Episode34

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Music

This weeks music was provided by Infusion.

Storytime With Security Weekly

During my trip to Mexico I had some interaction with the hotel phone system. Very interesting. I also used the telephone frequently to call into Visa to check the status of my Visa check cards, entering my card number and last 4 digits of my SSN. Got me thinking about security, telephones, and VoIP.

Here is an article from F-Secure that outlines the attack scendarios I was pondering, and gives them credibility.

Stories For Discussion

Microsoft Is Disappointed - Essentially what the Metasploit team is saying, "Hey we found a vulnerability by accident while developing an exploit for the public vulnerability, which had been public for 9 days. Microsoft knew about it, but chose to just blame the Metasploit project." Dear Microsoft, you're a big boy now, take some responsibility for your own actions and stop blaming others. Love, Security Weekly.

Social engineering paper - A neat paper on social engineering covering tactics and defense.

Cisco Wireless Access Point Vulnerability - Putting this one in the category of "ACL Wipe Out". Always protect your management interfaces with multiple layers.

Hack the MAC 802.11 Medium Access Control Protocol Exploit Analysis - "In-depth protocol mechanics analysis, at the 802.11 MAC and PHY layers, with emphasis on research and implementation of Denial of Service and disruption exploits of a wireless cell and active 802.11 stations on the cell."

Freenode Network hijacked - And it wasn't Bob! A note to all of our fans. Use individual passwords per system.

Does wifi Security matter? - We certainly think it does, but many big names do not, including Bruce Schneier. [Paul Asadoorian - Bruces response, "For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs." Bitey dogs, how do I get those for my wireless network? :) I think this was all a mis-understanding]

Researchers use LORCON to find WiFi driver vulnerabilities - LORCON is a driver set which allows for raw packet injection on wireless networks, amoung other things. NOTE: The article is incorrect when stating what LORCON stands for, its 'Loss of Radio Connectivity'. Read Security Weekly Write-up Here

Sudo for Windows - A much better solition than DropMyPants, er DropMyRights, from Microsoft.

Google steals social security numbers... or user error? - Robots.txt, it's there for a reason.

New verision of Aircrack-ng - More great tools. Victor, we haven't forgotten about your WEP cracking for Mac - KisMAC?

Pick a good EAP type - Paul I figured you'e like this, and an article by Joshua Wright! [Paul Asadoorian - Picking a good EAP type is important. I like EAP-TTLS, its seems to work the best]

Handy keylogger - Yet more good from IronGeek. Maybe a good guest for us? Use for forces of good, not evil!

Other Stories Of Interest

Updates to a couple of nice tools released recently, Yersinia, a network protocol hacking tool, and a complete re-write to SinFP, an OS fingerprinting tool.

Professional Security Testers - Thanks for mentioning us!

nUbuntu Live CD - another Linux Live Security CD - let us know what you think!

Linux on the WRT54G v5 - Foremerly VXWorks, and no loger need JTAG!

VA Stolen Laptop Found - Big question, was the data copied off before returned? Forensics?