This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out and check out the client side exploit and web application testing modules! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.
This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!
Announcements & Shameless Plugs
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 116 for July 31st, 2008
Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.
- PaulDotCom SANS Click-Through - Go there, register for fabulous SANS training! Go now!
- PaulDotCom Monthly Late Breaking Computer Attack Vectors Webcast - August ??th, 2:00PM EST
- ISC Podcast?
- ICE (Integrated Cyber Exercise) - Oct. 1-3 at SANS Las Vegas!
- Larry and I will each lead a team, names to be announced
- Attendance and participation is FREE, come join one of our teams!
- 4 Networks, 1) Attackers 2) Defenders 3) Public/Internetish 4) Spectator Room
- Looking for food/drink sponsor
- Featuring wireless, voip, and SCADA!
- DEFCON 16 - Larry will be there - Thursday, Quarks 2PM, Core Security Party - 6:30 PM, the Summit, 9:00PM. Saturday, podcasters meetup, Sunday, IOActive/StillSecure party.
- Help support pauldotcom with your donations. Visit http://pauldotcom.com and press the DONATE button.
Mini Tech Segment: Update to Larry's Hacker Keychain
- The list update -
- PNY 2 Gig USB - COFEE (Computer Online Forensic Evidence Extractor), for windows memory forensics. - Yes, I suspect that this will show up somewhere....
- Generic 512 Meg USB - Because sometimes you have to resort to sneakernet. I changed this to NTpasswd (via unetbootin), a simple password recovery tool...to hell with sneakernet. I can always use the guest for that...
- Sandisk 1 Gig U3 - USB Hacksaw with Gonzor payload. Yes, AV can kill this one. Yes it is modifyable to be able to change a few things to make it a little less obtrusive.
- Wants update -
- bootable, full featured Linux Distro - Ubuntu maybe? Got this one! Check out http://sourceforge.net/project/showfiles.php?group_id=198821 unetbootin], a windows tool that rocks for USB bootable distros.
- Winternals ERD bootable, or something similar to just change an admin password. Checked out nordahl, and trinity. Now I've got both.
- TSA safe screwdriver, something like this or more like this - I've failed on all of my ebay auctions thus far.
Paul's tech Segment?
Stories of Interest
Owned via updater - [Larry] - How about delivering exploits via an automatic update. The problem is that many of the automatic software update services for all of these software packages don't contain any authentication - it is all blind faith. Combine with a nice DNS cache poisoning attack and you get owned. Here's a link to evilgrade, Which implements this attack, DNS and all (plus more!)
Cisco NAT failure for DNS attack - [Larry] - This single issue appears to affect several different Cisco technologies when using NAT/PAT in front of your DNS server with either a PIX, ASA or IOS based device. The NAT/PAT translation as handled by the the Cisco device still leaves the ports un-randomized after the NAT/PAT translation. So, even though your server is patched and appropriately randomized, the Cisco device, can "un-randomize" it for you. Insert evil use for unpatched Cisco theory here.
Irony and HD Moore - [Larry] - HD Moore writes a metasploit module for the DNS attack. It gets used against an unpatched AT&T DNS server, and the Portions of hte BreakingPoint (metasploit parent company) internet traffic gets redirected fake google site. Owned. HD's quote "It's funny," he joked, "I got owned."
Information disclosure is good - [Larry] - ....but onot listening is bad. Some researchers discovered how to decode the high security Medeco locks utilizing a design flaw. It took a long time for Medeco to listen, and revert to an older style part. The other question is, where is the patch for all of the old locks?
Additional security for Gmail - [Larry] - Now you can force HTTPS connections for the entire session. This will also protect your cookies, which should prevent "sidejacking" or the hamster attack. This would be interesting to see if it works at the wall of sheep at DEFCON.
One fail begat another - [Larry] - Remember the story we reported on in the last episode about the issues with the San Francisco city network, and the admin not revealing the passwords? Well, to make matters worse, they ended up revealing the passwords in the documents for the legal proceedings. Now, not only they have to recover said passwords/devices, now they also have to change the passwords.
Open Source/Free OSX laptop locator - [Larry] something good to have on your laptop - this one is a free one for OSX. I wanted to look into something like this, as I shoul dhave something for DEFCON. Let's discuss the advantages/failures of some of the laptop asset tracking stuff.
iPhones in the enterprise - [Larry] - Sure, new toys are awesome, but don't forget to evaluate the security implications of those new gadgets. Discuss the implications of iPhones in the enterprise, and why ActiveSync may not do all you need.