Session management in web applications is extremely important in regards to securing user credentials and integrity within the application. Sometimes, session tokens can be predicted, provided the overall randomness is weak. If this is possible, a remote attacker may be able to compromise the session of an authenticated user. In this episode of Tradecraft Security […]
Matt joins Paul to recap the startups that caught their attention at the recent Black Hat conference in Las Vegas! Startup Companies: – Skyport Systems – IntSights – Capsule8 – Zingbox – RiskSense – ZeroFox Full Show NotesVisit http://securityweekly.com/category/ssw/ for all the latest episodes!
Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News! News Too many big online brands allow terrible passwords – Dashlane, a company providing secure authentication mind you, has evaluated the […]
How not to botch your pitch, why VCs love insurance, ten ways to preserve cash as a bootstrapped startup, and updates from OpenText, WatchGuard, and more! Startup Articles & Discussion Increasing Sales By Evaluating Your Marketing Strategy Build a business you’d never want to sell 10 Ways to Preserve Cash as a Bootstrapped Startup One […]
Printer attacks have been around for some time. Paul describes some of the latest techniques and research into printer hacking, including capturing print jobs, manipulating print jobs and other attacks. These are useful on penetration tests (believe it or not). Defenders take note, printers must be on your radar. Run PJL Commands: printer:/> site @PJL […]
Mystery bug bounties, Marcus Hutchins pleads not guilty, a password guru regrets past advice, Dropbox and offline two-factor authentication, and more security news! Paul’s Stories Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities Hacker Marcus Hutchins To Plead Not Guilty To Malware Development Password Guru Regrets Past Advice Salesforce Sacks Security Engineers For Their […]
Aram is the Founder and CEO of BeSafe (formerly Skycryptor), an encrypted cloud company that uses proxy re-encryption techniques to protect user data. He provides a demo on his techniques to ensure user data security! Full Show Notes Subscribe to YouTube Channel
WannaCry’s killswitch domain registrant is arrested, making infosec more inclusive, hacking 113-year-old subway signs, security standards for smart devices, and more security news! Paul’s Stories Making Infosec Meetings More Inclusive How Engineers Hacked 113 Year Old Subway System Signs Chromes built-in adblocker arrives for early adopters Researchers display CAN do skill in vehicle DoS An […]
A very common attack that many networks are vulnerable to is called LLMNR or NBT-NS poisoning. Through this attack it is possible to gain access to a user’s NTLMv1 or v2 password hash. A more interesting attack can be carried out under the same premise though. Instead of just obtaining a password hash the user’s […]
HashiCorp Vault brings disaster recover to security secrets management, Oracle joins SafeLogic to develop FIPS module for OpenSSL security, and Cylance bringing enterprise security platform technology to home users. Full Show NotesVisit http://securityweekly.com/esw for all the latest episodes!