From Paul's Security Weekly
Jump to: navigation, search


Security Weekly - Episode 251 for Thursday July 14th, 2011.

  • Los episodios de Security Weekly Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso y Ruben Santamarta esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • Security Weekly Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" August 1-2

Episode Media

MP3 pt 1

MP3 pt 2

Interview: Claudio Criscione


Watch the live video version of this segment above. For more videos and to subscribe to Security Weekly TV visit http://blip.tv/securityweekly

Download the Audio (MP3) Version of this segment here!

Claudio Criscione is a security test engineer at Google. Before joining the company in 2011, Claudio was a penetration tester for most of his career, assessing the security of large infrastructures as well as holding roles in webapp and virtualization security. He has authored a number of tools, including attack tools, and prides himself of being vaporware-free whenever possible. He has a master’s degree in Computer Engineering from the Politecnico di Milano, where he graduate magna cum laude et gaudio.

  1. How did you get your start in information security?
  2. When designing large networks, speed and performance almost always have priority over security, how do you manage that delicate balance?
  3. What is the number one thing people overlook with respects to virtualization and security?
  4. How has virtualization transformed IT in the past 5 years, and what are some to the big impacts to security?
  5. Do you think virtualization is a fad? If not, where do you think it will go in the next few years?

Interview: The Metasploit Penetration Testers Guide - The Book


Watch the live video version of this segment above. For more videos and to subscribe to Security Weekly TV visit http://blip.tv/securityweekly

David Kennedy, Jim O'Gorman, Devon Kearns, join us to talk about their new book! (Mati Aharoni is also an author but could not make it). "...while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors."

Stories For Discussion


Watch the live video version of this segment above. For more videos and to subscribe to Security Weekly TV visit http://blip.tv/securityweekly

Larry's Stories

  1. Vodaphone Femtocell Hacking - [Larry] - THC folks have been plugging away at this device since 2009, and have completely pwned it. Can you say call snooping anyone? I sure can, because THC has been able to transform the device, that allows anyone (not just femtocell and Vodaphone subscribers) to connect. that means you can gather other's traffic with a modified device. Not to mention that THC shows you how to suppress errors and alarms back to Vodaphone for your hacking goodness. I think I've said it before, but the largest threat to vendors in getting their devices compromised? Releasing them to customers.
  2. So close, yet so far… - [Larry] …for the first iPhone Malware scanning app. YAY! AV for your embedded device. Well, not quite, due to the sandbox that iOS places around apps, there is no access to memory or the file system, so all you can do is scan e-mail attachments and web downloads. Better than nothing I suppose, but a long way to go to compare to more traditional tools.
  3. Didier's Teensy PDF Mayhem - [Larry] - Did you know that you can create a PDF with just ASCII? Did you know that you could also include a malicious executable in that ASCII PDF? Didier Stevens did, and ported it to be delivered by a Teensy HID device. Time for Dave to add this as another Teensy attack in SET.
  4. Bluetooth on? I thought so. - [Larry] - Remember that WiFi hack years ago that exploited a bug in wireless drivers, who would receive packets without being associated to a network to get exploits. Yeah, you didn't even need to be connected to a network, just have your adapter on. Now the same thing for Bluetooth on Vista and Win7 products. No interaction from the user. No pairing needed. To agree with a quite form Marcus Carey, I think we'll see more of this given the availability of better bluetooth auditing hardware/tools such as Ubertooth.
  5. Technology enabling shoulder surfing - [Larry] So, do you come full circle when you use technology to enable shoulder surfing of new technology? Ising a video (camera, stream, file), this app analyses not the asterisks of hidden passwords of touch screen devices, but the touchscreen keyboard color change for keypresses. If you know where the keys are, you can just analyze the color that changes for keypress confirmation. Of course you can turn that feedback off, but who does that?
  6. ...and the Daemon is coming true - [Larry] - Just for fun.

Paul's Stories

  1. Wi-Fi¿Hacking Neighbor From Hell Sentenced to 18 Years - Pay close attention to the details in this story. I mean, sometimes things go bad with neighbors. Myself and some of my close friends have had property disputes with neighbors, putting up pools without proper and any fencing, or dogs leaving presents in your yard. Thats really common neighbor type dispute stuff. The convicted "hacker" had gotten into a dispute with his neighbors because they accused him of kissing his 4-year old boy. I hope that word gets around about that litle fact when he goes to prison... But seriously, you should not use your skills for evil, ever. I know, its tempting, but framing people for child porn and sending threats to the vice president is not cool, and you will go to jail, with bubba.
  2. Travelers left 11,000 mobile devices at U.S. airports - Ever wonder if those people actually go back to claim their laptops or cell phones left at the TSA checkpoint, or if they are already on a plane? You don't want to leave your phone in an airport, think about all the personal information you leave on your phone. Its the same thing as leaving your wallet! Don't forget, the 11,000+ number only takes into account devices that are reported missing...
  3. Windows XP support shutdown countdown begins - Okay its time, you can safely ditch Windows XP and use Windows 7, you now have my blessing. I've used Win 7 for a while now, and still actually like it! What I don't want to see people doing is using an unsupported operating system that is not getting security updates.
  4. Hugh Hefner is NOT dead ¿ hoax spreads across the internet - Just a note to whoever is virtually killing people on Twitter, leave people like Hef alone man, the guy is a legend! Tom Cruise: fair game. But Hugh Hefner? Come on, he got women to take their clothes off when it was so not the cool thing to do, in fact, we owe much of the freedom we have to view porn on the Internet to Hef, so please stop trying to kill him on Twitter
  5. [More Password Analysis] - The military chooses bad passwords. Among top honors? qazwsx. Yea, just look at your keyboard...
  6. Binary C&C Over HTTP - What would happen if you sent data over port 80 without HTTP headers? Everyone's firewall allows it ourbound, unless you are behind a proxy server, and since its NOT HTTP, most IDS/IPS type stuff won't pick up on it. Nice technique, turns out malware is already using it.
  7. Fresh PuTTY - Fresh PuTTY! after 4 years we have a new version, so if you are not using this software, you should be...I wonder why Microsoft does not include a default version of a secure TELNET and FTP client in Windows. I think once it stops including the insecure client software, we *may* see adoption of the more secure protocols. I mean, shouldn't it be the other way around, shouldn't we have to go out and download and install software that implements the insecure protocols, rather than including the insecure ones?
  8. Discoverability is Not a Mitigating Factor - Let me summarize, in Michael Ossman's words, just how stupid people are being about the new flaw in the Bluetooth stack on Windows: "Turning off discoverability is like hiding the SSID of an 802.11 network.". Makes sense now huh? Yes, the vulnerability is critical, and for the first time maybe even I agree with Microsoft's decision to make it critical.
  9. How To make a prank Phone call - There was some good tips in this article on making prank calls, some of it will help you with your phone SE engagements, some will just help you annoy the crap out of people. It was SO GOOD that the page has been taken down...
  10. Loki: An Open Source Layer 3 Packet Generating and Attacking Python Framework! - Ah Loki, first you were a covert ICMP channel, then you were an evil character in the book Daemon, and now you are a fantastically evil tool for manipulating protocols. I love what this tool can do, and see a great usage for it on stuff like the pwn plug, where you can plug into the network, take over routers and traffic streams, and sniff traffic to your hearts content. Notice how Loki is always evil? According to Wikipedia Loki is a god in Norse Mythology, and check this out: Loki's positive relations with the gods ends with his role in engineering the death of the god Baldr. Loki is eventually bound by the gods with the entrails of one of his sons. A serpent drips venom from above him that his wife Sigyn collects into a bowl. However, Sigyn must empty the bowl when it is full, and the venom that drips in the mean time causes Loki to writhe in pain, thereby causing earthquakes. Yikes...
  11. RFID bootable Live Hacking System - It can be a PITA getting some of the RFID tools working, so here is a bootable Linux distro with many of the tools pre-installed. Three words: I like it. I will love it when I find that it works.
  12. Process Injection Outside of Metasploit - Ah yes, ever been in that situation where you just needed to jump processes, but A/V is going all "nom nom nom" on your metasploit binary? I hate it when that happens. For those times CG has shown us step-by-step how to use two different utilities, one called "shellcodeexec" and another called Syringe. Great stuff! (And no, not like the spray insulation, but like great stuff as in excellent! bravo! Yes, I need a drink)
  13. THC cracks Vodafone network, can listen to all calls - THC turned thier femtocell into a full blown 3G/UMTC/WCDMA intercepter. NICE! "THC found a way to circumvent this and to allow any subscriber - even those not registered with the Femto - to use the Femto. They turned it into an IMSI grabber. The attacker has to be within 50m range of the UK Vodafone customer to make the customer's phone use the attacker's femto." This is what happens when you give technology such as this to customers, they hack it. Now I have an AT&T femtocell.... Tech details are here: http://wiki.thc.org/vodafone Looks like they soldered a USB serial device on to it and then used the default root password of "newsys". Wonder how they found that? they change the iptables rules to accept all. In scanning my own femtocel, I found that it was in fact firewalled on all ports too. Time to break it open!