Difference between revisions of "Episode257"
|Line 54:||Line 54:|
== Larry's Stories ==
== Larry's Stories ==
== Paul's Stories ==
== Paul's Stories ==
Revision as of 20:13, 1 September 2011
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 257: "The Criminal Edition" for Thursday September 1st, 2011.
- Paul is teaching "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18 at SANS/Las Vegas.
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- Jack wants to hear if you've experienced Sec Burn Out, mainly so he can sell you Jack's Daniels Sexy Anti-Burnout ointment (TM).
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
- We're spinning up a new mini-podcast/videocast and we and we're looking for topics from our listeners. We've also got a device that we want you to tell us what to do with - a Roomba. It has to be something for use in a pentest.
Guest Interview: Don Bailey
7:30 PM EDT
Don A. Bailey is a Security Consultant with iSEC Partners and while his primary expertise is in developing exploit technology, he is also well versed at reverse engineering, fuzzing, enterprise programming, binary analysis, root-kit detection/ design, and network penetration testing. Most recently, Don spoke at Blackhat Las Vegas and SOURCE Boston regarding vulnerabilities in the global telephone network and the GSM protocol.
- How did you get your start in information security?
- Tell us about your recent War Texting car exploit
- Has there been any further work on the Carmen Sandiego research? - VIDEO
- Why does Oprah love Zoombaks?
Guest Tech Segment: John Strauchs, Tiffany Rad, & Teague Newman talk prison electronic systems and PLCs
John has spent quite a bit of time in prison (work). He has participated in over 100 design (police, courts, and corrections) projects in his career, which include 14 federal prisons, 23 state prisons, and 27 city or county jails. Additionally, his work was an inspiration for the 1993 movie, "Sneakers" for which he was the Technical Advisor.
Tiffany Strauchs Rad, JD, is the President of ELCnetworks, LLC., and is also a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law, ethics and information security.
Teague Newman is an independent information security consultant and an instructor for Core Security Technologies. Some of his (legal) hobbies include GPU-based password auditing and liquid nitrogen overclocking.
John, Tiffany and Teague will discuss SCADA & PLC VULNERABILITIES IN CORRECTIONAL FACILITIES
Stories For Discussion
Blog Round Up
- getting props for your hacks - [Larry] - So much of hacker culture has been the ability to brag about your leet hax to your friends and build street cred. Well, now in this crazy internet age, there is a scoring engine for your leet hax, so you can brag and compete with your friends! They even have bounties for specific sites! 4w350m3! So, back to reality, I'm guessing that this is 1. a publicity stunt 2. A bad idea 3, The feds. I'm hoping that if is is the Feds they are using it not to raid the likely teenager's homes, but to steer them in the right direction instead of ruining their lives.
- DigiNotar breach analyzed - [Larry] - This may have gone back as far as 2009 when the CA website was breached. This analysis (by Swa Franzen) is excellent, due to that hnature that Swa ia a nateive Dutch speaker, and can get at some of the details os the releases from the company. My favorite? "Users of SSL certificates can depending on the browser vendor be confronted with a statement that the certificate is not trusted. This is in 99,9% of the cases incorrect, the certificate can be trusted. I've got nothing positive to say about that." Woah. [I know kung fu!]. So what's the meaning in all of this to the end user? In most cases, you won't even come across a DigiNotar/Vasco certificate. If you do it will warn you (yes, yes, yes), assuming of course you keep your browser up to date (with new CRLs).
Exploiting the PHY layer - [Larry] - Oh Travis (and others, Bratus, Speers, Melgares and Rebecca Shapiro <- some young folks to watch…), you so clever. By looking that the PHY layer of wireless (ZigBee in particular), one may be able encapsulate packets inside of packets to perform injection, based in missed headers due to interference with RF anomalies. The paper indicates a real world example where a similar attack took place in 1938 with Orson Wells' War of the Worlds radio broadcast…Clearly here the intent is that many overlook the PHY layer when looking in an attack surface for protocols.
Windows 7 Phone sends geolocation data? - [Larry] - Amy says that Microsoft Camera app on the Windows 7 phone transmits geolocation data, nearby Wifi access points even though you said not to. Privacy issues abound here, but I think they admitted this (sorta) back when this happened with the iPhone. What I think they missed is that they said they would not do it if you said no…
Loose lips sink Diplomatic cables - [Larry] - Wikileaks encrypts uncensored cables. Wikileaks gives some journalists the password to the PGP archive, written on paper, but with one part left out, transmitted verbally. Sorry, passPHRASE, not passWORD. This is actually a good password. Then the Guardian newspaper publishes a book about the account and publishes said passphrase. Then the guardian says, that they did not disclose it, and blamed wiki leaks. Later in the same response form the Guardian, they say, yeah, we disclosed it, but we didn't tell you where the files were….and the password expired in a few hours anyways. I don;t get this final remark, as with PGP you cannot set an expiration for a passphrase, only keys used for encrypting. This of course would have limited value for long term storage of the sensitive data.