Difference between revisions of "Episode342"

From Paul's Security Weekly
Jump to: navigation, search
(Tech Segment: Zach Cutlip)
(Episode Media)
(15 intermediate revisions by 4 users not shown)
Line 2: Line 2:
  
 
= Episode Media =
 
= Episode Media =
[MP3 pt1]
+
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-342-Part1.mp3 MP3 pt1]
  
[MP3 pt2]
+
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-342-Part2.mp3 MP3 pt2]
  
 
= Announcements =
 
= Announcements =
Line 21: Line 21:
 
<center>[[File:Philip-Young.png]]</center>
 
<center>[[File:Philip-Young.png]]</center>
  
<!---<center>{{#ev:bliptv|6629995}}</center>--->
+
<center>{{#ev:bliptv|6634829}}</center>
  
  
Line 28: Line 28:
 
Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.
 
Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.
  
 +
# How did you get your start in information security?
 +
# Wait, people still use mainframes? What are the most common applications?
 +
# What are the most popular mainframes? Are they newer techologies or are many still using previous models and software?
 +
# Mainframes have always had a solid virtualization architecture, are their lessons to be learned from this?
 +
# When I talk to people about Mainframe security, they go right to user roles and permissions, and seem to skip a lot of the stuff on your blog, why is that?
 +
# When you talk to network or software people, we talk about buffer overflows, web app flaws, brute forcing, etc… We seem to talk about user roles and permissions last, lessons learned again?
 +
# What are some of the most common security issues with mainframe technology?
 +
# What do you recommend for folks in terms of software and training to start looking at mainframe security?
 +
# Have you seen any serious changes with respects to improving the security process for mainframes?
 +
# Where will you be next in terms of speaking and conferences?
  
 
Five Questions:
 
Five Questions:
Line 45: Line 55:
 
<center>[[File:Zachary_Cutlip.png]]</center>
 
<center>[[File:Zachary_Cutlip.png]]</center>
  
<!---<center>{{#ev:bliptv|}}</center>--->
+
<center>{{#ev:bliptv|6634760}}</center>
  
 
Biography:
 
Biography:
Line 54: Line 64:
  
 
1) About & Why
 
1) About & Why
 +
 +
Bowcaster, implemented in Python, is intended to aid those developing
 +
exploits by providing useful set of tools and modules, such as payloads,
 +
encoders, connect-back servers, etc.  Currently the framework is focused on the
 +
MIPS CPU architecture, but the design is intended to be modular enough to
 +
support arbitrary architectures.
  
  
Line 76: Line 92:
  
 
4) Plugs
 
4) Plugs
 +
 
[http://shadow-file.blogspot.com/2013/05/running-debian-mips-linux-in-qemu.html Debian mips in qemu]
 
[http://shadow-file.blogspot.com/2013/05/running-debian-mips-linux-in-qemu.html Debian mips in qemu]
  
Line 81: Line 98:
  
 
= Stories =
 
= Stories =
<!---<center>{{#ev:bliptv|}}</center>--->
+
<center>{{#ev:bliptv|6634756}}</center>
  
  
 
== Paul's Stories ==
 
== Paul's Stories ==
  
 
+
#[http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/ How Not to DDoS Your Former Employer]
 +
#[http://www.theregister.co.uk/2013/08/21/manning_35_years_jail_wikileaks_assange/ Bradley Manning sentenced to 35 years in prison • The Register]
 +
#[http://www.theguardian.com/world/2013/aug/22/us-intelligence-community-tumblr-surveillance US intelligence services go 'on the record'  with new Tumblr blog | World news | theguardian.com]
 +
#[http://www.securityorb.com/2013/08/putty-security-update-ssh-tool/ Putty Security Update (SSH Tool)]
 +
#[http://www.reuters.com/article/2013/08/15/net-us-washingtonpost-hacked-idUSBRE97E0VM20130815 Hackers use new tactic to attack U.S. media sites | Reuters]
 +
#[http://news.hitb.org/content/zuckerberg-facebook-hacker-gets-10k-fundraiser-bug-bounty Zuckerberg Facebook hacker gets $10k fundraiser bug bounty]
 +
#[http://blog.opensecurityresearch.com/2013/08/remote-code-execution-on-wired-side.html Open Security Research: Remote Code Execution on Wired-side Servers over Unauthenticated Wireless]
  
 
==Larry’s Stories==
 
==Larry’s Stories==
  
==Jack's Stories==
+
#[http://getprsm.com/ New Social media site] - [Larry] - Check it out, sign up and share everything!
 +
#[http://www.intego.com/mac-security-blog/nsa-tips-for-hardening-macs/ IT'S A TRAP] - [Larry] - NSA releases a guide on securing OSX…
 +
#[http://www.sans.org/newsletters/newsbites/newsbites.php?vol=15&issue=66&rss=Y#sID200 Changing IP addresses and proxies are Illegal in California] - [Larry] - At least it isn't Florida where computers are illegal…  but this is interesting, IE changing IP addresses, in that this may be exactly what routers and firewalls technically do…
  
 +
==Jack's Stories==
 +
#[http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/10247069/Breast-implant-explosives-could-be-used-in-terrorist-attack.html One of Paul's favorite subjects] used for EVIL??! Say it isn't true! Yes, explosive breast implants are threatening life and liberty!  Or this is FUD bullshit, recycled from [http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/7510350/Terrorists-could-use-exploding-breast-implants-to-blow-up-jet.html years ago] by those who thrive on fear and terror- the press and government bureaucrats cashing in on CYBER and TERROR FUD.
 +
#[http://threatpost.com/fda-issues-recommendations-on-the-security-of-wireless-medical-devices/102057 FDA listens] and issues recommendations on wireless medical device security.
 +
#[http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-patch/101999 Microsoft has to pull another patch], this time it is an Exchange patch. That is bad. Very bad. We're trying to get folks to patch faster, not give them excuses for being exposed.
  
 
==Allison's Stories==
 
==Allison's Stories==

Revision as of 16:43, 31 August 2013

Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

Episode Media

MP3 pt1

MP3 pt2

Announcements

PaulDotCom Security Weekly - Episode 342 for Thursday August 22nd, 2013

  • We've released a book on Offensive Countermeasures! Visit tinyurl.com/OCM-Amazon to add this to your summer reading list.
  • We are looking for sponsors for our September webcast. Contact mike -at- hacknaked.tv for details!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!


Interview: Phil "Main Framed" Young

Philip-Young.png


Biography:

Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.

  1. How did you get your start in information security?
  2. Wait, people still use mainframes? What are the most common applications?
  3. What are the most popular mainframes? Are they newer techologies or are many still using previous models and software?
  4. Mainframes have always had a solid virtualization architecture, are their lessons to be learned from this?
  5. When I talk to people about Mainframe security, they go right to user roles and permissions, and seem to skip a lot of the stuff on your blog, why is that?
  6. When you talk to network or software people, we talk about buffer overflows, web app flaws, brute forcing, etc… We seem to talk about user roles and permissions last, lessons learned again?
  7. What are some of the most common security issues with mainframe technology?
  8. What do you recommend for folks in terms of software and training to start looking at mainframe security?
  9. Have you seen any serious changes with respects to improving the security process for mainframes?
  10. Where will you be next in terms of speaking and conferences?

Five Questions:

  • Three words to describe yourself
  • If you were a serial killer, what would be our weapon of choice?
  • In a game of ass grabby-grabby do you prefer to go first or second?
  • If you wrote a book about yourself, what would the title be?
  • Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?

Tech Segment: Zach Cutlip

Zachary Cutlip.png

Biography:

Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before embracing a lifestyle of ripped jeans and untucked shirts, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.

Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster.

1) About & Why

Bowcaster, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.


2) How

Buffer-overflows-with-crossbow-part-1

Buffer-overflows-with-crossbow-part-2

Buffer-overflows-with-crossbow-part-3

Buffer-overflows-with-crossbow-part-4

3) References

- Bowcaster github

- Exploit proof of concept

- Here's a video (with cool music) of me popping root on the BT HomeHub

4) Plugs

Debian mips in qemu

Reversing and Exploiting BT CPE Devices

Stories


Paul's Stories

  1. How Not to DDoS Your Former Employer
  2. Bradley Manning sentenced to 35 years in prison • The Register
  3. US intelligence services go 'on the record' with new Tumblr blog | World news | theguardian.com
  4. Putty Security Update (SSH Tool)
  5. Hackers use new tactic to attack U.S. media sites | Reuters
  6. Zuckerberg Facebook hacker gets $10k fundraiser bug bounty
  7. Open Security Research: Remote Code Execution on Wired-side Servers over Unauthenticated Wireless

Larry’s Stories

  1. New Social media site - [Larry] - Check it out, sign up and share everything!
  2. IT'S A TRAP - [Larry] - NSA releases a guide on securing OSX…
  3. Changing IP addresses and proxies are Illegal in California - [Larry] - At least it isn't Florida where computers are illegal… but this is interesting, IE changing IP addresses, in that this may be exactly what routers and firewalls technically do…

Jack's Stories

  1. One of Paul's favorite subjects used for EVIL??! Say it isn't true! Yes, explosive breast implants are threatening life and liberty! Or this is FUD bullshit, recycled from years ago by those who thrive on fear and terror- the press and government bureaucrats cashing in on CYBER and TERROR FUD.
  2. FDA listens and issues recommendations on wireless medical device security.
  3. Microsoft has to pull another patch, this time it is an Exchange patch. That is bad. Very bad. We're trying to get folks to patch faster, not give them excuses for being exposed.

Allison's Stories