= Shameless Plugs & General Announcements =
PaulDotCom Security Weekly - Episode 206 - For Thursday August 12, 2010.
* Sign up for "Advanced Vulnerability Scanning Using Nessus" being offered at [http://blog.brucon.org/2010/03/announcing-brucon-training-5-advanced.html Brucon]!
More info from rstewart [AT] tenable.com
= Tech Segment: Mark Baggett =
[NOTE This is a follow up to Larry's segment in [http://
pauldotcom.com/wiki/index.php/Episode170 episode 170] ]
Back in Episode 197 Larry talked about talked about Reconnoiter. Reconnoiter builds a company specific list of usernames based upon linkedin.com profiles. I used the script in a recent penetration test and decided to use a similar approach to build custom password dictionaries for each user at the target company.
pauldotcom.com/userpass.py here is the script]. Use it in good health!
= Guest Interview: Barnaby Jack =
Barnaby Jack is the Director of Research at IOActive Labs, where he focuses on exploring new and emerging threats, and recommending areas in which to concentrate IOActive's research efforts. He has over 10 years security experience and held research positions at Juniper Networks, eEye digital Security, and FoundStone. Over the course of his career, Jack has targeted everything from low-level Windows drivers to the exploitation of Automated Teller Machines.
= Stories For Discussion =
#[http://k2.cdn.okcimg.com/php/load_okc_image.php/images/16/150x150/558x800/0x237/1022x1259/0/11133580548048751245.jpeg Dlink new
secueity features?] - [Larry] - Sure DNSSEC. IPv^ a security feature? maybe because it will take me forever to find you. Captcha for admin pages? Hmmm, I thought those were mostly broken. Of course this does nothing to address human stupidity and poor default choices…
#[http://www.securitygeneration.com/security/iphone-4-0-2-patches-jailbreakme-vulnerabilities/ iPhone patches PDF flaw] - [Larry] A couple of things I found interesting here: One, that now PDF exploits are coming to other devices than just your PC. What's next? Two, it only took Apple 10 days to patch a vulnerability that wasn't "properly disclosed" (whatever that means). That is shocking, as often OSX vulns take weeks to acknowledge and patch. Three, Many news sources are claiming that "OMG, your iPhone is now safe!" , uhh, no, it will be some time, if ever before EVERYONE installs the update… user intervention is required.
#[http://blog.okcupid.com/ Image analysis] - [Larry] - I know a dating site. but here is some great things that you can find out with large collections of images. Apparently iPhone users have more secks. I've got some other research that I'm exploring around dating sites…stay tuned.
#[http://rss.feedsportal.com/c/32447/f/475521/s/c8db12d/l/0Lnews0Bcnet0N0C830A10E270A80A0I30E20A0A127220E2450Bhtml0Dpart0Frss0Gamp0Psubj0Fnews0Gamp0Ptag0F25470E10I30E0A0E20A/story01.htm an Interesting take on the Social Engineering contest] - [Larry] - From none other than Kevin Mitnick. Much resect to Kevin on his response and to the contest organizers.
#[http://www.hackerfactor.com/blog/index.php?/archives/391-Flash-Memory.html Decompiling Flash - A picture speaks a 1000 words] - [Larry] - Wow, gives great insight into stuff that makes it in to flash SWF items, some for stuff that was even unintended. I'll be looking at flash in a whole new way.
#[http://perimetergrid.com/wp/2010/08/10/the-trouble-with-fighting-your-users/ Jailbreaking = root exploit?] - [
pauldotcom] - Root exploits FTW! I still love my iPhone and Steve Jobs is still my hero, even though my phone has unpatched root exploits...#[http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/DxuI00nttOQ/password_complexity_is_lame.html Password Complexity Is Lame] - [ PaulDotCom] - And I agree. With seemilingly unlimited computing power available cheaply to most attackers, cracking password hashes offline is trivial (be sure to check out Hashcat). Second, the Internet and systems are pretty fast, to brute-forcing can happen. Most don't implement account lockout, because, well, users can get locked out! It comes down to passwords being THE SUCK, and us needing to move to two-factor authentication. I like using an SSH key plus a password to gain access to a system.#[http://blog.tenablesecurity.com/2010/08/microsoft-patch-tuesday-roundup---august-2010---geronimo-edition.html My Patch Tuesday Update: Geronimo Edition] - [ Pauldotcom] - I just want everyone to know something about this update. Microsoft said that a mitigation to the SSL MITM bug was to use HTTP. Yes, I'm serious about this, why isn't everyone up in arms about it? They also FLAT OUT LIED in the latest round by saying that "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability." THAT IS A LIE!!!! PANTS ON FIRE!!!!#[http://securityvulns.com/Ydocument480.html Unauthenticated File Retrieval (traversal) within ColdFusion administration console] - [ pauldotcom] - this looks like a fun one to attack, consider some Google dorks like: inurl:CFIDE/administrator I'd use this to read files that contain credentials and other such fun! BTW, Adobe, your security SUCKS. PHP gets a load of crap, I think ColdFusion may be just as bad, worse even.#[http://wepma.blogspot.com/2010/08/nessus-false-positives-getting.html Removing plugins from a Nessus report] - [ Pauldotcom] - I know, Nessus, blah blah, I won't event talk about this one, just a heads up that you can use the Nessus GUI to do some pretty neat filtering, such as removing plugins from a Nessus report.#[http://whatthefuckismyinformationsecuritystrategy.com/ What the fuck is your information security strategy?] - [ pauldotcom] - Don't know the answer to that question? Just visit the site [http://whatthefuckismyinformationsecuritystrategy.com/ http://whatthefuckismyinformationsecuritystrategy.com/] and it will tell you! Its like the Oracle of information security, stating things like: "Audit and monitor identity access controls and apply visualization to metrics to demonstrate clear risk reduction to the enterprise" and "Apply secure architecture frameworks to emerging applications by promoting awareness and providing secure policy requirements to vendors" and my favorite: "Enable C-levels to achieve deeper penetration in business risk management by implementing a multidimensional security program that minimizes risk by maximizing accountability"
= Other Stories of Interest =