Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 278 for Thursday February 16th, 2012

• John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here

• Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year: vLive!: April 16 - 22, 2012, SANS Cyber Guardian 2012, Baltimore: April 30 - 06, 2012, SANS Toronto 2012, Toronto: May 14 - 20, 2012, Community SANS Ottawa, Ottawa: June 11 - 17, 2012, SANS Sydney 2012, Sydney, AU: November 12 - 18, 2012

• Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.

• Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

• Don't forget to Follow us on Twitter

Interview: Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001, and is a world-renowned expert in Web security. He's a founder of the Web Application Security Consortium (WASC), and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Follow him on Twitter at @jeremiahg

Four years and 4,000 websites video, slides

1. Tell us about "Top Ten Web Hacking Techniques of 2011" survey
2. There is always a lot of discussion about the value of certifications in InfoSec Careers, but the Certified Application Security Specialist credential has retained its cachet. As one of the founders, what lessons can you share with other certification bodies such as (ISC)2 and ISACA?

Stories

Paul's Stories

Larry's (taken over by Darren cause Larry is a slacker) Stories

1. Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
2. iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
3. patch patch patch patch and then patch some more - Yet another Adobe 0day.
4. Insder threats are real - Example that your own employees are your biggest threat.
5. Nortel hacked for years - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.

Jack's Stories