Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 260 for Thursday September 22nd, 2011.

• DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.

• Sign up for the Sept 28th LBCAV with Larry "Bieber Fever" Pesce.

• Don't forget to check out Hack Naked TV - currently at Episode #6 the "SSL is broken-er" edition!

• Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"

• We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@pauldotcom.com

Guest Interview: Jennifer Granick

7:30 PM EDT

Jennifer Granick has defended many high profile hackers and was the Civil Liberties Director at the EFF, where she started the Coders' Rights Project and participated in litigation against ATT and the federal government for violation of surveillance regulations. She is now an attorney at ZwillGen PLLC, where she assists individuals and companies creating new products and services.

1. What are some of the legal cases that info-sec community isn't watching but should be?
2. Have you been following the TSA/border crossing antics with Jacob Applebaum and Moxie Marlinspike? What's the best way for folks to protect themselves during border crossings?
3. Recently, you answered questions on slashdot - were there any particular questions or issues you wanted to expand on here? Was there a common theme to the types of questions received?
4. What are your thoughts on cell phone tracking? I thought you needed a warrant for that kind of stuff?
5. Are we getting more paranoid as a society in terms of Big Brother? Is it justified?
6. I so admire you for this: "responsible for the creation of a new (in 2006) exception to the Digital Millennium Copyright Act which allows mobile telephone owners to legally circumvent the firmware locking their device to a single carrier." How did the DMCA actually get passed and how does it impact security researchers to this day?
7. Can you discuss any of the details in the following cases:
   1. Christopher Soghoian, creator of a fake boarding pass generator, in 2006
   2. Michael Lynn in 2005 as part of the Cisco/ISS incident at the Black Hat technology conference
   3. Kevin Poulsen
   4. Jerome Heckenkamp - I am actually familiar with this case, as it contains an example of a judge allowing someone to "hack back" so-to-speak

Guest Tech Segment: Raphael Mudge & Armitage

8:15 EDT

Raphael is a Washington, DC based penetration tester and the developer of Armitage for Metasploit. He also created and sold, "After the Deadline", an artificial intelligence tool that checks grammar and spelling for WordPress.com users and other internet sites. Previously, he was a USAF Communications Officer involved in network operations and cyber security research.

Armitage is a graphical cyber attack management tool that visualizes targets, recommends exploits, and exposes Metasploit's advanced capabilities. Raphael Mudge will show us how to evaluate our security posture using the same process attackers follow. You’ll learn how to use Armitage and Metasploit to perform reconnaissance, exploit hosts, and maneuver deep into a network from one access. Learn more about Armitage at fastandeasyhacking.com

Raphael's website

1. Please take us thru a high level overview of Armitage.
2. Metasploit Framework 3.5.2 has some integration with Armitage. What went on with the release to accomodate that?

Stories For Discussion

Blog Round Up

Larry's Stories

Paul's Stories