Episode250

From Security Weekly Wiki
Jump to navigationJump to search


Announcements

PaulDotCom Security Weekly - Episode 250 for Friday July 8th, 2011.

  • Los tres primeros episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, y Chema Alonso esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2

Interview: Randal "Merlyn" Schwartz

Randal Schwartz is a renowned expert on the Perl programming language. In addition to writing "Learning Perl" and the first two editions of "Programming Perl", he has written hundred of magazine articles on Perl and programming. Randal runs a Perl training and consulting company (Stonehenge Consulting Services), and is highly sought-after as a speaker for his combination of technical skill, comedic timing, and crowd rapport. He's also known as a pretty good Karaoke singer.


7:30 PM

  1. According to your busy travel plans you just got back from Rio with friends, what were you doing at SERPRO?
  2. What were
  3. How did you get your start in programming and information security?
  4. You once said that to get the most out of Perl, you should program at least 3 hours a week. Why is that?
  5. If not too painful, can you briefly discuss your conviction and subsequent expungement of the State of Oregon v. Randal Schwartz fiasco?
  6. You've done the Learning Perl (llama Book), the Programming Perl (Camel Book), and hundreds of magazine articles - which do you prefer, magazine articles or writing books? Which is your favorite book?
  7. If you were to pick up a language today to begin programming, would it still be Perl?
  8. Tell us about your hobby in sniffing clear text passwords.
  9. How did the Schwartzian transform come into being?
  10. How did you get involved with Star Ship Sofa
  11. What are your favorite science fiction books?
  12. Who's been your favorite guest on "FLOSS Weekly"?
  13. Who would win in a cage match - Linus Torvalds, Bill Gates or RIchard Stallman?

Secret Segment!

8:00 to 8:30

Stories For Discussion

PaulDotCom Blog Roundup

Larry's Stories

  1. iPhone Jailbreak PDF concerns - [Larry] - Great observations here. While we all love our iPhone jailbreaks, this one (as before) just involves a PDF reader exploit. Browse to a website (or receive e-mail, view PDF and jailbreak. How about the same with malicious content? Yeah, that simple. There are some bets as to when Apple will release a patch, but even if they do, how long will the attack surface be available for? Those that don't update, and those who don't in order to keep their jailbreak.
  2. Incompetence or Deception - [Larry] - So, what's worse when talking aabout vulnerability disclosure and discovery. Specifically related to the Siemens replay issue, but can be applied elsewhere. You release a vuln for one model, but can test on the more expensive ones due to cost. someone else confirms, but the vendor can;t make it work on the other models. Later, they say, oh hey, we found this vulnerability in the expensive models….
  3. vsftpd backdoored- [Larry] - Lulz. Login s a user of :) and a TCP shell tries to connect back. Looks like only one distribution point was compromised.
  4. Indestructible Botnet? - [Larry] - TDSS, a new version of the TDL Aleureon rootkit is now out there. Why indestructible? Arguably because it is hard to remove the client, as mostly because it goes unnoticed to begin with.

Paul's Stories

  1. Robert W. Morris Dies
  2. New Nmap Version - Lots of passive discovery!
  3. Top 5 worries of IT Pros - Security is not really on the list..
  4. Flinging Poo At Paypal - An angry user hacked into PayPal UK's Twitter account on Tuesday night and changed the e-commerce company's avatar photo to a heap of steaming crap. Can we see more of this? I think it really defines the "hacker spirit"
  5. vsftpd is not very secure

Mystery Guest X's Stories