I've heard you mention serveral times on your podcast the endorsement of usines EAP-TTLS for securing wifi networks. Do you know of a good how-to for this? I've used PEAP in past with Cisco hardware, but I'm more interested in not just a how-to for implementing EAP-TTLS, but one that possibly works with a WRT56G?
Thanks for the great work on the podcast! Don
Hi Paul (and team)
I enjoy all your podcasts, but this one was especially delightful !
Keep up the great work -
cheers from Jo
(lady listener in Australia)
Martin Mckeay From the Network Security Podcast WRites in:
Man/Twichy Love Association.
[Paul Asadoorian - Is he starting this? Are only men allowed to join?]
[Paul Asadoorian - Woops, guess Firefox is now the OS X of browsers, wait, maybe it always has been. Point it, all software has bugs, but I totally agree that some, like IE, have more bugs, than others, like firefox. But not just more bugs, more unpatched bugs, and more dangerous bugs. So, rock out with your firefox dude!]
I just would like to let you guys know that my company has officially told everyone to stop using IE and install and use Firefox. Super busy today, because I am answering a lot of help desk tickets related to it, but it is worth because later on I will have less issues to deal with.
Props on your podcast! Been listening for the last six months – great show!
Since you and the crew are researching the WT54G, I’d like to get your thoughts… Is it possible to run executable or script code in these units? I pent-test financial institutions and we are playing with the idea of a wireless hack which could work internally and over the web to gain access to the local network at layer 1 & 2.
Here’s the gist:
1. Place a locked down WAP behind a printer during a social engineering trip. Access it locally using with 802.11 (easy)
2. But – what if the WAP could create an outbound HTTPS connection and allow tunneling such as STUNNEL to external host. a. Now you have a ~VPN access to the WT54G over TCP 443 (which is always open outbound) b. You could then – well as TWITCHY would say – HACK NAKED.
This is still in my concept phase, so the first question is paramount: Can the WT54G run the type of code that could do this?
If yes, then I have a project. I can be reach at the contact info below and bio be found at: http://www.netbankaudit.com/key_management.htm
Props & shouts!
James writes in:
Thanks for the pointer on umit to reciprocate heres a link on a tool to log nmap --> mysql
Blue Havano writes:
In PSW episode 46 you mentioned combining vulnerability and IDS information to get better IDS event results. This is called event correlation and the concept in the security community is called "Security Information Management (SIM)." The best open source example of this is OSSIM ( www.ossim.net) and there are many commercial solutions as well.. SIMs also help out by gathering all log data from sources such as firewalls, servers, clients, etc. The bad part about a SIM is that most people can barley configure their IDS and firewall right, so adding something else to the mix seems to hinder the correct implementation of the original products. SIMs are also very complicated systems. They are systems based on systems.
Keep up the good work.
[Paul Asadoorian is a space cadet and miss this completely, even after I read the email. Doh!]
Just wanted to let you know that Paul Dot Com Security Weekly is featured in this week's episode of The Podcast Junkie. You can check it out at ThePodcastJunkie.com, or ThePodcastJunkie.Podshow.com. You'll also find an ID for your show at the end of the episode. Thanks for all your hard work in putting out such a great show!
The Podcast Junkie,
Check out The Podcast Junkie show, the podcast all about podcasts! Hosted by Lockjaw, you can find it at http://www.ThePodcastJunkie.com
I live in France near Paris, i listen to the itune feed of the show. I Just wanted to thanks you for the show, i love it and this been great information and insight for me into security. So good jobs and thanks again :)
Special message to twitchy, thanks for the fun you bring to the show ;) you also spoke that your laptop lock itself if your cellphone is away.
I have two questions about this,
1. have you any info or link about how to manage to do this kind of things without opening to many holes on your bluetoooth phone or any other thing needed to communicate with for this ? Paul scares me with all the bluetooth vulnerability that seems to be "in the air" :)
2. can you survive if you phone is stolen ?
Thanks and sorry for my english ! :)
-- Cordialement, Ghislain
Here's a couple more twitchy references for you
Hey guys, this is Luiz Eduardo, WSIRT Incident Manager and SE for Latin America with Aruba Networks.
See Twitchy in San Diego and all you guys in Vegas. Remember, it's Oktoberfest @ http://www.hofbrauhauslasvegas.com/
save me a couple stickers, will ya?
[Paul Asadoorian - Three cheers for Luiz!!!!]
[Paul Asadoorian - This question comes up a LOT]
Dear Paul, Larry, Twitchy, et al,
First of all, I love the podcast! I just started watching the video podcasts too, and let me say the spud gun was fun, but a pickaxe kicks ass!!
I have an IBM StinkPad X31 running Linux (currently Ubuntu Dapper Drake). I would like to purchase a decent wireless card to test my network for vulnerabilities mentioned during your podcasts. Do you have any recommendations for good wireless cards that either have an external antenna adapter, or can be modded to have one? I would like one that supports WPA, 802.11a/b/g or Pre-N. Thanks a lot for the entertaining and educational show and keep up the good work.
Jeff aka "Ringer" Saint Paul, MN
Thank you to all who recommended ISPs, we've found one, their called server north. Migration to begin in the coming weeks.
[Paul] - F'ing Finland!
Subject: "Hacking naked in Finland is an excellent way to freeze your nuts off. It's hella cold up here."
1) How's the Apple MacBook as a hacking/pen testing platform? 2) Where can I get a good pair of emo glasses? The ones I have don't match the color of my Web 2.0 social networking site and...
Kidding. Haha? No? Moving on.
How's the wireless chipset and can you live with the lack of a PCMCIA slot? Is there any benefit to getting an external PRISM2 chipset card etc. and if so, what would be good for all three OSs.
-Asko Aavamäki (Finnish names weren't made to be pronounced by sane people, so I'll go with "Hace". Which is supposed to rhyme with "case", "base" and "chase" even if it doesn't...)
Mark writes in:
I was hoping to get some input from you. In about a month Sans will have a couple of classes to choose from here in Boise, ID, and I wanted help choosing the right one. (sans.org/boise06) I am torn as to which to choose. Security 504 would be an awesome class but Security 401 seems like a better fit.
My background: I am a Citrix and VMWare consulting systems engineer. I have always had a love for security and hacking (a lot of years ago when I was a AutoCad drafter, I used to change other peoples wallpaper and startup sound via the registry over the network). I follow very closely current security events and listen religiously to your podcast. While I have a very strong knowledge of the Windows OS, I choose not to use it as a day to day OS. I have a macbook at home (beginning knowledge) and my work laptop runs Ubuntu (mid range knowledge). I recently attended the NAST class put on by Laura Chappell (http://www.hotlabs.org/toolkit). While the class was good, I feel there are still holes in my knowledge.
The management team has recently put me in the role of Security SE with the task of starting the practice as it pertains to security consulting.
Just wanted to drop you a quick email to say hello. - I'm a new listener and was also able to catch the live show in Vegas while I was out there for the Security Essentials Bootcamp. Prior to going to SANS I wasn't aware that most of you are all from Rhode Island - I'm in Attleboro, MA.
Was curious if you guys ever do any local events or even know of any local security-based user group meetings..?
Cheers - and keep up the great work! -Jeff
Thanks for a good show... keep it up, guys.
A thought for a possible 'listener contest'... or maybe just informational. But check it out... what if you have a competition amongst the listeners to see who can nab the most networks and post them to wigle.net ...
[Paul] - A contest you say? hrmmmmm
Tim writes in with a PDC drinking game:
I've posted a copy at: http://www.scs.carleton.ca/~tfurlong/pauldotcom_drinking_game.html
Horray! We'd all be freakin wasted!!!!
Thanks to Ben, we now have golf shirts on the Cafe Press store! Any other requests?
Hey guys, has there been any thought of putting a "golf" shirt on the CafePress store?? I usually have to wear "golf" shirts at work and would love to wear a hack naked shirt to work.
The unnofficial twitchy video:
Check this out guys ;)
Enjoy, cya soon!
Shlomo From Israel (about 15 mins south of Jerusalem writes:
Sweet Honst Larry?
I've known Larry since the first day of college. How surprised I was when I ran across your video regarding the mac vuln while reading Martin McKay's blog.
I have actually known Larry before he had any ink or extra holes. Ask Larry about the hot-dog tongs!
And I was the one that told Larry to take his web server off his firewall!
I love the blog and have been hooked for weeks. Keep up the great work.
Paul, Larry, Twitchy, and Mr. C,
First I wanted to say how much I enjoy the show. I am a regular listener. As such, I basically should know the answer before I ask, but I need to make sure. Someone I know works for a non profit that is handling some sensitive data that would come under HIPAA rules. Unfortunately, they are dealing with sites spread throughout a certain state. At the different locations there is a strong push for wireless. So strong, I think it will happen no matter what. If it does occur, would you prescribe the required use of WPA2 and VPN? Or should any plans to use wireless at the sites be DOA?
[Larry - There are two trains of thought on this one. One, if they want to use wireless, WEP (yes, I said WEP), technically makes them compliant with HIPAA. Many may argue that they have taken reasonable steps to encrypt data on a "public network" (even a wireless network as public might be arguable).
However, if they want to be "in the right" and perform ethically, the will do all they possibly can, perform all the due diligence, and encrypt wireless networks with technologies better than WEP, that of course, make sense for the business.
My suggestion: Wireless APs, attached to a DMZ, secured with WPA2 using appropriate authentication for the environment (that's the "enterprise" part.). Clients on these networks should use a VPN client, employ full disk encryption (such as DriveCrypt, or PGP 9 whole disk encryption), and have a finely tuned set of third party firewall rules (not just windows firewall).
And then there is standard workstation security - limited user accounts, AV, patches, upto date applications....
Just my opinion. :-)
Obviously all of those expenses need to be weighed against the cost of a breach, and loss of "brand recognition" when the organization gets recognized in the local media for having patient records compromised. Not to mention potential lawsuits and federal fines.....]
Monty B writes:
Greetings Paul! I just wanted to drop a line and say thanks for mentioning my book (Commodork: Sordid Tales of a BBS Junkie) in the wiki notes for episode 41, even though after listening to the program it sounds like you guys may have run out of time before you were able to discuss the book. If there's any questions I can answer about the book or anything like that, I'd be glad to help out! Maybe an MP3 interview or something? Plug or no, I enjoy the podcast. Keep up the great work!
Rob O'Hara http://www.robohara.com/commodork
Hi Paul and dotcom crew,
Can you send me the links to the permission forms for PEN testing you spoke of in a recient podcast?
BTW, Great show, less girl talk and more professional tech, please.
[Larry - but girls are so pretty! Twitchy likes to cut the tongues out of the 12 year old ones and keep them in his basement - not really...]