Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 278 for Thursday February 16th, 2012

• John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here

• Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year: vLive!: April 16 - 22, 2012, SANS Cyber Guardian 2012, Baltimore: April 30 - 06, 2012, SANS Toronto 2012, Toronto: May 14 - 20, 2012, Community SANS Ottawa, Ottawa: June 11 - 17, 2012, SANS Sydney 2012, Sydney, AU: November 12 - 18, 2012

• Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.

• Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

• Don't forget to Follow us on Twitter

Interview: Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001, and is a world-renowned expert in Web security. He's a founder of the Web Application Security Consortium (WASC), and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Follow him on Twitter at @jeremiahg

Four years and 4,000 websites video, slides

1. Tell us about the "Top Ten Web Hacking Techniques of 2011" survey
2. There is always a lot of discussion about the value of certifications in infosec, but the Certified Application Security Specialist credential has retained its cachet. As one of the founders, what lessons can you share with other certification bodies such as (ISC)2 and ISACA in their attempts to remain relevant?

Stories

Paul's Stories

Last login: Thu Feb 16 11:18:41 on ttys004 [paulda@Pauls-MacBook-Pro:~/private]$ cd ../Do -bash: cd: ../Do: No such file or directory [paulda@Pauls-MacBook-Pro:~/private]$ cd ../Downloads/ [paulda@Pauls-MacBook-Pro:~/Downloads]$ history | grep awk

  25  history  | grep awk
  27   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\(1*.csv  | sed -e 's/\"//g'
  28   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\(1\).csv  | sed -e 's/\"//g'
  29   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(1\).csv  | sed -e 's/\"//g'
  30   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(1\).csv  | sed -e 's/\"//g' > pdc-268.txt
 103  awk -FS" '{print $4}
 104  awk -FS" '{print $4}'
 105  awk -FS'"' '{print $4}'
 106  awk -FS'"' '{print $4}' MyCigarSubscriptions.opml 
 107  awk -FS'"' '{print $6}' MyCigarSubscriptions.opml 
 109  awk -FS'"' '{print $13}' MyCigarSubscriptions.opml 
 110  awk -FS'"' '{print $14}' MyCigarSubscriptions.opml 
 111  awk -FS'"' '{print $15}' MyCigarSubscriptions.opml 
 113  awk -FS'"' '{print $3,4,5,6,7,8,9}' MyCigarSubscriptions.opml
 114  awk -FS'"' '{print $3,$4,5,6,7,8,9}' MyCigarSubscriptions.opml
 115  awk -FS'"' '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 116  awk -FS" '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 117  awk -FS'"' '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 130  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href="\"$1\""}'
 131  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href=\"$1\""}'
 132  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href=\""$1\""}'
 133  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\""}'
 134  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"}'
 135  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1}'
 136  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\<\\a\>}'
 137  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1""\<\\a\>"}'
 138  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1""}'
 139  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"}'
 140  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1\""}'
 141  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1}'
 142  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\""}'
 143  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<"}'
 144  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<\a>"}'
 145  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<\\a>"}'
 148  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\\a>"}'
 149  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>"}'
 150  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}'
 151  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}' > mycigarblogs.html 
 153  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}'
 165  awk '{print $1 "," $2 "," $3}' cigars.in 
 177  history  | grep awk
 178  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' pdc269.csv  | sed -e 's/\"//g' > pdc-268.txt
 179  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' pdc269.csv  | sed -e 's/\"//g' > pdc-269.txt
 199  history | grep awk
 202  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(2\).csv  | sed -e 's/\"//g'
 310  history  | grep awk
 311  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(3\).csv  | sed -e 's/\"//g'
 314  history  | grep awk
 315  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(3\).csv  | sed -e 's/\"//g'
 316  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(4\).csv  | sed -e 's/\"//g'
 335  history | grep awk
 336  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv  | sed -e 's/\"//g'
 338  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv  | sed -e 's/\"//g'
 345  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv  | sed -e 's/\"//g'
 346  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv  | sed -e 's/\"//g'
 348  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv  | sed -e 's/\"//g'
 349  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv  | sed -e 's/\"//g' 
 491  history  | grep awk
 492  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv  | sed -e 's/\"//g' 
 493  awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(7\).csv  | sed -e 's/\"//g' 
 503  history  | grep awk

[paulda@Pauls-MacBook-Pro:~/Downloads]$ !493 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(7\).csv | sed -e 's/\"//g'

1. [URL Title]
2. Easy Directory Traversal with Burp
3. Some IDS comments
4. Standing Desk 2.0
5. Infosec: Where’s our “Long Tail”?
6. The Toughest Question in Digital Security
7. Forcing Flash to Play in the Sandbox
8. It all started with a Pillow Fight….
9. I’m Sorry I Called Your Baby Ugly … But It Is
10. Red Hat Network Satellite Server spacewalk-backend Remote and Local Password Disclosure
11. Trustwave admits issuing man-in-the-middle digital certificate
12. Top 10 pirated movies in the world (infographic)
13. Keeping up with the hackers (chart)
14. How Many Monitors Is Too Many?
15. Caffeine fix? Now you can literally inhale it.
16. Don’t Stick That in There – HID (Human Interface Device)
17. [webapps - OSCommerce v3.0.2 - Persistent Cross Site Vulnerability]
18. Android and Security - Official Google Mobile Blog
19. FBI Conference Call Tapped By Antisec
20. Sophos 2012 Security Threat Report
21. Two Approaches to Managing Mobile Devices
22. Microsoft Internet Explorer 'Forced Tweet' Cross Domain
23. Remotely start your car using an Arduino
24. Apple revises Snow Leopard security update
25. 'Psycho Siri': Scariest Siri parody yet? | Crave - CNET
26. Job-seeking Marriott hacker gets 30 months' porridge
27. Satellite phone encryption cracked - Telegraph
28. PHP 5.3.10 fixes critical remote code execution vulnerability
29. Boardroom Spying for Fun and Profit
30. When will wearables be wearable?
31. Why I Love Routerpwn? Simplicity!
32. 10 SharePoint Security Mistakes You Probably Make
33. Basics of embedded firewalls - Exploding the myths
34. Firewalls and SSL: More Profitable than Facebook
35. Apple and Apache security fixes and releases
36. Who’s Behind the World’s Largest Spam Botnet?
37. SocialShield Releases the Top Social Networking Terms Kids Don’t Want Their Parents To Know
38. Island Hopping the SpiderLabs Way
39. VeriSign Breached
40. Hacker extracts RFID credit card details
41. HTC Android phones expose Wi-Fi passwords to apps
42. Critical PHP vulnerability being fixed
43. Opera < 11.61 Multiple Vulnerabilities
44. Google Chrome < 16.0.912.77 Multiple Vulnerabilities
45. OpenSSL 0.9.8s DTLS Denial of Service
46. McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution
47. WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow
48. WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow
49. HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
50. HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
51. HP Managed Printing Administration Detection
52. New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
53. Cisco Security Appliances at risk from Telnet bug
54. Symantec publishes pcAnywhere security recommendations
55. Why Your Company Needs To Hack Itself
56. Hacking Seen as Rising Risk With Car Electronics
57. When Antivirus Firms Can't Tell They've Been Hacked
58. Students busted for hacking computers
59. Feds say Megaupload user content could be deleted this week
60. Warnings About Windows Exploit
61. Shmoocon Demo Shows Easy
62. Rootkit has rhythm
63. Iran To Execute Programmer
64. toolsmith: Security Onion
65. T-Mobile reused staff passwords
66. Using False Alarms to Disable Security
67. Why should senior management be involved in security decisions?
68. Rising Network Insecurity… and the Need to Re-examine Security Fundamentals
69. Understanding collisions and duplex in wireless
70. Microsoft Anti-XSS Library Bypass (MS12-007)
71. Why more APs aren’t always better
72. Basic Setup of Security-Onion: Snort
73. How To Run Penetration Tests From The Amazon Cloud - Without Getting Into Trouble
74. What the heck is SOPA?
75. Top 10 Trends In Information Security
76. I Left My Data In El Segundo - Dark Reading
77. Reflection Scan: an Off-Path Attack on TCP
78. Symantec admits to more exposed code
79. Dusseldorf airport closes security holes
80. Cisco IP Video Phone E20 Default Account Lets Remote Users Obtain Root Access
81. Into the cloud -- securely
82. Fundamental Oracle flaw revealed
83. Secunia sets six-month deadline for vulnerability disclosures
84. Custom Wineador™ Creations - Home
85. Five Principles To Better Your Security Monitoring
86. Wireshark 1.4.x and 1.6.x updates close security holes
87. PHP 5.3.9 released with hash DoS fix
88. Recovering a Hacked Gmail Account
89. 10 years of breach
90. Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
91. PRC Targeting DoD Smart Cards
92. Time to check your DNS settings?
93. Windows Live may be a vulnerability for Xbox Live users
94. Zappos Says Hackers Accessed 24 Million Customers' Account Details
95. ACROS Security Blog: Is Your Online Bank Vulnerable To Currency Rounding Attacks?
96. Flying the Fraudster Skies
97. How Come My Blog/Podcast Wasnt Nominated?
98. Best Book Bejtlich Read in 2011
99. An example of likejacking (Facebook clickjacking)
100. Google Renews Push Into China
101. [Honeypot Alert Extensive ‘setup.php Scanning Detected]
102. Show me your SSID’s
103. How a Baptist pastor in Florida became the go-to IT guy
104. Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm
105. Apple
106. Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on
107. When Someone Else's Insider is Your Threat
108. The inconvenient truth about passwords
109. Oracle: Firewalls Against SQL Injection Are a Good Idea After All
110. Why Security Does Not Concern Generation Y
111. Microsoft denies Xbox Live security breach
112. Smart meter SSL screw-up exposes punters' TV habits
113. HP sneaks out printer firebomb firmware security fix
114. Apple patent stashes passwords in chargers
115. Paul Ryan turns against SOPA following a Reddit-based attack
116. Adobe to release zero-day fixes for Reader and Acrobat
117. Microsoft finally vanquishes the BEAST-related bug
118. Microsoft releases MS11-100 for Security Advisory 2659883
119. WPS Security on Wireless Access Points pwn3d: VIDEO
120. When to Give Your Girlfriend Your Password
121. Hacking group releases more Stratfor subscriber data - Computerworld
122. The Most Influential Voices in Security
123. Patator – Multi Purpose Brute Forcing Tool
124. Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
125. Hacking Google for Fun and Profit
126. Is Code Quality Seasonal?
127. The Siemens SIMATIC Remote
128. Password Improvements Coming To Windows 8
129. Reversing Industrial firmware for fun and backdoors I
130. Not 0wning That ColdFusion Server but Helping...
131. Splunk Remote Root Exploit
132. A look back at 2011’s security landscape
133. Ettercap updated after more than seven years.
134. PuTTY Stored Plaintext Passwords in Memory After Authentication
135. DARPA Shredder Challenge
136. Path of Least Resistance : FishNet Security
137. VLAN Hacking |  InfoSec Institute – IT Training and Information Security Resources
138. Prepping for 2012: 3 Tips When Speaking to the Board of Directors
139. Metasploit Pentest Plugin Part 1
140. Top 5 mobile phone security threats in 2012
141. VPN An Oft-Forgotten Attack Vector
142. Microsoft gets silent upgrade religion
143. Feds cuff KISS rock star's DDoS suspect
144. Backdoors in industrial control systems
145. Can Security Teams And DBAs Play Nicely?
146. Study: Chrome the most secure browser
147. Dumbest Camera Ban Ever
148. BonkersWorld: Backwards Compatibility
149. Shamir’s predictions of the future
150. Two Bets on 2012
151. 8 Out of 10 Software Apps Fail Security Test
152. MS11-080 - A Voyage into Ring Zero
153. Two zero-day vulnerabilities found in Flash Player
154. The security threat Stephen King warned us about?
155. Chief Hava's Top Cigars of 2011 (Honorable Mentions)
156. Cigar Tip: Give the Gift of Cigars this Christmas
157. Security Advisory: [security bulletin HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders]
158. nCircle Patterns Blog: Which Half of Your Business Are You Protecting?
159. HP Faces Class Action Lawsuit Over Printer Software Vulnerability
160. Facebook glitch gave access to other users' private pictures
161. Download.com apologises for bundling
162. Staff to be banned from sending emails - Telegraph
163. Carnal0wnage & Attack Research Blog: Embeding A Link To A Network Share In A Word Doc
164. Hacking On A Dime: “Hacking” Printers - PJL Basics
165. Top 5 Security Influencers
166. sslyze – Fast and Full-Featured SSL Configuration Scanner
167. 3 Common Ways Security Fails People
168. How being Green Makes You Stink at Security: Print Bigger
169. Aggressive Mode VPN — IKE-Scan
170. Justin Bieber stabbed by a crazed fan? It’s a Facebook scam
171. Week 48 In Review
172. REVIEW: My Father El Hijo
173. Paul Garmirian Gourmet Series Corona Grande | Atlantic Cigar Company
174. Detecting New Hardware by Ethernet Address
175. Security Advisory: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - security vulnerabilities database
176. New version of EMET is now available
177. Logging Isn't Hard -- Getting Started Is
178. Worm uses built-in DHCP server to spread
179. MS Web Application Configuration Analyzer
180. Police: Man stole nude photos from hacked e-mail accounts
181. vCash
182. 8 security considerations for IPv6 deployment
183. So
184. Apple iOS: Why it's the most secure OS
185. Chinese army: We really need to get into cyber warfare
186. Looks Like It

[paulda@Pauls-MacBook-Pro:~/Downloads]$ awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(8\).csv | sed -e 's/\"//g' > 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vi !$ vi 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vim 278.txt

1. Security Advisory: Vulnerabilities in D-Link DAP 1150 - security vulnerabilities database - Same old song and dance, many

model D-Link routers have issues such as default passwords, CSRF, and suffer from brute force attacks. The thing that scares me the most is that people are running t hese things and have no clue that they are vulnerable. Until such time, as I don't know, maybe never, or maybe when their bank account is empty and they are left won dering why. ADSL routers are the scariest, because whose job is it to update the firmware? The provider, who is already losing money, or at least cost cutting, and t he first thing to go is security. Sorry, no shiny rainbows at the end of this story.

1. PHP Vulnerability Hunter v.1.2.0.1 Released - I could write this very easily in the form of a script that detects if you are running PHP, and returns "Yes, you are vulnerable" if you are. On the flip side, this is a neat little tool to mess around with as PHP applications are notorious for having issues, so running a specialized little fuzzer against them may be worth your while.
2. Avi Rubin: All Your Devices Can Be Hacked - Just an FYI, we prevent computers from being stolen, and stop pe

ople from getting viruses from your computers.

1. Twitter Enables HTTPS By Default At Last - Uhm, a little late no? We've been

saying it for years, SSL IS THE SOLUTION TO ALL YOUR SECURITY PROBLEMS!

1. PSA: Paula Deen - Freaking great post, deep fried cheese filled brownies for everyone! Paula Dean is a great che

f, until it comes out that she has diabetes. Same thing happens in security, your doing X and it seems okay, until it relates to something bad, then someone comes up

with a solution, and everyone gravitates to it. Its a very interesting social aspect of security.

1. Why are we talking philosophy instead of technology? - I disagree with this

article. We don't need more non-technical talks, and we really don't need less of them. What we need is balance. We should have 10% talks be really high level, 10% b e extremely technical, and the remaining 80% should be a balance of technical and non-technical aspects of security.

1. I Want to Detect and Respond to Intruders But I Don't Know Where to Start! - Start wi

th thinking about how an attacker would attack your network, like your web server, then talk about how you would respond. You'd likely need to look at the logs. If y ou aren't collecting them, hey look you have something to do now!

1. The Cloud’s Low-Rent District - The cloud in general is a slum, and Amazon is the slum lord.
2. Continuous patching – is it viable in the enterprise? - I disagree with Raf, we need patches, lots of patches all the time. Its simple, how can someone else (e.g. the vendor) tell you when you should apply a

patch? It makes ZERO sense. Rothman makes more sense in the case.

1. I’ve always wondered how many vulnerable devices - Answer: LOTS.
2. Dumping Cleartext Credentials with Mimikatz - Sweet post!
3. What people think industry analysts do - This is just classic
4. Cisco Zine: Nmap for IOS? No - Neat, a portscanner for Cisco IOS! Uses TCLshell.
5. Employment for security professionals at all-time high - We are in a great field, however now we have a problem, finding talent. So, if you need a job...
6. Android Security Threat From 'Reverse Smudge Engineering' - If you eat lots of pot

ato chips, this could be a security risk! Put the chips away, bitch...

1. Adobe issues Flash Player update
2. The Sudafed Security Trade-Off - Its no secret, people use Sudafed for two reasons: Clearing up

your sinuses when you get a cold (its the only thing that works for me) and cooking Meth. So since people use it to cook Meth, we must "Ban" it and require a persci

prion. If you do the math, this could mean a $1.5 billion dollar bill for the healthcare industry. It goes to show that making something harder to get doesn't always

make it more secure. I think this most closely relates to people using their own cell phones and tablets, the moment you try to ban them, it will just have horrible
reprecussions, like people using them anyway without you knowing. Getting back to cookin' meth, according to the great TV show "Breaking Bad" you can use a differen

t chemical process using "methlymine", which the characters in the show have to steal because you can't walking into any store and just buy it).

1. Been Caught Stealin' - People steal SIM cards out of stuff, like traffic lights.
2. Penetration Tests: Not Getting 'In' Is An Option - I almost want to d

iagree and say you need to define what "getting in" means to your customer, and then attempt to do just that, and then see if they can detect/prevent it, if they do,

move to plan B, C, D, etc... Its all about defining goals, and yea, sometimes its not about getting in.

Larry's (taken over by Darren cause Larry is a slacker) Stories

1. Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
2. iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
3. patch patch patch patch and then patch some more - Yet another Adobe 0day.
4. Insder threats are real - Example that your own employees are your biggest threat.
5. Nortel hacked for years - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.

Jack's Stories