Register for PaulDotCom training at Blackhat USA: Defensive Countermeasures: Foundations for Becoming a Devious Defender & Offensive Countermeasures: The Art Of Active Defense July 27-28 & 29-30.

Episode Media

Episode 298

MP3

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 298 for Thursday August 2nd, 2012

• Episode 300 of PaulDotCom Security Weekly will be recorded and streamed live on Friday August 31st in support of of a cure for Breast Cancer. We will broadcast live from 10am until 6PM Eastern time and the show will feature tech segments, round table discussions and special guests. Mark it on your calendars today!

• In other admin related news, we're leaving Ning and moving onwards. Ning was cool, but now its a haven for SPAM. I want to thank everyone for participating. In the meantime please follow us on Twitter (@pauldotcom), Facebook (https://www.facebook.com/therealpauldotcom), and add me on Google+ (Paul Asadoorian, I will have a good email account for that soon). Don't forget to join our mailing list http://mail.pauldotcom.com and look for a newsletter in the not-too-distant future.

Teasers & Plugs

• Larry is teaching SANS SEC 617 on Wirelss Pwnage, check out Larry's very own dedicated page on the SANS web site for a complete list, Next up is SANS at Syndey in November.
• Larry will be delivering the Keynote at Hack3rcon^3 Doomsday Eve. Hackers and prepping, what could be better?

Interview with Kevin Finisterre of Accuvant

Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.

1. How did you get your start in information security?
2. What advice do you have for others just getting started in information security?
3. In 2004 you were involved with the trifinite group, many of us used the tools that came from this project, how did it start and what were the motivations for attacking Bluetooth?
4. How big is the Bluetooth security problem today? Have we fixed stuff or is it now just flying under the radar, outshined
5. You've also spent a good amount of time finding vulnerabilities, what are some of your favorite tools and techniques for finding vulnerabilities?
6. What are some of the most funny and/or interesting vulnerabilities that you've found (that you are comfortable talking about)?
7. So wait, you can't just release SCADA vulnerabilities and exploits, right?
8. In your experience, what are some of the differences between how Apple handles vulnerability disclosure vs. Microsoft?
9. So if one wanted to 0wn a cop car, how would they do it?

Five Questions!