PaulDotCom Security Weekly - Episode 253 for Thursday July 28th, 2011.
- Los episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso y Ruben Santamarta esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
- Sign up for Blackhat Training Courses:
- PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
- If you can't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- SANS 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses with Larry in NYC on August 22nd - 27th.
- Jack wants us to pimp Sex Burn Out
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, and Watch our Videos!
- You can Add us on Facebook where we can be "friends"
Interview: Nick Selby
Nick Selby is a newly minted police officer of the Dallas-Fort Worth area. He was formerly an information security analyst and consultant for nine years, and worked in physical security and intelligence consulting in various roles since 1993 and was a travel writer for European destinations in a previous life.
- How did you get your start in information security?
- What made you decide to become a law enforcement officer from your recent gig at Trident Risk Management & the 451 group?
- Tell us about the Police Led Intelligence blog - how great is the need for IT/forensics skills in the police community?
- What do you think of the "Don't Talk to the Police" talk by Professor James Duane & Officer George Bruch?
- Is Law Enforcement getting better at taking advantage of 'open sources' (i.e., twitter, maltego et al) in researching targets?
- What frustrated you about the the InfraGard National Members Alliance newsletter?
- Take us thru your posts on the Arizona hacks.
- Your personal website briefly teases about an upcoming project: "CSG Analysis" - can you mention that now?
- Have you considered combining your Lonely Planet travel writer skills with your InfoSec interests in publishing a guide to Eastern European crime syndicates?
- Tell us about your incident with Penn & Teller and Mofo The Psychic Gorilla or your experience as a sound engineer for Chung King House of Metal.
Nick on twitter
Stories For Discussion
Watch the live video version of this segment above. For more videos and to subscribe to PaulDotCom TV visit http://pauldotcom.blip.tv
- RouterPWN - [Larry] - Need a router hack? Browse to this website, pick your (supported) model that you are connected to and click away. PWNED> Ok, so it makes assumptions about not having internal IP addresses changed, but still a neat concept. No reason you could not edit the code to your on nefarious tasks and update IP addresses - it is all javacsript afterall.
- We use the word hack too much - [Larry] - I tend to agree with this article. Is all this stuff we are calling hacking? Well, maybe, but we also have much better words for it, such as "social-engineering" "DDoS" "illegally accessed" and "exploit stupidity". Let's talk about some examples, like Swartz and MIT, etc
- New Google hacking tools - [Larry] - From the nice folks over at Stach & Liu, in addition to other tools. Most of the tools related to defense, as opposed to attack. great for looking in on exposure is your own data. You know, reaction as opposed to inaction is always better.
- Wanna find embedded devices? - [Larry] - Coming soon to BlackHat, a scanner for discovering embedded devices on the internet based on http headers. Dammit, I hate it when people develop my ideas!
- What, no spongebob? Popped collar though. - [Larry] Guys over at iSEC Partners (Don Bailey and Matt Solnik) found ways to unlock and start cars with SMS messages. Well, it is only a car right? Sure, but the same technology is evolving and being found in other types of systems (think SCADA) because the boards and services are becoming less expensive. Oh, that and those that don't learn from security history are destined to repeat it.