From Security Weekly Wiki
Jump to navigationJump to search


  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!

Shameless Plugs & General Announcements

PaulDotCom Security Weekly - Episode 194 - For Thursday April 8th.

  • Notacon! - April 15th - 18th in Cleveland, Mick will be presenting two talks and be a part of a panel discussion! You may also try to get him to discuss hockey! ;-)
  • QuahogCon - This will be the next conference that we will be attending. We will have t-shirts and other special things to give away and sell. Larry is giving not one, but TWO talks!

Guest Interview: RSnake!


RSnake is the CEO of SecTheory, blogger at ha.ckers.org, and enjoys long walks on the beach, roasting puppies, and chopping wood as his muscles ripple in the hot summer air. He's worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles and currently contributes to the security strategy of several startup companies.

RSnake roasting puppies


  1. How did you get your start in information security?
  2. It seems you have primarily been focused on web application attacks, what got you started in that area and what are some of the things you found early on that interested you?
  3. How has web application security changed over the years?
  4. What led to the creation of the XSS cheat sheet? Do you keep this actively maintained? What about the RFI list?
  5. What is the most interesting XSS attack you have ever seen?
  6. What is clickjacking and how is it used for fun and profit?
  7. At the pen test summit you mentioned to me an Apache DoS attack, how did you find it and as far as you know was it ever used in the wild?
  8. How much responsibility for security falls within the browser, and how much falls with the end user?
  9. If you could make one change to browser security architcture, what would it be?
  10. What are some of the risks with Flash what people should be most concerned about? Is that something Adobe should fix, does it lie with the implementation, or both?
  11. Why is Google evil?
  12. What is the most dangerous threat when it comes to web application security?
  13. How should we approach auditing web applications, automated scans, manual scans, or source code audits?
  14. What keeps you awake at night?
  15. Why do people like attempting to hack your site so much?

Stories For Discussion

  1. See, the Blink Tag IS Evil! - [Larry] - HAHHAHA. REmote code execution in Webkit due to a failure in an unregiseted call back in the blink container....
  2. Your Insider threat can be anywhere - [Larry] - Even your IT department! Ouch, BofA IT employee writes and deploys software to ATMs that does not record cash withdrawrals…
  3. Shadowservers' analysis of Ghostnet - [Larry] - After infiltration, they performed a thorough analysis of the compromise methods, C&C infrastructure, and where the attacks were targets. Interesting read for the metrics alone.
  4. Orphaned SSL root cert? - [Larry] - This has potential to be full of fail. Two root certs listed in Firefox and Safari, claim to not owned by the folks who have names on them. Of course this could be due to misplacement from MAA fallout. I loved the comment from Jack Daniel on this one…
  5. The iPad bandwagon - Security in the Enterprise - [Larry] - Yeah, I'm going there. Let's talk about the features and failures (VPN, Device encryption, passwords, management) and how one might or might not allow these in your organization.
  6. A fre things that you need to get right for security? - [Larry] - Not all that technical, but some VERY important things to be aware of from a procedural and posture peerspective.
  7. So Easy Nicole Ritchie can do it - [Larry] - Yes, Nicole Ritchie is a social engineer and hacker. She was able to convince the password for some celebrity friends Twitter accounts from a third party, and "fraped" her friends. SURPRISE!
  8. SSH Netcat mode - [Larry] - Wow, netcat killer? Now with SSH encryption?
  9. New Jeresy and e-mail privacy - [Larry] - Ok, coproration has rights to your e-mail? what about Lawyer client confidentiality. Personal e-mail from a work computer? To a lawyer. oooh, messy.
  10. Root certificates: ownership is key - [Pauldotcom] - Its really nice to see Mozilla stepping up and actually auditing the root certificates they trust in the browser. One question, does Microsoft do this? What about Apple? There was a question about one root cert, which ended up being owned by RSA. Mozilla was ready to pull it, but RSA suddenly came up and claimed it. Kinda scary, but I seek comfort in knowing there is an audit taking place. Makes me feel good about using Firefox.
  11. Meta XSS - [Pauldotcom] - while i don't believe this is a groundbreaking thing, I think its neat to find all the places to execute an XSS attack. For example, Josh Wright once showed me one via bluetooth by setting the name of his phone to an XSS string. There are all sorts of examples, like wireless SSIDs, entries in logs. What is your most interesting XSS attack vector (wasn't Irongeek doing something with this topic as well?)
  12. Are you down with NTP? Yea you know me! - [Pauldotcom] - HD Moore released some cool stuff with NTP. HE figured out you can get a list of clients that use a particular NTP server. He also released an NTP DoS attack. This is VERY cool stuff. You can find his presentation at www.securitybsides.com (he did it at RSA B-sides, video is on ustream), and also talked about it on risky business podcast over a month ago.

Other Stories