Difference between revisions of "Episode273"
|Line 51:||Line 51:|
= Larry's Stories =
= Larry's Stories =
= Jack's Stories =
= Jack's Stories =
Revision as of 18:03, 12 January 2012
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 273 for Thursday January 12th, 2012.
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year (discount code may be in our future):
- Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".
- Information Security Career Study A new survey on attitudes about careers in information security.
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
Guest Technical Segment: Chris "loganWHD" Hadnagy on Framing
Chris Hadnagy, aka loganWHD focuses on the "human" aspect of technology such as social engineering and physical security. Chris is also the lead developer of Social-Engineer.Org as well as author of the best-selling book Social Engineering: The Art of Human Hacking and has co-authored a ground breaking course on Social Engineering to be given in the UK, Seattle, and Vegas. He's on tonight to give us a taste of one of the topics on the course: Framing in Social Engineering.
Chris was last on PaulDotCom in Episode 216, October 2010
- What is framing?
- Give us some examples of how you use Framing in an SE engagement.
- How can you 'teach' framing in a course?
- How do you adjust your framing once you dentify the target’s dominant communication style?
- For your Social Engineering podcast on Framing, you interviewed Sam Yagan of www.okcupid.com. Do you think statistical analysis is accurate and can be used in Social Engineering? Have you used any of their research in your SE engagements?
- What have you learned about Framing and Social Engineering from your course partner, Robin Dreeke?
- What was your favorite section of the course?
- We've heard there are homework assignments, specifically, getting the brasize of a stranger at the mall in a non-sexual way. Will you do a writeup of the student failures? :)
- Is it true students who fail assignments have a make-up assignment that consists of dumpster diving? :)
- How do you 'certify' one is a Social Engineer?
- Does the FBI conduct any SE training for its agents?
- You know what really grinds my gears? - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained. They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability. I seem to recall hearing several raids and arrests. I'd also argue that the lack of accountability goes both ways. I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
- Social Engineering on the rise - [Larry] - yeah, no kidding. Why, oft times we find that the internal network is still of the very chewy variety. Best way to get there? Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
- Hacking SCADA going mainstream? - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists. My argument is that is Anonymous can do it, it has hit the big time.
- Shark? We jumped that shit. - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS. Ugh.
- Koobface OSINT - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author. How? The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale. It just goes to show, if you don't want to get caught you need to be meticulous. It also proves that there is no such thing as a perfect crime.