Difference between revisions of "Episode250"
|Line 84:||Line 84:|
= Secret Segment! =
= Secret Segment! =
8:15 to 8:
8:15 to 8:
= Stories For Discussion =
= Stories For Discussion =
Revision as of 23:56, 8 July 2011
PaulDotCom Security Weekly - Episode 250 for Friday July 8th, 2011.
- Los tres primeros episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, y Chema Alonso esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
- Sign up for Blackhat Training Courses:
- PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
- Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
- If you can't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using Nessus" Saturday, September 17 - Sunday, September 18.
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, and Watch our Videos!
- You can Add us on Facebook where we can be "friends"
I Wish I Were Him
Original by Ben Lee. Covered and lyrics by Joshua Wright.
It may sound stupid when I say it out loud Like I'm just jealous of his silver cloud Paul's crazy as hell he drinks beer like it's Coke Gets his cigars sent by air not boat
I wish I was him He gets the girls at his feet And all his cool friends He gets his hardware for free I wish I was him He pays no software fees I wish I was him
He's got Metasploit commit access Scripts like a god He's got a lot of seeds for RSA key fobs Larry's got his stalker fan club, his hack naked toys He knows mudge and all the l0pht boys
I feel much better now I've let it all out 'course Larry's got big biceps and a masculine shout Don't want to sound like I'm being mean John plays guitar much faster than me
I wish I was him Girls at his feet I wish I was him Hardware for free I wish I was him No software fees I wish I was him I wish I was him
Interview: Randal "Merlyn" Schwartz
Randal Schwartz is a renowned expert on the Perl programming language. In addition to writing "Learning Perl" and the first two editions of "Programming Perl", he has written hundred of magazine articles on Perl and programming. Randal runs a Perl training and consulting company (Stonehenge Consulting Services), and is highly sought-after as a speaker for his combination of technical skill, comedic timing, and crowd rapport. He's also known as a pretty good Karaoke singer.
- According to your busy travel plans you just got back from Rio with friends, what were you doing at SERPRO?
- How did you get your start in programming and information security?
- What were the early days of Perl like?
- You once said that to get the most out of Perl, you should program at least 3 hours a week. Why is that?
- You've done the Learning Perl (llama Book), the Programming Perl (Camel Book), and hundreds of magazine articles - which do you prefer, magazine articles or writing books? Which is your favorite book?
- If you were to pick up a language today to begin programming, would it still be Perl?
- For those not in the know, why is the CPAN the 'secret weapon' of Perl?
- Has the CPAN been used for malicious distribution of code (to your knowledge)?
- If not too painful, can you briefly discuss your conviction and subsequent expungement of the State of Oregon v. Randal Schwartz fiasco?
- Tell us about your hobby in sniffing clear text passwords on Geek Cruises.
- How did the Schwartzian transform come into being?
- How did you get involved with Star Ship Sofa
- What are your favorite science fiction books?
- Who's been your favorite guest on "FLOSS Weekly"?
- Who would win in a cage match - Linus Torvalds, Bill Gates or RIchard Stallman?
8:15 to 8:30
Various friends of the show call in to give us "The top 5 (ish) things I learned from listening to 250 Episodes of PaulDotCom".
Stories For Discussion
PaulDotCom Blog Roundup
- iPhone Jailbreak PDF concerns - [Larry] - Great observations here. While we all love our iPhone jailbreaks, this one (as before) just involves a PDF reader exploit. Browse to a website (or receive e-mail, view PDF and jailbreak. How about the same with malicious content? Yeah, that simple. There are some bets as to when Apple will release a patch, but even if they do, how long will the attack surface be available for? Those that don't update, and those who don't in order to keep their jailbreak.
- Incompetence or Deception - [Larry] - So, what's worse when talking aabout vulnerability disclosure and discovery. Specifically related to the Siemens replay issue, but can be applied elsewhere. You release a vuln for one model, but can test on the more expensive ones due to cost. someone else confirms, but the vendor can;t make it work on the other models. Later, they say, oh hey, we found this vulnerability in the expensive models….
- vsftpd backdoored- [Larry] - Lulz. Login s a user of :) and a TCP shell tries to connect back. Looks like only one distribution point was compromised.
- Indestructible Botnet? - [Larry] - TDSS, a new version of the TDL Aleureon rootkit is now out there. Why indestructible? Arguably because it is hard to remove the client, as mostly because it goes unnoticed to begin with.
- Robert W. Morris Dies
- New Nmap Version - Lots of passive discovery!
- Top 5 worries of IT Pros - Security is not really on the list..
- Flinging Poo At Paypal - An angry user hacked into PayPal UK's Twitter account on Tuesday night and changed the e-commerce company's avatar photo to a heap of steaming crap. Can we see more of this? I think it really defines the "hacker spirit"
- vsftpd is not very secure
"A few things to actually feel good about (or not) taking away from 250 episodes of PDC."