From Security Weekly Wiki
Jump to navigationJump to search


PaulDotCom Security Weekly - Episode 243 for Thursday May 12th, 2011.

  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2

Interview with Marcia Hofmann of the EFF

Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she focuses on computer crime and security, electronic privacy, free speech, and other digital civil liberties issues. Prior to joining EFF, Marcia was staff counsel and Director of the Open Government Project at the Electronic Privacy Information Center (EPIC).

Marcia will talk about her ShmooCon presentation: Computer Search and Seizure

What do the police need to do to seize your laptop? Can the government force you to turn over passwords or encryption keys? What are the situations in which your data is particularly vulnerable, and what steps can you take to protect it? This talk will teach attendees about their legal rights in information stored on laptops and other digital devices, including at the United States border or other places where the data may be particularly at risk. This talk will also provide practical advice on when to do when the police want to seize computers and how to secure device accessible information, whether on a hard drive or stored remotely.

  1. Before we get started, tell us about your recent blog posts:
    1. Court Rejects Argument That All First-Time Email Hacking Offenses Are Felonies
    2. EFF campaign calling on companies to stand with their users when the government comes looking for data

Stories For Discussion

Larry's Stories

Paul's Stories

  1. Activating Nessus on Backtrack 5 - Let me first start by saying, yes, I work for Tenable Network Security. Okay, now that we have that out of the way, let me tell you how happy I am to announce that Nessus is the vulnerability scanner of choice for the Backtrack 5 Linux security distribution. The Nessus scanner code is included with Backtrack, and all you need to do it activate it with either a HomeFeed or ProfessionalFeed. Some little known facts are that you can use a HomeFeed to evaluate Nessus. I strongly suggest using Backtrack as a VM, USB bootable thumb drive, or installing on a hard drive as the distribution that runs. I will be posting some tips and tricks in the coming weeks on how to best use Nessus on Backtrack 5. One final thing, please seed the torrents :)
  2. Using SSH Logs For Remote File Include - I have to say, this is one of the coolest techniques I've seen in a really long time. LFI, or Local File Includes, are typically vulnerabilities that reveal information about a system, that then lead to shell access. However, some clever placement of PHP code in SSH logs, and you can turn your LFI into shell access. Sweetness!
  3. Virtualizing JunOS on VMware - I love this post for so many reasons. First, it was written by our very own Carlos Perez. Second, hardware is expensive, so many people forego the setting up of a test lab. By vritualizing your routers you can test the security of your configuration, test new configurations, and make changes without incurring the costs of hardware or disrupting operations. This is a win all around. The final thing I love is the detailed instructions and the fact that JunOS is essentially FreeBSD :)
  4. Extend Burp with Buby - A collection of Ruby scripts was published that can collect cookies, dump the body of HTML pages, and more! And really, I just wanted to say "Buby".
  5. /bin/bash Phone Home Commands - Very useful stuff! I always avoided installing tools on systems that could be used by attackers. If you run Linux, well, thats out the Window because sing /dev/tcp you can emulate functionality in tools like Netcat and Curl. However, if you are monitoring your systems and you see Bash communicating on the network, this could mean trouble.
  6. Skype Vulnerable to Remote Exploit - This has been fixed in the 5.1 version, no word on the 2.8 versions. This is for OS X only, no word on iOS versions. User just needs to receive a message via chat.
  7. Nasty Malware: Windows, Mac, Linux, iOS - If I were to deploy malware, this would be it. Java-based payload that is running on all platforms. This is where attackers need to be in order to maximize efforts, this way they can run on all systems and mobile platforms. It truly does not matter what OS you are running, malware will run and you will be targeted.
  8. How I Met Your Router - Using a DD-WRT information leak someone created a geolocation service of routers on the Internet. Since the routers leak the wireless MAC address, you can use Google to locate them and pinpoint it down to a street address. Pretty neat stuff! Props to Samy and his talk "How I met your girlfriend".
  9. Shout it out loud - So FBI can hear you - Rocker Gene Simmons gave a speech at a conference and called out music industry for not addressing piracy. Anonymous caught wind and attacked KISS's web sites. Evidence was turned over to the FBI, but no arrests have been made. Gene is quoted: Our legal team and the FBI have been on the case, and we have found a few, shall we say 'adventurous' young people, who feel they are above the law. And, as stated in my MIPCOM speech, we will sue their pants off." He also stated that he just wants his web sites to rock and roll all night and party every day without disruption.

Darren's Stories

Industry news:

  1. Microsoft to Acquire Skype
  2. Sophos Acquires Astaro

Carlos' Stories