This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out and check out the client side exploit and web application testing modules! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.
This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!
Announcements & Shameless Plugs
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 117 for August 10th, 2008
Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.
- PaulDotCom SANS Click-Through - Go there, register for fabulous SANS training! Go now!
- ICE (Integrated Cyber Exercise) - Oct. 1-3 at SANS Las Vegas!
- Larry and I will each lead a team, names to be announced
- Attendance and participation is FREE, come join one of our teams!
- 4 Networks, 1) Attackers 2) Defenders 3) Public/Internetish 4) Spectator Room
- Looking for food/drink sponsor
- Featuring wireless, voip, and SCADA!
- Help support pauldotcom with your donations. Visit http://pauldotcom.com and press the DONATE button.Note: Thanks to listener Ken for the donation!
- Paul is in Boston, TA for 560 and 401 bootcamp, giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security. This keynote will also be given at SANS Las Vegas in addition to SEC535, Network Security Projects Using Hacked Wireless Routers!
Mini-tech Segment - SamuraiWTF
Stories For Discussion
Barrier web toolbar - [Larry] - This is the toolbar that Dave Maynor was talking about during our panel at defcon. This toolbar integrates into the browser so that it can test site for some issues wile in use - verifying ssl, form input, etc. The only problem is that now that potentlal normal surfing from the client looks like a potential attack to the server. Not to mention, what are the implications of launching an "attack" against a host that you aren't authorized to attack. Plenty of questions, as the tool won't be released until Monday.
Hacked at Defcon - [Larry] - Did you use the defcon network? If you did, it is likely that your traffic was routed through a router in NYC, and then back again. Due to some flaws (in configuration?) of some routing protocols, two researchers were able to surreptitiously re-route all of the traffic...
Get us on the IT crowd! - [Larry] - The IT crowd has a call from all geeks to help spruce up the set for next season. Let's hack the vote and tell firstname.lastname@example.org that there are a couple of chaps that have this awesome podcast, and even have "HACK NAKED" stickers and t-shits they can provide to the show.
Pacemaker-B-Gone - [Larry] - remember that story a while back stating that I was scared about wirlessly programmable pacemakers? Some researchers presented at defcon about thier attepts at using GNU radio to access some of the reprogrammable bits. - with success in turning it off. EPIC FAIL.
Joomla fail. - [Larry] - Joomla (a content management system for websites) has a password reset vulnerability in versions 1.5.0 to 1.5.5. the hack appears easy - when authorizing a password reset, a "token" is required, however the system appears to accept invalid tokens, and performs the reset for the lowest numbered ID - typical the administrator.
targeting via social networks - Here's an imporant message - integrate examining social networks as part of an assessment. This splunk ad indicates hat John Topp is with a government agency, but Linkedin says otherwise.
Bring Sexy back - [Larry] - Erratasec is bringing sexy back. Ship an iPhone with SSH and wifi scanning to a client for wireless testing. Add metasploit, tcpdump and metasploit. and you have an awesome method of delivery. Now, me, I'd go for a WRTSL54GS in order to cut costs, especially if you accidentally leave it in the back of a cab.
Microsoft's open kimono - [Larry] - Microsoft is going to start revealing technical details about their patches before they are released. I'm guessing that it will only be to "select partners" so that they can begin creating signatures in advance of the patch release. This is intended to help thwart the reverse engineering race that happens every patch tuesday at 10:00AM