SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
- Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
- Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
- Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!
Shameless Plugs & General Announcements
PaulDotCom Security Weekly - Episode 167 - For Friday September 11th, 2009
- We're looking for two interns - local to the Rhode Island area, listen to the podcast, into linux, able to lift 30 lbs, and if possible, willing to perform post-production work on the podcast. If that description sounds like you, please send us a note via psw [at] pauldotcom [dot com]
- The newly minted Pittsburgh Information Security Users Group invites all to their Capture the Flag - "Hax0r style" event on September 17th. They invite all to "Red Team" some Linux and Windows boxes and collect cool prizes.
- The Louisville Metro InfoSec Conference in lucky Louisville offers John Strand as Keynote and serves PaulDotCom Asadoorian as Breakout Speaker. If that were not enough, they will also have a Capture The Flag event and Irongeek! All the above for the very low price of $99 on October 8th.
- Community SANS: Sec 542 Web Application Penetration Testing - SANS is pleased to announce Community SANS Providence, running January 11 - 16. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University. Also coming up, 617 on Calgary sometime in March!
- Rochester Security Summit - Larry and Ed Skoudis to give Keynotes. What can get better than that? October 28 - 29 in Rochester NY!
The "... are those surfboards that you're trying to conceal over there?” interview with Moxie Marlinspike
Moxie Marlinspike is a fellow at the Institute for Disruptive Studies with over thirteen years of experience in attacking networks. He is the author of sslsniff and sslstrip, the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV. For money, he is a licensed USCG Master Mariner, and delivers yachts worldwide.
Moxies website: thoughtcrime.org
Do yourself a favor and read some of Moxie's stories!
Questions for Moxie:
- How did you get your start in information security?
- You live what many would consider an alternative lifestyle. Where do you find get the guts to live so brazenly free?
- More importantly, where do you keep a totally rad server farm while on the move?
- SSL? Seriously dude, you are breaking the internet? Is SSL really that broken?
- Surely, stuff like OCSP cannot be defeated with a single character? Can you describe some of the work that goes into dissecting the protocols to find issues?
- What can we do to fix it? What is the next evolution?
- Where is your favorite port?
- Who has the best roofs for crashing for the night and do you have any tips for finding the best public bathrooms?
- Tell us about the "Institute for Disruptive Studies"
- What's the craziest incident or thing you've seen in your travels?
Stories For Discussion
- Damn Vulnerable Web App - new version - [pauldotcom] - I love this tool, it not supports authentication, which is cool, and a challenging thing to test for. DVWA is kinda like your coach holding a punching pad to train you for a fight...
- SMB Fail - [Larry] Yep, a single packet crash, as well as a bunch of other goodies for Vista, Win 7 and Server 2008.
- Encrypting Facebook - [Larry] - A Facebook app for keeping some of your updates encrypted, and viewable only by certain key holders. Wow, go see some social media security stuff to get an idea why this is bad. Here's a tip: Don't post it. Also this looks like a good way for encrypting bonnet C&C.
- Rogue? - [Larry] - Sometimes the easiest solution is the best. Need to get that rogue device in an organization? Try a simple sign. Sometimes, just like social engineering, implying that you have authority is just enough.
- DDoS tracking - [Larry] - Verisign launches a new service for tracking DDoS in an attempt to note the precursors to a DDoS. Hmm, to what value really? I mean, I'd think that the ramp up for a DDoS would tropically be pretty quick, giving any notification a very short window.
- Wait, did education work? - [Larry] - It seems that maybe some folks are beginning to actually take not of phishing in their e-mail boxes - so much so that when a company send a legitimate e-mail, many folks think it is a phishing attempt - because thy use the same practices that they warn their customers about.
- MS009-048 - [Larry] - Hmm, maybe that re-write of the TCP/IP stack should have had a few more eyes on it? What a mess. Not to mention, some of the fixes where patches are not available include a "firewall" as a reasonable defense…. According to Richard Bejtlich it is too hard to fix on XP
- 2nd Zero Day for Windows 7 has been patched in the final version - [MikeP.] - A vulnerability affecting Microsoft SMB2 can remotely crash the box or allow (or remote code execution with proof-of-concept code that has been published; a Metasploit module is out.
- Got batteries? - [Mick] - Looks like it's official, the US DHS finally gets "proof" that the US power grid is hackable. (Psst! if you put it behind the firewall, *everything* will be safe!!)
- Anonymous not just against Xenu anymore! - [Mick] - The folks who are famous for crashing Mubix's party are up to it again. This time, they are getting the party started with the entire country of Australia!
- Holy SQL Injection Batman! - [PaulDotCom] - Scary SQLi in RBS web site leading to a whole bunch of sensitive information to be leaked.
- Cross-protocol XSS with non-standard service ports - [PaulDotCom] - Some interesting research going on here...
- Wireless Vulnerabilities That No One Talks About - [PaulDotCom] -
- Another Pen Test Live CD Distro - [PaulDotCom] - This is getting out of control now :) However, the list of tools they added above and beyond backtrack is really neat. BUT, how good are the tools and do they do what you need them to? I truly believe we all need to carve out some time each week to play around with security tools, and Live CD is great for this. Once you find the ones that you like, and actually work, build them into your own system, not a Live CD.
Other Stories Of Interest
- LAG!! - [Mick] - Warning: This is not quite RFC 1149 compliant... I think we'll have to call this FeatherNet since birds don't wear sneakers. I wonder what DoS attacks are available? I hear protocol hacking is teh sexay so we should get right on this! dDoS via LOLCATS? IM IN UR NETWORKS EATING UR LAYER ONES!!!