Difference between revisions of "Episode274"
|Line 39:||Line 39:|
= Larry's Stories =
= Larry's Stories =
= Jack's Stories =
= Jack's Stories =
Revision as of 19:30, 19 January 2012
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 274 for Thursday January 19th, 2012.
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.
- John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year (discount code may be in our future):
- Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".
- Information Security Career Study A new survey on attitudes about careers in information security. More info
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
Interview: HD Moore
HD is Chief Security Officer at Rapid7 and founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. He is also known for his work in WarVOX, AxMan, the Metasploit uncloaking Engine and the Rogue Network Link Detection Tools.
HD was last on PaulDotCom in Episode 200, June 2010
Guest Tech Segment: Dave "Rel1K' Kennedy on SET 3.0
Dave is a security ninja who regularly crushes pirates and vikings with his man hugs. A founder of DerbyCon, Dave likes to write exploits and is heavily involved with BackTrack and the Social-Engineer Framework. Dave is on to give us a glimpse into SET v3.0: "The Baby Knuckles" edition.
- SE Android - [Larry] - From the builders of the SE Linux project (yes the NSA), we now have the SE Android project. It would be neat to see the adoption of the SE Android stuff into the Android kernel, much like the SE Linux stuff seeing integration into the generic kernel. Of course, I'm sure that it still does not include any FDE…
- Mixed case DNS? - [Larry] - I'm not sure of what this really means yet. However what does camel case DNS queries do? this whole addition of the 0x20 bit encoding is interesting. Johannes says this might be good for additional spoof protection, but I'm wondering if there might be some options for abuse - IE the encoding into binary for data exfiltration.
- [http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/01/16/BA8T1MQ4E5.DTL City College infected with some sort of data exfiltrating "virus" for 10 years. Appears to have been communicating with Russia, and appears to have started in a computer lab frequented by international students. First, how can they tell it goes back 10 years? Do they really have tcp traffic that goes back that far? Second, I love these quotes from one of the trustees:
Trustee Chris Jackson, also at the presentation, said he was concerned that City College has spent a lot of money on security over the years, but has gotten little in return. "The most basic level of encryption for our computers was never put in place," he said. "That's unconscionable." Peter Goldstein, the college's vice chancellor for finance, defended the college's past efforts at virus protection, saying the school had two firewalls.
- bypass linux screen locks - [Larry] - Yay, poorly monitored git code commits. Want to disable X.org screen locks? just hit CTRL ALT *…