Difference between revisions of "Episode271"

From Security Weekly Wiki
Jump to navigationJump to search
Line 33: Line 33:
 
= Paul's Stories =
 
= Paul's Stories =
 
= Larry's Stories =
 
= Larry's Stories =
 +
 +
#[http://www.darkreading.com/authentication/167901072/security/news/232200264/ssl-s-future.html The future of SSL?] - [Larry] - The "inventor" of SSL claims that due to the flexibility of SSL, additional authentication mechanisms can be used and bolted on.  I'd argue the same way we went from SSL 1.0 to 3.0 then to TLS. Light on details, but seems like there may be hope?  I still think we need to develop a new method now, as SSL is flawed based on the current trust mechanism.
 +
#[https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/21/metasploit-updated-trivial-tftp-access Metasploit TFTP] - [Larry] - ok, maybe we bashed Metasploit a little last week (and maybe HD can come on to discuss?) but how about some praise?  A new TFTP client installed, which drew my attention to the TFTP server functionality - this is great for using with RW SNMP community strings to pull running config from Cisco devices, which may reveal TTY passwords and enable passwords stored as a 7 (not 5 even though we could brute force md5 or use rainbowtables) that might have some reuse  :-)
 +
#[https://www.eff.org/document/defending-privacy-us-border-guide-travelers-carrying-digital-devices EFF advise on how to keep data secure at border crossings] - [Larry] - Solid advice, and some of it good procedure for keeping our date secure in general. Some general advice includes doing encrypted off-site backups with encrypted stream to offsite location, as well as full disk encryption.
 +
 
= Jack's Stories =
 
= Jack's Stories =
  
 
.
 
.

Revision as of 17:13, 22 December 2011


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 271 for Thursday December 22nd, 2011.

  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. We are working on our top ten cigars released in 2011. We've been painstakingly smoking cigars, enjoyed with fresh coffee and single malt scotch in my nice warm workshop. Its a hard job but someone has to do it, and we're, ya know, toughing through it.

Guest Interview: Jason Fossen

6:00 PM ET

Jason Fossen is a principal security consultant at Enclave Consulting, a published author, and a frequent public speaker on Microsoft security issues. He posts his thoughts on Windows Security on the SANS Windows Security Blog.

Jason-fossen.jpg

Paul's Stories

Larry's Stories

  1. The future of SSL? - [Larry] - The "inventor" of SSL claims that due to the flexibility of SSL, additional authentication mechanisms can be used and bolted on. I'd argue the same way we went from SSL 1.0 to 3.0 then to TLS. Light on details, but seems like there may be hope? I still think we need to develop a new method now, as SSL is flawed based on the current trust mechanism.
  2. Metasploit TFTP - [Larry] - ok, maybe we bashed Metasploit a little last week (and maybe HD can come on to discuss?) but how about some praise? A new TFTP client installed, which drew my attention to the TFTP server functionality - this is great for using with RW SNMP community strings to pull running config from Cisco devices, which may reveal TTY passwords and enable passwords stored as a 7 (not 5 even though we could brute force md5 or use rainbowtables) that might have some reuse :-)
  3. EFF advise on how to keep data secure at border crossings - [Larry] - Solid advice, and some of it good procedure for keeping our date secure in general. Some general advice includes doing encrypted off-site backups with encrypted stream to offsite location, as well as full disk encryption.

Jack's Stories

.