This weeks music was provided by Infusion.
Storytime With Security Weekly
During my trip to Mexico I had some interaction with the hotel phone system. Very interesting. I also used the telephone frequently to call into Visa to check the status of my Visa check cards, entering my card number and last 4 digits of my SSN. Got me thinking about security, telephones, and VoIP.
Here is an article from F-Secure that outlines the attack scendarios I was pondering, and gives them credibility.
Stories For Discussion
Microsoft Is Disappointed - Essentially what the Metasploit team is saying, "Hey we found a vulnerability by accident while developing an exploit for the public vulnerability, which had been public for 9 days. Microsoft knew about it, but chose to just blame the Metasploit project." Dear Microsoft, you're a big boy now, take some responsibility for your own actions and stop blaming others. Love, Security Weekly.
Social engineering paper - A neat paper on social engineering covering tactics and defense.
Cisco Wireless Access Point Vulnerability - Putting this one in the category of "ACL Wipe Out". Always protect your management interfaces with multiple layers.
Hack the MAC 802.11 Medium Access Control Protocol Exploit Analysis - "In-depth protocol mechanics analysis, at the 802.11 MAC and PHY layers, with emphasis on research and implementation of Denial of Service and disruption exploits of a wireless cell and active 802.11 stations on the cell."
Freenode Network hijacked - And it wasn't Bob! A note to all of our fans. Use individual passwords per system.
Does wifi Security matter? - We certainly think it does, but many big names do not, including Bruce Schneier. [Paul Asadoorian - Bruces response, "For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs." Bitey dogs, how do I get those for my wireless network? :) I think this was all a mis-understanding]
Researchers use LORCON to find WiFi driver vulnerabilities - LORCON is a driver set which allows for raw packet injection on wireless networks, amoung other things. NOTE: The article is incorrect when stating what LORCON stands for, its 'Loss of Radio Connectivity'. Read Security Weekly Write-up Here
Sudo for Windows - A much better solition than DropMyPants, er DropMyRights, from Microsoft.
Google steals social security numbers... or user error? - Robots.txt, it's there for a reason.
New verision of Aircrack-ng - More great tools. Victor, we haven't forgotten about your WEP cracking for Mac - KisMAC?
Pick a good EAP type - Paul I figured you'e like this, and an article by Joshua Wright! [Paul Asadoorian - Picking a good EAP type is important. I like EAP-TTLS, its seems to work the best]
Handy keylogger - Yet more good from IronGeek. Maybe a good guest for us? Use for forces of good, not evil!
Other Stories Of Interest
Professional Security Testers - Thanks for mentioning us!
nUbuntu Live CD - another Linux Live Security CD - let us know what you think!
Linux on the WRT54G v5 - Foremerly VXWorks, and no loger need JTAG!
VA Stolen Laptop Found - Big question, was the data copied off before returned? Forensics?