Security Weekly Podcast Network (Video)

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean's Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

On March 14, 2014 the securityweekly.com website was defaced (index.php was modified) by an attacker at approximately 6:30AM EST. We discovered this attack, via Twitter in fact, at 8:00AM that morning. Our web site was restored and operational by 11:00AM that morning, and forensics investigations are continuing.

Links for this episode!! FTP Passwords!! They are everywhere!! http://tinyurl.com/HNTV-FTP-Creds Chargeware.. It is legal, but it can still get you shot. http://tinyurl.com/HNTV-EULA Target breach and the state of phishing: http://tinyurl.com/HNTV-Target-Email SANS 560 Orlando April 7th - 12th http://tinyurl.com/SANS-560-Orlando Please note the link and the dates in the video are wrong for SANS Orlando.

Embedded device fail, WeMo, and more!

Kat Sweet is a geek-of-all-trades: maker, musician, ham (call sign K7FTW), and firm advocate of NSFW 3D printing. She presented on the latter, giving a talk titled "The Sensual Side of 3D Printing" at BSidesLV and SkyTalks in 2013.

Drunken Security News 362

Django Source Code Security Scanner - Joff Thyer

Paul Paget

Links for this episode: http://tinyurl.com/HNTV-TARGET-HVAC http://tinyurl.com/HNTV-PCI http://tinyurl.com/HNTV-Fed-Sec-Fail SANS DIFRCON! http://bit.ly/1b5WxTJ

HVAC vulnerabilities, DDoS for your POTS lines, and jamming wi-fi and other 802 networks.

Brian Richardson is a Senior Technical Marketing Engineer with Intel Software and Services Group. Brian goes over UEFI and what is done to keep your computer secure.

Point-of-sale vulnerabilities, drive-by downloads, self-driving cars and more. Next week we will be at our new location for filming the podcast.

Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. This is covered in this weeks technical segment.

Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course.

Dave Kennedy testifies before Congress and gets called a liar by someone that didn't hear his testimony or read his findings. Akamai tells about the most common problems with Wordpress plugins, Starbucks mobile app is insecure and there's a backdoor in Cisco. Plus a whole lot more!

Crafting 802.11 Packets with Scapy

Joel is a seasoned security executive with a passion for information security research. He has over 20 years of diverse Information Technology experience with an emphasis in Information Security. Joel is currently the Chief Information Security Officer for Advanced Auto Parts and maintains a blog at http://www.malicious-streams.com/ .

Links for this episode: Neiman Marcus: http://zd.net/1ixB1ix DHS Breach: http://ubm.io/1mwBCyo John Teaching at Monterey: http://bit.ly/1b5WxTJ

Here is Paul's explanation on why the podcast is now "Paul's Security Weekly" and you'll see a lot more of "Hack Naked" and less of another name that will no longer be mentioned.

Paul, Jack, Larry, John, Carlos, Allison and now Joff are all here hosting the first ever episode of Paul's Security Weekly! Listen in for all the discussion of this week's security stories!

Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm.

Ian is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.

In this episode we recap 2013 and talk about Router and iPhone backdoors. Links for this episode: http://tinyurl.com/HNTV-NSA-IPHONE http://tinyurl.com/HNTV-Router-Backdoor

Puffy-cheeked Paul, Larry and Jack are back with stories of the week from securing your Apache server to talking about Dave Kennedy and the healthcare.gov site, hacking bug bounties and security con videos are available online. Plus a ton more!

Thomas works for NCC Group as a Security Consultant, conducting all different types of security assessments. Ryan is a British Computer Security graduate, security enthusiast and Security Engineer for RandomStorm living in France. He is interested in Web Application Security and Information Security in general. http://www.scriptalert1.com is a very simple and concise platform to explain Cross-Site Scripting, it's dangers and mitigation. Our aim is for penetration testers to include a link in their pen test reports to the resource and to get it to be the de facto description for semi-technical / tech savvy managers.

Before he wrote hashcat he was a bug hunter for fun, focusing on open source software. After 2005 he only did bug hunting on commercial software and therefore not allowed to disclose product names. In 2010 he started hashcat and since that time it's the only project he's been working on.

Greg Hetrick joins Paul this week to talk about all the interesting and fun stories of the week in the world of IT security!

As always the guys have some great discussions and stories of the week!

Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.

Deciphering the Episode 350 crypto challenge with Mike Connor.

Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He is well known for his appearances at DEFCON as the host for the game Hacker Jeopardy.

The Cavalry Isn't Coming - Preserving Security Research Through the Demonstration of Public Good.

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. The technique of stealing the token of a process with higher privileges in order to achieve privilege escalation is often used during Kernel exploitation.

Dan Philpott is a Solutions Architect with Natoma Technologies working with Federal customers on cloud computing and federal information security projects. His work focuses on federal information security initiatives including FISMA, cybersecurity, FDCC, USGCB, HSPD-12, risk management and other federal information assurance initiatives

Mona can be used by pentesters and exploit developers to take a proof of concept crash and turn it into a working exploit in a quick and organized fashion, eliminating downtime.

We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?

SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.

It's Episode 70 of the Stogie Geeks Podcast!

Episode 350 is dedicated to Veterans, so we found it only fitting to have a panel with InfoSec individuals who are also Veterans. We want to discuss how serving in the military has helped these people in their careers.