Difference between revisions of "Episode273"

From Security Weekly Wiki
Jump to navigationJump to search
Line 51: Line 51:
  
 
= Larry's Stories =
 
= Larry's Stories =
 +
 +
#[http://www.computerworld.com/s/article/9223370/Stratfor_relaunches_site_CEO_accuses_attackers_of_censorship?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F17+%28Computerworld+Security+News%29 You know what really grinds my gears?] - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained.  They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability.  I seem to recall hearing several raids and arrests.  I'd also argue that the lack of accountability goes both ways.  I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
 +
#[http://www.networkworld.com/newsletters/techexec/2012/010612bestpractices.html?source=nww_rss Social Engineering on the rise] - [Larry] - yeah, no kidding.  Why, oft times we find that the internal network is still of the very chewy variety.  Best way to get there?  Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
 +
#[http://packetstormsecurity.org/news/view/20443/Anonymous-Targets-Israel-By-Publishing-SCADA-Log-In-Details.html Hacking SCADA going mainstream?] - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists.  My argument is that is Anonymous can do it, it has hit the big time.
 +
#[http://technet.microsoft.com/en-us/security/bulletin/ms12-007 Shark?  We jumped that shit.] - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS.  Ugh.
 +
#[http://packetstormsecurity.org/news/view/20428/OSINT-Analysis-Whos-Behind-The-Koobface-Botnet.html Koobface OSINT] - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author.  How?  The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale.  It just goes to show, if you don't want to get caught you need to be meticulous.  It also proves that there is no such thing as a perfect crime.
  
 
= Jack's Stories =
 
= Jack's Stories =

Revision as of 18:03, 12 January 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 273 for Thursday January 12th, 2012.

  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".


Guest Technical Segment: Chris "loganWHD" Hadnagy on Framing

Chris Hadnagy, aka loganWHD focuses on the "human" aspect of technology such as social engineering and physical security. Chris is also the lead developer of Social-Engineer.Org as well as author of the best-selling book Social Engineering: The Art of Human Hacking and has co-authored a ground breaking course on Social Engineering to be given in the UK, Seattle, and Vegas. He's on tonight to give us a taste of one of the topics on the course: Framing in Social Engineering.

Hadnagy.jpg

Chris was last on PaulDotCom in Episode 216, October 2010

Training Info

Registration link

Class Syllabus

  1. What is framing?
  2. Give us some examples of how you use Framing in an SE engagement.
  3. How can you 'teach' framing in a course?
  4. How do you adjust your framing once you dentify the target’s dominant communication style?
  5. For your Social Engineering podcast on Framing, you interviewed Sam Yagan of www.okcupid.com. Do you think statistical analysis is accurate and can be used in Social Engineering? Have you used any of their research in your SE engagements?
  6. What have you learned about Framing and Social Engineering from your course partner, Robin Dreeke?
  7. What was your favorite section of the course?
  8. We've heard there are homework assignments, specifically, getting the brasize of a stranger at the mall in a non-sexual way. Will you do a writeup of the student failures? :)
  9. Is it true students who fail assignments have a make-up assignment that consists of dumpster diving? :)
  10. How do you 'certify' one is a Social Engineer?
  11. Does the FBI conduct any SE training for its agents?

Paul's Stories

Larry's Stories

  1. You know what really grinds my gears? - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained. They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability. I seem to recall hearing several raids and arrests. I'd also argue that the lack of accountability goes both ways. I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
  2. Social Engineering on the rise - [Larry] - yeah, no kidding. Why, oft times we find that the internal network is still of the very chewy variety. Best way to get there? Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
  3. Hacking SCADA going mainstream? - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists. My argument is that is Anonymous can do it, it has hit the big time.
  4. Shark? We jumped that shit. - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS. Ugh.
  5. Koobface OSINT - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author. How? The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale. It just goes to show, if you don't want to get caught you need to be meticulous. It also proves that there is no such thing as a perfect crime.

Jack's Stories