Difference between revisions of "Episode255"

From Security Weekly Wiki
Jump to navigationJump to search
Line 6: Line 6:
 
PaulDotCom Security Weekly - Episode 255 for Thursday August 18th, 2011.
 
PaulDotCom Security Weekly - Episode 255 for Thursday August 18th, 2011.
  
*Don't miss our podcast next Friday night at 7:30 PM with Mark Russinovich!
+
* Don't miss our podcast next Friday night at 7:30 PM with Mark Russinovich!
  
 
* Don't miss the August 31st [https://cybersecurityworldevents.webex.com/cybersecurityworldevents/onstage/g.php?t=a&d=664509513  Late Breaking Computer Attack Vectors Webcast Sponsored by Core Security Technologies] with Larry "I eat animals" Pesce.
 
* Don't miss the August 31st [https://cybersecurityworldevents.webex.com/cybersecurityworldevents/onstage/g.php?t=a&d=664509513  Late Breaking Computer Attack Vectors Webcast Sponsored by Core Security Technologies] with Larry "I eat animals" Pesce.
 
* Mr. Mark Baggett teaches [https://www.sans.org/vlive/details.php?nid=25014 SANS SEC 560 Penetration Testing] with the new vLive format - starts September 12th and runs through Oct 19th.  For a limited time SANS is giving a free iPAD2 to all students who register, and Mark Baggett promises to personally sharpie each and every iPad2 sent to him!
 
  
 
* If you couldn't make it to BlackHat, then consider instead [http://www.sans.org/network-security-2011/description.php?d=4921 the always fabulous SANS Las Vegas] for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
 
* If you couldn't make it to BlackHat, then consider instead [http://www.sans.org/network-security-2011/description.php?d=4921 the always fabulous SANS Las Vegas] for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
Line 16: Line 14:
 
* DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - [http://www.derbycon.com/automating-post-exploitation-with-metasploit "Automating Post Exploitation with Metasploit"] Friday and Saturday of the Con from 4:00PM to 9:00PM.
 
* DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - [http://www.derbycon.com/automating-post-exploitation-with-metasploit "Automating Post Exploitation with Metasploit"] Friday and Saturday of the Con from 4:00PM to 9:00PM.
  
* [http://www.sans.org/new-york-2011-cs-2/description.php?tid=4467 SANS 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses ] with Larry in the salsa capital of the world: NYC on August 22nd - 27th.  
+
* We want your feedback for a new show! Remember the vintage episodes dubbed "Listener Feedback"? We want to re-visit this idea, field questions from the audience and make it a show! If you listen to the Security Weekly podcast and have questions about techincal topics, please submit them! We plan to address the "n00b" questions and issues in a traditional PaulDotCom format. Send suggestions to the [http://mail.pauldotcom.com PaulDotCom Mailing List]. Thanks!
 
 
* Jack wants to hear if you've experienced [http://www.secburnout.org Sec Burn Out]
 
  
 
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
 
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
* We're spinning up a new mini-podcast/videocast and we and we're looking for topics from our listeners.
 
  
 
= Special In-Studio Guests =
 
= Special In-Studio Guests =

Revision as of 15:50, 18 August 2011


Announcements& Shameless Plugs

PaulDotCom Security Weekly - Episode 255 for Thursday August 18th, 2011.

  • Don't miss our podcast next Friday night at 7:30 PM with Mark Russinovich!
  • If you couldn't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
  • We want your feedback for a new show! Remember the vintage episodes dubbed "Listener Feedback"? We want to re-visit this idea, field questions from the audience and make it a show! If you listen to the Security Weekly podcast and have questions about techincal topics, please submit them! We plan to address the "n00b" questions and issues in a traditional PaulDotCom format. Send suggestions to the PaulDotCom Mailing List. Thanks!

Special In-Studio Guests

Martin McKeay of the Network Security Podcast and Blog and Rugged Software's Josh Corman

Guest Interview: Dr. Timothy "Thor" Mullen

TimTop2.jpg

7:30 PM EDT

Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."

Thor's Microsoft Security Bible: A Collection of Practical Security Techniques



  1. How did you get your start in information security?
  2. You've contributed to the Hacker’s Challenge, the Stealing the Network series, and now your new book. What led you to try your hand at being an author? What guidance or tips would you give to someone looking to write a book?
  3. What are some of the mistakes folks make concerning logs?
  4. Tell us about "Thor's Managed Interface Log Fetcher(MILF)" (™)
  5. What do you mean by "Anytime you see a reference to xp_cmdshell in any SQL solution, it should raise a red flag"?
  6. In your book and on Symantec's blog, you go further into Blocking Traffic by Country on Production Networks. Did anything surprise you about that research?
  7. Tell us about your work for Security Focus.
  8. Do you still believe that in certain circumstances, it's OK to fight back?


Proper Bio

Dr. Timothy Mullen, Ph.D. has been educating and training users in the technology sector since 1983 when he began teaching BASIC and COBOL through a special educational program at the Medical University of South Carolina (while still a high school senior). He then launched his professional career in application development and network integration in 1984. Timothy Mullen has developed and implemented Microsoft networking security solutions for institutions like the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions. He has developed applications ranging from military aircraft statistics interfaces and biological aqua-culture management to nuclear power-plant effects monitoring for private, government, and military entities.

Mullen has been a columnist for Security Focus' Microsoft section, and is a regular contributor of InFocus technical articles. Also known as “Thor,” he is the founder of the "Hammer of God" security co-op group. Mullen’s writings appear in multiple publications such as Hacker’s Challenge, the Stealing the Network series, and in Windows XP Security. His security tools, techniques and processes have been featured in Hacking Exposed and New Scientist Magazine, as well as in national television newscasts and technology broadcasts. His pioneering research in “strikeback” technology has been cited in multiple law enforcement and legal forums, including the International Journal of Communications Law and Policy.

Mullen holds MCSE certifications in all recent Microsoft operating systems, has completed all Microsoft Certified Trainer curriculums and is a Microsoft Certified Partner. He is a member of American Mensa, and has been awarded the Microsoft “Most Valuable Professional” (MVP) award in Windows Security.

Mullen's writings appear in multiple publications, such as Stealing the Network: How to Own the Box (Syngress, ISBN: 1-931836-87-6) and Hacker's Challenge, technical edits in Windows XP Security, with security tools and techniques features in publications such as the Hacking Exposed series and New Scientist magazine.

Stories For Discussion

Larry's Stories

Paul's Stories