Difference between revisions of "Episode103"

From Security Weekly Wiki
Jump to navigationJump to search
Line 1: Line 1:
 +
[[Image:Sanslogo_vertical.jpg|frame|left|[http://www.sans.org/training/description.php?mid=682 SEC535 - Embedded Device Hacking Training]]]
 +
[[Image:Psw-logo.jpg|frame|left|[http://pauldotcom.com/videos/ PaulDotCom Security Weekly TV]]]
 +
[[Image:linksys.jpg|frame|left|[http://www.amazon.com/gp/product/1597491667?ie=UTF8&tag=pau0e-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1597491667 WRT54G Hacking Book]]]
 +
[[Image:tenablelogo-sm.jpg|frame|left|[http://www.tenablesecurity.com Unified Security Monitoring]]]  [[Image:corelogo-sm.png|frame|left|[http://www.coresecurity.com Worlds Best Penetration Testing Tool]]] <br style="clear:both" />
 +
 +
= Announcements & Shameless Plugs =
 +
 +
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 102 for March 20th, 2008
 +
 +
* [http://pauldotcom.com/sans/ PaulDotCom SANS Click-Through] - Helps pay for cool stuff and general insobriety
 +
* [http://pauldotcom.com/sans/ Network Security Projects Using Hacked Wireless Routers with Larry] Orlando, FL. on Thursday, April 24
 +
* [http://pauldotcom.com/sans/ Advanced Network Worm and Bot analysis with Steve Marcelino]  in N. Kingstown, RI on Tuesday March 25
 +
* [http://pauldotcom.com/sans/ Cutting Edge Hacking Techniques with Paul] in N. Kingstown, RI on April 15-16
 +
* [http://pauldotcom.com/sans/ Pen Test Summit] - June 2-3 to be attended by Larry
 +
* [http://oshean.org/events/detail.aspx?story=3765&section=235&year=2008 Rhode Island Linux Install Fest] - Come and install Linux, help people install Linux, install Linux on different devices and systems (at least show up for pizza and b**r)
 +
 +
= Tech Segment: Wesley McGrew Presents msramdmp =
 +
 +
 +
 
= Stories For The Week =
 
= Stories For The Week =
  
Line 4: Line 24:
  
 
http://www.redenvelope.com/re/gifts/product_display/product_information.jsp?nc=1&oid=25642760
 
http://www.redenvelope.com/re/gifts/product_display/product_information.jsp?nc=1&oid=25642760
 +
 +
[http://isc.sans.org/diary.php?storyid=4213&rss Information Gathering via LinkedIn] - [Larry] - Sure, gathering information on folks via LinkedIn isn't new, but LinkedIn's new tool Company Profile Pages, make it even easier to gather and correlate information on a potential target.  LinkedIn is doing all of the legwork for you! - recent promotions and new hires?  Guess who may not be up on all of the new corporate security?  Perfect victim!  Companies have no way to regulate, or what gets put on the site by the private employees...
 +
 +
[http://hamsterswheel.com/techblog/?p=55 Karma and Metasploit coming together?] - [Larry] I think I need a tissue.  Let's talk about the implications, and how sexy this could be.
 +
 +
[http://www.networkworld.com/news/2008/040208-untangle-deep-throat-fight-club.html?fsrc=rss-security Testing web filters for...porn] - [Larry] - gotta love a project called Deep Throat Fight Club...sounds like a porn movie.  Untangle is testing web filters with scripts to see the actual rate and detection of blocking porn, at a San Francisco (uh oh) bar.  This is a PDC story through and through - a bar, porn, fight club.  and yes, you guessed it, a lesson on testing and validating your installations.
 +
 +
[http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9073938&source=rss_topic17 Scanning Skype's encrypted IM] - [Larry] - E-bay has struck a deal to allow FaceTime access to their crypto so that they can actively monitor Skype IM traffic - presumably for monitoring in the financial service market.  No mention about the VOIP traffic.  Either way, I'd like to see the crypto be made public so that everyone can use it...or...
 +
 +
[http://www.networkworld.com/news/2008/033108-pgp-publishes-apis.html?fsrc=rss-security PGP publishes encryption APIs] - [Larry] - Excellent.  Now, I don't want to hear any more excuses as to why you went and developed your own, in house crypto algorithm, or poorly implemented a good one.  Aside form the licensing costs, of course...
 +
 +
[http://feeds.feedburner.com/~r/RandomThoughtsFromJoelsWorld/~3/259031271/new-podcast-hits-airwaves.html A New Security Podcast] - [Larry] - Sure, we rock, but you should take all available avenues to get information.  I haven't had time to listen, but with names like Jhoannes Ullrich and Joel Esler there HAS to be some gems here.
 +
 +
  
 
= Listener Submitted =
 
= Listener Submitted =
Line 9: Line 43:
  
 
= For Your Enjoyment =
 
= For Your Enjoyment =
 +
 +
[http://feeds.feedburner.com/~r/ICanHasCheezburger/~3/259254377/ Beer snobs!] - [Larry] - Yes, yes we are.
 +
 +
[http://www.youtube.com/watch?v=r8tXjJL3xcM& Lala (Tiki Bar) Showers Video] - [Larry] - This is a work of art.  I <3 Lala.  I <3 Tiki Bar Tv.  This is why.
  
 
[http://www.frontalot.com/media.php/325/MC_Frontalot_SFTF_%2801%29_Secrets_From_The_Future.mp3 MC Frontalot raps about encryption] - [Securethoughts] You gotta hear this stuff, lol. He's good ;) Here are the [http://www.frontalot.com/index.php/?page=lyrics&lyricid=41 lyrics]. "You can't hide secrets from the future with math" Classic.
 
[http://www.frontalot.com/media.php/325/MC_Frontalot_SFTF_%2801%29_Secrets_From_The_Future.mp3 MC Frontalot raps about encryption] - [Securethoughts] You gotta hear this stuff, lol. He's good ;) Here are the [http://www.frontalot.com/index.php/?page=lyrics&lyricid=41 lyrics]. "You can't hide secrets from the future with math" Classic.
  
 
[http://www.philzimmermann.com/images/responsible_behavior.png Paul and/or Larry after a party] - [Securethoughts] Watch out what you sign!
 
[http://www.philzimmermann.com/images/responsible_behavior.png Paul and/or Larry after a party] - [Securethoughts] Watch out what you sign!
 +
 +
 +
 +
[[Image:Psw_poweredby.png]]
 +
 +
[[Category:Show Notes]]

Revision as of 19:18, 3 April 2008


Announcements & Shameless Plugs

Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 102 for March 20th, 2008

Tech Segment: Wesley McGrew Presents msramdmp

Stories For The Week

http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml

http://www.redenvelope.com/re/gifts/product_display/product_information.jsp?nc=1&oid=25642760

Information Gathering via LinkedIn - [Larry] - Sure, gathering information on folks via LinkedIn isn't new, but LinkedIn's new tool Company Profile Pages, make it even easier to gather and correlate information on a potential target. LinkedIn is doing all of the legwork for you! - recent promotions and new hires? Guess who may not be up on all of the new corporate security? Perfect victim! Companies have no way to regulate, or what gets put on the site by the private employees...

Karma and Metasploit coming together? - [Larry] I think I need a tissue. Let's talk about the implications, and how sexy this could be.

Testing web filters for...porn - [Larry] - gotta love a project called Deep Throat Fight Club...sounds like a porn movie. Untangle is testing web filters with scripts to see the actual rate and detection of blocking porn, at a San Francisco (uh oh) bar. This is a PDC story through and through - a bar, porn, fight club. and yes, you guessed it, a lesson on testing and validating your installations.

Scanning Skype's encrypted IM - [Larry] - E-bay has struck a deal to allow FaceTime access to their crypto so that they can actively monitor Skype IM traffic - presumably for monitoring in the financial service market. No mention about the VOIP traffic. Either way, I'd like to see the crypto be made public so that everyone can use it...or...

PGP publishes encryption APIs - [Larry] - Excellent. Now, I don't want to hear any more excuses as to why you went and developed your own, in house crypto algorithm, or poorly implemented a good one. Aside form the licensing costs, of course...

A New Security Podcast - [Larry] - Sure, we rock, but you should take all available avenues to get information. I haven't had time to listen, but with names like Jhoannes Ullrich and Joel Esler there HAS to be some gems here.


Listener Submitted

For Your Enjoyment

Beer snobs! - [Larry] - Yes, yes we are.

Lala (Tiki Bar) Showers Video - [Larry] - This is a work of art. I <3 Lala. I <3 Tiki Bar Tv. This is why.

MC Frontalot raps about encryption - [Securethoughts] You gotta hear this stuff, lol. He's good ;) Here are the lyrics. "You can't hide secrets from the future with math" Classic.

Paul and/or Larry after a party - [Securethoughts] Watch out what you sign!


Psw poweredby.png