Difference between revisions of "Episode216"

From Security Weekly Wiki
Jump to navigationJump to search
Line 45: Line 45:
 
= Stories For Discussion =
 
= Stories For Discussion =
 
#[http://www.computerworld.com/s/article/9189738/Six_enterprise_security_leaks_you_should_plug_now?taxonomyId=17&pageNumber=1 6 security leaks you should fix NOW!] - [Larry] - Uhhh, wow these seem a little off base to me.
 
#[http://www.computerworld.com/s/article/9189738/Six_enterprise_security_leaks_you_should_plug_now?taxonomyId=17&pageNumber=1 6 security leaks you should fix NOW!] - [Larry] - Uhhh, wow these seem a little off base to me.
* Unauthorized smartphones on Wi-Fi networks
+
- Unauthorized smartphones on Wi-Fi networks
* Open ports on a network printer
+
- Open ports on a network printer
* Custom-developed Web applications with bad code
+
- Custom-developed Web applications with bad code
* Social network spoofing
+
- Social network spoofing
* Employees downloading illegal movies and music
+
- Employees downloading illegal movies and music
* SMS text messaging spoofs and malware infections
+
- SMS text messaging spoofs and malware infections
 
Lets discuss….
 
Lets discuss….
 
#[http://www.computerworld.com/s/article/9191921/Hacker_hits_Kaspersky_website?source=rss_security Fake AV?  Nah, it's real.] - [Larry] - Kaspersky website gets poped, and links to download of fake style AV.  Ironic.  Kaspersky blames a third party component.  You should still test it regardless, no?
 
#[http://www.computerworld.com/s/article/9191921/Hacker_hits_Kaspersky_website?source=rss_security Fake AV?  Nah, it's real.] - [Larry] - Kaspersky website gets poped, and links to download of fake style AV.  Ironic.  Kaspersky blames a third party component.  You should still test it regardless, no?

Revision as of 15:19, 21 October 2010



Sponsors & Announcements

"And now from the dark corners of the Internet, where the exploits run wild, packets get sniffed, and the beer flows steady its PaulDotCom Security Weekly!"

"Sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable's Security Center extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable – Unified Security Monitoring!"

"Core Security Technologies, helping you penetrate your network. Now version 10.5 full of Jive! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool."

"Cenzic, create a Hailstorm for your web applications! Sign up for a free trial of the Hailstorm software or scan remotely with their new online service to keep you web applications in check."

"And Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!"


PaulDotCom Security Weekly - Episode 216 - For Thursday October 21st, 2010.

  • Announcing Hack3rcon!The con will take place on Oct 23-24, 2010 at the Charleston Civic Center, alongside CharCon, a gaming conference that will interest many of you as well. Tickets are $40 for the whole weekend.
  • Mark Baggett teaches SANS 504 during SANS San Antonio for 6 days. Come learn Hacker Techniques, Exploits & Incident Handling! November 13th thru 20th.

Tech Segment: TBD

Guest Interview: Mati "Muts" Aharoni & Chris Hadnagy

Mati is the founder of Offensive Security. His day to day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing. In addition, he is the lead writer and trainer for many of the “Offensive Security” courses, which focus on attacker tools and methodologies. Mati has been training security and hacking courses for over 13 years and is actively involved in the security arena, and is one of the core developers of the BackTrack live CD.

Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 13 years. As the founder of social-engineer.org his focus is on the “human” aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics and also has had many articles published in local, national and international magazines and online journals. Chris is working on the management and planning of new and exciting programs with the Offsec family.

  1. How did each of you get your start in information Security?
  2. What led you to develop an expertise in Social Engineering?
  3. Tell us about BackTrack's current and future development, what we can expect for 2011 from BT and the SE podcast?
  4. What your goals for the Social Engineering webcast?
  5. Where you got the idea for the SE podcast,
  6. How do you choose your guests? Describe challenges in putting it together
  7. Tell us about the upcoming book & class
  8. Any good SE/pen test stories you can share?
  9. Info, on the business side, as to what offensive-security.com provides

Stories For Discussion

  1. 6 security leaks you should fix NOW! - [Larry] - Uhhh, wow these seem a little off base to me.

- Unauthorized smartphones on Wi-Fi networks - Open ports on a network printer - Custom-developed Web applications with bad code - Social network spoofing - Employees downloading illegal movies and music - SMS text messaging spoofs and malware infections Lets discuss….

  1. Fake AV? Nah, it's real. - [Larry] - Kaspersky website gets poped, and links to download of fake style AV. Ironic. Kaspersky blames a third party component. You should still test it regardless, no?
  2. Thief backs up data. - [Larry] - Man gets laptop stolen. Man admits he's ba at backing up. Thief backs up data and mails to victim. Aww, how nice. Wait, what?

Other Stories of Interest