Episode198

From Security Weekly Wiki
Jump to navigationJump to search


Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!

Shameless Plugs & General Announcements

PaulDotCom Security Weekly - Episode 197 - For Thursday May 6th.

  • Pen Test Summit! - June 14-15, 2010. The 2010 SANS What Works in Penetration Testing & Vulnerability Assessment Summit features an agenda loaded with brand-new talks from the best penetration testers and vulnerability assessment thought leaders in the world. This must-see event lets attendees interact directly with industry leaders, discussing tough technical and operational issues to get the most value from penetration testing and vulnerability assessment expenditures.

Guest Interview: Matt Jonkman

BACKGROUND

Matt is the founder of Emerging Threats, and spent five years in the Army as an Air Traffic Control RADAR and Communications Tech. He currently works for Metaflows under NSF grant funding as well as leading Emerging Threats and the OISF.

Suricata, the Open Source Intrusion Detection and Prevention engine

Questions

Tech Segment:

Stories For Discussion

  1. Is Barnaby Jack back at it? - [Larry] - Last year after a gagged attempt on revealing flaws in a popular ATM machine, it looks like he's back on for BlackHat this year. Because a year has passed, he's been given another year to research, this time to demonstrate a rootkit, for not one, but two ATMs. Jeff moss is stated as saying "Jack has a living room full of ATMs."
  2. Silent patches - [Larry] - Core Security Technology reveals that Microsoft released two patches that patch for "secret" vulnerabilities. The information on these vulnerabilities were never disclosed, but were reversible form the patches. So, what do you think about silent patches and the disclosure? Not giving admins the correct information to choose deployment schedule? Providing info to an attacker?
  3. Chinese Wifinders - [Larry] - Wireless cracking and piggybacking has come to the masses. For about $25, you get a USB wireless card, antenna and an apparently customized Version of Backtrack, that will get you some wifi keys, and set up your windows install to use them.
  4. Getting phished can happen tot he best of us - [Larry] - It just goes to show that someone who is savvy can get owned. Of course they were able to realize that they had been phished, and what it meant, AND how to address it. How many of our grandmas would know?
  5. I can stalk you! - [Larry] - Hmm, how about stalking through twitter. This project is intended to raise awareness on inadvertent information sharing through social networks by harnessing teh power or metadata.

Other Stories