Announcements & Shameless Plugs
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 102 for March 20th, 2008
- PaulDotCom SANS Click-Through - Helps pay for cool stuff and general insobriety
- Network Security Projects Using Hacked Wireless Routers with Larry Orlando, FL. on Thursday, April 24
- Advanced Network Worm and Bot analysis with Steve Marcelino in N. Kingstown, RI on Tuesday March 25
- Cutting Edge Hacking Techniques with Paul in N. Kingstown, RI on April 15-16
- Pen Test Summit - June 2-3 to be attended by Larry
- Rhode Island Linux Install Fest - Come and install Linux, help people install Linux, install Linux on different devices and systems (at least show up for pizza and b**r)
Tech Segment: Wesley McGrew Presents msramdmp
Stories For The Week
Information Gathering via LinkedIn - [Larry] - Sure, gathering information on folks via LinkedIn isn't new, but LinkedIn's new tool Company Profile Pages, make it even easier to gather and correlate information on a potential target. LinkedIn is doing all of the legwork for you! - recent promotions and new hires? Guess who may not be up on all of the new corporate security? Perfect victim! Companies have no way to regulate, or what gets put on the site by the private employees...
Karma and Metasploit coming together? - [Larry] I think I need a tissue. Let's talk about the implications, and how sexy this could be.
Testing web filters for...porn - [Larry] - gotta love a project called Deep Throat Fight Club...sounds like a porn movie. Untangle is testing web filters with scripts to see the actual rate and detection of blocking porn, at a San Francisco (uh oh) bar. This is a PDC story through and through - a bar, porn, fight club. and yes, you guessed it, a lesson on testing and validating your installations.
Scanning Skype's encrypted IM - [Larry] - E-bay has struck a deal to allow FaceTime access to their crypto so that they can actively monitor Skype IM traffic - presumably for monitoring in the financial service market. No mention about the VOIP traffic. Either way, I'd like to see the crypto be made public so that everyone can use it...or...
PGP publishes encryption APIs - [Larry] - Excellent. Now, I don't want to hear any more excuses as to why you went and developed your own, in house crypto algorithm, or poorly implemented a good one. Aside form the licensing costs, of course...
A New Security Podcast - [Larry] - Sure, we rock, but you should take all available avenues to get information. I haven't had time to listen, but with names like Jhoannes Ullrich and Joel Esler there HAS to be some gems here.
For Your Enjoyment
Beer snobs! - [Larry] - Yes, yes we are.
Lala (Tiki Bar) Showers Video - [Larry] - This is a work of art. I <3 Lala. I <3 Tiki Bar Tv. This is why.
Paul and/or Larry after a party - [Securethoughts] Watch out what you sign!