Difference between revisions of "Episode250"

From Security Weekly Wiki
Jump to navigationJump to search
Line 84: Line 84:
= Secret Segment! =
= Secret Segment! =
8:15 to 8:45
8:15 to 8:30
Various friends of the show call in to give us "The top 5 (ish) things I learned from listening to 250 Episodes of PaulDotCom".
= Stories For Discussion =
= Stories For Discussion =

Revision as of 23:56, 8 July 2011


PaulDotCom Security Weekly - Episode 250 for Friday July 8th, 2011.

  • Los tres primeros episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, y Chema Alonso esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2

I Wish I Were Him

Original by Ben Lee. Covered and lyrics by Joshua Wright.

It may sound stupid when I say it out loud Like I'm just jealous of his silver cloud Paul's crazy as hell he drinks beer like it's Coke Gets his cigars sent by air not boat


I wish I was him He gets the girls at his feet And all his cool friends He gets his hardware for free I wish I was him He pays no software fees I wish I was him

He's got Metasploit commit access Scripts like a god He's got a lot of seeds for RSA key fobs Larry's got his stalker fan club, his hack naked toys He knows mudge and all the l0pht boys


I feel much better now I've let it all out 'course Larry's got big biceps and a masculine shout Don't want to sound like I'm being mean John plays guitar much faster than me


I wish I was him Girls at his feet I wish I was him Hardware for free I wish I was him No software fees I wish I was him I wish I was him

Interview: Randal "Merlyn" Schwartz

Randal Schwartz is a renowned expert on the Perl programming language. In addition to writing "Learning Perl" and the first two editions of "Programming Perl", he has written hundred of magazine articles on Perl and programming. Randal runs a Perl training and consulting company (Stonehenge Consulting Services), and is highly sought-after as a speaker for his combination of technical skill, comedic timing, and crowd rapport. He's also known as a pretty good Karaoke singer.

7:30 PM

  1. According to your busy travel plans you just got back from Rio with friends, what were you doing at SERPRO?
  2. How did you get your start in programming and information security?
  3. What were the early days of Perl like?
  4. You once said that to get the most out of Perl, you should program at least 3 hours a week. Why is that?
  5. You've done the Learning Perl (llama Book), the Programming Perl (Camel Book), and hundreds of magazine articles - which do you prefer, magazine articles or writing books? Which is your favorite book?
  6. If you were to pick up a language today to begin programming, would it still be Perl?
  7. For those not in the know, why is the CPAN the 'secret weapon' of Perl?
  8. Has the CPAN been used for malicious distribution of code (to your knowledge)?
  9. If not too painful, can you briefly discuss your conviction and subsequent expungement of the State of Oregon v. Randal Schwartz fiasco?
  10. Tell us about your hobby in sniffing clear text passwords on Geek Cruises.
  11. How did the Schwartzian transform come into being?
  12. How did you get involved with Star Ship Sofa
  13. What are your favorite science fiction books?
  14. Who's been your favorite guest on "FLOSS Weekly"?
  15. Who would win in a cage match - Linus Torvalds, Bill Gates or RIchard Stallman?

Secret Segment!

8:15 to 8:30

Various friends of the show call in to give us "The top 5 (ish) things I learned from listening to 250 Episodes of PaulDotCom".

Stories For Discussion

PaulDotCom Blog Roundup

Larry's Stories

  1. iPhone Jailbreak PDF concerns - [Larry] - Great observations here. While we all love our iPhone jailbreaks, this one (as before) just involves a PDF reader exploit. Browse to a website (or receive e-mail, view PDF and jailbreak. How about the same with malicious content? Yeah, that simple. There are some bets as to when Apple will release a patch, but even if they do, how long will the attack surface be available for? Those that don't update, and those who don't in order to keep their jailbreak.
  2. Incompetence or Deception - [Larry] - So, what's worse when talking aabout vulnerability disclosure and discovery. Specifically related to the Siemens replay issue, but can be applied elsewhere. You release a vuln for one model, but can test on the more expensive ones due to cost. someone else confirms, but the vendor can;t make it work on the other models. Later, they say, oh hey, we found this vulnerability in the expensive models….
  3. vsftpd backdoored- [Larry] - Lulz. Login s a user of :) and a TCP shell tries to connect back. Looks like only one distribution point was compromised.
  4. Indestructible Botnet? - [Larry] - TDSS, a new version of the TDL Aleureon rootkit is now out there. Why indestructible? Arguably because it is hard to remove the client, as mostly because it goes unnoticed to begin with.

Paul's Stories

  1. Robert W. Morris Dies
  2. New Nmap Version - Lots of passive discovery!
  3. Top 5 worries of IT Pros - Security is not really on the list..
  4. Flinging Poo At Paypal - An angry user hacked into PayPal UK's Twitter account on Tuesday night and changed the e-commerce company's avatar photo to a heap of steaming crap. Can we see more of this? I think it really defines the "hacker spirit"
  5. vsftpd is not very secure

Caitlin Johanson's

"A few things to actually feel good about (or not) taking away from 250 episodes of PDC."