SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 260 for Thursday September 22nd, 2011.
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- Sign up for the Sept 28th LBCAV with Larry "Bieber Fever" Pesce.
- Don't forget to check out Hack Naked TV - currently at Episode #6 the "SSL is broken-er" edition!
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
- We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to firstname.lastname@example.org
Guest Interview: Jennifer Granick
7:30 PM EDT
Jennifer Granick has defended many high profile hackers and was the Civil Liberties Director at the EFF, where she started the Coders' Rights Project and participated in litigation against ATT and the federal government for violation of surveillance regulations. She is now an attorney at ZwillGen PLLC, where she assists individuals and companies creating new products and services.
- What are some of the legal cases that info-sec community isn't watching but should be?
- Have you been following the TSA/border crossing antics with Jacob Applebaum and Moxie Marlinspike? What's the best way for folks to protect themselves during border crossings?
- Recently, you answered questions on slashdot - were there any particular questions or issues you wanted to expand on here? Was there a common theme to the types of questions received?
- What are your thoughts on cell phone tracking? I thought you needed a warrant for that kind of stuff?
- Are we getting more paranoid as a society in terms of Big Brother? Is it justified?
- I so admire you for this: "responsible for the creation of a new (in 2006) exception to the Digital Millennium Copyright Act which allows mobile telephone owners to legally circumvent the firmware locking their device to a single carrier." How did the DMCA actually get passed and how does it impact security researchers to this day?
- I also so want to explore wiretapping/Title III, FCC regulations of IMSI catchers, jailbreaking and security, commercial and law enforcement access to device IDs and location data, cell tower triangulation and GPS tracking.
- Can you discuss any of the details in the following cases:
- Christopher Soghoian, creator of a fake boarding pass generator, in 2006
- Michael Lynn in 2005 as part of the Cisco/ISS incident at the Black Hat technology conference
- Kevin Poulsen
- Jerome Heckenkamp - I am actually familiar with this case, as it contains an example of a judge allowing someone to "hack back" so-to-speak
Guest Tech Segment: Raphael Mudge & Armitage
Raphael is a Washington, DC based penetration tester and the developer of Armitage for Metasploit. He also created and sold, "After the Deadline", an artificial intelligence tool that checks grammar and spelling for WordPress.com users and other internet sites. Previously, he was a USAF Communications Officer involved in network operations and cyber security research.
Armitage is a graphical cyber attack management tool that visualizes targets, recommends exploits, and exposes Metasploit's advanced capabilities. Raphael Mudge will show us how to evaluate our security posture using the same process attackers follow. You’ll learn how to use Armitage and Metasploit to perform reconnaissance, exploit hosts, and maneuver deep into a network from one access. Learn more about Armitage at fastandeasyhacking.com
- Please take us thru a high level overview of Armitage.
- Metasploit Framework 3.5.2 has some integration with Armitage. What went on with the release to accomodate that?
Stories For Discussion
Blog Round Up
- Hack Naked TV - Episode 6 - Recorded live from SANS Las Vegas!
- Crawling for Domain Admin with Tasklist
- Adobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/
- Why do Facebook users hate change?
- PCI Council issues point-to-point encryption validation requirements
- VMware releases free Compliance Checker tool
- The drones are here for your wireless
- Can you win the lottery too many times?
- Microsoft joins the anti-Flash crowd with IE10
- New ESXi and vSphere 5 Security Features
OMG DARREN ADDED ONE
- Any user can be all users on Mac OS 10.7 (LION)
- Supposed Psych evaluation of Anonymous 'leaders' done by the FBI