Changes

From Security Weekly Wiki
Jump to navigationJump to search
9,808 bytes added ,  16:28, 29 June 2017
m
Text replacement - "\{\{\#ev\:bliptv\|(.*)\}" to "\[https://youtube.com/securityweeklytv Visit The Security Weekly YouTube Channel for all of our latest videos\!\]"
= Announcements & Shameless Plugs =
PaulDotCom Security Weekly - Episode 268 for Thursday December 1st, 2011.
* Check out our new shows: [http://hacknaked.tv Hack Naked TV] with John Strand, [http://www.hacknakedatnight.tv Hack Naked At Night] with Larry and Darren, [http://pauldotcomsecurityweekly.com/wiki/index.php/PaulDotCom_Espanol PaulDotCom Security Weekly Espanol] with Carlos Perez, and our only non-computer security related show dedicated to Cigar Enthusiasts [http://www.stogiegeeks.com Stogie Geeks] with Paul Asadoorian and Tim "BugBear" Mugherini.
* Larry is teaching [http://www.sans.org/san-antonio-2011/description.php?tid=4432 SEC580 Metasploit Kung Fu for Enterprise Pen Testing] in San Antonio, TX December 4-5. Want 10% off of every class in San Antonio? Use the discount code Larry-SA10.
* Don't forget to [http://pauldotcomsecurityweekly.com/ Read our blog], [http://mail.pauldotcomsecurityweekly.com/listinfo Participate on our mailing list], [http://pauldotcomsecurityweekly.com/insider/ Visit PaulDotCom Security Weekly Insider], [http://twitter.com/pauldotcom Follow securityweeklyFollow us on Twitter], [irc://irc.freenode.net/pauldotcom Join securityweeklyJoin the IRC channel at irc.freenode.net #pauldotcomsecurityweekly], [http://pauldotcom.blip.tv /securityweekly Watch our Videos] and [http://www.facebook.com/therealpauldotcom pages/Security-Weekly/56074056651 Add us on Facebook] where we can be "friends"
* BSides, BSides, [http://www.securitybsides.com/w/page/12194156/FrontPage BSides everywhere]
 
=Episode Media=
 
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-268-Part1.mp3 MP3 pt 1]
 
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-268-Part2.mp3 MP3 pt 2]
= Guest Interview: Scott Moulton=
<center>\[https://youtube.com/securityweeklytv Visit The Security Weekly YouTube Channel for all of our latest videos\!\]}</center>
6:00 PM EDT
Scott Moulton is known both for his trademark 'Forensic Unit' hat and his unholy knack for finding new data recovery techniques the other experts don't want you to know. Scott is owner of both [http://myharddrivedied.com My Hard Drive Died.com] and [http://www.ForensicStrategy.com Forensic Strategy Services] and fills his days recovering data from all kinds of storage devices, testifying in court, and teaching others to do data recovery.
#What are some of the forensic challenges with SSD drives?
#Tell us about your recent SkydogCon talk about SHA1 Hashes.
#Are you surprised by Wired's findings on [http://myharddrivedied.com/blog/cell-phone-providers-retention-periods cell phone provider retention periods]?
#In 1999, you were the first person arrested for Port Scanning. What was it like to be featured in the NMAP book by Fyodor ?#In 2006, you were the first person that prosecutors attempted to go after for doing computer forensics without a Private Investigators License while testifying on the stand in a criminal case in Georgia. Is that what started the mess about computer forensics having to be Private Investigators in various states?
<center>[[File:Scott Moulton.jpg]]</center>
= Special Guest Tech Segment: Chris Pogue Ariel Waissbein, Anibal Sacco and Matias Eissler talk OS X sandbox =
7PM EST
Chris is a Ariel, Anibal, and Matias are respectively, Director, Senior Exploit Writer, and Senior Developer at [http://corelabs.coresecurity.com/ CoreLabs], the research center of Core Security Consultant . While their research focus is in attack technologies for workstations, servers and web applications, they're on tonight to discuss their [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=CORE-2011-0919 recent research on Bypassing the Trustwave SpiderLabsOS X Sandbox].  #How is this vulnerability different than [https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-08-Miller-Hacking-OSX.pdf Charlie Miller Black Hat Japan 2008 talk]?#How was the reporting process with Apple? == Bios ==Ariel Waissbein is the head of CoreLabs, the company's research and development center. As such, a Former US Army Signal Corps Warrant Officer he is responsible for all day-to-day research and publishing activities as well as driving and Member of protecting the United States Secret Service Miami Electronic Crimes Task ForceCore's intelectual property. Lately, he co-lead the team that devised Core CloudInspect an automated pentesting service run from and targeting Amazon Web Services. Waissbein holds an undergraduate degree in Mathematics from Buenos Aires Univerity and is Author a Ph.D candidate in this same university. Prior to joining Core he started his career in research in the academia, within the realm of “Unix geometric elimination and computational number theory. We host a lot of information in Core's Research website:http://corelabs.coresecurity.com/ Anibal Sacco is a Sr Exploit Writer and Reverse Engineer at CORE Security Technologies.He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux Forensic Analysis” by Syngressfor 6 years. Focusingfirst in windows kernel-mode vulnerabilities and rootkit development, and lately in OSX vulnerabilities. Chris  Anibal is on to give us an overview currently in charge of his forensic methodology known the OS X exploits area and as Sniper Forensicsresearcher, he has talked in some of the most important security conferences likeBlack Hat, CanSecWest, SyScan and Ekoparty. He also published several advisories addressing different vulnerabilities. More information can befound at: http://corelabs.coresecurity.com/ Anibal's main interests are: Reverse engineering, vulnerability research, network security, malware analysis, whose users include both fuzzing and embbeded devices.  Matias Eissler is a Sr. Developer at Core Security. He has been working on the FBI fields of information gathering, attack planning, file infection and client-side capabilities. Lately he has joined the United States Secret ServiceExploit Writing Team where he contributes with exploit effectiveness and reliability.  = Stories For Discussion =
== Larry's Stories ==
<center>#[https://community.rapid7.com/community/metasploit/blog/2011/11/30/test-results-for-javarhino The Rhino in the Room] - [FileLarry] - Yikes, a cross platform Java exploit, tested by Rapid7 on Windows, Ubuntu and OSX, albeit recently patched. I wholeheartedly agree with a quote from @Viss - I cant wait to use this with SET.#[http:Pogue_Head//www.theregister.jpgco.uk/2011/11/30/smartphone_spying_app/ Carrier IQ] - [Larry] Interesting. Data gathering of all data-ish traffic on your phone, including EVERYTHING typed into the phone. Scary. First off, how is a normal person supposed to be able to detect this? The point is, they aren't….#[https://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-digit-password-secure-internet-facing-scada-system-112011 3 Character passwords is not APT]- [Larry]<= OMG SCADA HAX! While we've heard reports lately about water pumps blowing up after hacks, which the FBI says isn't true (coverup maybe?), another hacker was upset. So, the new hacker makes their own statement by allegedly compromising A Seimens HMI system that was internet accessible with a 3 character password. Wow, not only are the folks who implement and maintain SCADA-ish networks not learning about internet connectivity issues, the password thing is inexcusable.#[http:/center>/news.hitb.org/content/us-police-use-radio-encryption-stop-iphone-eavesdropping Encrypted wireless for Law enforcement] - [Larry] - Ok, claims that criminals are using fixed radios with remote access via smartphones to monitor law enforcement radio comms. Ok, cool, so law enforcement says that they will encrypt communications. I wonder if they will attempt to use P-25, or something else. Of course this becomes interesting if they are using public radio space…#[http://rss.computerworld.com/~r/computerworld/s/feed/topic/17/~3/E9tF86-neck/Enterprises_struggle_to_update_browser_plug_ins Update broswer plugins?] - [Larry] - So, we've done a better job of updating our OSes (arguably), a little bit better job of updating third party apps (marginally), and a decent job of updating our browsers (as a part of the OS, irony much?), but how about those browser plugins? (Shockwave, Adobe, etc.), yeah, we don't have a real great insight into browser plugins and maintenance. In many cases, we can;t restrict our users from what they install, let alone if they use a different browser. What are we to do?#[http://www.xssed.com/mirror/68863/ SAY IT ISN'T SO!] - [Larry] - Yeah, there is a reported XSS vulnerability in the search function of freeporn.com. Ok guys. I get it and the jokes about porn, compromises and sex selling, but please, lay off the pr0n hax. Especially the free stuff. Oh, or, fix your shit.
[http://www.thedigitalstandard.blogspot.com/ Author of the blog, “The Digital Standard"]== Paul's Stories ==
#Why do [http://hackaday.com/2011/11/30/network-monitoring-panel-built-from-the-it-department-junk-heap/ Network monitoring panel built from the IT Department junk heap] - Really cool usage of old technology, using Nagios, this dude built a network monitoring panel. Sometime security boils down to good systems administration. Ideally you know about stuff before it breaks. When you consider digital forensics tougher than other forensics fields?can't, know about it as soon as possible, and monitoring tools like this are really important. Except when your boss wants to walk by this all the time and ask why something is down, even though it may be normal, so be careful who sees it.#What[http://blog.imperva.com/2011/11/hackers-publish-un-credentials.html Hackers Publish UN Credentials] - There are two security fails here. The first, is SQL injection. I don't know when we're gonna be able to convince people that there are problems with applications that face the Internet that need to be prevented. Ideally, security testing is part of your QA proces (yes, that means there is a QA process in the first place). And the QA teams find the problems before they go public. SQL injection is pretty easy to find, harder to exploit in some cases, but pretty easy to find with today's "Shotgun Forensics" modern tools. So, if your letting attackers find it for you, shame on you. If your not scanning your Internet facing systems on a daily basis, shame on you (better yet your Internet facing IP addresses). Don't forget, its one thing to scan them, and another to actually fix the problems! Also, have and enforce a password complexity policy on all your applications that support it, please. Much of the password insecurity can be stemmed off by simply requiring a 10 character password. I was helping someone the other night and their domain password for their job was "Sniper Forensicsnew".#[http://nakedsecurity.sophos.com/2011/11/30/was-police-chiefs-computer-hacked-by-journalists/ Was police chief’s computer hacked by journalists?] - This is not journalism at its finest, again, permission is important.#What [http://www.theregister.co.uk/2011/11/30/hp_probes_fire_started_printer_vuln/ HP douses firebomb printer hack threat] - Could you set a printer on fire? HP claims that the thermal controls are outside the Guiding Principles scope of the firmware. This is likely true, though they also claim that firmware updates are validated since 2009, but researchers are displuting it. Look, this is a big deal if you can put your own firmware easily on a printer, and send yourself all the print jobs in the entire company. If it turns out to fall short of that, its not a big deal. I hope its true, because we'd use this on every pen test, not just to say "ha ha, you forgot to update your printers", but to collect information about the company for Sniper Forensics?other attacks. Pen testing is about stringing information and vulnerabilities together to achieve your goals, then make real recommendations for improved security (which should always be more than "patch yo' shit").#Bring us thru Timeline Analysis [http://venturebeat.com/2011/11/29/new-apple-tv-may-be-optimized-for-motion-sensitive-controllers-siri/ New Apple TV may be optimized for motion sensitive controllers & Siri] - what it is I'm just sayin', I want one. However, I wonder if the motion will be Bluetooth and why if the Siri can be hacked even more. Might be a fun project.#[http://securityweekly.com/2011/11/more-csrf-made-easy-w-xssf.html More CSRF Made Easy w/ XSSF] - Go John, Go John, its importantyour birthday.#How have attackers changed [http://securityweekly.com/2011/11/cracking-md5-passwords-with-bo.html Cracking MD5 Passwords with respect BozoCrack] - So simple, yet so awesome. Use Google to memory dumping and other operations?crack passwords. Nuf' said, learn it use it know it.#Tell us what [http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/ Apple Took 3 things all malware must do+ Years to Fix FinFisher Trojan Hole] - Look, Apple sucks at security, OS X gets viruses. The post from the Apple fanboy is just ridculous.#What are some good tips for malware This is a real problem thatwent unaddressed. Apple sucks, they should have fixed it. They don's packed or obfuscated?t pay attention to security nearly enough. But for some reason, i still use their products...#Nick indicated [https://365.rsaconference.com/blogs/mike-gentile/2011/11/28/a-quick-test-to-see-who-is-lazy-and-who-is-not-in-the-organization A Quick Test to See Who is Lazy and Who is Not in The Organization] - We all hate this guy: ''"when someone will sit there were forever to take that very last drop, look around to see if anyone is watching, and then vanish into the ether without putting in a new bottle."''. But we've all been "that guy" at some interesting cases you were working point too. However, I bet there is a correlation between the guy who runs from an empty water bottle, and the guy whose password is "new". I might observe the water cooler onthe next pen test. Please share!

Navigation menu