Careers

Lots of Smoke – PSW #635

This week, in the Security News, A Powerful GPG collision attack spells the end for SHA-1, an unpatched Citrix Flaw now has PoC Exploits, a Lottery hacker gets 9 months for his 5 cut of the loot, Windows 10 has a security flaw so severe the NSA disclosed it, and PayPal patches a high severity password vulnerability! In our second segment, we welcome Ryan Speers & Jeff Spielberg of River Loop Security, to talk about Embedded Product Security: Left of Ship! In our final segment, we will be airing our Hacker Culture Roundtable, recorded from the Security Weekly Christmas Extravaganza, with a boatload of hosts from the Security Weekly Family!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Hacking IoT Devices – Jeff Spielberg, Ryan Speers – PSW #635

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today? Importantly, security needs to be baked in while remaining lean and moving quickly towards an MVP product. Discussions will range from hardware chip selection, cryptographic protocol design, and firmware security -- both at the design and security pen test phases.

Guests

Jeff Spielberg
Jeff Spielberg
Managing Partner at River Loop Security

Jeff Spielberg is a managing partner of River Loop Security. An electrical engineer by training, his primary cybersecurity interests and research focus on low-level hardware reverse engineering on embedded devices. He has performed security penetration testing on a wide array of embedded devices and often works on secure design and architecture projects for critical embedded and IoT applications.

Ryan Speers
Ryan Speers
Security Researcher at River Loop Security LLC

Ryan is a managing partner of River Loop Security and has assessed a wide range of embedded devices, finding vulnerabilities by physical attacks, network access, firmware reversing, and other techniques. He has led design of remediations or new systems, frequently focusing on their cryptographic protocols and protections. Ryan is also known for his research on the security of radio protocols, including IEEE 802.15.4/ZigBee and maintenance of the KillerBee framework frequently used to assess these protocols.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. CVE-2020-0601, Netscaler RCE, npm – PSW #635

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more!

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. What Does It Mean To Be A Hacker? – PSW #635

This is the Hacker Culture Roundtable discussion from the Security Weekly Christmas podcast marathon and features almost all of our hosts and special guests.

Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem. The term purportedly originated in the 1960s, when it was used to describe the activities of certain MIT model train enthusiasts who modified the operation of their model trains. They discovered ways to change certain functions without re-engineering the entire device. These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. To the general public, a "hack" became known as a clever way to fix a problem with a product, or an easy way to improve its function.

Guests

Bill Swearingen
Bill Swearingen
Sr Cyber Strategist at IronNet Cybersecurity

Bill has devoted his career to protecting critical infrastructure and Fortune100 companies from advanced cyber threats. He brings direct experience with being on the front lines, and an in-depth understanding of the challenges our customers are faced with — and what problems they are wanting to solve. Bill has a proven track record of creating, developing, and managing strong technical teams needed to provide Incident Response, Digital Forensics, Vulnerability Assessment, Penetration Testing, and Policy enforcement for large (Fortune 150) corporations such as CenturyLink and Sprint.

Trent Lo
Trent Lo
Co-Founder & Security Professional at SecKC

Trent is a seasoned security professional with a distinguished career defending a Tier 1 Network from skillful adversaries. His versatile background in both offense and defense has helped him architect visionary security solutions that are deployed within numerous Fortune 500 Companies. He is an established Security Researcher who has reported vulnerabilities in organizations like Microsoft, Google and Southwest Airlines. He is also the creator of ‘OvRfLoW’ (Microsoft Flow Attack Framework). Trent is a key contributor to Government Cyber Exercises like Cyber Shield and Cyber Storm. He has also built relationships on Threat Intelligence Sharing by speaking at the Network Security Information Exchanges (NSIE,) National Defense Information Sharing and Analysis Center (ND-ISAC) and Multilateral Network Security Information Exchanges (MNSIE.) Trent has worked with industry partners and government agencies to dismantle botnets like “3ve” and “themoon”.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
April Wright
April Wright
Preventative Security Specialist at Architect Security
Doug White
Doug White
Professor at Roger Williams University
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
Patrick Laverty
Patrick Laverty
Security Consultant at Rapid 7
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad