From Security Weekly Wiki
Jump to navigationJump to search

(15 Seconds of silince)

(get all the laughter out)

Theme Music, Episode 25 for April 27 2006

"Welcome to Security Weekly, Episode 25 for April 27, 2006"

From the PSW studios

“Welcome to this edition of Security Weekly, The dorkcast for dorks, by dorks!"

"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and twitchy is running a little late because his head wouldn't fit through the door today. Must be all that feedback from the listeners :)"


This episode is sponsored by Syngress Publishing, Read a book and learn how to own your neighbors cat....

Listen to this podcast and answer the questions at the end of the show. Then go to the Security Weekly blog and be the first to post the CORRECT answer (be certain to leave your email address) and receive a free ticket to choose any in-stock book from the syngress web site, for free!

Last weeks winner was Ben who stated the correct answer of "$5000, From: http://www.phillipsnizer.com/library/cases/lib_case35.cfm"

This episode is also sponsored by Core Security. Use Core IMPACT and give your Intrusion Detection System a good spanking, Just like daddy used to! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd twitchy will be there!


Announcement: Twitchy apology to ITT.

Announcement: We've learned a lot this week about friendships, management, and managing a podcast

Announcement: Don't forget about our forums, at http://forum.friendsintech.com

Announcement: Don't forget about the Frappr slap!

Announcement: Logo and slogan contest, thanks Snort!

On to listener feedback...

Georege Class Sweeper - Fecal Matter - Listner Feedback

Jeff writes in:

Hey this is for Twitchy...I really respect your opinions because you sound like you are a fairly intelligent person. My question is: You constantly are chiming into conversations stating "AJAX is bad", "Java is Big bloat memory crap"...maybe you should try explaining what is better to use if you feel so strongly. Java has gotten very fast, and what it lacks in speed at runtime it makes up for in the time consumption when writing the code. Also, not as many Buffer Overflow issues in Java. Think b4 you speak...Love the show guys.

Svetlana writes in (who also put a pin on our frappr map, thank you!): Boys,

I am taking an ethical hacker class and the instructor requires that we do many things to the programs we download from the internet. The book has many rules but the instructor has rules not in the book. Here are his rules:

  1. 1 All programs downloaded from the Internet may only be used in our test lab. See my verification tools handout for a list of possible programs to use. Prior to install
  2. 2 Verify the md5
  3. 3 Virus scan with 2 different programs During / After Install
  4. 4 Use 2 programs to verify the files written to the hard drive
  5. 5 Use 2 programs to verify any entries written to the registry
  6. 6 Use 2 programs to search for any spyware it may have installed
  7. 7 Check for rootkit installation During Tool Use
  8. 8 Monitor network traffic on your test workstation
  9. 9 Monitor network traffic on our test server

It takes a long time to do this and I thinks that this is too much work. Do you boys do this for the programs you use? Your podcast is funny.

John writes in:

Paul, Thanks for a great show! I have recommended the podcast to several friends and have even gotten my boss to listen to the interview with Josh. (It scared the sh!t out of him and helped me get some policies and budget items approved!)

Anyway, as you see below, I finally sent my book choice to Andrew.

Thanks again, -John

[John, this is why we do this podacast]

Stefan writes in:

Hi guys!

Great podcast, never miss a show! Since some of you may or may not be working for some .edu I have a question. This letter might be a bit too long but you're of course free to cut it down.

I'm currently studying at Linköping (pronounced as [lean-churp-ing]) university in Sweden. Since I have a genuine interest in computer networks and the university have a rather large one... I kind of... explore it a bit.

Of course I don't have any malicious intentions but I wonder if the network admins would agree. They should have recieved quite a few traceroute packets by now...

For example I've found a few printers that could (should) be reconfigured to prevent people from printing outside the campus.

Anywho... My question is; what's your view on students "messing around" with the network? Are students considered an "inside threat"?

I'm currently contemplating whether I should tell the admins and in that case, how.

As previously stated, amazing show, by far the best security related podcast!

/Stefan (st3f)

PS. Am I the only one who think Larry's cooler than Twitchy? Oh, if you air this, could you give a shoutout to the other swede listening to PSW? His name is Chris.


[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


TMUP Promo - You've Been Owned - News


Episode25 Show Notes

Drunk Call Harvard Kevin

Syngress question of the week:

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com