Security Weekly - Episode 356 for Thursday December 12th, 2013
- Come see me speak next year! First and foremost I will be speaking at S4x14 this year on Jan 14th (on "OTDay"). Visit the conference web site and come to Miami in January.
- I will, reluctantly, be attending RSA this year as a booth babe. Any requests for outfits are appreciated, send them to me on Twitter @securityweekly using #whattowearatRSA2014
- The Offensive Countermeasures Hack Lab at the Mid-Atlantic CCDC conference in 2014, and sticking around to MC the event and do a live Podcast!
- I'm also slated to speak at the Charlotte ISSA conference in 2014 and the NOLA conference in New Orleans in June
- We are looking for sponsors for our weekly webcasts and shows. Contact paul -at- hacknaked.tv for details, there are still a few slots available!
- The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
- Larry teaching SANS classes: Check out his SANS page for the details" 617 in DC in December, and in Orlando in March, Also 571 at RSA
Guest Interview: Champ Clark (@dabeave666)
Champ Clark, also know as "Da Beave" in some circles, is the CTO of Quadrant Information Security headquartered in Jacksonville, Florida. He is one of the founding members of the VoIP hacking group Telephreakand runs the Deathrow OpenVMS cluster. He has co-authored books published by Syngress Publishing and has been interviewed by various magazines. He has spoken at conferences on topics such as "war dialing" the world with VoIP, exploring X.25 networks around the world, and most recently, real time log analysis with "Sagan", software he developed.
- How did you get your start in information security?
- What advice do you have for others getting their start in information security?
- What about phone phreaking and/or VoIP hacking, how does one go about getting started?
- What is the Deathrow OpenVMS cluster and what is it used for?
- Do people still war dial?
- Why is war dialing so useful?
- Why do most folks not opt to have war dialing be a part of their penetration test?
- Tell us about Sagan, what is it and what does it do?
- Three words to describe yourself
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of Ass Grabby Grabby do you prefer to go first or second?
- Stranded in a desert island, which tablet would you bring along: a) iPad b) Surface c) Android d) All of the above e) None of the above?
The Deathrow OpenVMS cluster: http://deathrow.vistech.net . At Deathrow, you can play/hack on the OpenVMS operating system.
- Important Security Update for D-Link Routers — Krebs on Security
- GCC Poison | Leaf Security Research
- Using a Hosts File To Make The Internet Not Suck (as much)
- "Mobile Device Tips
- "Nvidia exploit could turn render farms into password crackers
- The top 8 security threats of 2013
- Guilty Verdict in First Ever Cybercrime RICO Trial | Threat Level | Wired.com
- BBC News - Bots now 'account for 61% of web traffic'
- Errata Security: Literally the nicest thing I’ve ever done
- How to find out if your password has been stolen | ZDNet
- Network Security Tip of the Week
- "Installing PVS
- TextSecure, Now With 10 Million More Users Now we see that encryption is making an attempt to become more mainstream (at least on geek circles).
- Google catches French govt spoofing its domain certificates The chain of trust in the CA model is broken, SSH had it right all along, we should start doing more certificate pinning.