Difference between revisions of "Episode253"

From Security Weekly Wiki
Jump to navigationJump to search
Line 43: Line 43:
  
 
'''Watch the live video version of this segment above. For more videos and to subscribe to PaulDotCom TV visit http://pauldotcom.blip.tv'''
 
'''Watch the live video version of this segment above. For more videos and to subscribe to PaulDotCom TV visit http://pauldotcom.blip.tv'''
 +
 +
== Larry's Stories ==
 +
 +
#[http://www.routerpwn.com/ RouterPWN] - [Larry] - Need a router hack?  Browse to this website, pick your (supported) model that you are connected to and click away.  PWNED>  Ok, so it makes assumptions about not having internal IP addresses changed, but still a neat concept. No reason you could not edit the code to your on nefarious tasks and update IP addresses - it is all javacsript afterall.
 +
#[http://www.fastcompany.com/1768464/cut-back-on-hack We use the word hack too much] - [Larry] - I tend to agree with this article.  Is all this stuff we are calling hacking?  Well, maybe, but we also have much better words for it, such as "social-engineering" "DDoS" "illegally accessed" and "exploit stupidity".  Let's talk about some examples, like Swartz and MIT, etc
 +
#[http://searchsecurity.techtarget.com/news/2240038917/New-Google-hacking-tools-on-tap-for-Black-Hat-2011 New Google hacking tools] - [Larry] - From the nice folks over at Stach & Liu, in addition to other tools.  Most of the tools related to defense, as opposed to attack.  great for looking in on exposure is your own data.  You know, reaction as opposed to inaction is always better.
 +
#[http://www.darkreading.com/database-security/167901020/security/application-security/231002364/embedded-web-servers-exposing-organizations-to-attack.html Wanna find embedded devices?] - [Larry] - Coming soon to BlackHat, a scanner for discovering embedded devices on the internet based on http headers.  Dammit, I hate it when people develop my ideas!
 +
#[http://news.cnet.com/8301-27080_3-20083906-245/expert-hacks-car-system-says-problems-reach-to-scada-systems/?part=rss&subj=news&tag=2547-1_3-0-20 What, no spongebob? Popped collar though.] - [Larry] Guys over at iSEC Partners (Don Bailey and Matt Solnik) found ways to unlock and start cars with SMS messages.  Well, it is only a car right?  Sure, but the same technology is evolving and being found in other types of systems (think SCADA) because the boards and services are becoming less expensive.  Oh, that and those that don't learn from security history are destined to repeat it.
  
 
== Paul's Stories ==
 
== Paul's Stories ==

Revision as of 18:53, 28 July 2011


Announcements

PaulDotCom Security Weekly - Episode 253 for Thursday July 28th, 2011.

  • Los episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso y Ruben Santamarta esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!

Interview: Nick Selby

Nick Selby is a newly minted police officer of the Dallas-Fort Worth area. He was formerly an information security analyst and consultant for nine years, and worked in physical security and intelligence consulting in various roles since 1993 and was a travel writer for European destinations in a previous life.

7:30 PM

  1. How did you get your start in information security?
  2. What made you decide to become a law enforcement officer from your recent gig at Trident Risk Management & the 451 group?
  3. Tell us about the Police Led Intelligence blog - how great is the need for IT/forensics skills in the police community?
  4. What do you think of the "Don't Talk to the Police" talk by Professor James Duane & Officer George Bruch?
  5. Is Law Enforcement getting better at taking advantage of 'open sources' (i.e., twitter, maltego et al) in researching targets?
  6. What frustrated you about the the InfraGard National Members Alliance newsletter?
  7. Take us thru your posts on the Arizona hacks.
  8. Your personal website briefly teases about an upcoming project: "CSG Analysis" - can you mention that now?
  9. Have you considered combining your Lonely Planet travel writer skills with your InfoSec interests in publishing a guide to Eastern European crime syndicates?
  10. Tell us about your incident with Penn & Teller and Mofo The Psychic Gorilla or your experience as a sound engineer for Chung King House of Metal.

Nick on twitter

Stories For Discussion

Media

EmbedVideo does not recognize the video service "bliptv".

Watch the live video version of this segment above. For more videos and to subscribe to PaulDotCom TV visit http://pauldotcom.blip.tv

Larry's Stories

  1. RouterPWN - [Larry] - Need a router hack? Browse to this website, pick your (supported) model that you are connected to and click away. PWNED> Ok, so it makes assumptions about not having internal IP addresses changed, but still a neat concept. No reason you could not edit the code to your on nefarious tasks and update IP addresses - it is all javacsript afterall.
  2. We use the word hack too much - [Larry] - I tend to agree with this article. Is all this stuff we are calling hacking? Well, maybe, but we also have much better words for it, such as "social-engineering" "DDoS" "illegally accessed" and "exploit stupidity". Let's talk about some examples, like Swartz and MIT, etc
  3. New Google hacking tools - [Larry] - From the nice folks over at Stach & Liu, in addition to other tools. Most of the tools related to defense, as opposed to attack. great for looking in on exposure is your own data. You know, reaction as opposed to inaction is always better.
  4. Wanna find embedded devices? - [Larry] - Coming soon to BlackHat, a scanner for discovering embedded devices on the internet based on http headers. Dammit, I hate it when people develop my ideas!
  5. What, no spongebob? Popped collar though. - [Larry] Guys over at iSEC Partners (Don Bailey and Matt Solnik) found ways to unlock and start cars with SMS messages. Well, it is only a car right? Sure, but the same technology is evolving and being found in other types of systems (think SCADA) because the boards and services are becoming less expensive. Oh, that and those that don't learn from security history are destined to repeat it.

Paul's Stories