Episode71

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Technical Discussion

I can certainly do a segment on UNIStimpy... - Larry

Stories for Discussion

NIST Guide in securing BGP - [Larry] - Don't forget to secure EVERYTHING. Even your routing protocol. Just think about what could happen with incorrect routes. If you don't already know how to do this, and you use BGP, read!

UPNP Port forwarding - oh no!!! - [Paul] - UPNP is bad, do you really want malware to be able to modify the configuration on your router? Our book recommends that this service be disabled, and for good reason, where is the authentication! It doesn't exist!

Teacher Porno case, retrial - [Larry] - Apparently the judge realized that the lawyers were a bunch of boobs. If you are going to be an expert witness, or present in court, be sure you know what the hell you are talking about! I think that this is one of the driving methods behind the SANS forensics course.

Details Matter - Whether you are securing an organization or running from cheetah's! - [Paul] - One of the best analogies I have seen in some time.

Security Cartoons - [Larry] - So, when can we get these in the sunday paper? this education method may be a little bit juvenile, but people, believe it or not, read cartoons. I'm all for something that works, and part of a good security program is user education.

KAMIKAZE released! W00t? - [Paul] - Weren't the kamikze pilots the one that purposely crashed?

I can see you! - [Paul] - ...and I can pwn you too!

Home Zone for Mac - [Larry] - Remember the BT proximity detection that nick talked about some time back, under linux? Now all us Mac heads can have the same thing - and it will integrate wifi...

"Stealth" web based attacks - [Larry] - Browser exploit code that detects that a machine has already been exploited, and won't re-send the attack. This can make investigating a littel more difficult.

Archive of breach notification letters - [Larry] - Now we get to see how the companies are handing thier data breaches. Interesting, and some good templates should you ever need one.

Securing a RADIUS server - [Larry] - Andy's column at NetworkWorld: We all want a radius server for WPA/WPA2 Enterprise, right? So Andy, do tell!

Wireless IDS on the Cheap? - [Larry] - From the Fit Forums - Let's discus some ways for the relative newcomer figure out the wirless foorprint...and begin securing.



Other Stories of Interest

Dreamhost Hax0red - [Andrew] - 3500 FTP passwords from Dreamhost are compromised