Episode113

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Sponsors

This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out and check out the client side exploit and web application testing modules! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!

Announcements & Shameless Plugs

Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 113 for June 26th, 2008

Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.

Episode Media

mp3

Stories For Discussion

Virtualizations - [PaulDotCom] - Great article from GNUCITIZEN on virtualization (in)Security. Not so much security though, but more how we use, and will use, virtualization technology in the future. For example, really, run multiple operating systems? Isn't that a nightmare on the desktop from a patching and training perspective? Also, what about USB and firewire? Can't they just bypass the virtualization layer because they have direct access to memory (something Twitchy reminds me about every time I talk to him :-p

Apple Remote Desktop Gets Pwned! - [PaulDotCom] - I Love root, and I love applications that let you run any script as root. The real scary part here is that there are many remote desktop solutions, and they've all had major holes. What does this tell us? Attackers will actively seek out flaws in these technologies. But Why? First, they give you remote control of a system. Second, its a like port open in a network or host firewall. And third, its fun to change someone's desktop to reflect a care bear orgy.

SENF! - [Larry] - Thanks Martin for the blog post. SENF is the sensitive number finder, written by some folks over at the University of Texas Information Security office. It is written in Java, and scans files on your hard drive for sensitive numbers - SSNs and credit card numbers. You don't have to open the whole file to make a determination about the possible findings! Insert discussion on inventorying and finding stray data.... Here's another link with some more free tools. [PaulDotCom] - Also Check out spider! http://www.cit.cornell.edu/security/tools/

Abusing SIP is Fun - [PaulDotCom] - More and more devices are coming with SIP enabled. I believe we are going to see a large uptick in the usage of these devices, and with vulnerabilities such as this one, hacking is going to take on all forms. So, couple this with bluetooth attacks. I steal your address book using bluetooth, then using SIP vulns, spoof my caller id so it looks like your place of employment calling. "Oh, there's an emergency at work, can you call this #" That number is me, pretending to be the technician working on your server, and I get your password. Okay, far fetched, but you get the idea.

How to Hide Security Problems - [Larry] - An oooold article form Mantasano, but I think that many of the things discussed here are still valid in how vendors poorly handle vulnerabilities.

Paper on Usnet forensics - [Larry] - Something that caught my eye, as you don't usually see this type of forensics request...

Twitter' or 1=1-- - [PaulDotCom] - Twitter users are very angry about all of the SQL injection holes. Think about that for a minute though, a SQL injection hole in twitter could allow for some serious damage! If I can post to everyone's twitter page and post my link which distributes malware (with a link via tinyurl.com), wow, I've just pwned a whole shitload of people!

Scrawlr - [Larry] - I need to do some more looking at this windows tool! HP released a tool for scanning for, and analyzing potential SQL injection. Some discussion on the tool, and it's effectiveness...

Gone too far? - [Larry] - This one indicates some definite things that can go wrong when security and business process isn't aligned, and that maybe the folks determining risk weren't all that informed.

Ouch - [Larry] - Wireless security? We don't need no steenkin' wireless security. Apparently GNUCITIZEN had to take the picture down, but I'd love to hear the story behind it.

Bluetooth, no patch - [Larry] - Ya know that MS Bluetooth patch we talked about last week? Yeah, the one for the vulnerability where you can get your windows box owned by just receiving SDP packets? Yeah. The patch for XP SP2 and SP3, didn't do a damned thing, and the patch had to be re-released.

Scrawl Is Itchy? - [PaulDotCom] - Test your site for SQL injection for free! W00t! I ran it against pauldotcom.com, it didn't find anything, and was really easy to run. I was going to do a tech segment, but guess what, its dead easy

5 year old XSS - [Larry] - I know we've talked about this in the past. A reflection attack, where javascript is rendered by a browser from an error message returned from a non http server...