From Security Weekly Wiki
Jump to navigationJump to search
2,204 bytes added ,  00:18, 11 October 2014
Text replacement - "pauldotcom blog" to "Security Weekly blog"
(15 Seconds of silince)
Discuss this story for ITT: (get all 15 Seconds of silince) Twitchy to discuss something from the laughter outmailing list to do with line mics and some mp3 player (15 Seconds of silince)
(Record the Welcome Intro)
== Theme Music, Episode 27 29 for May 1326, 2006 ==
"Welcome to PaulDotCom Security Weekly, Episode 27 29 for May 1326, 2006"
From the PSW studios
“Welcome to this edition of PaulDotCom Security Weekly, a show for the listeners, because, well, without you we're just a bunch of guys at a bar drinking where beerleads to more interesting hacking and exploiting coversations."
"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and we've also got our extra pecial special host Twitchy.
Hello to all of our live audience listeners via Skypecast!
This episode is sponsored by Syngress Publishing, its like porn for hackers, crackers, and IT security professionals.
Listen to the question at the end of each show, then go to the pauldotcom Security Weekly blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!
Last weeks winner was Kirk who stated the correct answer:
Last weeks winner "MGCP was Stefan who stated the correct answerdefined in RFCs 2705 & 3435. It is also know as H.248 and Megaco via,,sid7_gci817224,00.html"
We also liked reids answer of "SCORE! Get I mostly just know it as "the current big fucking headache"' The fake question of "What was the lotion!name of the first move Jet Li acted in and what year was it produced? Where was it shot?" alerts on users surfing porn A couple of you were close, appeared in snort 1but not quite.8.2 and can be found in Paul, what is the file classification.config.answer?
This episode is also sponsored by Core Security Technologies.
Big thank you to Announcement: Logo and slogan contest is over! The Logo winner is Kreg Stepe, and the slogan winner is Paul TBattista. for sending Please drop us beer ffrom teh great NoethWest - Stone Brewery "Arrogant Bastard", which Larry matched with His 2003 vintage "Double Bastard"a note so we can get you your prizes. Thanks so much!
Announcement: Thank you to all the wonderful folks on #pauldotcom channel on irc -, Jon 335, blackdragon both made submissions that we Kreg's logo will talk about on be in the show! Alsoblogg entry, don't forget the forums over at for those who are IRC newbs or IRC-o-phobesadn album art.
AnnouncementPaul's slogans included: Send us your feedback on what you would like to see included in a book about hacking wrt54g, put wrt54g in the title. We may know someone working on a book....
Announcement: This is the last wee for the Logo and slogan contest because I havenWe Ain't had time to close it out, so hereSniffing PantiesWell We Ain's one last shot t Sniffing PantiesBecause Sniffing Packets is Better then Sniffing PantiesSecurity Over a BeerCyber Ninjas at a logo and slogan for PSW!WorkDigital Ninjas in TrainingWe Steal Passwords like its your bikeI Stole Your Password Like I Stole Your BikeI Hacked your mom
Announcement: Andy gets his GCIHOOPS! Bust The WRTSL54GS is the Linksys router with the USB and not the WRT54GS. You made me run to my WRT54GS to look for the USB that I had never seen. Ha ha you got me. Thank you to Jonathan for pointing that out the Champagnefor us!
On to listener feedback...
 == Great Idea ITT Fart - UTTechno1 TMUP PDC Promo - Listener Feedback==
James Bob writes in:(HOLY SHIT - Its Bob!)
I am a big fan of your show and have been listening for awhile. I am a junior at a high school in CA, awhile back I found a vulnerability in one of our schools servers, I alerted the proper people and they said they would fix the issue, which is the configuration of php on the server. They disabled php for awhile promising to fix the problem and have recently put that back online, without the problem being fixed. A friend and I were messing around with it today and it has become apparent that I only skimmed the surface of what was just thinkingvulnerable, in short we now essentially "own" the server. Though I know that I should probably tell them that the vulnerability still exists and what it is possible to do with it. This means I would have to tell them that my friend and I were able to potentially access student grades along with many other things that they wouldn't want a student to have access to. Since we didn't have permission I don't think that they (the school technology dept.) or the administration would be very happy with us and they have pressed charges against students for "hacking" their school issued laptops with the admin password taped on the bottom.It seems that letting someone know about a vulnerability is just as bad and exploiting it now.yeh I on the other hand want to let the school knowhow bad the security protecting grades, user and teacher files is... if you know what I shouldn't strain myself mean ;-)
You guys talk ALOT about pen testing how about some content about the business of pen testing?Like 1. what skills would a prospective pen tester need to acquire? 2. how do you price a pen test engagement...I'm thinking most of these gigs fall in the 25k to 50k range...but I may be totally full of it. 3. how do you promote or advertise your business? 4. advertisement/business development issues? 5. Yeh core impact is great but how do you pass that cost along to your customers? etc etc talk amongst yourselves ;-)---
----Jim writes in:
Mike Writes in:Really enjoy your podcast, you have very useful info between the Story times (which are great) and other stuff that make my commute shorter.
First, a bit of what I hope is constructive criticismwanted to run this past the experts to see if I'm not totally off the wall. First I listened to acouple of podcasts "on the speakers" once, run an open access point and it's connected inside my wife listened to a bittoorouter. She now calls So when you guys the college guys (connect you are on a 192.168.x.x network, as in, I Twichy would say "I waslistening to the college guys podcast,Bad Bad ! .... Oh popcorn...." and she knows what I mean). Idon't want to criticize your style, because I like itBut here is the situation we are in the middle of a 200 acre farm, but while Irealize you tend to have a wobbly pop or three while doing the 'cast,and beer makes one belch, and Larry nearest house is 1/2 mile away (I think it's you, Larrya relative) producessome fine ones... I don't think listeners necessarily need Then to hear that.I'll keep listening, but you may want to consider muting your micthe rear of the farm is a steel mill and running through the place is a small two lane road where if any one stopped for a time it would be like a bug on a plate.
[Why The internal network is all Mac's with file sharing enabled, one machine is running Apache and that's it. My AP only can do people WEP (it's an old Airport) and is in the basement of the house. Doing a walk around with a Toilet seat type iBook (which is a pretty sensitive) I can get so offended with about 50 feet from the house and still have usable signal. It's about 100 yards to the belching?]road.
<Anyway my feeling is if anyone accesses the network they have to walk into my land or sit on the road with a whole bunch more stuff followed, mostly for twitchy, 13db yagi hanging out the window. The first case is handled with a shotgun and included everything from what operating system planes run, to C vs Java, to the open wireless question, to Stephen Harper's alleged kitten eating, to are honeypots entrapment?, to OS X vs open source, to drive encryption>second as I said is pretty obvious.
[Whew, none of which I really care to discuss on know this is pretty fragile security but out here in the show because they are not so much security related and more a religious or politcal debate which boonies do you think it can work ? Oh yea, we are happy to discuss in email or in at the end of the IRC channel power line, cable doesn't come here but not bore the listeners withDSL does, its just not what this podcast is aboutso we have DSL but pulse dial.]
Chuck writes in:
Tom writes in: Paul, Larry, Twitch, The MasonI've been listening to your show for awhile now. I love it!!! THe Best Buy loacted at 825 Pilgrim Way, Green Bay, WI 54303 - Phone number 920-494-2950 employs Chad Davis (http://wwwI am what you would call an advanced novice by your standards.justice I know my way around a PC pretty I am curious about wireless security ( isn't that an oxymoron? ).htm ) I know that wep is broken, mac filtering can be spoofed, ssid is good enough for the "Global Hell" Hackerhonest people. That leaves wap. I have a friend who also works at the store and has told me stories about what the guy says he doesknow that it is vulnerable off site brute force attacks. First thought My question is -how this? How secure would you like my network be with the following password? rv34HJiJmuyN31vvqk6GB9Ue059gUH6nb2KegNtqcfQDwNjyn2CUNMRIepuGUNow this guy sent to your home to work on your computer - second thought is - how would you like this guy to take your credit card at the store - third thought not my password it is - what just one the hell i created as an example. My plan is Best Buy doing for to store several of these passwords on a hiring policythumb drive and then just use them as needed. Great show, TomHow secure would this be?
Christian James writes in:
Do you guys know a way to locate and identify servers on (says thanks for the web without scanning? I am looking for publicly accessible databases or search engine queriespen testing responses from last week, that, for example, list your most welcome! We expect a 10% cut of all publicly accessible dns servers…. [we do, but if we told you, we'd have to send ninjas to kill you]your profits :)
I have on nit to pick though.You reported that Apple had closed the Intel Darwin source code to their kernel. This is a second hand story that has not been officially confirmed by Apple. It's a second hand story reported in Slashdot that MAY be true but hasn't been confirmed yet. All that's happened is that Apple is late in posting the source code. Given the fact that Intel based machines are a really new thing for them, maybe we can cut them a bit of slack gotta take what you read in slashdot with a grain of salt (maybe a boulder of salt).When(if) it is confirmed ----well then I will join you in a rant or howl a the moon. In the meantime maybe we should wait and see ok?
Twitchy tells us a hacking story about something...
Paul also has a story about Best Buy!
== Billy's Browser PDC Wedding Vows - Johnny Long Sweeper Amazing Fecal Matter - News ==
[[Episode28Episode29]] Show Notes
== George Class Promo Josh Sweeper ==
Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa). What was the name style of the first move Jet Li acted in and what year was it producedKung Fu does he practice? Where was it shotBonus: What are his mandarin and cantonese names?
Core discount code impactbsg
SANS discount code is <pauldotcom>.
Thank you for listening,, Phone numberPauldotcom Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828

Navigation menu