Please don't hack Jack's laptop and turn on his camera as he claims he stands up, pantsless, about every half hour. Even thinking about that hurts my eyes. Paul also talked about a story where a hacker in Finland explained the value of hacked laptop cameras. Selling a woman's access is worth about $1 each while men are worth about $1 per 100! However for Jack, I'm pretty sure someone would have to pay us, a lot, to take his.
Worried about someone breaking into your laptop and recording you in some compromising position? Take Paul's advice and simply head that off. Make your own! Even better, do it in HD with good lighting! Then when someone says "Uhh, there's a video of you naked on the internet" you can just say "Yeah, I know! I made it!" Heck, maybe you can even make money off it. After all, isn't that how the Kardashians became famous?
Paul loves this article from Trustwave Spider Labs where Nathan Drier mentions that sometimes the pentest gods smile down upon you. Maybe you can get access to a system as a non-root user, so you try to sudo to a shell like bash. But, the smart admin has blocked access to sudo bash. Hmm, what to do next? How about sudo tcsh? That one works! Or, what if someone has a root password hard-coded into some available scripts? Just like comedian Ron White has said many times, you can't fix stupid.
Jack wants to know why we are so slow to detect breaches? He refers to a study where 500 executives were polled and they claim it takes about ten hours to detect a network-based breach. However in the real world, using the Verizon DBIR data, we see that two-thirds of the breaches actually take many weeks to detect. Why is there such a disconnect between what the executives think happens and what is reality? Wishful thinking?
Are you going to take a stab at the $100,000 that Microsoft is offering in its bug bounty program?
Oracle is back and said they have plugged the 40 security holes in java. Hooray! So java is all safe now. They've plugged all the security issues, right? Hmm, and what were you saying about that bridge for sale? I guess we'll see in either a few days or few weeks when they come out with another update.
Texas has banned warrantless snooping. Will the NSA now say "Oh, your data is in Texas? Ok, sorry, we'll leave you alone now." Uh huh. This complements a recent Daily Show commentary where John Oliver stated that the problem isn't that the federal government broke laws to do much of this snooping, the problem is that they didn't have to. Now to do it without a warrant in Texas, they will have to break laws.
More discussions on HTML5 and how it relates to browser security, and finally a Dark Reading post on how security needs more designers, not architects.
Remember to check out PaulDotCom Security Weekly every Thursday night at 6 pm Eastern (US) time! And a big thank you to everyone who participated in the inaugural Security BSides Rhode Island!