Changes

From Security Weekly Wiki
Jump to navigationJump to search
739 bytes added ,  01:53, 11 October 2014
m
Text replacement - "[pauldotcom]" to "[Paul Asadoorian]"
= Shameless Plugs & General Announcements =
Welcome PaulDotCom Security Weekly - Episode 206 - For Thursday August 12, 2010.
* Sign up for "Advanced Vulnerability Scanning Using Nessus" being offered at [http://blog.brucon.org/2010/03/announcing-brucon-training-5-advanced.html Brucon]!
More info from rstewart [AT] tenable.com
 
=Episode Media=
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-SW-ep206.mp3 mp3 pt 1]
 
= Tech Segment: Mark Baggett =
[NOTE This is a follow up to Larry's segment in [http://pauldotcomsecurityweekly.com/wiki/index.php/Episode170 episode 170] ]
Back in Episode 197 Larry talked about talked about Reconnoiter. Reconnoiter builds a company specific list of usernames based upon linkedin.com profiles. I used the script in a recent penetration test and decided to use a similar approach to build custom password dictionaries for each user at the target company.
Pretty CeWL!
So [http://pauldotcomsecurityweekly.com/userpass.py here is the script]. Use it in good health!
[http://pauldotcomsecurityweekly.com/userpass.py userpass.py]
= Guest Interview: Barnaby Jack =
 
<center>[[File:Barnaby Jack-580-75.jpg]]</center>
<center>Barnaby Jack (1978-2013)</center>
 
'''UPDATE: As many have already learned, Barnaby Jack passed away shortly before his scheduled talk at Blackhat 2013 in Las Vegas. Barnaby was truly one of my infosec heroes, both his research and personality inspired me to be not only better professionally, but a better person as well. He will be missed greatly, and I am proud to have captured a small portion of Barnaby Jack's life that we can all listen to in the archives for years to come.'''
 
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-SW-ep206.mp3 Download Audio (mp3)]
Barnaby Jack is the Director of Research at IOActive Labs, where he focuses on exploring new and emerging threats, and recommending areas in which to concentrate IOActive's research efforts. He has over 10 years security experience and held research positions at Juniper Networks, eEye digital Security, and FoundStone. Over the course of his career, Jack has targeted everything from low-level Windows drivers to the exploitation of Automated Teller Machines.
= Stories For Discussion =
#[http://k2.cdn.okcimg.com/php/load_okc_image.php/images/16/150x150/558x800/0x237/1022x1259/0/11133580548048751245.jpeg Dlink new secueity security features?] - [Larry] - Sure DNSSEC. IPv^ a security feature? maybe because it will take me forever to find you. Captcha for admin pages? Hmmm, I thought those were mostly broken. Of course this does nothing to address human stupidity and poor default choices…
#[http://www.securitygeneration.com/security/iphone-4-0-2-patches-jailbreakme-vulnerabilities/ iPhone patches PDF flaw] - [Larry] A couple of things I found interesting here: One, that now PDF exploits are coming to other devices than just your PC. What's next? Two, it only took Apple 10 days to patch a vulnerability that wasn't "properly disclosed" (whatever that means). That is shocking, as often OSX vulns take weeks to acknowledge and patch. Three, Many news sources are claiming that "OMG, your iPhone is now safe!" , uhh, no, it will be some time, if ever before EVERYONE installs the update… user intervention is required.
#[http://blog.okcupid.com/ Image analysis] - [Larry] - I know a dating site. but here is some great things that you can find out with large collections of images. Apparently iPhone users have more secks. I've got some other research that I'm exploring around dating sites…stay tuned.
#[http://rss.feedsportal.com/c/32447/f/475521/s/c8db12d/l/0Lnews0Bcnet0N0C830A10E270A80A0I30E20A0A127220E2450Bhtml0Dpart0Frss0Gamp0Psubj0Fnews0Gamp0Ptag0F25470E10I30E0A0E20A/story01.htm an Interesting take on the Social Engineering contest] - [Larry] - From none other than Kevin Mitnick. Much resect to Kevin on his response and to the contest organizers.
#[http://www.hackerfactor.com/blog/index.php?/archives/391-Flash-Memory.html Decompiling Flash - A picture speaks a 1000 words] - [Larry] - Wow, gives great insight into stuff that makes it in to flash SWF items, some for stuff that was even unintended. I'll be looking at flash in a whole new way.
#[http://perimetergrid.com/wp/2010/08/10/the-trouble-with-fighting-your-users/ Jailbreaking = root exploit?] - [pauldotcomPaul Asadoorian] - Root exploits FTW! I still love my iPhone and Steve Jobs is still my hero, even though my phone has unpatched root exploits...#[http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/DxuI00nttOQ/password_complexity_is_lame.html Password Complexity Is Lame] - [PaulDotComPaul] - And I agree. With seemilingly unlimited computing power available cheaply to most attackers, cracking password hashes offline is trivial (be sure to check out Hashcat). Second, the Internet and systems are pretty fast, to brute-forcing can happen. Most don't implement account lockout, because, well, users can get locked out! It comes down to passwords being THE SUCK, and us needing to move to two-factor authentication. I like using an SSH key plus a password to gain access to a system.#[http://blog.tenablesecurity.com/2010/08/microsoft-patch-tuesday-roundup---august-2010---geronimo-edition.html My Patch Tuesday Update: Geronimo Edition] - [PauldotcomSecurity Weekly] - I just want everyone to know something about this update. Microsoft said that a mitigation to the SSL MITM bug was to use HTTP. Yes, I'm serious about this, why isn't everyone up in arms about it? They also FLAT OUT LIED in the latest round by saying that "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability." THAT IS A LIE!!!! PANTS ON FIRE!!!!#[http://securityvulns.com/Ydocument480.html Unauthenticated File Retrieval (traversal) within ColdFusion administration console] - [pauldotcomPaul Asadoorian] - this looks like a fun one to attack, consider some Google dorks like: inurl:CFIDE/administrator I'd use this to read files that contain credentials and other such fun! BTW, Adobe, your security SUCKS. PHP gets a load of crap, I think ColdFusion may be just as bad, worse even.#[http://wepma.blogspot.com/2010/08/nessus-false-positives-getting.html Removing plugins from a Nessus report] - [PauldotcomSecurity Weekly] - I know, Nessus, blah blah, I won't event talk about this one, just a heads up that you can use the Nessus GUI to do some pretty neat filtering, such as removing plugins from a Nessus report.#[http://whatthefuckismyinformationsecuritystrategy.com/ What the fuck is your information security strategy?] - [pauldotcomPaul Asadoorian] - Don't know the answer to that question? Just visit the site [http://whatthefuckismyinformationsecuritystrategy.com/ http://whatthefuckismyinformationsecuritystrategy.com/] and it will tell you! Its like the Oracle of information security, stating things like: "Audit and monitor identity access controls and apply visualization to metrics to demonstrate clear risk reduction to the enterprise" and "Apply secure architecture frameworks to emerging applications by promoting awareness and providing secure policy requirements to vendors" and my favorite: "Enable C-levels to achieve deeper penetration in business risk management by implementing a multidimensional security program that minimizes risk by maximizing accountability"
= Other Stories of Interest =

Navigation menu