Difference between revisions of "Episode262"

From Security Weekly Wiki
Jump to navigationJump to search
m (Text replacement - "\{\{\#ev\:bliptv\|(.*)\}" to "\[https://youtube.com/securityweeklytv Visit The Security Weekly YouTube Channel for all of our latest videos\!\]")
 
(21 intermediate revisions by 5 users not shown)
Line 4: Line 4:
 
= Announcements & Shameless Plugs =
 
= Announcements & Shameless Plugs =
  
PaulDotCom Security Weekly - Episode 261 for Thursday October 6th, 2011.
+
Security Weekly - Episode 261 for Thursday October 6th, 2011.
  
 +
* Check out [http://hacknaked.tv Hack Naked TV] - currently at Episode #10!
  
* Check out [http://hacknaked.tv Hack Naked TV] - currently at Episode #6 the "SSL is broken-er" edition!
+
* Larry is teaching [http://www.sans.org/san-antonio-2011/description.php?tid=4432 SEC580 Metasploit Kung Fu for Enterprise Pen Testing] in San Antonio, TX December 4-5. Tell them (and us) that we sent you!  
  
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
+
* Don't forget to [http://securityweekly.com/ Read our blog], [http://mail.securityweekly.com/listinfo Participate on our mailing list], [http://securityweekly.com/insider/ Visit Security Weekly Insider], [http://twitter.com/securityweeklyFollow us on Twitter], [irc://irc.freenode.net/securityweeklyJoin the IRC channel at irc.freenode.net #securityweekly], [http://blip.tv/securityweekly Watch our Videos] and [http://www.facebook.com/pages/Security-Weekly/56074056651 Add us on Facebook] where we can be "friends"
 +
 
 +
 
 +
=Episode Media=
 +
 
 +
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-262-Part1.mp3 MP3 pt 1]
 +
 
 +
[http://traffic.libsyn.com/pauldotcom/PaulDotCom-262-Part2.mp3 MP3 pt 2]
  
* We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@pauldotcom.com
 
  
 
= Guest Interview:  Charlie Miller =
 
= Guest Interview:  Charlie Miller =
Line 17: Line 24:
 
7:30 PM EDT
 
7:30 PM EDT
  
[[File:Charlie-Miller.jpg]]
+
<center>[[File:Charlie-Miller.jpg]]</center>
 +
<center>\[https://youtube.com/securityweeklytv Visit The Security Weekly YouTube Channel for all of our latest videos\!\]}</center>
 +
 
  
 
Charlie is a principal research consultant for the Accuvant LABS team and was the first with a public remote exploit for both the iPhone and the G1 Android phone. He won the CanSecWest Pwn2Own competition multiple times and holds a PhD from the University of Notre Dame.
 
Charlie is a principal research consultant for the Accuvant LABS team and was the first with a public remote exploit for both the iPhone and the G1 Android phone. He won the CanSecWest Pwn2Own competition multiple times and holds a PhD from the University of Notre Dame.
Line 23: Line 32:
 
= Guest Tech Segment:  Alessandro Acquisti=
 
= Guest Tech Segment:  Alessandro Acquisti=
  
[[File:A Acquisti.jpg]]
+
<center>[[File:A Acquisti.jpg]]</center>
 +
<center>\[https://youtube.com/securityweeklytv Visit The Security Weekly YouTube Channel for all of our latest videos\!\]}</center>
  
 
Alessandro is an Assistant Professor at Carnegie Mellon University.  He's received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award.  He's on to discuss his recent talk on [http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/ Facial Recognition using Augmented Reality] presented at Blackhat and some other privacy research.
 
Alessandro is an Assistant Professor at Carnegie Mellon University.  He's received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award.  He's on to discuss his recent talk on [http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/ Facial Recognition using Augmented Reality] presented at Blackhat and some other privacy research.
Line 36: Line 46:
 
== Blog Round Up ==
 
== Blog Round Up ==
  
* [http://pauldotcom.com/2011/09/hack-naked-tv---episode-6.html Hack Naked TV - Episode 6] - Recorded live from SANS Las Vegas!
+
* [http://securityweekly.com/2011/09/hack-naked-tv---episode-6.html Hack Naked TV - Episode 6] - Recorded live from SANS Las Vegas!
* [http://pauldotcom.com/2011/09/crawling-for-domain-admin-with.html Crawling for Domain Admin with Tasklist]
+
* [http://securityweekly.com/2011/09/crawling-for-domain-admin-with.html Crawling for Domain Admin with Tasklist]
  
 
== Paul's Stories ==
 
== Paul's Stories ==
  
#
+
#[http://news.hitb.org/content/now-ssl-has-been-cracked-should-you-be-worried Now that SSL has been cracked]
 +
#[http://news.hitb.org/content/steve-jobs-dead-apple-has-lost-its-visionary-founder Steve Jobs is dead - Apple has lost its visionary founder]
 +
#[http://news.hitb.org/content/researchers-claim-cloud-security-breakthrough Researchers claim cloud security breakthrough]
 +
#[http://news.hitb.org/content/hackers-sell-paypal-accounts-50-cents Hackers sell PayPal accounts for 50 cents]
 +
#[http://www.rootsecure.net/?p=link&l=28655 Iron Geek: Derbycon 2011 Videos]
 +
#[http://nakedsecurity.sophos.com/2011/10/03/iphone-5-email-malware/ iPhone 5 emails infect Windows PCs with malware]
 +
#[http://it.toolbox.com/blogs/securitymonkey/sometimes-the-security-helpdesk-gets-the-last-laugh-48683?rss=1 Sometimes the Security Helpdesk Gets The Last Laugh]
 +
#[http://www.theregister.co.uk/2011/10/03/bank_of_america_website_outage/ Bank of America website disrupted for 4th day in a row]
 +
#[http://news.hitb.org/content/check-your-machines-malware-linux-developers-told Check your machines for malware]
 +
#[http://news.hitb.org/content/law-enforcement-increasingly-asking-internet-companies-share-data Law enforcement increasingly asking Internet companies to share data]
 +
#[http://news.hitb.org/content/amazon-kindle-tablet-routes-web-traffic-cloud-first Amazon Kindle tablet routes web traffic to cloud first]
  
 
== Larry's Stories ==
 
== Larry's Stories ==
Line 50: Line 70:
 
#[http://blog.didierstevens.com/2011/10/05/the-matryoshka-router/ The Matryoshka Router] - [Larry] - Didier finds open ports of on the WAN of his ADSL router, even though the router was configured properly (ports 2002, 4002, 6002 and 9002).  I've seen this on assessments, and not had the same luck as Didier - her reports that even thought the passwords were changed, he was able to log into those unknown ports with telnet and the default username and password (I'm guessing cisco/cisco), which appeared to be bound to various VTY lines.  A word to the wise folks, just because it isn;t an "ethernet interface" be sure to apply ACLs to your VTY lines as well.  Now, because SHODAN only scans specific ports, I really need to figure out a repeatable nmap command line to quickly (a relative term) scan the entire internet for specific ports.  Where's fyodor and Ron Bowes when you need them?
 
#[http://blog.didierstevens.com/2011/10/05/the-matryoshka-router/ The Matryoshka Router] - [Larry] - Didier finds open ports of on the WAN of his ADSL router, even though the router was configured properly (ports 2002, 4002, 6002 and 9002).  I've seen this on assessments, and not had the same luck as Didier - her reports that even thought the passwords were changed, he was able to log into those unknown ports with telnet and the default username and password (I'm guessing cisco/cisco), which appeared to be bound to various VTY lines.  A word to the wise folks, just because it isn;t an "ethernet interface" be sure to apply ACLs to your VTY lines as well.  Now, because SHODAN only scans specific ports, I really need to figure out a repeatable nmap command line to quickly (a relative term) scan the entire internet for specific ports.  Where's fyodor and Ron Bowes when you need them?
 
#[http://www.computerworld.com/s/article/9220512/Fail_a_security_audit_already_it_s_good_for_you?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F17+%28Computerworld+Security+News%29 Fail an audit already, will ya?] - [Larry] - Yes, it is ok not to be perfect.  Here's how you get backing to help fix it.  It is ok to  fail, 'cause all good security folks would admit that there is no such thing as perfect security, so why are your audits coming back that way?  From the article " in the past three years 36% of companies had suffered a breach and yet only 15% had failed an audit".
 
#[http://www.computerworld.com/s/article/9220512/Fail_a_security_audit_already_it_s_good_for_you?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F17+%28Computerworld+Security+News%29 Fail an audit already, will ya?] - [Larry] - Yes, it is ok not to be perfect.  Here's how you get backing to help fix it.  It is ok to  fail, 'cause all good security folks would admit that there is no such thing as perfect security, so why are your audits coming back that way?  From the article " in the past three years 36% of companies had suffered a breach and yet only 15% had failed an audit".
 +
 +
== Jack's Stories ==
 +
 +
#[https://www.infosecisland.com/blogview/17060-RSA-CEO-There-is-Too-Much-Security-Awareness.html RSA CEO: There is Too Much Security Awareness]
 +
#[http://www.cio.com/article/690665/Are_CIOs_Too_Cocky_About_Security_ Are CIOs too cocky about security?]
 +
#[http://www.darkreading.com/insider-threat/167801100/security/news/231900073/are-users-too-dumb-for-security-awareness-training.html Are users too dumb for security awareness training?]
 +
#[https://www.infosecisland.com/blogview/16990-RIP-Cyber-Security-Expert-Dr-Eugene-Schultz.html RIP Dr. Eugene Schultz]

Latest revision as of 16:28, 29 June 2017


Announcements & Shameless Plugs

Security Weekly - Episode 261 for Thursday October 6th, 2011.


Episode Media

MP3 pt 1

MP3 pt 2


Guest Interview: Charlie Miller

7:30 PM EDT

Charlie-Miller.jpg
\Visit The Security Weekly YouTube Channel for all of our latest videos\!\}


Charlie is a principal research consultant for the Accuvant LABS team and was the first with a public remote exploit for both the iPhone and the G1 Android phone. He won the CanSecWest Pwn2Own competition multiple times and holds a PhD from the University of Notre Dame.

Guest Tech Segment: Alessandro Acquisti

A Acquisti.jpg
\Visit The Security Weekly YouTube Channel for all of our latest videos\!\}

Alessandro is an Assistant Professor at Carnegie Mellon University. He's received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award. He's on to discuss his recent talk on Facial Recognition using Augmented Reality presented at Blackhat and some other privacy research.

  1. Tell us about the facial recognition research - how fast were you able to ID users? Were you surprised by the media coverage?
  2. How does Augmented Reality fit in to the research?
  3. What was the inspiration for your Guns, Privacy, and Crime research?
  4. Tell us about your research into The Economics of Privacy.

Stories For Discussion

Blog Round Up

Paul's Stories

  1. Now that SSL has been cracked
  2. Steve Jobs is dead - Apple has lost its visionary founder
  3. Researchers claim cloud security breakthrough
  4. Hackers sell PayPal accounts for 50 cents
  5. Iron Geek: Derbycon 2011 Videos
  6. iPhone 5 emails infect Windows PCs with malware
  7. Sometimes the Security Helpdesk Gets The Last Laugh
  8. Bank of America website disrupted for 4th day in a row
  9. Check your machines for malware
  10. Law enforcement increasingly asking Internet companies to share data
  11. Amazon Kindle tablet routes web traffic to cloud first

Larry's Stories

  1. American Express 0-day - [Larry] - Oh man, how sloppy can you get. This researcher (who allegedly tried to report it responsibly, albeit with limited communication options). The American Express US Admin page was apparently left open to the world without access restriction or password. Access to the admin app gives debug access and the ability to view/steal cookies. Need a little automaton with the "attack"? The debug is vulnerable to XSS, and using some GET requests, it may be possible to create a refresh to inject code indefinitely, and steal cookies with injected jQuery commands. Sloppy, Sloppy, Sloppy.
  2. OMG WIFIJAMMER! - [Larry] - Ok, cook script for automating what is a fairly easy attack…..BUT. Get your terminology right; Jamming would refer to shenanigans at Layer 1 by introducing noise into the air, or reserving access to the medium with RTS/CTS. This is not a "jam", it is a "deauth", an attack that has been around for some time, by spoofing deauth frames from AP to STA. Of course, this may not be completely usable in the current form, as many new wireless drivers specifically ignire deauth sent to broadcast…
  3. Wifi User still at risk - [Larry] - A poll done by the WiFi Alliance (yes the folks that ensure interoperability for WiFi Devices), they noted that while many users now set up appropriately secure wireless networks (with WPA/WPA2 PSK, natch), do not concern themselves with too much else, like non default/non-weak passwords, VPNs at hotspots or even not connecting to non-preferred networks. This is what happens when technology enables security through design, but other technology is in place, and active that allows users to remain blissfully ignorant…and pwned.
  4. The Matryoshka Router - [Larry] - Didier finds open ports of on the WAN of his ADSL router, even though the router was configured properly (ports 2002, 4002, 6002 and 9002). I've seen this on assessments, and not had the same luck as Didier - her reports that even thought the passwords were changed, he was able to log into those unknown ports with telnet and the default username and password (I'm guessing cisco/cisco), which appeared to be bound to various VTY lines. A word to the wise folks, just because it isn;t an "ethernet interface" be sure to apply ACLs to your VTY lines as well. Now, because SHODAN only scans specific ports, I really need to figure out a repeatable nmap command line to quickly (a relative term) scan the entire internet for specific ports. Where's fyodor and Ron Bowes when you need them?
  5. Fail an audit already, will ya? - [Larry] - Yes, it is ok not to be perfect. Here's how you get backing to help fix it. It is ok to fail, 'cause all good security folks would admit that there is no such thing as perfect security, so why are your audits coming back that way? From the article " in the past three years 36% of companies had suffered a breach and yet only 15% had failed an audit".

Jack's Stories

  1. RSA CEO: There is Too Much Security Awareness
  2. Are CIOs too cocky about security?
  3. Are users too dumb for security awareness training?
  4. RIP Dr. Eugene Schultz