Difference between revisions of "Episode29Script"

From Security Weekly Wiki
Jump to navigationJump to search
m (Text replacement - "pauldotcom blog" to "Security Weekly blog")
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
(15 Seconds of silince)
 
(15 Seconds of silince)
  
(get all the laughter out)
+
Discuss this story for ITT: http://forums.friendsintech.com/viewtopic.php?t=379
 +
 
 +
(15 Seconds of silince)
 +
 
 +
Twitchy to discuss something from the mailing list to do with line mics and some mp3 player
 +
 
 +
(15 Seconds of silince)
  
 
(Record the Welcome Intro)
 
(Record the Welcome Intro)
Line 13: Line 19:
 
'''
 
'''
  
"Welcome to PaulDotCom Security Weekly, Episode 29 for May 26, 2006"
+
"Welcome to Security Weekly, Episode 29 for May 26, 2006"
  
 
From the PSW studios
 
From the PSW studios
  
“Welcome to this edition of PaulDotCom Security Weekly, a show for the listeners, because, well, without you we're just a bunch of guys at a bar drinking beer."
+
“Welcome to this edition of Security Weekly, where beer leads to more interesting hacking and exploiting coversations."
  
 
"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and we've also got our extra special host Twitchy.   
 
"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and we've also got our extra special host Twitchy.   
Line 29: Line 35:
 
This episode is sponsored by Syngress Publishing, its like porn for hackers, crackers, and IT security professionals.
 
This episode is sponsored by Syngress Publishing, its like porn for hackers, crackers, and IT security professionals.
  
Listen to the question at the end of each show, then go to the pauldotcom blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!
+
Listen to the question at the end of each show, then go to the Security Weekly blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!
  
 
Last weeks winner was Kirk who stated the correct answer:
 
Last weeks winner was Kirk who stated the correct answer:
Line 36: Line 42:
  
 
We also liked reids answer of "I mostly just know it as "the current big fucking headache"'
 
We also liked reids answer of "I mostly just know it as "the current big fucking headache"'
 +
 +
The fake question of "What was the name of the first move Jet Li acted in and what year was it produced? Where was it shot?"  A couple of you were close, but not quite.  Paul, what is the answer?
  
 
This episode is also sponsored by Core Security Technologies.  
 
This episode is also sponsored by Core Security Technologies.  
Line 48: Line 56:
 
== Announcements ==
 
== Announcements ==
 
'''
 
'''
 
Announcement: Thank you to all the wonderful folks on #pauldotcom channel on irc - irc.freenode.net, Jon 335, blackdragon both made submissions that we will talk about on the show!  Also, don't forget the forums over at www.friendsintech.com for those who are IRC newbs or IRC-o-phobes.
 
 
Announcement: Send us your feedback on what you would like to see included in a book about hacking wrt54g, put wrt54g in the title.  We may know someone working on a book....
 
  
 
Announcement: Logo and slogan contest is over!  The Logo winner is Kreg Stepe, and the slogan winner is Paul Battista.  Please drop us a note so we can get you your prizes.
 
Announcement: Logo and slogan contest is over!  The Logo winner is Kreg Stepe, and the slogan winner is Paul Battista.  Please drop us a note so we can get you your prizes.
Line 68: Line 72:
 
I Stole Your Password Like I Stole Your Bike
 
I Stole Your Password Like I Stole Your Bike
 
I Hacked your mom
 
I Hacked your mom
 +
 +
Announcement:  OOPS! The WRTSL54GS is the Linksys router with the USB and not the WRT54GS. You made me run to my WRT54GS to look for the USB that I had never seen. Ha ha you got me. Thank you to Jonathan for pointing that out for us!
  
 
On to listener feedback...
 
On to listener feedback...
  
 
'''
 
'''
== Great Idea - UTTechno1 - Listener Feedback==
+
 
 +
== ITT Fart - TMUP PDC Promo - Listener Feedback==
 
'''
 
'''
James writes in:
+
Bob writes in: (HOLY SHIT - Its Bob!)
  
I was just thinking...yeh I know, I shouldn't strain myself ;-)
+
I am a big fan of your show and have been listening for awhile. I am a junior at a high school in CA, awhile back I found a vulnerability in one of our schools servers, I alerted the proper people and they said they would fix the issue, which is the configuration of php on the server. They disabled php for awhile promising to fix the problem and have recently put that back online, without the problem being fixed. A friend and I were messing around with it today and it has become apparent that I only skimmed the surface of what was vulnerable, in short we now essentially "own" the server. Though I know that I should probably tell them that the vulnerability still exists and what it is possible to do with it. This means I would have to tell them that my friend and I were able to potentially access student grades along with many other things that they wouldn't want a student to have access to. Since we didn't have permission I don't think that they (the school technology dept.) or the administration would be very happy with us and they have pressed charges against students for "hacking" their school issued laptops with the admin password taped on the bottom. It seems that letting someone know about a vulnerability is just as bad and exploiting it now. I on the other hand want to let the school know how bad the security protecting grades, user and teacher files is... if you know what I mean ; )  
  
You guys talk ALOT about pen testing how about some content about the business of pen testing?
+
----
Like
 
1. what skills would a prospective pen tester need to acquire?
 
2. how do you price a pen test engagement...I'm thinking most of these gigs fall in the
 
25k to 50k range...but I may be totally full of it.
 
3. how do you promote or advertise your business?
 
4. advertisement/business development issues?
 
5. Yeh core impact is great but how do you pass that cost along to your customers?
 
etc etc
 
talk amongst yourselves ;-)
 
  
----
+
Jim writes in:
  
Mike Writes in:
+
Really enjoy your podcast, you have very useful info between the Story times (which are great) and other stuff that make my commute shorter.
  
First, a bit of what I hope is constructive criticism.  I listened to a
+
I wanted to run this past the experts to see if I'm not totally off the wallFirst I run an open access point and it's connected inside my routerSo when you connect you are on a 192.168.x.x network, as Twichy would say "Bad Bad ! .... Oh popcorn....".  But here is the situation we are in the middle of a 200 acre farm, the nearest house is 1/2 mile away (it's a relative). Then to the rear of the farm is a steel mill and running through the place is a small two lane road where if any one stopped for a time it would be like a bug on a plate.
couple of podcasts "on the speakers" once, and my wife listened to a bit
 
tooShe now calls you guys the college guys (as in, I say "I was
 
listening to the college guys podcast," and she knows what I mean)I
 
don't want to criticize your style, because I like it, but while I
 
realize you tend to have a wobbly pop or three while doing the 'cast,
 
and beer makes one belch, and Larry (I think it's you, Larry) produces
 
some fine ones... I don't think listeners necessarily need to hear that.
 
I'll keep listening, but you may want to consider muting your mic.
 
  
[Why do people get so offended with the belching?]
+
The internal network is all Mac's with file sharing enabled, one machine is running Apache and that's it.  My AP only can do WEP (it's an old Airport) and is in the basement of the house.  Doing a walk around with a Toilet seat type iBook (which is a pretty sensitive) I can get about 50 feet from the house and still have usable signal.  It's about 100 yards to the road.
  
<a whole bunch more stuff followed, mostly for twitchy, and included everything from what operating system planes run, to C vs Java, to the open wireless question, to Stephen Harper's alleged kitten eating, to are honeypots entrapment?,  to OS X vs open source, to drive encryption>
+
Anyway my feeling is if anyone accesses the network they have to walk into my land or sit on the road with a 13db yagi hanging out the window.  The first case is handled with a shotgun and the second as I said is pretty obvious.
  
[Whew, none of which I really care to discuss on the show because they are not so much security related and more a religious or politcal debate which we are happy to discuss in email or in the IRC channel but not bore the listeners with, its just not what this podcast is about.]
+
I know this is pretty fragile security but out here in the boonies do you think it can work ? Oh yea, we are at the end of the power line, cable doesn't come here but DSL does, so we have DSL but pulse dial.
  
 
----
 
----
 +
Chuck writes in:
  
Tom writes in:
+
I've been listening to your show for awhile now. I love it!!! I am what you would call an advanced novice by your standards. I know my way around a PC pretty well. I am curious about wireless security ( isn't that an oxymoron? ). I know that wep is broken, mac filtering can be spoofed, ssid is good enough for the honest people.  That leaves wap.  I know that it is vulnerable off site brute force attacksMy question is this?  How secure would my network be with the following password?
 
+
rv34HJiJmuyN31vvqk6GB9Ue059gUH6nb2KegNtqcfQDwNjyn2CUNMRIepuGU
Paul, Larry, Twitch, The Mason
+
Now this is not my password it is just one the i created as an example.  My plan is to store several of these passwords on a thumb drive and then just use them as neededHow secure would this be?
   
 
THe Best Buy loacted at 825 Pilgrim Way, Green Bay, WI 54303 - Phone number 920-494-2950 employs Chad Davis (http://www.justice.gov/criminal/cybercrime/davis.htm ) the "Global Hell" Hacker.  
 
   
 
I have a friend who also works at the store and has told me stories about what the guy says he doesFirst thought is -how would you like this guy sent to your home to work on your computer - second thought is - how would you like this guy to take your credit card at the store - third thought is - what the hell is Best Buy doing for a hiring policy.
 
   
 
Great show,
 
 
Tom
 
  
 
----
 
----
  
Christian writes in:
+
James writes in:
  
Do you guys know a way to locate and identify servers on the web without scanning? I am looking for publicly accessible databases or search engine queries, that, for example, list all publicly accessible dns servers….
+
(says thanks for the pen testing responses from last week, your most welcome!  We expect a 10% cut of all your profits :)
 
[we do, but if we told you, we'd have to send ninjas to kill you]
 
  
----
+
I have on nit to pick though.
 +
You reported that Apple had closed the Intel Darwin source code to their kernel. This is a second hand story that has not been officially confirmed by Apple. It's a second hand story reported in Slashdot that MAY be true but hasn't been confirmed yet. All that's happened is that Apple is late in posting the source code. Given the fact that Intel based machines are a really new thing for them, maybe we can cut them a bit of slack here.
 +
Guys...you gotta take what you read in slashdot with a grain of salt (maybe a boulder of salt).
 +
When(if) it is confirmed ---well then I will join you in a rant or howl a the moon. In the meantime maybe we should wait and see ok?
  
 
'''
 
'''
Line 139: Line 123:
  
 
Twitchy tells us a hacking story about something...
 
Twitchy tells us a hacking story about something...
 
Paul also has a story about Best Buy!
 
  
 
[MUSIC]
 
[MUSIC]
 
  
  
 
'''
 
'''
==  Billy's Browser - Johnny Long Sweeper - News ==
+
==  PDC Wedding Vows - Amazing Fecal Matter - News ==
 
'''
 
'''
  
 
News  
 
News  
  
[[Episode28]] Show Notes
+
[[Episode29]] Show Notes
  
 
'''
 
'''
== George Class Promo ==
+
== Josh Sweeper ==
 
'''
 
'''
  
Syngress question of the week: What was the name of the first move Jet Li acted in and what year was it producedWhere was it shot?
+
Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa).  What style of Kung Fu does he practiceBonus:  What are his mandarin and cantonese names?
  
 
Core discount code impactbsg
 
Core discount code impactbsg
Line 164: Line 145:
 
SANS discount code is <pauldotcom>.
 
SANS discount code is <pauldotcom>.
  
Thank you for listening, psw@pauldotcom.com, http://pauldotcom.com Phone number
+
Thank you for listening, psw@securityweekly.com, http://securityweekly.com Phone number
Pauldotcom Security Weekly, PO Box 860, Greenville RI, 02828
+
Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828
  
 
<outro>
 
<outro>

Latest revision as of 00:18, 11 October 2014

(15 Seconds of silince)

Discuss this story for ITT: http://forums.friendsintech.com/viewtopic.php?t=379

(15 Seconds of silince)

Twitchy to discuss something from the mailing list to do with line mics and some mp3 player

(15 Seconds of silince)

(Record the Welcome Intro)

(More silence)

FiT Stinger

Theme Music, Episode 29 for May 26, 2006

"Welcome to Security Weekly, Episode 29 for May 26, 2006"

From the PSW studios

“Welcome to this edition of Security Weekly, where beer leads to more interesting hacking and exploiting coversations."

"I am your host Paul Asadoorian, “and I’m your co-host Larry Pesce" and we've also got our extra special host Twitchy.

Hello to all of our live audience listeners via Skypecast!

Sponsors

This episode is sponsored by Syngress Publishing, its like porn for hackers, crackers, and IT security professionals.

Listen to the question at the end of each show, then go to the Security Weekly blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!

Last weeks winner was Kirk who stated the correct answer:

"MGCP was defined in RFCs 2705 & 3435. It is also know as H.248 and Megaco via http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci817224,00.html"

We also liked reids answer of "I mostly just know it as "the current big fucking headache"'

The fake question of "What was the name of the first move Jet Li acted in and what year was it produced? Where was it shot?" A couple of you were close, but not quite. Paul, what is the answer?

This episode is also sponsored by Core Security Technologies.

Larry: Use Core impact to penetrate your network day and night and not get tired!

Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd twitchy will be there!

Announcements

Announcement: Logo and slogan contest is over! The Logo winner is Kreg Stepe, and the slogan winner is Paul Battista. Please drop us a note so we can get you your prizes.

Kreg's logo will be in the blogg entry, adn album art.

Paul's slogans included:

We Ain't Sniffing Panties Well We Ain't Sniffing Panties Because Sniffing Packets is Better then Sniffing Panties Security Over a Beer Cyber Ninjas at Work Digital Ninjas in Training We Steal Passwords like its your bike I Stole Your Password Like I Stole Your Bike I Hacked your mom

Announcement: OOPS! The WRTSL54GS is the Linksys router with the USB and not the WRT54GS. You made me run to my WRT54GS to look for the USB that I had never seen. Ha ha you got me. Thank you to Jonathan for pointing that out for us!

On to listener feedback...

ITT Fart - TMUP PDC Promo - Listener Feedback

Bob writes in: (HOLY SHIT - Its Bob!)

I am a big fan of your show and have been listening for awhile. I am a junior at a high school in CA, awhile back I found a vulnerability in one of our schools servers, I alerted the proper people and they said they would fix the issue, which is the configuration of php on the server. They disabled php for awhile promising to fix the problem and have recently put that back online, without the problem being fixed. A friend and I were messing around with it today and it has become apparent that I only skimmed the surface of what was vulnerable, in short we now essentially "own" the server. Though I know that I should probably tell them that the vulnerability still exists and what it is possible to do with it. This means I would have to tell them that my friend and I were able to potentially access student grades along with many other things that they wouldn't want a student to have access to. Since we didn't have permission I don't think that they (the school technology dept.) or the administration would be very happy with us and they have pressed charges against students for "hacking" their school issued laptops with the admin password taped on the bottom. It seems that letting someone know about a vulnerability is just as bad and exploiting it now. I on the other hand want to let the school know how bad the security protecting grades, user and teacher files is... if you know what I mean ; )


Jim writes in:

Really enjoy your podcast, you have very useful info between the Story times (which are great) and other stuff that make my commute shorter.

I wanted to run this past the experts to see if I'm not totally off the wall. First I run an open access point and it's connected inside my router. So when you connect you are on a 192.168.x.x network, as Twichy would say "Bad Bad ! .... Oh popcorn....". But here is the situation we are in the middle of a 200 acre farm, the nearest house is 1/2 mile away (it's a relative). Then to the rear of the farm is a steel mill and running through the place is a small two lane road where if any one stopped for a time it would be like a bug on a plate.

The internal network is all Mac's with file sharing enabled, one machine is running Apache and that's it. My AP only can do WEP (it's an old Airport) and is in the basement of the house. Doing a walk around with a Toilet seat type iBook (which is a pretty sensitive) I can get about 50 feet from the house and still have usable signal. It's about 100 yards to the road.

Anyway my feeling is if anyone accesses the network they have to walk into my land or sit on the road with a 13db yagi hanging out the window. The first case is handled with a shotgun and the second as I said is pretty obvious.

I know this is pretty fragile security but out here in the boonies do you think it can work ? Oh yea, we are at the end of the power line, cable doesn't come here but DSL does, so we have DSL but pulse dial.


Chuck writes in:

I've been listening to your show for awhile now. I love it!!! I am what you would call an advanced novice by your standards. I know my way around a PC pretty well. I am curious about wireless security ( isn't that an oxymoron? ). I know that wep is broken, mac filtering can be spoofed, ssid is good enough for the honest people. That leaves wap. I know that it is vulnerable off site brute force attacks. My question is this? How secure would my network be with the following password? rv34HJiJmuyN31vvqk6GB9Ue059gUH6nb2KegNtqcfQDwNjyn2CUNMRIepuGU Now this is not my password it is just one the i created as an example. My plan is to store several of these passwords on a thumb drive and then just use them as needed. How secure would this be?


James writes in:

(says thanks for the pen testing responses from last week, your most welcome! We expect a 10% cut of all your profits :)

I have on nit to pick though. You reported that Apple had closed the Intel Darwin source code to their kernel. This is a second hand story that has not been officially confirmed by Apple. It's a second hand story reported in Slashdot that MAY be true but hasn't been confirmed yet. All that's happened is that Apple is late in posting the source code. Given the fact that Intel based machines are a really new thing for them, maybe we can cut them a bit of slack here. Guys...you gotta take what you read in slashdot with a grain of salt (maybe a boulder of salt). When(if) it is confirmed ---well then I will join you in a rant or howl a the moon. In the meantime maybe we should wait and see ok?

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...

[MUSIC]


PDC Wedding Vows - Amazing Fecal Matter - News

News

Episode29 Show Notes

Josh Sweeper

Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa). What style of Kung Fu does he practice? Bonus: What are his mandarin and cantonese names?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com Phone number Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828

<outro>