From Security Weekly Wiki
Jump to navigationJump to search

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 278 for Thursday February 16th, 2012

  • John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

Interview: Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001, and is a world-renowned expert in Web security. He's a founder of the Web Application Security Consortium (WASC), and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Follow him on Twitter at @jeremiahg


Four years and 4,000 websites video, slides

  1. Tell us about the "Top Ten Web Hacking Techniques of 2011" survey
  2. There is always a lot of discussion about the value of certifications in infosec, but the Certified Application Security Specialist credential has retained its cachet. As one of the founders, what lessons can you share with other certification bodies such as (ISC)2 and ISACA in their attempts to remain relevant?


Paul's Stories

  1. Easy Directory Traversal with Burp
  2. Some IDS comments
  3. Standing Desk 2.0
  4. Infosec: Where’s our “Long Tail”?
  5. The Toughest Question in Digital Security
  6. Forcing Flash to Play in the Sandbox
  7. It all started with a Pillow Fight….
  8. I’m Sorry I Called Your Baby Ugly … But It Is
  9. Red Hat Network Satellite Server spacewalk-backend Remote and Local Password Disclosure
  10. Trustwave admits issuing man-in-the-middle digital certificate
  11. Top 10 pirated movies in the world (infographic)
  12. Keeping up with the hackers (chart)
  13. How Many Monitors Is Too Many?
  14. Caffeine fix? Now you can literally inhale it.
  15. Don’t Stick That in There – HID (Human Interface Device)
  16. [webapps - OSCommerce v3.0.2 - Persistent Cross Site Vulnerability]
  17. Android and Security - Official Google Mobile Blog
  18. FBI Conference Call Tapped By Antisec
  19. Sophos 2012 Security Threat Report
  20. Two Approaches to Managing Mobile Devices
  21. Microsoft Internet Explorer 'Forced Tweet' Cross Domain
  22. Remotely start your car using an Arduino
  23. Apple revises Snow Leopard security update
  24. 'Psycho Siri': Scariest Siri parody yet? | Crave - CNET
  25. Job-seeking Marriott hacker gets 30 months' porridge
  26. Satellite phone encryption cracked - Telegraph
  27. PHP 5.3.10 fixes critical remote code execution vulnerability
  28. Boardroom Spying for Fun and Profit
  29. When will wearables be wearable?
  30. Why I Love Routerpwn? Simplicity!
  31. 10 SharePoint Security Mistakes You Probably Make
  32. Basics of embedded firewalls - Exploding the myths
  33. Firewalls and SSL: More Profitable than Facebook
  34. Apple and Apache security fixes and releases
  35. Who’s Behind the World’s Largest Spam Botnet?
  36. SocialShield Releases the Top Social Networking Terms Kids Don’t Want Their Parents To Know
  37. Island Hopping the SpiderLabs Way
  38. VeriSign Breached
  39. Hacker extracts RFID credit card details
  40. HTC Android phones expose Wi-Fi passwords to apps
  41. Critical PHP vulnerability being fixed
  42. Opera < 11.61 Multiple Vulnerabilities
  43. Google Chrome < 16.0.912.77 Multiple Vulnerabilities
  44. OpenSSL 0.9.8s DTLS Denial of Service
  45. McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution
  46. WebSphere MQ Client < / Buffer Overflow
  47. WebSphere MQ Server < / Buffer Overflow
  48. HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
  49. HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
  50. HP Managed Printing Administration Detection
  51. New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
  52. Cisco Security Appliances at risk from Telnet bug
  53. Symantec publishes pcAnywhere security recommendations
  54. Why Your Company Needs To Hack Itself
  55. Hacking Seen as Rising Risk With Car Electronics
  56. When Antivirus Firms Can't Tell They've Been Hacked
  57. Students busted for hacking computers
  58. Feds say Megaupload user content could be deleted this week
  59. Warnings About Windows Exploit
  60. Shmoocon Demo Shows Easy
  61. Rootkit has rhythm
  62. Iran To Execute Programmer
  63. toolsmith: Security Onion
  64. T-Mobile reused staff passwords
  65. Using False Alarms to Disable Security
  66. Why should senior management be involved in security decisions?
  67. Rising Network Insecurity… and the Need to Re-examine Security Fundamentals
  68. Understanding collisions and duplex in wireless
  69. Microsoft Anti-XSS Library Bypass (MS12-007)
  70. Why more APs aren’t always better
  71. Basic Setup of Security-Onion: Snort
  72. How To Run Penetration Tests From The Amazon Cloud - Without Getting Into Trouble
  73. What the heck is SOPA?
  74. Top 10 Trends In Information Security
  75. I Left My Data In El Segundo - Dark Reading
  76. Reflection Scan: an Off-Path Attack on TCP
  77. Symantec admits to more exposed code
  78. Dusseldorf airport closes security holes
  79. Cisco IP Video Phone E20 Default Account Lets Remote Users Obtain Root Access
  80. Into the cloud -- securely
  81. Fundamental Oracle flaw revealed
  82. Secunia sets six-month deadline for vulnerability disclosures
  83. Custom Wineador™ Creations - Home
  84. Five Principles To Better Your Security Monitoring
  85. Wireshark 1.4.x and 1.6.x updates close security holes
  86. PHP 5.3.9 released with hash DoS fix
  87. Recovering a Hacked Gmail Account
  88. 10 years of breach
  89. Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
  90. PRC Targeting DoD Smart Cards
  91. Time to check your DNS settings?
  92. Windows Live may be a vulnerability for Xbox Live users
  93. Zappos Says Hackers Accessed 24 Million Customers' Account Details
  94. ACROS Security Blog: Is Your Online Bank Vulnerable To Currency Rounding Attacks?
  95. Flying the Fraudster Skies
  96. How Come My Blog/Podcast Wasnt Nominated?
  97. Best Book Bejtlich Read in 2011
  98. An example of likejacking (Facebook clickjacking)
  99. Google Renews Push Into China
  100. [Honeypot Alert Extensive ‘setup.php Scanning Detected]
  101. Show me your SSID’s
  102. How a Baptist pastor in Florida became the go-to IT guy
  103. Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm
  104. Apple
  105. Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on
  106. When Someone Else's Insider is Your Threat
  107. The inconvenient truth about passwords
  108. Oracle: Firewalls Against SQL Injection Are a Good Idea After All
  109. Why Security Does Not Concern Generation Y
  110. Microsoft denies Xbox Live security breach
  111. Smart meter SSL screw-up exposes punters' TV habits
  112. HP sneaks out printer firebomb firmware security fix
  113. Apple patent stashes passwords in chargers
  114. Paul Ryan turns against SOPA following a Reddit-based attack
  115. Adobe to release zero-day fixes for Reader and Acrobat
  116. Microsoft finally vanquishes the BEAST-related bug
  117. Microsoft releases MS11-100 for Security Advisory 2659883
  118. WPS Security on Wireless Access Points pwn3d: VIDEO
  119. When to Give Your Girlfriend Your Password
  120. Hacking group releases more Stratfor subscriber data - Computerworld
  121. The Most Influential Voices in Security
  122. Patator – Multi Purpose Brute Forcing Tool
  123. Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
  124. Hacking Google for Fun and Profit
  125. Is Code Quality Seasonal?
  126. The Siemens SIMATIC Remote
  127. Password Improvements Coming To Windows 8
  128. Reversing Industrial firmware for fun and backdoors I
  129. Not 0wning That ColdFusion Server but Helping...
  130. Splunk Remote Root Exploit
  131. A look back at 2011’s security landscape
  132. Ettercap updated after more than seven years.
  133. PuTTY Stored Plaintext Passwords in Memory After Authentication
  134. DARPA Shredder Challenge
  135. Path of Least Resistance : FishNet Security
  136. VLAN Hacking |  InfoSec Institute – IT Training and Information Security Resources
  137. Prepping for 2012: 3 Tips When Speaking to the Board of Directors
  138. Metasploit Pentest Plugin Part 1
  139. Top 5 mobile phone security threats in 2012
  140. VPN An Oft-Forgotten Attack Vector
  141. Microsoft gets silent upgrade religion
  142. Feds cuff KISS rock star's DDoS suspect
  143. Backdoors in industrial control systems
  144. Can Security Teams And DBAs Play Nicely?
  145. Study: Chrome the most secure browser
  146. Dumbest Camera Ban Ever
  147. BonkersWorld: Backwards Compatibility
  148. Shamir’s predictions of the future
  149. Two Bets on 2012
  150. 8 Out of 10 Software Apps Fail Security Test
  151. MS11-080 - A Voyage into Ring Zero
  152. Two zero-day vulnerabilities found in Flash Player
  153. The security threat Stephen King warned us about?
  154. Chief Hava's Top Cigars of 2011 (Honorable Mentions)
  155. Cigar Tip: Give the Gift of Cigars this Christmas
  156. Security Advisory: [security bulletin HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders]
  157. nCircle Patterns Blog: Which Half of Your Business Are You Protecting?
  158. HP Faces Class Action Lawsuit Over Printer Software Vulnerability
  159. Facebook glitch gave access to other users' private pictures
  160. Download.com apologises for bundling
  161. Staff to be banned from sending emails - Telegraph
  162. Carnal0wnage & Attack Research Blog: Embeding A Link To A Network Share In A Word Doc
  163. Hacking On A Dime: “Hacking” Printers - PJL Basics
  164. Top 5 Security Influencers
  165. sslyze – Fast and Full-Featured SSL Configuration Scanner
  166. 3 Common Ways Security Fails People
  167. How being Green Makes You Stink at Security: Print Bigger
  168. Aggressive Mode VPN — IKE-Scan
  169. Justin Bieber stabbed by a crazed fan? It’s a Facebook scam
  170. Week 48 In Review
  171. REVIEW: My Father El Hijo
  172. Paul Garmirian Gourmet Series Corona Grande | Atlantic Cigar Company
  173. Detecting New Hardware by Ethernet Address
  174. Security Advisory: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - security vulnerabilities database
  175. New version of EMET is now available
  176. Logging Isn't Hard -- Getting Started Is
  177. Worm uses built-in DHCP server to spread
  178. MS Web Application Configuration Analyzer
  179. Police: Man stole nude photos from hacked e-mail accounts
  180. vCash
  181. 8 security considerations for IPv6 deployment
  182. So
  183. Apple iOS: Why it's the most secure OS
  184. Chinese army: We really need to get into cyber warfare
  185. Looks Like It

[paulda@Pauls-MacBook-Pro:~/Downloads]$ awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(8\).csv | sed -e 's/\"//g' > 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vi !$ vi 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vim 278.txt

  1. Security Advisory: Vulnerabilities in D-Link DAP 1150 - security vulnerabilities database - Same old song and dance, many

model D-Link routers have issues such as default passwords, CSRF, and suffer from brute force attacks. The thing that scares me the most is that people are running t hese things and have no clue that they are vulnerable. Until such time, as I don't know, maybe never, or maybe when their bank account is empty and they are left won dering why. ADSL routers are the scariest, because whose job is it to update the firmware? The provider, who is already losing money, or at least cost cutting, and t he first thing to go is security. Sorry, no shiny rainbows at the end of this story.

  1. PHP Vulnerability Hunter v. Released - I could write this very easily in the form of a script that detects if you are running PHP, and returns "Yes, you are vulnerable" if you are. On the flip side, this is a neat little tool to mess around with as PHP applications are notorious for having issues, so running a specialized little fuzzer against them may be worth your while.
  2. Avi Rubin: All Your Devices Can Be Hacked - Just an FYI, we prevent computers from being stolen, and stop pe

ople from getting viruses from your computers.

  1. Twitter Enables HTTPS By Default At Last - Uhm, a little late no? We've been
  1. PSA: Paula Deen - Freaking great post, deep fried cheese filled brownies for everyone! Paula Dean is a great che

f, until it comes out that she has diabetes. Same thing happens in security, your doing X and it seems okay, until it relates to something bad, then someone comes up

with a solution, and everyone gravitates to it. Its a very interesting social aspect of security.
  1. Why are we talking philosophy instead of technology? - I disagree with this

article. We don't need more non-technical talks, and we really don't need less of them. What we need is balance. We should have 10% talks be really high level, 10% b e extremely technical, and the remaining 80% should be a balance of technical and non-technical aspects of security.

  1. I Want to Detect and Respond to Intruders But I Don't Know Where to Start! - Start wi

th thinking about how an attacker would attack your network, like your web server, then talk about how you would respond. You'd likely need to look at the logs. If y ou aren't collecting them, hey look you have something to do now!

  1. The Cloud’s Low-Rent District - The cloud in general is a slum, and Amazon is the slum lord.
  2. Continuous patching – is it viable in the enterprise? - I disagree with Raf, we need patches, lots of patches all the time. Its simple, how can someone else (e.g. the vendor) tell you when you should apply a
patch? It makes ZERO sense. Rothman makes more sense in the case.
  1. I’ve always wondered how many vulnerable devices - Answer: LOTS.
  2. Dumping Cleartext Credentials with Mimikatz - Sweet post!
  3. What people think industry analysts do - This is just classic
  4. Cisco Zine: Nmap for IOS? No - Neat, a portscanner for Cisco IOS! Uses TCLshell.
  5. Employment for security professionals at all-time high - We are in a great field, however now we have a problem, finding talent. So, if you need a job...
  6. Android Security Threat From 'Reverse Smudge Engineering' - If you eat lots of pot

ato chips, this could be a security risk! Put the chips away, bitch...

  1. Adobe issues Flash Player update
  2. The Sudafed Security Trade-Off - Its no secret, people use Sudafed for two reasons: Clearing up
your sinuses when you get a cold (its the only thing that works for me) and cooking Meth. So since people use it to cook Meth, we must "Ban" it and require a persci

prion. If you do the math, this could mean a $1.5 billion dollar bill for the healthcare industry. It goes to show that making something harder to get doesn't always

make it more secure. I think this most closely relates to people using their own cell phones and tablets, the moment you try to ban them, it will just have horrible
reprecussions, like people using them anyway without you knowing. Getting back to cookin' meth, according to the great TV show "Breaking Bad" you can use a differen

t chemical process using "methlymine", which the characters in the show have to steal because you can't walking into any store and just buy it).

  1. Been Caught Stealin' - People steal SIM cards out of stuff, like traffic lights.
  2. Penetration Tests: Not Getting 'In' Is An Option - I almost want to d

iagree and say you need to define what "getting in" means to your customer, and then attempt to do just that, and then see if they can detect/prevent it, if they do,

move to plan B, C, D, etc... Its all about defining goals, and yea, sometimes its not about getting in.

Larry's (taken over by Darren cause Larry is a slacker) Stories

  1. Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
  2. iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
  3. patch patch patch patch and then patch some more - Yet another Adobe 0day.
  4. Insder threats are real - Example that your own employees are your biggest threat.
  5. Nortel hacked for years - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.

Jack's Stories