Changes

From Security Weekly Wiki
Jump to navigationJump to search
30 bytes removed ,  00:52, 11 October 2014
m
Text replacement - "[PaulDotCom]" to "[Paul]"
Gary Keen</pre>
[PaulDotComPaul] - So lets clear the air about Steve Gibson. First, he has done much good for the security community, no doubt. Say what you will about him, he has contributed stuff that has helped improve the security of the Internet. However, we pick on him because he's an easy target, shame on us. HOWEVER, he does have tons of listeners and will often say things that are not technically correct (heh, so do we), but will then go uncorrected. We have written them several times to help correct them, with no response. They don't seem to want to collaborate and communicate with us in the same manner that *Every other security podcast in production today* has and continues to. We have a great working relationship with Cyberspeak, Hak.5, Sploitcast, and many others. Security Now! just chooses to ignore us, making them the target of public ridicule because well, they are an easy target and we have no spine (Kidding!!). Another thing, Steve often presents things in a confusing manner, and I think this is because he tries to explain some of the more advanced security topics to an audience with a very low level of computer knowledge. Sometimes, this just doesn't work no matter how hard you try and causes confusion (hence the sweeper). So, we don't dislike Steve or Security Now!, but we have our moments with them.
Grim Reaper</pre>
[PaulDotComPaul] - I found this resource: http://www.cs.berkeley.edu/~nks/papers/15.4-wise04.pdf "Secuity Considerations for IEEE 802.15.4 Networks" and if I remember correctly, Josh said that it suffers from many of the problems that bluetooth and 802.11 suffer from in authentication of mgt frames.
== Kismet on WRT54G (Jason) ==
Jason</pre>
[PaulDotComPaul] - Broadcom drivers suck and don't give you the RSSI info. However, using Kamikaze and the 2.6 kernel you can get Atheros drivers to work on your platform. No configuration in /etc/config, however you can use the wlanconfig commands to configure. You will then need to compile Kismet drone with atheros support, which I just haven't gotten around to. [Larry] - This requires you to have a device with an Atheros chipset! An ASUS WL500g Premium will work nicely with a swap out on the mini-pci card. On WRT, you are hosed for Signal strenght - which was part of my problems while writing my GAWN Gold Paper (in the SANS RR). The other problem is with multiple Kismet Drones - unable to determine which drone spotted the AP. Allegedly there is a fix in newcore for this one.
== WEP & WRT54G Models (Andy) ==
Andy</pre>
[PaulDotComPaul] - <Shameless Book Plug>There is a hack in the book that shows you how to get WPA-Enterprise working on a standalone WRT54G. This is the most secure option, and does not have the vulnerabilities that are contained within WEP or WPA-PSK. The WRT54GL router is the one recommended in the book and is still produced by Linksys for hacking. The WRTSL54GS is great too and used in the book too, its $99 if that fits into your budget. With respects to war driving, the book has an awesome hack, poineered by renderman and improved upon by Larry, called war-driving in a box!</Shameless Book Plug> [Larry] - As a future update, I'm going to port the Wardriving-in-a-Box to the WRTSL54GS. This will make it easier for even n00bs to complete the hack (and by n00bs, I mean those with out soldering skillz).
== Secure Web Development (d4ncingd4n) ==
D4ncingD4n </pre>
[PaulDotComPaul] - I would suggest using whatever web application platform you are most comfortable with, take SANS Secure coding courses and web application courses, and regularly audit your code and application. [Larry] - Mmmm, beer. Good idea on list of beers, and for a list of education resources.
[[Category:Show Notes]]

Navigation menu