= Shameless Plugs & General Announcements =
PaulDotCom Security Weekly - Episode 184 - For Thursday January 20th, 2010
pauldotcom.com/2009/12/practical-kung-fu-webcast-seri.html Upcoming webcasts] - Cenzic is sponsoring a webcast on Tuesday, January 26, 2010 on tips to be a better web application penetration tester. [http:// pauldotcom.com/2009/12/practical-kung-fu-webcast-seri.html Register TODAY!!!] http:// pauldotcom.com/2009/12/practical-kung-fu-webcast-seri.html
* [http://www.defensiveintuition.com/ Defensive Intuition] - We are also sponsored by Defensive Intuition. Defensive Intuition is the provider of many security consulting services: penetration testing, physical assessments, and social engineering. Defensive Intuition: Owning your boxes, 7 ways to Sunday!
* [http://www.sans.org/info/46903 Community SANS: Sec 542 Web Application Penetration Testing] - SANS is pleased to announce Community SANS Providence, starting March 28th. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University.
* Shmoocon - This will be the next big conference that we will all be attending. We will have t-shirts and other special things to give away and sell. No, we are not selling the interns (who will both be there, btw). So come find us at the booth for all things
PaulDotCom including free stickers, and PaulDotCom complete works DVDs!
= Guest Interview: [http://www.methodvue.com/ Eric Fiterman] =
#How do you approach forensics investigations in the "Cloud"?
#What are your favorite forensics tools?
#Your approach at Methodvue seems to be quite different than most companies that operate in a similar space. Specifically, your "threat intelligence" model seems to be an approach that we at
PaulDotCom have been yelling about for a long time. How's this being received by the business community?
#Your IR/Forensics approach appears to be more holistic than traditional offerings at other security providers. What are the things IR/Forensics pros need to do to "up" their game?
#Please expound on the governance component of Methodvue's mission statement "Methodvue is a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance." The tech side is great at protecting the tech... but we (as an industry in general) are really awful at the "non tech" portion of security. What are some of the bigger gaps and how can we address them?
#Yesterday, you [http://blogs.govinfosecurity.com/posts.php?postID=421 published an article] on dealing with China in the post-Aurora world. What are your thoughts on what happened to Google?
Can Chris Nickerson handle a 2 fer ? =
= Stories For Discussion =
#[http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/fwrjg52YrUc/ Major Virus Outbreak AT Univerisity] - [
pauldotcom] - Wow, I've been there for sure! I think enough time has passed where I can speak more candidly about what its like to do incident reponse in that environment. Its challenging, you need patience, more patience, and scotch, lots of scotch. They did say they were seeing stuff that no one else has seen. this is quite possible, we would often get malware samples before anyone else. Why? Its almost as if the black hats used Universities as a testing ground to see how stuff would perform and react. seriously.#[IE 0-day - big deal?] - [ pauldotcom] - wow, where to begin? what a load of FUD. One thing I take issue with is the advice being published by many sources, including Microsoft, before the patch was released was to upgrade to the latest version of Internet Explorer (Version 8). In addition, it was recommended that users enable DEP on all Windows systems and be certain that Service Pack 3 is installed if the system is running Windows XP. The recommended technology has been available for quite some time, so this is a good opportunity to be proactive with your security program. Don't let an unpatched vulnerability that is receiving tons of press dictate your security program. #[http://securitybraindump.blogspot.com/2010/01/open-source-vulnerability-database.html OSVDB Interview with Jake Kouns] - [ pauldotcom] - This was an interview I did on the Tenable podcast. I found out more stuff about OSVDB, and I really like it. Not only does the search feature rock, but there is so much there. For instance, you can create watch lists to track vendors and sofware vulnerabilities. Also, you can subscribe to one mailing list which is an aggregate of several security lists from vendors. It totally rocks. Make sure you sign up and make a donation.
#[http://www.microsoft.com/technet/security/advisory/979682.mspx Vulnerability in 32-bit Windows Kernel Could Allow Elevation of Privilege] - [mikep] -Looks like this one has been hanging around for 17 years! Read on for Microsoft Security Advisory (979682) details.
= Other Stories Of Interest =
#[http://arstechnica.com/open-source/news/2010/01/hands-on-firefox-36.ars Firefox 3.6 FTW!] - [mikep] - This version adds in "PluginCheck" which gives the browser the ability to make the user aware when a vulnerable plug-in is detected.
[http://blog.makezine.com/archive/2010/01/kitchen_computer.html I want one!]