Security Headlines with Johnny Xmas

Summary:

In this episode of Security Headlines, we are joined by
the Hacker Johnny Xmas. Johnny is a very interesting character
with a lot of fun projects behind him.
Join us as we get to hear Johnny’s stories as we deep dive into this weeks episode of Security Headlines:

https://anchor.fm/firo-solutions/episodes/Security-Headlines-with-Johnny-Xmas-elpllq

Johnny became fascinated by taking things apart and getting
to know how they operate. Learning how to rebuild gadgets and explore
how they work.

During his early twenties, he and a friend of him read on the back
of a 2600 magazine that there was going to be a hacking conference in New York.
They saved up money and drove to the Hackers on Planet Earth(HOPE)
conference in New York. When they arrived they were thrilled to
see the hacker community. He made friends for life and
continued visiting the conference. He is now a regular speaker
at that conference and many more!

We cover a lot of ground in this podcast episode talk about: How the hacking scene has changed over the years.

Covid19

The great things the pandemic has given us in the tech field
such as securing remote communications. Companies such as Zoom are listening to
the consumer’s demand for more security and applying it.

Cigars

Cigars, how the global pandemic has affected the cigar industry. Combining infosec and cigar culture.

Ghost Express

Ghost express, who started as a Chicago 2600 meetup project, send
a haunted object to anyone you want anonymously. Hacking together a business, having everything automated

Common low hanging fruit

The most common ways pentesters get into companies and what they
can do to fix it.
Various bad actors are often lazy and choose the quickest way in. Often involving phishing and ransomware. In today’s world, you can even
get ransomware with tech support.

Venmo

After giving a talk about it and releasing software that made everyone
able to easily abuse this, Luckily Venmo took action and limited the amount of data available. Johnny found a way to generate api keys with
just making a simple request to the

Bypassing Webb application firewalls

A lot of firewalls just focus on IP filtering which is a huge problem
in today’s world, it is really easy and cheap for a consumer
to acquire a large set of (residential)IP addresses.
One provider of proxied IP addresses is Hola VPN that lets their free
users act as exit nodes that they sell using platforms such as luminate.

Other people have adopted this approach but with mobile development toolkits.

Grimm

Johnny is currently working for the security engineering
firm Grimm, a company known for its involvement in the ICS(Industrial control system) security work.
Currently working on developing Grimm is currently hiring people, do you want
to get paid to develop security training platforms?

Then Grimm is the place for you!

External links:

https://twitch.tv/j0hnnyxm4s
https://twitter.com/J0hnnyXm4s/
https://luminati.io/
https://www.youtube.com/c/JohnnyXmas/
https://github.com/johnnyxmas/Talk_Decks/tree/master/2019/Sorry%20about%20your%20WAF
https://ghost.express/
https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html
https://www.twitch.tv/mr_horologist
https://twitter.com/cigarsec
https://www.icsvillage.com/
https://www.grimm-co.com/careers
https://en.wikipedia.org/wiki/Venmo
https://www.technowize.com/grindr-security-flaw-lets-anyone-hijack-user-accounts/ https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Branched-chain_amino_acid
https://opihr.com/
https://en.wikipedia.org/wiki/Sub7 https://nmap.org/book/man-nse.html
https://en.wikipedia.org/wiki/Less_Than_Jake
https://en.wikipedia.org/wiki/Oh,_Sleeper https://selenium.dev/