(Reminder: Take picture of Paul’s rack)
(15 Seconds of silince)
(get all the laughter out)
Theme Music, Episode 18 for March 9, 2006
“Welcome to this edition of Security Weekly, I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce”. Here in the studio (my house) “Twitchy” is with us. Coming to you via skype we have a very special guest by the name of Martin mckeay. Martin is the host of the network security podcast and maintains a security blog at Computerworld, welcome martin!
From the PSW studios
This episode is sponsored by Syngress Publishing, Where you can learn about 0wning and penetrating without going to jail!
Listen to this podcast and answer the questions at the end of the show. Then go to the Security Weekly blog and be the first to post the CORRECT answer (be certain to leave your email address) and receive a free ticket to choose any in-stock book from the syngress web site, for free!
This episode is also sponsored by Core Security, How does your network handle the penetration......testing! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.
Winner from two weeks ago claimed his prize. Congrats to William Day! This weeks question was tough, but....
On to listener feedback!
ITT Promo, Re-joiner
Audio feedback from Steve Murawski
i remember hearing in one of your podcasts you were looking for some bt hacking info,
i've stumbled across this collection of links in case you were still interested..i havent gone through them to sort the good from bad though
btw your podcast kicks ass!
In your last podcast, you'd mentioned that you'd really like to have a way to detect botnet installations before they became a problem. You may want to take a look at "Primary Response SafeConnect" from Sana Security (http://www.sanasecurity.com/products/sc/features.php, http://www.cbronline.com/article_news.asp?guid=63F17970-FC69-46C4-954E-2A7807A5D612 ); it uses what they call "Active Malware Defense Technology" (or "Active MDT") to try and detect spyware/trojan"-like" behaviour in general (process hiding, not providing uninstall functionality, etc.), without relying on signatures to detect specific pieces of malware (badware?). I can't vouch for it myself, not having used it yet, but one of my profs is familiar with the research and considers the approach to be quite promising, and I trust his opinion more than I do marketing literature. ;-) It's probably worth at least playing around with, especially if you have a testbed where you can try it out and see what it can pick up on.
-- Tim Furlong
just found your podcast and found it very interesting!
In the March 3 show, you mentioned the need to have a good password policy and I wholeheartedly agree. One item that is significantly exposed is voicemail. While it may not contain credit cards and similar immediately useful info, most business execs voicemail contains insider info that would be very useful to someone that was active in the stock market. And of course most voicemail is protected by passwords that are 4-5 characters long and comprised solely of numbers.
Something worth discussing on your next podcast? Especially any insight on how to secure voicemail would be helpful.
Mike Poor Promo, Short Re-joiner
Episode18 Show Notes
Gmail Podcast, Short Re-joiner
Sponsorship info: podcast5 still valid,
Syngress question of the week: According to the appropriate RFC, what should the high order bit of the IP fragment offset field of an IP v4 header be set to in order for the packet to be labeled as "evil", and what is the RFC # that defines this?
Core discount code impactbsg
Thank you for listening, firstname.lastname@example.org, http://securityweekly.com