SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 280 - Live from the Mid-Atlantic CCDC Competition for Thursday March 15th, 2012
- DerbyCon Call for Papers and ticket registration is: coming up quickly - Friday May 4, 2012 at 10:00AM. The PaulDotCom crew will be in attendance for DerbyCon. Training begins Thursday September 27th and the DerbyCon conference runs the 28th thru 30th.
- John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year: vLive!: April 16 - 22, 2012, SANS Cyber Guardian 2012, Baltimore: April 30 - 06, 2012, SANS Toronto 2012, Toronto: May 14 - 20, 2012, Community SANS Ottawa, Ottawa: June 11 - 17, 2012, SANS Sydney 2012, Sydney, AU: November 12 - 18, 2012
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.
- Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Whether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".
- Security BSides everywhere: Iowa, London, Chicago, Austin, Charleston, more. http://www.securitybsides.com/
- Don't forget to Follow us on Twitter
CCDC Competition Discussion
- What is the Mid-Atlantic CCDC?
- What is PaulDotCom doing here?
- What did Larry and Darren build for the competition?
- One of the most popular questions, what can blue teams do to survive?
- How can we watch the competition?
Special Spotlight: Raphael Mudge on 3 years of CCDC Red Teaming
Raphael is a Washington, DC based penetration tester and the developer of Armitage for Metasploit. He was a USAF Communications Officer involved in network operations and cyber security research and has been involved in CCDC Red Teaming for the last 3 years.
Raphael was last on Episode 260 September 2011.
- What can the red team do to be more effective than ever before?
- Tell us about your plans for Red Team co-operation
- What's the biggest mistake you've seen Red Teams make these last 3 years? What about Blue Team?
- Rumors are that Anonymous is going to turn to DNS amplification for their next attack - "Each of these [DSN requests] is chosen so that it generates a large response, much larger than the queries themselves. The server will then send these large responses to the victim machine, inundating it with traffic".
- FBI's DNSChanger deadline extended to July from March - "The FBI's DNSChanger deadline extension has been approved by a US Federal Court, buying infected punters more time to clean up their systems."... "The DNSChanger Clean DNS Servers Will Be Turned Off On July 9, 2012" "The move means that machines riddled with the Trojan will still be able to use temporary DNS servers to resolve internet addresses until 9 July. Before the order was granted, infected machines would not have been able to surf the web or handle email properly after 8 March, the previous expiry date of the safety net."
- Doxing and counterDoxing - Story on how Sabu was doxed by former Anons (Backtrace security) and how Sabu doxed back.
- - Cambridge, UK student wins "Hack Idol" - could we use a Hack Idol in the US? " A 19-year-old computer science student has been named the UK's Cyber Security Champion following months of competition."
- Digininja's Poll on Breaking into security - Preliminary results are that Python and Bash scripting are the hacker's choice and Certs (not the edible kind) are useful. Fill out the quiz at his site and help skew the results!
- Japanese researchers build a gun capable of stopping speakers in mid-sentence. - "Psychologists have known for some years that it is almost impossible to speak when your words are replayed to you with a delay of a fraction of a second. [Researchers] have simply built a handheld device consisting of a microphone and a speaker that does just that: it records a person's voice and replays it to them with a delay of about 0.2 seconds. The microphone and speaker are directional so the device can be aimed at a speaker from a distance, like a gun."
- US military unveils non-lethal heat ray weapon - ""Active Denial System" beam, while powerful and long-range, some 1000 metres, is the military's "safest non-lethal capability" that has been developed over 15 years but never used in the field."
- TSA Full-Body Scanner Failure - "by placing the object on your side, the black image is hidden against the scanner's black background" - proved by John Strand with chapstick on the way down.
- Robin Wood breaks down leaked passwords from the phBB leak -
Top 10 base words phpbb = 332 (0.18%) password = 89 (0.05%) dragon = 76 (0.04%) pass = 70 (0.04%) mike = 69 (0.04%) blue = 67 (0.04%) test = 66 (0.04%) qwerty = 59 (0.03%) alex = 58 (0.03%) alpha = 53 (0.03%) Top 10 passwords 123456 = 1 (0.0%) password = 1 (0.0%) phpbb = 1 (0.0%) qwerty = 1 (0.0%) 12345 = 1 (0.0%) 12345678 = 1 (0.0%) letmein = 1 (0.0%) 111111 = 1 (0.0%) 1234 = 1 (0.0%) 123456789 = 1 (0.0%)