Difference between revisions of "Episode255"

From Security Weekly Wiki
Jump to navigationJump to search
Line 33: Line 33:
 
#You've contributed to the Hacker’s Challenge, the Stealing the Network series, and now your new book.  What led you to try your hand at being an author?  What guidance or tips would you give to someone looking to write a book?
 
#You've contributed to the Hacker’s Challenge, the Stealing the Network series, and now your new book.  What led you to try your hand at being an author?  What guidance or tips would you give to someone looking to write a book?
 
#What are some of the mistakes folks make concerning logs?
 
#What are some of the mistakes folks make concerning logs?
 +
# What is EFS and how can it be used to lock down WebDav?
 +
# What are some of the use cases for  an Externally Accessible Authenticated Proxy?
 +
# Why don't more people take system hardening and secure configurations to heart and implement them  in their networks?
 
#Tell us about "Thor's Managed Interface Log Fetcher(MILF)" (™)
 
#Tell us about "Thor's Managed Interface Log Fetcher(MILF)" (™)
 
#What do you mean by "Anytime you see a reference to xp_cmdshell in any SQL solution, it should raise a red flag"?
 
#What do you mean by "Anytime you see a reference to xp_cmdshell in any SQL solution, it should raise a red flag"?

Revision as of 16:05, 18 August 2011


Announcements& Shameless Plugs

PaulDotCom Security Weekly - Episode 255 for Thursday August 18th, 2011.

  • Don't miss our podcast next Friday night at 7:30 PM with Mark Russinovich!
  • If you couldn't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
  • We want your feedback for a new show! Remember the vintage episodes dubbed "Listener Feedback"? We want to re-visit this idea, field questions from the audience and make it a show! If you listen to the Security Weekly podcast and have questions about techincal topics, please submit them! We plan to address the "n00b" questions and issues in a traditional PaulDotCom format. Send suggestions to the PaulDotCom Mailing List. Thanks!


Guest Interview: Dr. Timothy "Thor" Mullen

TimTop2.jpg

7:30 PM EDT

Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."

Thor's Microsoft Security Bible: A Collection of Practical Security Techniques

  1. How did you get your start in information security?
  2. You've contributed to the Hacker’s Challenge, the Stealing the Network series, and now your new book. What led you to try your hand at being an author? What guidance or tips would you give to someone looking to write a book?
  3. What are some of the mistakes folks make concerning logs?
  4. What is EFS and how can it be used to lock down WebDav?
  5. What are some of the use cases for an Externally Accessible Authenticated Proxy?
  6. Why don't more people take system hardening and secure configurations to heart and implement them in their networks?
  7. Tell us about "Thor's Managed Interface Log Fetcher(MILF)" (™)
  8. What do you mean by "Anytime you see a reference to xp_cmdshell in any SQL solution, it should raise a red flag"?
  9. In your book and on Symantec's blog, you go further into Blocking Traffic by Country on Production Networks. Did anything surprise you about that research?
  10. Tell us about your work for Security Focus.
  11. Do you still believe that in certain circumstances, it's OK to fight back?

Stories For Discussion

Larry's Stories

Paul's Stories