From Security Weekly Wiki
Jump to navigationJump to search

(15 Seconds of silince)

(get all the laughter out)

Theme Music, Episode 24 for April 20, 2006

"Welcome to Security Weekly, Episode 24 for April 20, 2006"

From the PSW studios

Play jungle music and say that we are searching for Paul, who is burried deep in the jungles of firewall land.

“Welcome to this edition of Security Weekly, our excuse to drink beer and talk geek shit, er stuff"

"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce”. Oh, wait, I see someone twitching in the corner, oh, its twitchy!"


This episode is sponsored by Syngress Publishing, Read a book and learn how to own your neighbors cat....

Listen to this podcast and answer the questions at the end of the show. Then go to the Security Weekly blog and be the first to post the CORRECT answer (be certain to leave your email address) and receive a free ticket to choose any in-stock book from the syngress web site, for free!

Last weeks winner Syngress question of the week is Chris who stated the correct answer: This one is too easy. http://www.google.com/translate?langpair=en%7Cen&u=www.securityweekly.com

Paul is our other winner, who guessed, er stated, the correct answer that myself, Larry, twitchy, and The Mason have all been on the podcast only once before. You win a brand spanking new copy of MS Office 2003! Congrats!

This episode is also sponsored by Core Security. Use Core IMPACT and give your Intrusion Detection System a good spanking, Just like daddy used to! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd twitchy will be there!

Announcements: Twitch had an announcement but I forgot....

Announcements: We need your help, we need frappr pins, are you going to let us be Frappr spanked? Thank you, we are almost there!

Announcements: I will be giving my presentation from ACUTA..... on a conference bridge. Yep, thats right, like a telephone. They said that anyone could call in, so I will give out the number as soon as its posted...

Announcements: We are running a logo and slogan contest with Source fire. Here are some samples:

“Where Sun Tzu meets microbrews.” or “cold brews” “Hacks, podcasts, and good beer. What more do you need?” "securityweekly.com bringing you security news, tips, and tricks faster than Cisco can end-of-life products."

On to listener feedback!

Firefox Commercial - Ed/Mike Promo

Chris writes in:


Just listen to show 23 and though I'd give some feedback on the living with IE on a fair sized corporate network from a Microsoft admin point of view working in a pure Ms desktop environment.

So we're stuck with it and I'm hoping the IE 7 will start to address the problems with the older versions.

(wet dog initiatives not withstanding, although trying to get a very new schema change through our change board would be a fun game especial since it's unsupported, freeware and would have global ramification if it goes wrong)

Joey writes in:

Hey guys,

What was the model of that Compaq iPAQ used in the most recent video cast? I've been wanting to buy a PDA for some time to do some stumbling with but have been reluctant to buy one for fear of compatibility issues with ministumbler.

Jon writes in:

I think the most benefit I've recieved from Ninjutsu is in the whole ethos of tactics & strategy - the taijutsu (unarmed forms and movement) & related aspects all flow from this. Ultimately all budo are 'internal' arts - the external forms just flow from the practitioners understanding, and when you're in the flow, or 'non-dwelling' state, whether it be budo or infosec or whatever the state of being is the same. However, to reach this state requires a good grasp of the theory and years on the mats / at the keyboard.

Does this chime with your experience ? I'm very interested in your views.

Benjamin writes:

Twitchy -

I didn't even know about the Security Professionals Conference but am interested in knowing what you thought of the conference as a whole. If you found it interesting I may have to look into going next year.

As for the 2006 conference, you mentioned a "wargame" at this years conference and said that the VMware Player and image would be available for free. I am interested in those resources but can't find them anywhere. Could you provide a link (either by e-mail or the next Security Weekly show) to those resources??

Also, if you did have a Story Time with Twitchy podcast I'd subscribe. Yea for Twitchy!!

Drew writes:

(offers us bandwidth, we love you for that!)

I want to ask our dear friend Mr. Twitchie a question. I heard him mention a download called Ethereal or something like that. I'm wondering how to set this up at school so I can monitor whats going on? Maybe look at what everyone on the network is doing on the Internet as well as IM's...that would be interesting.

You might be getting this for the second time, and if you are I apologize. I tried sending from a different address, and you didn't respond for a few days so I thought I'd send from this one.

Hope all is well, great show and I download it the second you post one. Let me know..

Matt writes in:

Sort of a vague question that has me a bit interested lately. Seems a lot of the big guys out there are using Akamai's services including their akadns.net (belive that's them?). For instance my sbcglobal smtp server routes to an akadns.net server. Also seems there's been a decent amount of phishing scams involving Akamai redirects.

In general, just wondering how worried the security gurus are about all this stuff routing through akamai redirects and servers.

Steve Writes in:


I listened to your wifipigi backing podcast and have another ethical question for you.

I am a student at a university studying information technology. In a recent class my professor assigned a research project that entailed contacting a local business to see if the education we are receiving is what is actually needed by companies in our area of the country. We learn Windows, Novell, Cisco, etc.

All my classmates were able to complete the assignment; some were actually invited on tours. Many of us received very detailed information such as service pack levels and firewall technologies, others obtained very general information such as OS's and equipment brands.

The next class period the professor told us this was actually a social engineering project - that he had recieved no calls to verify the legitimacy of the project - and that those we spoke to should know better than to disclose even innocuous information that might be used in social engineering attacks.

Do you consider this an ethical project?

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


FiT Promo - Amazing Fecal Matter


Episode24 Show Notes

Valid Syntax Promo - I Want To Connect

Syngress question of the week: What came first, the chicken or the egg?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com