Difference between revisions of "Episode263"

From Security Weekly Wiki
Jump to navigationJump to search
Line 60: Line 60:
= Stories For Discussion =
= Stories For Discussion =
== Blog Round Up ==
== Paul's Stories ==
== Paul's Stories ==
== Larry's Stories ==
== Jack's Stories ==
== Jack's Stories ==

Revision as of 18:00, 13 October 2011

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 263 for Thursday October 13th, 2011.

  • Check out Hack Naked TV - At some point, Wasted Strand will guest record an episode...

Guest Interview: Dave Porcello, CEO of Pwnie Express

7:30 PM EDT

Dave Porcello.jpg

Building on over 10 years of IT leadership, security, and entrepreneurial experience, Dave Porcello founded Pwnie Express in March 2009 with a clear vision of providing unique hardware and unparalleled expertise to the global security industry. He's on tonight to discuss the full pentesting suite packed into an inconspicuous microserver known as the Pwn Plug.

Pwnie Express bio

Pwnie Express specializes in bleeding edge pentesting hardware, including the industry's first-to-market commercial pentesting drop box, the Pwn Plug. A full pentesting suite packed into an inconspicuous microserver, the Pwn Plug uses covert tunnels, 3G/GSM access, and NAC/802.1x bypass to maintain an encrypted, firewall-busting backdoor into your target network.

Pwn Plug overview

  1. How did you come up with the idea for the Pwnie Express?
  2. Do I get a free pony with my purchase? Where did the name come from?
  3. What are the different models of pwnplug? How does it differ from the Wifi Pineapple or the inteceptor project?
  4. What prevents people from finding a pwnplug on the network?
  5. What prevents people from detecting the phone home traffic?
  6. What tools are installed on the pwn plug?
  7. What are some use cases for the pwn plug?

Guest Tech Segment: Rich Perkins and Mike Tassey on DIY UAVs

Rich Mike.jpg

Mike Tassey is a security consultant to Wall Street, and the US Intelligence Community. He spent the majority of his 16 year information security career in support of the Dept. of Defense (both in uniform and out) and now does security consulting for global companies and government. His interests include martial arts, lolcats, danger and putting large things in small airplanes.

Rich Perkins is an avid radio control enthusiast and a senior security engineer supporting the U.S. Government. He has had a 20 year Information Technology career including programming, Enterprise Administration, and Information Security. Hobbies include hiking, SCUBA diving, R/C, computers and electronics, as well as a penchant for voiding warranties.

DIY UAV website

  1. How did you come up with the idea?
  2. How much did it costs and how long did it take to build? Could they be mass produced?
  3. How high can it fly? Could you get it into low orbit?
  4. Where did the plane come from and what was its original purpose?
  5. How do you launch and fly the UAV?
  6. How do you control the wireless systems?
  7. Can you control the UAV over SSH?
  8. Can anyone build one?
  9. What are some evil purposes? Good purposes?
  10. Could terrorists use this idea? Does the military already use this technology?
  11. What can you do to defense against this type of attack?
  12. Can penetration testers use this?
  13. What's next for you guys?

Stories For Discussion

Paul's Stories

Jack's Stories

Other Stories

  1. Unmanned Drones are not safe - Now we have unmanned predator and reaper drones infected with a what appears to be a password stealing piece of malware. So begs the question if common malware can affect the ground systems like this... when can the not so friendly and determined nation turn our drones around on us?
  2. Massive ID theft arrests made - Arrests of 111 individuals in a ID theft ring included bank tellers, waitstaff, and then some real criminals and buying squads. Are we really surprised? You are giving your credit card to someone to pay for dinner they go off god knows where and write all that info down and give the card back. In a given organization you are giving some very valuable information to who are probably the lowest paid / most likely to be disgruntled individuals. I would like to know what the pay was for a given wait staff for a full set of Credit Card data.
  3. Oh no Sony again! - Maybe not so bad this time. 93,000 user accounts were detected of being compromised and were shut down before anything bad really happend. So did they finally get their game together and be able to detect this before any true malicious activity was discovered?
  4. Dennis Ritchie passes away - Creator of the C programing language and key contributor to Unix passes away. See this is the passing of a REAL inventor.