SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
- Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
- Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
- Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!
Shameless Plugs & General Announcements
Security Weekly - Episode 190 - For Thursday March 11th, 2010
- Community SANS AUDIT 507 Auditing Networks, Perimeters, and Systems - SANS is pleased to announce Community SANS Atlanta, starting March 15th. Mick will teach Auditing 507 Auditing Networks, Perimeters, and Systems
- Notacon! - Mick will be presenting two talks and be a part of a panel discussion! You may also try to get him to discuss hockey! ;-)
- SOURCE Boston - Paul will be speaking at SOURCE Boston on April 22nd giving his new talk titled Embedded System Hacking and My Plot to Take Over The World
- QuahogCon - This will be the next conference that we will be attending. We will have t-shirts and other special things to give away and sell. No, we are not selling the interns (who will both be there, btw). So come and enjoy what's sure to be a great Con! [Paul] - Uhm, should mention that Larry is giving not one, but TWO talks!
- Mark Baggett teaches SANS 504 during SANS Raleigh 2010 on June 21st for 6 days. Come learn Hacker Techniques, Exploits & Incident Handling!
- Also, please join our Mailing List, Forum, and sign up for the Security Weekly Insider! New webcasts coming soon!
Stories For Discussion
- Lifelock, where's my piece of the pie? - [Darren] - PWNT.
- Energizer up in your backdoors - [Larry] - Nice, thanks Energizer for including a backdoor on port 7000 for your battery charger software. However, the windows firewall should block it, but what happens when you shut it down.
- Secured WiFi accces in your…Ford? - [Larry] - Why does this scare me about adding Wifi to the car, especially, when they are combining it with bluetooth, and some limited car control.
- Some P2P protection? - [Larry] - LimeWire, a great server of malware is now integrating AVG into the client for some malware protection…
- Buy a pre-owned Android - [Larry] - Vodafone spain sold an Android phone with the Mariposa bot, Conficker and a password stealing trojan on the memory card. When plugged into the PC it fired off to start contacting C&C channels, and tried to compromise other machines on the network. Good thing that it was purchased by a Panda AV' analyst…
- Exploit for new IE hole - [Paul] - Even more interesting than this IE 0day is some commentary by HD Moore. HD says that its sad how vendors have to see an exploit in Metasploit before they release the patch.
- Apache ISAPI Vulnerability - [Paul] - REmote exploit for Apache servers, I believe its limited to Windows. Heard from Bob, and he says this works really well.
- Don't Read You Email At Public Terminals At A Security Conference - [Paul] - The best part is if you look at the animated gif that scrolls the pictures, the web browsers are reading OWA and you can see the certificate error. This is classis, you can clearly see it right in the pictures too!
- Securityfocus closes shop! - [Paul] - What a bogus way for Symantec to say, "we're a corporate giant with no use for the community, come to our corporate site and then buy our products". This part cracks me up: he enormous growth in dedicated portals and alternative news sources such as social networking sites allows us to get our security news and information from a variety of sources and as a result, it makes sense for SecurityFocus to evaluate how best to serve its readers.