Episode246

From Security Weekly Wiki
Jump to navigationJump to search


Announcements

PaulDotCom Security Weekly - Episode 246 for Friday June 3d, 2011.

  • El primer Episodio de PaulDotCom Espanol esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • ExCon and B-Sides CT coming June 11th & 12th with Larry 'No Such Thing as an ExCon' Pesce and PaulDotCom!
  • [1] Wednesday June 15th at 2PM is a special "Secure Protocols" Special Edition with CyberSecurityWorld.com.
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2

Stories For Discussion

PaulDotCom Blog Roundup

Larry's Stories

  1. What a big Weiner you have! - [Larry] - Oh my, did you hear that social media is insecure? So, the story is that Rep. Weiner made some inappropriate tweets involving some boxers and, well, an appendage. Looks like the tweed ended up coming through yfrog's mobile tweet service. Yfrog adds an e-mail account of your twitter name folled with a "random" number. If the e-amil is sent to the correct email account, it gets posted to yfrog and twitter…so, can you say SCRIPT! More info here.
  2. I'm tired of talking about Sony - [Larry] - but it is hard not to when Sony gets hacked AGAIN! Lulzsec reports that with simple QL injection over at teh Sony Picture website they were able to recover a million usernames and plaintext passwords. Wow, plaintext passwords? Simple SQL injection? Are they not learning? No, because they are all separate silos within the parent company who do what they want. But, you'd think that someone form each of the silos watches the news and would figure that they are targets.
  3. MiTM MCAT - [Larry] - Ingenious. Man takes MCAT with pinhole camera. Sends images to a third party who translates the questions into an interface being given to 4 people who think they are taking a practice MCAT exam to beccome paid MCAT tutors. Test taker gets answers back from 4 test takers via third party.
  4. YAY Netgear. Now gimme all your passwords. - [Larry] - By accessing some URLs directly without authentication on the Netgear WNDAP350. These pages
  5. Twitter control everything! What could possibly go wrong! - [Larry] - wow, now we have an app/api for controlling ANYTHING with twitter. Oh boy, how many folks are folks are going to forget to set their control twitter accounts to private and we'll be able to find all sorts of good info, or control other devices.

Paul's Stories

Darre's Stories

  1. Gmail targeted phishing - [Darren cause its my section... duh] - Gmail hacking targeting the White house. Chineese Gov't denies responsibility and why not they hacked into all our defense contractors already... These attacks were very targeted and used proper engrish.
  2. Speaking of defense contractors - [its still my section] - Defense contractors Northup Grumman and Lockheed Martin supposedly hacked. Did the RSA data breach come full circle?
  3. Make a bomb... enjoy your cake - [me again] - Mi6 has supposedly hacked the jihadist online magazine to replace a recipe for making a pipe bomb for a recipe for making a cake. Proving humor does exsist in the gov't.
  4. Finally no wires and security… maybe - [this formatting sucks I am not doing it anymore] - 128 bit AES encrypted wireless keyboard and mouse from M$. I am sure that they aren't using static keys transmitted over the air or anything, or have a default of 0000
  5. See Mac's don't have malware problems! - [..|..] - Mac 'quickly' released an update to catch the pesky MacDefender malware. To bad 5 seconds after the release MacDefender adapted and can bypass the detection.