= Announcements & Shameless Plugs =
Live from the
PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 122 for September 11th, 2008
PaulDotCom Security Weekly, a show for security professionals, by security professionals. This week with a special guest in the studio!
pauldotcom.com/sans/ PaulDotCom SANS Click-Through] - Go there, register for fabulous SANS training! Go now!
* [http://www.whitewolfsecurity.com/ice2.htm ICE (Integrated Cyber Exercise) - Oct. 1-3 at SANS Las Vegas!] - Interview in this episode!
* NS2008! Paul giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security and teaching SEC535, Network Security Projects Using Hacked Wireless Routers! Don't forget our live podcast immediately following!
* [http://www.sans.org/mentor/details.php?nid=12904 "I met you yesterday at SANS and was wondering if you could help me promote my mentor session of SEC508 starting on September 23rd. If you could forward this invitation onto your network of contacts, that would be awesome."] - Evan
* Beer, Facebook, Linkedin, Twitter
= Jay Beale Interview =
Thanks and I promise to catch up on all the past shows.
= Stories Of Interest =
[http://feeds.engadget.com/~r/weblogsinc/engadget/~3/387757277/ Cheap SSD Drives] - [Larry] great, they are getting cheap - 32 Gig for $99, although slower and more power hungry than spinning disk. I bring this up, because the SSD drives provide a significant barrier to recovering deleted and or modified. This makes it very difficult to perform any type of forensics on these drives. How, as an industry do we deal with this situation? Not allow for system disks to utilize SSD?
[http://www.heise-online.co.uk/security/USB-stick-with-hardware-AES-encryption-has-been-cracked--/features/111194 Encryption is great!] - [Larry] - but bad implementations, and those that retrieve encrypted passwords are bad. We say all the time to use tried and try encryption algorithms, an this USB key manufacturer did just that. However, they added the ability for the password that is also used to access the device to be checked against a history of passwords. This function resides in memory, and brute force of the passwords can be conducted.
[http://www.heise-online.co.uk/security/USB-stick-with-hardware-AES-encryption-has-been-cracked--/features/111194 SCADA Attack released] - [Larry] - No offense to Kevin, but this is a re-implementation of the attack released by CORE a month or so back. So why does this one seem to get more press? This implementation is a Metasploit module. Yep, you can attack the latest in SCADA vulnerabilities for free.
[http://hardware.slashdot.org/article.pl?sid=08/09/08/2246203&from=rss You own the hardware] - [Larry] - You own the hardware, so tinker with it. There is already some folks poking at the Esquire magazine E-ink cover. Sure, not a device that has huge security implications, but take ownership of all of the other small (or large) devices that you network in your home or office.
[http://news.cnet.com/8301-1009_3-10035580-83.html?part=rss&subj=news&tag=2547-1009_3-0-20 Twitter to spread malware] - [Larry] - I'd have liked to see more, less user interaction. See blog post.