Episode268

From Security Weekly Wiki
Jump to navigationJump to search


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 268 for Thursday December 1st, 2011.

Guest Interview: Scott Moulton

6:00 PM EDT

Scott Moulton is known both for his trademark 'Forensic Unit' hat and his unholy knack for finding new data recovery techniques the other experts don't want you to know. Scott is owner of both My Hard Drive Died.com and Forensic Strategy Services and fills his days recovering data from all kinds of storage devices, testifying in court, and teaching others to do data recovery.

  1. What are some of the forensic challenges with SSD drives?
  2. Give us ten things we didnt know about our hard drives
  3. Tell us about your recent SkydogCon talk about SHA1 Hashes.
  4. Are you surprised by Wired's findings on cell phone provider retention periods?
  5. In 1999, you were the first person arrested for Port Scanning. What was it like to be featured in the NMAP book by Fyodor ?
  6. In 2006, you were the first person that prosecutors attempted to go after for doing computer forensics without a Private Investigators License while testifying on the stand in a criminal case in Georgia. Is that what started the mess about computer forensics having to be Private Investigators in various states?
Scott Moulton.jpg

Special Guest Tech Segment: Ariel Waissbein, Anibal Sacco and Matias Eissler talk OS X sandbox

7PM EST

Ariel, Anibal, and Matias are respectively, Director, Senior Exploit Writer, and Senior Developer at CoreLabs, the research center of Core Security. While their research focus is in attack technologies for workstations, servers and web applications, they're on tonight to discuss their recent research on Bypassing the OS X Sandbox.


  1. How is this vulnerability different than Charlie Miller Black Hat Japan 2008 talk?
  2. How was the reporting process with Apple?

Bios

Ariel Waissbein is the head of CoreLabs, the company's research and development center. As such, he is responsible for all day-to-day research and publishing activities as well as driving and protecting the Core's intelectual property. Lately, he co-lead the team that devised Core CloudInspect an automated pentesting service run from and targeting Amazon Web Services. Waissbein holds an undergraduate degree in Mathematics from Buenos Aires Univerity and is a Ph.D candidate in this same university. Prior to joining Core he started his career in research in the academia, within the realm of geometric elimination and computational number theory.

We host a lot of information in Core's Research website: http://corelabs.coresecurity.com/

Anibal Sacco is a Sr Exploit Writer and Reverse Engineer at CORE Security Technologies.He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 6 years. Focusing first in windows kernel-mode vulnerabilities and rootkit development, and lately in OSX vulnerabilities.

Anibal is currently in charge of the OS X exploits area and as researcher, he has talked in some of the most important security conferences like Black Hat, CanSecWest, SyScan and Ekoparty. He also published several advisories addressing different vulnerabilities. More information can be found at: http://corelabs.coresecurity.com/

Anibal's main interests are: Reverse engineering, vulnerability research, network security, malware analysis, fuzzing and embbeded devices.


Matias Eissler is a Sr. Developer at Core Security. He has been working on the fields of information gathering, attack planning, file infection and client-side capabilities. Lately he has joined the Exploit Writing Team where he contributes with exploit effectiveness and reliability.

Stories For Discussion

Larry's Stories

  1. The Rhino in the Room - [Larry] - Yikes, a cross platform Java exploit, tested by Rapid7 on Windows, Ubuntu and OSX, albeit recently patched. I wholeheartedly agree with a quote from @Viss - I cant wait to use this with SET.
  2. Carrier IQ - [Larry] Interesting. Data gathering of all data-ish traffic on your phone, including EVERYTHING typed into the phone. Scary. First off, how is a normal person supposed to be able to detect this? The point is, they aren't….
  3. 3 Character passwords is not APT - [Larry] = OMG SCADA HAX! While we've heard reports lately about water pumps blowing up after hacks, which the FBI says isn't true (coverup maybe?), another hacker was upset. So, the new hacker makes their own statement by allegedly compromising A Seimens HMI system that was internet accessible with a 3 character password. Wow, not only are the folks who implement and maintain SCADA-ish networks not learning about internet connectivity issues, the password thing is inexcusable.
  4. Encrypted wireless for Law enforcement - [Larry] - Ok, claims that criminals are using fixed radios with remote access via smartphones to monitor law enforcement radio comms. Ok, cool, so law enforcement says that they will encrypt communications. I wonder if they will attempt to use P-25, or something else. Of course this becomes interesting if they are using public radio space…
  5. Update broswer plugins? - [Larry] - So, we've done a better job of updating our OSes (arguably), a little bit better job of updating third party apps (marginally), and a decent job of updating our browsers (as a part of the OS, irony much?), but how about those browser plugins? (Shockwave, Adobe, etc.), yeah, we don't have a real great insight into browser plugins and maintenance. In many cases, we can;t restrict our users from what they install, let alone if they use a different browser. What are we to do?
  6. SAY IT ISN'T SO! - [Larry] - Yeah, there is a reported XSS vulnerability in the search function of freeporn.com. Ok guys. I get it and the jokes about porn, compromises and sex selling, but please, lay off the pr0n hax. Especially the free stuff. Oh, or, fix your shit.

Paul's Stories

Jack's Stories