From Security Weekly Wiki
Jump to navigationJump to search

(15 Seconds of silince)

(get all the laughter out)

Theme Music, Episode 19 for March 17, 2006

"Welcome to Security Weekly, St. Patrick's Day Edition for March 16, 2006"

Start Irish Music

“Welcome to this edition of Security Weekly, I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce”. Here in the studio (my house) “Twitchy” is with us.

From the PSW studios


This episode is sponsored by Syngress Publishing, Where you can learn about 0wning and penetrating without going to jail!

Listen to this podcast and answer the questions at the end of the show. Then go to the Security Weekly blog and be the first to post the CORRECT answer (be certain to leave your email address) and receive a free ticket to choose any in-stock book from the syngress web site, for free!

This episode is also sponsored by Core Security, How does your network handle the penetration......testing! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

Last weeks winner is Jon Barber, who stated the correct answer, "According to http://www.ietf.org/rfc/rfc3514.txt the high-order bit of the IP fragment offset field should be set to 1 when the packet has evil intent. Google was my friend - http://www.google.co.uk/search?q=evil+packet++bit"

Announcements: Open Show, first topic will be "Piggybacking Open Wireless Networks: Is it legal? Is it Okay?"

Announcements: All IT podcast people are getting married, including "The Mason"! Yup, he got 0wn3d.

On to listener feedback!

ITT Promo - War, Re-joiner

I would like to thank everyone who put a pin on the Frappr map! 82 people, and even someone from N. ireland on St. Patricks day Stephen Barnes Newtownabbey, Northern Ireland (United Kingdom). I guess that's the closest to Ireland we got so far...

Thank you to everyone who posted a comment on iTunes, 4 new comments! Props to IrishGrrl too, its her day today :)

Don't forget to leave us feedback on the video feed too, it will get better. No more male flashing, we promise!

Concerning SANA, I demo'ed it 2 times in the last 5 years. It is a anomaly based HIDS. It has no signatures and after some period of time, it learns what the host normally does (even if it is evil) and flags anything else that comes up. Intrusion, Inc also resells it, but with a different name.

It sounds really cool and impressive until you have to try to tune it. It reminds me most of Cisco CSA, if you have ever used that.

Keep up the good work, we are all counting on you,


Hi there, in episode 18 you talked about Bluetooth hacking and how it is possible to eavesdrop voice conversations out of it. However, you said this is not the case for WiFi networks.

Currently, as you know, there are lots of VoIP WiFi-enabled phones, and most them only support WEP (fortunately, some new software/firmware updates add support for WPA/PSK). In this scenario it is possible for an attacker to capture the WiFi traffic (encrypted or not), break the WEP encryption (if available) and disect the data traffic carried over the WiFi network, that is, VoIP traffic. The same also applies to the lastest versions if the WPA PSK is weak (relatively small dictionary word), as you know.

There are several tools to convert the VoIP protocol sessions captured into valid voice conversation files (like .wav) such as Ethereal, Cain & Abel or vomit.

Keep the great show!!

Take care, Raúl Siles

George Starcher writes in saying the same thing:

"Another good use for cain and abel is auditing VoIP traffic. I have used it at work to trouble shoot complaints about phone call quality. It does a great job of recording voip traffic to wav files. I can record a call for your meant for being recorded if you want to demo the results on your show. I aired one once on ITT."

Here is a sample of Larry who used Cain & Abel to grab some voice traffic. (Play Sample)

Anyway show #16 mentioned the Spinning Cube of Potential Doom and I just had to try it. Got the code and brought it up on a Debian box with no problem. I then wanted it on my Laptop and was slowed down when it wasn't just a slam dunk on OS X. Anyway if you go to http://members.bellatlantic.net/~vze35xda/software.html and at the bottom of the page is a version I got running on OS X. See doom.pdf for the manual.

Runs pretty good but I have not really been able to use it to its full power since I can only see stuff at my port at the edge of the network. I would like to try a port in a central router but no one seems to know if we have one.... Seriously I am not very high up on the food chain so I won't get to try this off a monitor port on a big Cisco. But you probably can so let me know if it does interesting stuff.

Thanks, keep talking, you and your buddies make my day.

jim schimpf

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


Ed Skoudis Promo, Short Re-joiner


Episode19 Show Notes

Play our own sweeper, grasshopper....

PSW - Grasshopper Sweeper, Short Re-joiner

Sponsorship info: podcast5 is not longer valid, conference has started. Thank you SANS!

Syngress question of the week: How many channels does bluetooth use, how often does it hop channels and what band are those channels in?

Core discount code impactbsg

Thank you for listening, psw@securityweekly.com, http://securityweekly.com