Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 279 for Thursday February 23d, 2012
- John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
- Larry is teaching SEC617: Wireless Ethical Hacking, Penetration Testing and Defenses 5 times this year: vLive!: April 16 - 22, 2012, SANS Cyber Guardian 2012, Baltimore: April 30 - 06, 2012, SANS Toronto 2012, Toronto: May 14 - 20, 2012, Community SANS Ottawa, Ottawa: June 11 - 17, 2012, SANS Sydney 2012, Sydney, AU: November 12 - 18, 2012
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez.
- Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".
- Don't forget to Follow us on Twitter
Interview: Gene Kim
Since 1999, Gene Kim has been studying and benchmarking high performing IT operations and information security organizations. When Kim was the CTO/founder of Tripwire, he wrote the “Visible Ops Handbook,” which codified how these organizations transformed from “good to great,” which has sold over 200K copies to date. Follow him on Twitter at @RealGeneKim
Larry's (taken over by Darren cause Larry is a slacker) Stories
- Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
- iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
- patch patch patch patch and then patch some more - Yet another Adobe 0day.
- Insder threats are real - Example that your own employees are your biggest threat.
- Nortel hacked for years - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.
- Domain seizure This stuff gives me seizures alright. Jotform.com, a business providing hosting for online forms, has been seized by the Secret Service. “They have disabled the DNS without any prior notice or request,” Of course the registrar involved is GoDaddy.
- Privacy, what's that? Retailer Target knew the teenage girl was preggo before her dad did. Hilarity ensues (not really)
- Panic!! Or not. Dennis Fisher has a good, reasoned write up of the RSA key research.
- 0-day exploit middlemen are cowboys, ticking bomb at least according to Christopher Soghoian.