Episode260

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis


Announcements & Shameless Plugs

Security Weekly - Episode 260 for Thursday September 22nd, 2011.

  • Don't forget to check out Hack Naked TV - currently at Episode #6 the "SSL is broken-er" edition!
  • We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@securityweekly.com

Episode Media

MP3 pt 1

MP3 pt 2

Guest Interview: Jennifer Granick

7:30 PM EDT

JenniferGranick.jpg

Jennifer Granick has defended many high profile hackers and was the Civil Liberties Director at the EFF, where she started the Coders' Rights Project and participated in litigation against ATT and the federal government for violation of surveillance regulations. She is now an attorney at ZwillGen PLLC, where she assists individuals and companies creating new products and services.

  1. What are some of the legal cases that info-sec community isn't watching but should be?
  2. Have you been following the TSA/border crossing antics with Jacob Applebaum and Moxie Marlinspike? What's the best way for folks to protect themselves during border crossings?
  3. Recently, you answered questions on slashdot - were there any particular questions or issues you wanted to expand on here? Was there a common theme to the types of questions received?
  4. What are your thoughts on cell phone tracking? I thought you needed a warrant for that kind of stuff?
  5. Are we getting more paranoid as a society in terms of Big Brother? Is it justified?
  6. I so admire you for this: "responsible for the creation of a new (in 2006) exception to the Digital Millennium Copyright Act which allows mobile telephone owners to legally circumvent the firmware locking their device to a single carrier." How did the DMCA actually get passed and how does it impact security researchers to this day?
  7. I also so want to explore wiretapping/Title III, FCC regulations of IMSI catchers, jailbreaking and security, commercial and law enforcement access to device IDs and location data, cell tower triangulation and GPS tracking.
  8. Can you discuss any of the details in the following cases:
    1. Christopher Soghoian, creator of a fake boarding pass generator, in 2006
    2. Michael Lynn in 2005 as part of the Cisco/ISS incident at the Black Hat technology conference
    3. Kevin Poulsen
    4. Jerome Heckenkamp - I am actually familiar with this case, as it contains an example of a judge allowing someone to "hack back" so-to-speak

Guest Tech Segment: Raphael Mudge & Armitage

8:15 EDT

Raphael is a Washington, DC based penetration tester and the developer of Armitage for Metasploit. He also created and sold, "After the Deadline", an artificial intelligence tool that checks grammar and spelling for WordPress.com users and other internet sites. Previously, he was a USAF Communications Officer involved in network operations and cyber security research.

RMudge.jpg

Armitage is a graphical cyber attack management tool that visualizes targets, recommends exploits, and exposes Metasploit's advanced capabilities. Raphael Mudge will show us how to evaluate our security posture using the same process attackers follow. You’ll learn how to use Armitage and Metasploit to perform reconnaissance, exploit hosts, and maneuver deep into a network from one access. Learn more about Armitage at fastandeasyhacking.com

Raphael's website

  1. Please take us thru a high level overview of Armitage.
  2. Metasploit Framework 3.5.2 has some integration with Armitage. What went on with the release to accomodate that?

Stories For Discussion

Blog Round Up

Paul's Stories

  1. Adobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/
  2. Why do Facebook users hate change?
  3. PCI Council issues point-to-point encryption validation requirements
  4. VMware releases free Compliance Checker tool
  5. The drones are here for your wireless
  6. Can you win the lottery too many times?
  7. Microsoft joins the anti-Flash crowd with IE10
  8. New ESXi and vSphere 5 Security Features

OMG DARREN ADDED ONE

  1. Any user can be all users on Mac OS 10.7 (LION)
  2. Supposed Psych evaluation of Anonymous 'leaders' done by the FBI

Jack even added one

  1. Mass AG takes on Apple?
  2. Fake Canadian Supermodel Girlfriends.Great idea, or social engineering bonanza?