SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out, because this new client site modules rock! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.
This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!
Announcements & Shameless Plugs
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 107 for May 9th, 2008
- PaulDotCom SANS Click-Through - Go there, register for fabulous SANS training! Go now!
- Network Security Projects Using Hacked Wireless Routers with Paul Washington DC, July 23, 2008 SANSFIRE and a joint podcast @ 7:00PM with the ISC folks!
- Pen Test Summit - June 2-3 to be attended by Larry
- PaulDotCom Monthly Webcast - May 28th, 2:00PM EST
- PaulDotCom Mailing List - Come join now!
- PaulDotCom IRC Channel - #pauldotcom on irc.freenode.net
- We have a blog, http://pauldotcom.com, come read it! New web site coming very soon!
Tech-Lite Segment: Adventures in Intrusion Detection & Vulnerability Management
Paul & Larry share their thoughts about:
- Development version of InProtect
- New version of Aanval
Setting Twitterific to use SSL instead of basic auth. From a terminal window issue:
defaults write com.iconfactory.Twitterrific protocol -string "https://"
Stories For Discussion
GNUCITIZEN creates a "House Of Hackers" - [PaulDotCom] - This is a really neat concept that brings together hackers to network, make available security testing services, all in an environment full of XSS bugs :) 0x000000 found a few, how about that, some free security testing just for giving a place to call "home" [Larry] damn you, you beat me to this one
A tale of firmware reverse engineering - [Larry] - Yum. Now, if I only knew what device the toaster was...
Databases Offer Low Hanging Fruit For Attackers - [PaulDotCom] - A bit sensational, but does highlight a known problem. They don't offer much in the way of evidence that this is happening, but I've experienced it first hand. I know several organizations that just plain don't apply patches to the database. Default passwords? Why? It seems its almost like embedded devices, if its not a server or a desktop, organziations don't give it the resources to put security around it. Firewall, no problem, every organization knows they need one and a bit about implementation. Database security? Thats not in the forefront, so gues what, attackers are focusing there. Once I gain access to a system, through an open port in the firewall or client side attack, there is little in my way to gaining access to the data.
Free wifi at Starbucks - [Larry] but only for iPhone users. How do they know? They allow free access by allowing the mobile safari user agent to pass unrestricted. Cool. Just use the Firefox user agent switcher to change your user agent, and free web browsing! This is what happens when you put your "authentication" in the hands of the user.
Releasing snipets of binary analysis is still responsible disclosure - [PaulDotCom] - Core released an advisory that posted some of the binary analysis, and some called it irresponsible. I think people are way too sensitive about disclosure, this vulnerability was discovered months ago, and not to mention, doesn't give someone much to go on if you are seeking out the vulnerability. Whenever an advisory comes out, it gives attackers a place to look, and good guys a heads up for defense.
URL encoding via Morse Code - [Larry] - Great, another encoding method to look out for!
Nothing can stop a ninja, not even a key - [PaulDotCom] - A quarter, a cell phone camera, and some ninja skills and you can duplicate keys found laying around. Pretty handy stuff, maybe even easier than picking the lock, and way stealthier than smashing the door down, but maybe not as fun.
Aviv Raff's treasure Hunt - [Larry] - He hid an IE 0-day somewhere on his website, and informed MS the day before. Responsible or not?
Mozilla distributes malicious code - [PaulDotCom] - Since feb 19 17,00 copies of Firefox were downloaded with malicious code. This is scary, and why I'd like to underscore the need to extrusion detection.
Baaaaaad Dumpster diving - [Larry] - Wow, I like to dumpster dive, but discovering this would turn me off in a big way. So, not only were patient records found in the dumpster of a medical facility, but so were the illegally dumped remains of the facilities abortion practices. Aside from the political abortion debate, I think that business that engage in multiple horrific illegal practices should be taken out back and shot.
Three accused of hacking Dave & Buster's computers - [MikeP] - The government said the Dave & Buster's hackers illegally accessed 11 of the national chain's servers and installed packet sniffers at each location.