From Security Weekly Wiki
Jump to navigationJump to search

Record Sweepers:

In The Trenches

Valid Syntax

Typical Mac User Podcast

Martin Mckeay Network Security Podcast


Record our own promo:

Paul's "Pen Testing"

(15 Seconds of silince)

(get all the laughter out)

Theme Music, Episode 23 for April 13, 2006

"Welcome to Security Weekly, Episode 23 for April 13, 2006"

From the PSW studios

“Welcome to this edition of Security Weekly, I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce”. Here in the studio (my house) “Twitchy” is with us.


This episode is sponsored by Syngress Publishing, Your source for 0wning, hacking, penetrating and all those other things that grandma doesn't approve of!

Listen to this podcast and answer the questions at the end of the show. Then go to the Security Weekly blog and be the first to post the CORRECT answer (be certain to leave your email address) and receive a free ticket to choose any in-stock book from the syngress web site, for free!

Last weeks winner Syngress question of the week is John Segarra who stated the correct answer:

Mike and Paul both mentioned hacking on the Apple IIe in the first few minutes of the interview featuring Mike and Ed recorded on 2/12/06. Mike also mentioned hacking on the Commodore 64

Chris also got the bonus "Answer is Apple IIe, and for Larry: TSR-80 model 1. Sources: 'PSW - Special Edition - Mike Poor & Ed Skoudis Interview - Part 1' and PSW Episode 20."

Chris, we'll be sure to get something special we have in the works for you.

This episode is also sponsored by Core Security. Use Core IMPACT and give your Intrusion Detection System a good spanking, Just like daddy used to! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get your hand-on training in intrusion detection, securing windows, forensics, and of course hacking and exploiting. Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered!

Announcements: Larry is now officially part of Defensive Intuition, congrats! More things to come....

Announcements: Interview with Johnny Long has been posted, check it out. He rocks, and all proceeds of Google Hacking go to charity, so go buy it now!

Announcements: We need your help, we need frappr pins, are you going to let us be Frappr spanked?


Announcements: My presentation from ACUTA has been posted, so check it out! I will also be doing the same presentation via a webinar sometime in May, not sure if its open to the public, but I may record it on my own :)


On to listener feedback!

FiT Proud Member - Johnny Sweeper

Steve Muraski writes in:

There is a project that has some options for integration with group policy. After I finish the current project that I am working on, I am going to begin testing this to see how it will work.


Martin writes in:

Hey guys, love your podcast. Could you give me some tips when buying a new router with wifi? Is linksys the best choise? I have an old shitty dlink 622+ now but it seems to have some performance issues.

James writes in:

I must respectfully disagree with Twitchy "the dude". props to "The big Lebowski" Duuuuuude hacking someone's wireless connection in ethics class?

  • sigh*

I guess I'm a live and let live dude.

"I am a Linux zealot...he was a mac zealot"

Dude that is so last millenium ;-)

disclosure: I am a mac user, debian user windows user (cringe). I am saving up my pennies to buy a ProBook, so that I can be cooler than Twitchy. ;-)

On the IT Crowd:

Just heard it. It's hysterical. Thanks for mentioning it on the show.


Paul Hucked writes:

Paul, Larry, and "Twitchy",

Thanks for the great podcast. As you requested several times, here are some comments and questions.

I'm new to podcasting - started about 2 weeks ago. I downloaded all the SecurityNOW episodes and was unimpressed - Steve talked about not running any antivirus or spyware utilities because he's careful - Hmmmmm. In your earlier podcasts you touted them and lost points from me - then gained the points back as you distanced yourself from that podcast.

I’m a security professional who enjoys his anonymity. I believe my clients and I benefit from keeping a low profile which reduces our attack surface. I’d be interested in hearing your thoughts on this. Do you have any concerns about the increased exposure you’re receiving from the podcast?

In an earlier episode you also discussed PGP's wipe feature being broken - I use it but also believe in defense in depth strategies and use Sdelete from sysinternals in parallel, you didn't mention it and I thought I'd ask if any of you use it and what you thought of it. As a side note - some corporate users I know that use PGP also use IE, as you know PGP uses the clipboard to encrypt/decrypt messages - really bad thing if you're tied to IE.

I'm sure you're aware of blocking bad websites using the hosts file, I get my copy here: "http://www.mvps.org/winhelp2002/hosts.htm". While this is not an "end all" to blocking adware/spyware/viruses I use it as an additional tool in my arsenal. I wouldn't mind hearing your thoughts.

You were also talking about making a flash drive bootable with linux. I make mine bootable with HP's MkFlashBoot.exe utility. Then I install NTFS for DOS to gain access to NTFS drives, you can also get an LTOOLS v6.10 which is an EXT2/3 and Reiser driver for dos for *nix boxes. It boots quick and you can grab files for later analysis.

Enough for now. I really appreciate all your hard work - keep it up.

Chuck Dunn writes:


It was great meeting you. Now I have a face to go with the voice. I think that Paul, Larry and you do a fantastic job on the podcast. Keep up the good work.

Chuck Dunn Information Security Officer University at Buffalo 301 Computing Center Buffalo, NY 14260 716-645-3582

Chuck, thanks for the phone number too. More drink dialing, here we come.

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


Firefox Commercial - Phone Sweeper 2


Episode23 Show Notes

Valid Syntax Promo - Great Idea

Syngress question of the week: Paste in a valid link that does the following:

Using Google's translation service as a proxy, display the securityweekly.com homepage.

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com