- Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
- Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
- Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!
Shameless Plugs & General Announcements
PaulDotCom Security Weekly - Episode 184 - For Thursday January 20th, 2010
- Upcoming webcasts - In January we will be doing two webcasts. Core Security will be sponsoring one, and Cenzic will be sponsoring the other. John Strand and myself will be speaking about client side exploitation for the Core webcast, and tips to be a better web application penetration tester for the Cenzic one. Register TODAY!!! http://pauldotcom.com/2009/12/practical-kung-fu-webcast-seri.html
- Defensive Intuition - We are also sponsored by Defensive Intuition. Defensive Intuition is the provider of many security consulting services: penetration testing, physical assessments, and social engineering. Defensive Intuition: Owning your boxes, 7 ways to Sunday!
- Community SANS: Sec 542 Web Application Penetration Testing - SANS is pleased to announce Community SANS Providence, starting March 28th. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University.
- Shmoocon - This will be the next big conference that we will all be attending. We will have t-shirts and other special things to give away and sell. No, we are not selling the interns (who will both be there, btw). So come find us at the booth for all things PaulDotCom including free stickers, and PaulDotCom complete works DVDs!
Guest Interview: Eric Fiterman
Eric is a former Special Agent with the Federal Bureau of Investigation and founder of Methodvue. He brings his experience with the FBI in investigating and testifying in complex cases involving threats against the President of the United States, industrial espionage, acts of terrorism, electronic crimes, computer intrusions, and crimes against children.
- How did you get your start in information security?
- Tell us about some of the tools on your blogsite, such as SelectMyParent
- Have you shopped your Twitter Controlled Christmas tree to Walmart?
- Tell us why you came up with the Safe Mode fixing .reg file.
- How about analyzing PDFs? Why are they so evil?
- Tell us about your PDF tools. Will they be available for *nix?
How to piss off China
Stories For Discussion
- Google.cn - [Larry] - I'm sure that we'll all have this story this week, but here's my $0.02. Ok, besides the political issues of Google and China, Google admits they got hacked. No, they didn't just get hacked, they were apparently targeted by malicious PDF documents related to a recent Adobe 0day. Even in high tech companies with tons of smart people, people are still the weak link in the chain. On other thing to note, is that google finally got the clue about cyber attacks originating form China state sponsored or otherwise. Maybe time to null route China, eh Google? In late breaking news, maybe it was an 0-day. Either way, the human factor stays the same.
- REturn of the Porn Dialer - [Larry] - This time via a J2ME applet for your mobile phone that, behind the scenes, sends SMS messages to premium porn services. So, what's the state of malware prevention, firewalls (for all outbound services), and IDS for mobile devices?
- Leopard & Snow Leaopard buffer overflow PoC - [Larry] - Yes, of course Apple is being bad and allegedly sitting on this one for months, I'd venture to guess because there was no PoC. Well, not for the two separate issues, there are two separate PoC pieces of code. Each contains 7 short lines of c code with a touch of math. What I also found interesting was this can also affect the PS3 gaming console.
- Multiple IE version installation - [Larry] Great for installing multiple versions of vulnerable IE versions on the same machine. No more need for multiple VMs for differenet versions of IE. One can also do the same thing with Firefox
- Mixing physical sec with infosec should you do it? - [Mick] - /me flips coin. Heads up! That means YES... sadly this is pretty much what you can expect some folks to do! o.O
- Police are anti-cell phone - [Mick] - This has to be one of the more tortured interpretations of a mutual record law I've ever heard. To quote a bumper sticker "Bad cop! No doughnut!"
- Great primer on how to control your Facebook privacy - [Mick] - I'm almost tempted to not share this link... I mean people need this info, but I also need an endless supply of embarrassing pictures.
- Law Firm Suing China suffers Attack - [PaulDotCom] - Moral of the story, be preparred for a targeted attack. I'm wondering if the IT department knew that the company was suing China. Here's a tip, if you are suing China, tell your IT department. My guess is that they did, and thats how the breach was found. Maybe I am being too idealistic and neive and the machines were compromised and the attackers messed up triggere anti-virus, end user reported it to IT, then it took 2 days before someone performed forensics.
- Another botnet bites the dust, as more researchers looking at more aggressive ways to beat cybercriminals - [PaulDotCom] - Okay, so this is the equivilent of knocking out the dude with a bomb in his pants. We need to do more of this! Seriously, sitting there and watching attackers is one thing, but the time needs to come where we take them down. Please do this. I'm not saying you should go around and "chop the heads off botnets like you are in a zombie movie" (as much fun as that sounds). However, you should do your part to help fight back, collect information, and disrupt the attackers while cooridinating with law enforcement.
- [Random Thoughts While At Lowes] - [PaulDotCom] - Working with technology for as long as I have I've noticed there is no shortage of fields to store data. Whenever I buy something at Lowes or Home Depot they always ask me "Is there a job name or code?" I'm always like "Lady, I'm buying some caulk and a screwdriver, really?" What is this field used for? No idea. However I want to respond with "' OR 1=1" just to see what it printed on the receipt. Sometimes I want to but a large metal pole, screws, and lube and use a job code of "Bedroom Stripper Pole", just to see the looks on their faces :) Seriously though, can we improve software security by limiting the data input fields? I think so....
- Careful Viewing Your Logs - [PaulDotCom] - Several web servers (Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa) are vulnerable to "Escape seqeunce injection". This really boils down to command injection, as if the server is run in the foreground, or when you are reading log files, an attacker can enter excape characeters and break into the shell and execute commands. Most of these web servers run on embedded systems, which is interesting as in that environment they may have console access.
- ADOBE SUCKS - Here's what you can do about it - [PaulDotCom] - So, we all know that adobe products kinda suck. Lets talk about PDFs first, then you can beat me up and complain that Nessus is written in Flash. So, lets look at why you need to run Adobe products again? First, lets look at the PDF reader, can your end users get by without it? Sure, alternatives have vulnerabilities too, but come on, lets solve the problem and just not use PDF, would this work?
- You can't spell FAIL without TSA - [Mick] - Really? I mean REALLY? WTF TSA! Are you too busy playing solitaire to see the *firearm* in a carry-on?
Other Stories Of Interest
- Net Neutrality makes economic sense - [Mick] - Let's hope a logical and sound argument goes far... yeah I'm getting ready to commit acts of net neutrality terrorism when things go belly up like they will. :(