Wednesday, September 20, 2017

Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy



Beers with Talos (BWT) Podcast Episode 13 is now available.  Download this episode and subscribe to Beers with Talos:

If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast

Beers with Talos is a fast-paced, smart, and humorous podcast focused on security research topics. Staying abreast of security topics is difficult in this rapidly evolving threat landscape. Beers with Talos serves important security stories in a way that is understandable, engaging, and fun to researchers, executives, and security n00bs alike.

EP13 Show Notes: 

Struts - when to patch and when to patch with a vengeance. In light of the Equifax breach, we discuss how patching can make you live better days, Never look back and say, Could have been me. Naturally, that convo leads into the biggest story of the week around Pwning the Supply Chain - CCleaner, Python, and Nyetya style. Avast made some mistakes, but every tech company is susceptible to supply chain attacks. What can companies do to protect themselves and how can users adopt a stronger security posture in this area? We also talk Ex$ploit Economy - Valuing exploits by supply and demand. Zerodium has an extensive price list, what can we discern about the availability and difficulty of various exploits using basic economics?

EP13 Timetable:

01:00 - Roundtable - What’s on your mind today?
10:25 - Struts - Could Have Been Me (but we patched)
19:20 - CCleaning up the Supply Supply Chain
33:26 - The Ex$ploit Economy
53:28 - Closing shots and parting thoughts

Talos Struts post: http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html 
and http://blog.talosintelligence.com/2017/09/apache-struts-being-exploited.html 
Talos CCleaner post: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html 
Zerodium exploit pricelist: https://www.zerodium.com/program.html
==========

Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).
Hosted by Mitch Neff (@MitchNeff)

Find all episodes:
http://cs.co/talospodcast

Subscribe via iTunes (and leave a review!)
http://cs.co/talositunes

Check out the Talos Threat Research Blog:
http://cs.co/talosresearch

Subscribe to the Threat Source newsletter:
http://cs.co/talosupdate

Follow Talos on Twitter:
http://cs.co/talostwitter

Give us your feedback and suggestions for topics:
[email protected]

1 comment:

  1. Absolutely love the podcast! Makes me eager to go home and start going through a book with beginner Python projects... and then I look at that huge book when I get home and am like... naaah.

    I know you guys have gone over how to break into the field of cyber security, but what about more practical... "every day" things? Any good books to read (beginner or otherwise)? Projects you could do at home like setting up your own lab network? What would be a good entry level type of position for someone like me who is really interested in this field, but knows without a doubt that they are only seeing the tip of industry iceberg? Or perhaps a position that gives you exposure, knowledge, and possible leverage into this field? I'm now Level 1 support on a video conferencing Help Desk and it's hard to see how to get from here to there with the limited knowledge I have right now!

    Thanks again for all the nice info, perspective, inspiration, laughs, and train noises you provide!

    ReplyDelete

Post a Comment