Episode255

From Security Weekly Wiki
Jump to navigationJump to search


Announcements& Shameless Plugs

PaulDotCom Security Weekly - Episode 255 for Thursday August 18th, 2011.

  • Don't miss our podcast next Friday night at 7:30 PM with Mark Russinovich!
  • If you couldn't make it to BlackHat, then consider instead the always fabulous SANS Las Vegas for "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18.
  • We want your feedback for a new show! Remember the vintage episodes dubbed "Listener Feedback"? We want to re-visit this idea, field questions from the audience and make it a show! If you listen to the Security Weekly podcast and have questions about techincal topics, please submit them! We plan to address the "n00b" questions and issues in a traditional PaulDotCom format. Send suggestions to the PaulDotCom Mailing List. Thanks!

Special In-Studio Guests

Martin McKeay of the Network Security Podcast and Blog and Rugged Software's Josh Corman

Guest Interview: Dr. Timothy "Thor" Mullen

TimTop2.jpg

7:30 PM EDT

Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."

Thor's Microsoft Security Bible: A Collection of Practical Security Techniques



  1. How did you get your start in information security?
  2. You've contributed to the Hacker’s Challenge, the Stealing the Network series, and now your new book. What led you to try your hand at being an author? What guidance or tips would you give to someone looking to write a book?
  3. What are some of the mistakes folks make concerning logs?
  4. Tell us about "Thor's Managed Interface Log Fetcher(MILF)" (™)
  5. What do you mean by "Anytime you see a reference to xp_cmdshell in any SQL solution, it should raise a red flag"?
  6. In your book and on Symantec's blog, you go further into Blocking Traffic by Country on Production Networks. Did anything surprise you about that research?
  7. Tell us about your work for Security Focus.
  8. Do you still believe that in certain circumstances, it's OK to fight back?


Proper Bio

Dr. Timothy Mullen, Ph.D. has been educating and training users in the technology sector since 1983 when he began teaching BASIC and COBOL through a special educational program at the Medical University of South Carolina (while still a high school senior). He then launched his professional career in application development and network integration in 1984. Timothy Mullen has developed and implemented Microsoft networking security solutions for institutions like the US Air Force, Microsoft, the US Federal Courts, regional power plants, and international banking/financial institutions. He has developed applications ranging from military aircraft statistics interfaces and biological aqua-culture management to nuclear power-plant effects monitoring for private, government, and military entities.

Mullen has been a columnist for Security Focus' Microsoft section, and is a regular contributor of InFocus technical articles. Also known as “Thor,” he is the founder of the "Hammer of God" security co-op group. Mullen’s writings appear in multiple publications such as Hacker’s Challenge, the Stealing the Network series, and in Windows XP Security. His security tools, techniques and processes have been featured in Hacking Exposed and New Scientist Magazine, as well as in national television newscasts and technology broadcasts. His pioneering research in “strikeback” technology has been cited in multiple law enforcement and legal forums, including the International Journal of Communications Law and Policy.

Mullen holds MCSE certifications in all recent Microsoft operating systems, has completed all Microsoft Certified Trainer curriculums and is a Microsoft Certified Partner. He is a member of American Mensa, and has been awarded the Microsoft “Most Valuable Professional” (MVP) award in Windows Security.

Mullen's writings appear in multiple publications, such as Stealing the Network: How to Own the Box (Syngress, ISBN: 1-931836-87-6) and Hacker's Challenge, technical edits in Windows XP Security, with security tools and techniques features in publications such as the Hacking Exposed series and New Scientist magazine.

Stories For Discussion

Larry's Stories

Paul's Stories