security news from the week.

Episode 237 Show Notes

Episode 237 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 237 Part 1 - March 31st 2011

Apr 5, 2011 33:24

Description:

Larry called shenanigans on the Caribou project so we bring them on to talk about it, then Larry decides to flee to Canada to look for real Caribou.

Episode 237 Show Notes

Episode 237 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 236 - March 24th 2011

Mar 28, 2011 02:13:35

Description:

Fully packed show! Chris Nickerson and Eric Smith come on to talk about PTES, the new standard to executing penetration tests. Kevin Fiscus does an interview about risk management, helping customers, and more! Bugbear does a technical segment that will make you think twice about timestomping (NTFS MFT FTW), and the crew talks stories, including RSA, Comodo, and more!

hacknakedstripper.jpg

Episode 236 Show Notes

Episode 236 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 235 Part 2 - March 17th 2011

Mar 23, 2011 01:36:34

Description:

Georgia "Troublemaker" Weidman joins us to discuss her experiences at the Mid-Atlantic CCDC competition as both a blue team member, and an incarcerated red team member. Then she discusses how her quest for a method of preventing embarrassing drunken texting led to her research in to the bot net control using sms. Can you hear me now? I thought so...

Episode 235 Show Notes

Episode 235 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 235 Part 1 - March 17th 2011

Mar 21, 2011 46:56

Description:

OSSTMM Creator Peter Herzog is interviewed to share his thoughts and work in the security field... and all the way from across the pond.

Episode 235 Show Notes

Episode 235 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 234 - March 10th 2011

Mar 14, 2011 00

Description:

Paul's Security Weekly from the Mid-Atlantic Collegiate Cyber Defense Competition for 2011. Where they discuss cyber defense of cyber assets by being a cyber warrior to fight the cyber criminals and the cyber thieves. Then we have a cyber podcast where we discuss some cyber news about cyber events all over the cyber sphere. So join cyber Paul, cyber Larry, Cyber John, Cyber Carlos, and last and certainly not least Intern Cyber for this cyberific podcast.

cyber.jpeg

Episode 234 Show Notes

Episode 234 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 233 part 2 - March 3rd 2011

Mar 9, 2011 01:19:14

Description:

Ray Davidson takes ShmooCon to college. Larry continues on with his love for "The Sheen Machine".
Then a better suite of stories for the week are discussed.

Episode 233 Show Notes

Episode 233 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 233 part 1 - March 3rd 2011

Mar 7, 2011 37:50

Description:

Sharon Conheady on the history of social engineering, con-artistry, and the bamboozler. All this and more on a internless 233 part 1. I will be back next week and hope it sounds better.

Pretty sad to represent Sharon on the show, who has a beautiful voice by the way... we have an image of who else.. JOHN STRAND everyone.

Episode 233 Show Notes

Episode 233 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 232 - Feburary 24th 2011

Feb 27, 2011 01:38:09

Description:

Mike and Mike, Murr and Murray... you figure it out, join in to discuss phishing and the way they go about creating phishing emails that get very high response rates. Even one that had 110% acceptance.
Mr. Carlos Perez takes us on a journey of OSX post exploitation.

Then some chuckleheads discuss stories from the week.

Episode 232 Show Notes

Episode 232 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 231 part 2- Feburary 17th 2011

Feb 23, 2011 01:31:26

Description:

Surbo and hevensnt join us from the land of Kansas to give us the scoop on hacking Evite. Also why they think that hackers are a bit out of shape and what they are doing about it. It involves running... nothing chasing you just running for... get this... FUN!!

Then we discuss some stories for the week with a Cheap Trick lead in.

Episode 231 Show Notes

Episode 231 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 231 - Feburary 10th 2011

Feb 21, 2011 39:20

Description:

Back in the Asadoorian residential studio for Episode 231. Joining us on another fabulous February Thursday night in Rhode Island, Stefan Esser stays up really late in Germany to discuss with us ASLR on iPhone and PHP Security or the lack there of.

Episode 231 Show Notes

Episode 231 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 230 - Feburary 10th 2011

Feb 13, 2011 01:29:15

Description:

Alex Horan from Core Impact, Chris Hoff from Cleveland join a Paul with out his Larry in the cigar lounge to discuss ZeroDay exploit use in testing, The Cloud what it is and how why it matters to you. Chris Hoff shares with us a fantastic story of anatomy showing up on lab computer screens, that really ties the show together. At least Alex's mom thought we did well.

a special thanks to Paul Joyal for letting us take over his cigar lounge for this episode.

Episode 230 Show Notes

Episode 230 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 229 - Feburary 3rd 2011

Feb 8, 2011 01:24:56

Description:

Andrew Lockhart former superstar of PDC rejoins us for one magical evening. We get a tech segment that gives Larry wood and then there stories in all this wonderfulness. Its is all yours in one download.

a special thanks to Paul's beer fridge... or the contents of said fridge.

Episode 229 Show Notes

Episode 229 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 228 - January 29th 2011

Feb 2, 2011 45:38

Description:

The Podcast that took two takes cause of memory card failure and you can see how we treat mis behaving memory cards. This episode was recorded at ShmooCon in Washington DC this past weekend. We hope that all of you that were there got a chance to come out and say hi.
memcard.jpg

Thanks to the EFF representative that was trying to go home but gave us a few moments of her time.

Episode 228 Show Notes

Episode 228 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 227 part 2 - January 20th 2011

Jan 26, 2011 01:03:36

Description:

Father John Strand gives tonights technical segment on a tool called WebLabyrinth writen by Ben Jackson with Mahemic Labs. This the fine David Bowie picture... Paul is a HUGE David Bowie fan.

labyrinth.jpg

Sorry for the static pictures but we had internet issues that prevented a proper video recording of this episode. Paul love his ISP.

Episode 227 Show Notes

Episode 227 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 227 part 1 - January 20th 2011

Jan 24, 2011 51:51

Description:

Joe McCray and his virgin appearance on the PDC show as a guest. He discusses Paul's two drops of pee moment and some security topics. So download now, grab your bottle of Hennessy off the shelf, and listen in.
joeMcCray.jpg

Episode 227 Show Notes

Episode 227 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 226 part 2 - January 13th 2011

Jan 20, 2011 01:26:18

Description:

Eric Monti Smashes iPhone apps in this weeks tech segment. Guess what banking apps may not be so wise to use... also stories for the week

Episode 226 Show Notes

Episode 226 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 226 part 1 - January 13th 2011

Jan 19, 2011 49:45

Description:

Scott Ullrich & Warren Baker lovers of freedom free software OpenBSD and they know a thing or two about pfSense open source firewall. These two join us to discuss their work on the pfSense project how it came to be and why. Also what the future holds for this great product.

DISCLAMER: This is not a duplicate just for some reason for two weeks now John Strand is what blip.tv has chosen as the frame to represent the entire video. This only means I need to do a better job of finding pictures of John to use during the recordings. At least he is hot... really hot.. I want to touch him, but interns are not allowed with in 15 feet of him.

Episode 226 Show Notes

Episode 226 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 225 part 2 - January 6th 2011

Jan 13, 2011 58:02

Description:

Discussion of stories (why the devaluation of a pentest) for the first week of 2011 and a tech segment from the one the only Mr. John Strand. IT'S A SPIDER TRAP!!

Episode 225 Show Notes

Episode 225 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 225 part 1 - January 6th 2011

Jan 12, 2011 55:53

Description:

Ed Skoudis joins us from the secret secret lab to discuss the inner workings of his capture the flag project. Also introduces us to some of his partners in the laboratory.

Episode 225 Show Notes

Episode 225 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 224 part 2 - December 16, 2010

Dec 24, 2010 39:02

Description:

And hot on the heels of part 1 we give you part 2. Just us continuing to make your holiday the cheeriest on record. This one best served with the adult egg nog... and LOTS of it.

mac-baby-gift2.jpg

Episode 224 Show Notes

Episode 224 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 224 part 1 - December 16, 2010

Dec 24, 2010 55:12

Description:

On episode 224 we gift wrap for you Mr. Daily Dave Aitel,and one of the master minds at Immunity. So lets download... throw another Yule log onto the fire... what ever that is, and enjoy our soothing voices this holiday season.

paulandlarry.png

Episode 224 Show Notes

Episode 224 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 223 - December 9, 2010

Dec 13, 2010 01:38:08

Description:

Here we are back at At the Mr.J's Havana shop we talk cigars, Armitage GUI front end for Metasploit and how to launch a hail mary. WE have this News and more with Paul, Larry, John, Carlos, and Dan King.

paulandlarry.png

Episode 223 Show Notes

Episode 223 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly - Security Weekly - Episode 222 - December 2, 2010

Dec 7, 2010 01:00:36

Description:

Live from Ron Gula's pool house!

deaddrops.jpg

There is actually a dead drop in the bottom of Ron's pool.

Episode 222 Show Notes

Episode 222 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,Larry Pesce, Carlos Perez, Dennis Brown

Audio Feeds:

Security Weekly - Security Weekly - Episode 221 - November 23, 2010

Nov 25, 2010 01:16:57

Description:

Xavier Mertens and Sebastien "FireSt0rm" Jeanquier join us to talk tech: Single Packet Authentication, URL shortening data leaks, Facebook password cracking and more!

paulandlarry.png

Episode 221 Sho