SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 285 for Thursday April 26th, 2012
- Register today for Offensive Countermeasures: Defensive Tactics That Actually Work at SANSFIRE July 7, 2012 - July 8, 2012 with none other than John Strand!
- Larry is teaching for SANS, check out Larry's very own dedicated page on the SANS web site for a complete list.
- DerbyCon Call for Papers and ticket registration is: coming up quickly - Friday May 4, 2012 at 10:00AM. The PaulDotCom crew will be in attendance for DerbyCon. Training begins Thursday September 27th and the DerbyCon conference runs the 28th thru 30th.
Interview: Nick Farr
Nick Farr is the guy at Hacker Conventions that looks comfortable in a suit. An Accountant by trade, Nick works behind the scenes of many events and projects throughout the world so the Hacker Community can focus on pushing bits and writing code. He's most active in building Hackerspaces throughout the US, is currently organizing a Hacker Space Program, with the goal of a putting up a free, open and distributed satellite-based mesh network by 2016.
- How did you get involved with computer security?
- What is a hacker space?
- What value does a hacker space provide?
- In the US, where communications and power are for the most part readily available, what role does the hacker space play?
- How do you recommend people go about creating a hacker space?
- What types of events are the most successful for hacker spaces?
- With respects to payment, what tips do you have for financial models for a hacker space?
- Tell us about Hacker Space Program
- Why create a mesh network?
- What is the most interesting thing about the typical persona of people working in security?
1) Windows , OS X, Linux, or OS/2 Warp
2) In a game of ass grabby grabby, would you prefer to go first or second?
3) If you had to streak naked, where would you prefer to do it Unallocated space, HackDC, or the hallways at Shmoocon?
4) Three words to describe yourself
5) If you had to write a book about yourself, what would the title be?
Some More Plugs
- You can watch us live at http://pauldotcom.com/live or watch the recorded episodes on Ustream
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez and our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini.
- Security BSides everywhere: Iowa, London, Chicago, Austin, Charleston, more. http://www.securitybsides.com/ - We have 5 BSides tickets to give away! Listen to the instructions at the end of Episode 282 for complete details!
- Just a note about physical security, fake cameras, no trespassing signs, and defense
- Security Teams Need Better Intel - Ian Amit makes some great points, such as "We just wait for attackers to attack". I've always been a huge fan of intelligence, whether you are on offense or defense. If you can gain insight into what an attacker might do, what tools they might use, and where or when they will attack, you can gain some ground. If you are waiting for an attack to happen, then reacting and adjusting your defenses, its too late. Too much time is spend defending after the fact, and not enough time is spent trying to figure out what attackers might do next. Now, this is certainly not an easy task, as the motives of the attackers change regularly, as does who they are, how they attack, and which exploits they use. Please don't take this as meaning "know your enemy", thats not really what its about...
- Backdoor in industrial networking hardware - So, a simple Perl script and the MAC address of the system will yield that password for a backdoor account. Its the same story, vulnerability is discovered, reported to vendor, they do nothing, and then a year later vulnerability is disclosed. The real problem is getting ahead of the developers and making sure this doesn't happen...
- Macs more likely to carry Windows malware than Mac malware - One in five Mac computers is likely to carry Windows malware, but only one in 36 is likely to be infected with malware specifically designed for the Mac OS X, according to study performed by antivirus firm Sophos.
- OS X Mass Exploitation - Why Now? - I'm going to go out on a limb and say if you want to fly under the radar and make small gains, you create OS X malware, as the article mentions.
- Samsung TV Bug in Remote Control Feature Lets Remote Users Deny Service - I just some down to why people care :) But seriously, TVs may become the next target, as they will replace the traditional PC or tablet in the future, maybe.
- VMware confirms ESX source code had been stolen and published - Whoops!
- Three No-Nos When Interviewing For an InfoSec Job - Love this article, and wanted to mention that 1) there are lots of companies hiring (including Tenable and our good friends at Trustwave) and 2) Don't do any of these things on an interview!