Episode43

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Story Time With Twitchy

www.qnx.com - Operating systems aren't massive in size by nature. The QNX real time operating system (RTOS) exemplifies this by fitting an entire windowed operating system on a floppy disk. Twitchy sez: download it and try it out!

Stories for Discusion

Wifi guidance becomes law in Cali - [Paul Asadoorian, Larry] - Check out Schenier's comments here. ...stickers need to be on wiresles devices (among other solutions) to warn end users. I like one of the comments: "By removing this sticker, you acknowledge this product does something you don't (and probably never will) understand.". I mean, stickers are not the way to secure a wireless network!

Mobile Spy Tool - [Paul] - Cool concept and demo video from F-Secure.

WiFi fingerprints could end MAC spoofing - [? and Larry] - fingerprint the radio (not the driver)

RFID Bugs found in British trash cans - [Paul] - Look, look, he's taking out the trash!

Kismet on a Nokia 770 - [Paul] - Yes, it is cool, and yes I bought one pretty much just so I can run kismet on it :)

M$ patches DRM faster then vulnerabilities - [Larry] - Why, becasue DRM makes them money.

Security "pro" pleads guilty in USC attack - [Larry] - Wierd, a "pro" hacking without permission, then performing appropriate disclosure, then pleading guilty. There were some apparent ulterior motives....

Disclosure Survey - [Paul] - "Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process."

Boardroom Spying at HP - [Larry and Joe] (slashdot)- Chairwoman Patricia Dunn utilizes communications spying and even pretexting to investigate an internal leak..of information. This could have an impact on pretexting legislation (apparently there already is some)

Building a Better BT Sniper Rifle - [Paul Asadoorian, Larry] - This link made an appearance in my presentation and certainly worth discussing. They used the rifle to snarf people in the next building over.

Samsung website hosting Trojan - [Larry] - whoops, who missed this one? Websesne found it, why didn't Samsung? Why didn't the attacker modfy the Samsung pages to deply? Click-kiddie?

Facebook introduces new feature, kids outraged at invasion of privacy - [Joe] - Hey looks like facebook's privacy policy is finally getting a little bit of attention. Their new "feed" feature allows users to see what another user's detailed activity has been. Shockingly it shows activity logged since before the feature was introduced... ask Twitchy what facebook's log retention policy is....

Instant USB Password Recovery Tool for Windows (The "USB Switchblade") - [Joe] - posted on the hak5.org forums, this USB key uses U3 technology to "auto run" when inserted into a Windows pc and its able to silently gather the Windows LM hashes so that you can rainbow crack on your own time. sneaky sneaky....

Stories of Interest

Stepper motor+ cantenna= OHH yeahhh - [Larry, Joe] (from hackaday) How about this attached to zoneminder for tracking a moving wifi target (car, plane, train, twitchy drinking red bull) --Jconlin 13:31, 1 September 2006 (EDT)

The Sleuth Kit for Windows - [Larry] - No more compiling, prebuilt windows binaries.

Hackers hit govt Wiki - [Larry] - When using new tech, make sure you understand it first! Secure your wiki!

Hackers go back to school - [Larry] - Most US hack attempts are against universities according to this study bu the AARP. AARP? The Americal Association or Retired Persons? What?

Insecure Mag 1.8 out - [Larry] - Some good reading, and free.