Difference between revisions of "Episode33Script"

From Security Weekly Wiki
Jump to navigationJump to search
Line 17: Line 17:
 
“Welcome to this edition of PaulDotCom Security Weekly, where beer is not just a social lubricant."
 
“Welcome to this edition of PaulDotCom Security Weekly, where beer is not just a social lubricant."
  
"I am your host Larry Pesce, “and our special host Twitchy".  Iand I am today's special guest host Kevin Devin.
+
"I am your host Larry Pesce, “and our special host Twitchy".  "And I am Kevin Devin today's special guest host."
  
A big thanke to Kevin for filling in for Paul while he is on his honeymoon!  Kevin is from the In the Trenches Podcast, and a member of the Friends in Tech Network     
+
A big thanks to Kevin for filling in for Paul while he is on his honeymoon!  Kevin is from the In the Trenches Podcast, and a member of the Friends in Tech Network     
  
 
No skypecast either!  
 
No skypecast either!  
Line 66: Line 66:
 
Annoucenment: It is official,  WRT54 Ultimate Hacking.
 
Annoucenment: It is official,  WRT54 Ultimate Hacking.
  
Announcement: iTunes comments.  Don't let us get spanked.  Everyone is doint real well.
+
Announcement: iTunes comments.  Don't let us get spanked - we are currently tied with ITT at 16 totalgo vote for everyone else too!
  
Announcement: iTunes Friends in Tech group.  Don;t for get the Security Round Table.  
+
Announcement: iTunes Friends in Tech group.  Don't for get the Security Round Table.  
 +
 
 +
Announcement: MartinMcKeay's Network Security podcast #32 features Larry!  Go check it out.  I tottaly spaced on the WIDS part, and totally forgot KISMET!
  
 
On to listener feedback...
 
On to listener feedback...
Line 76: Line 78:
 
== Listener Feedback ==
 
== Listener Feedback ==
 
'''
 
'''
Christian writes in:
+
Jeff writes in:
  
In your last show you mentioned that there has not been a way to break out of a virtual machine. I think this is still the case, however, there is a cool paper out there that utilizes vmware to implement malware: virtual machine monitor rootkits. Once a machine is infected with this sort of malware the following happens:
+
If you wouldn't mind, Please put voice on both sides of the audio track instead of splitting between the left and right sides. Cool trick but a little annoying with headphones.
  
1.      install a virtualization technology
+
Perhaps this was a technical blunder?
2.      move the existing OS into a virtual machine
 
3.      do any wicked evil deeds below the virtual machine on the virtual machine monitor
 
  
The rootkit is very difficult to detect from the now guest host system.
+
----
  
The paper that describes is SubVirt: Implementing malware with virtual machines. Very neat stuff.
+
Attila-Mihaly Balazs writes in:
  
PS: Great show!
+
Just to drop a quick note:
 +
a very interesting site I came across: the museum of broken packets http://lcamtuf.coredump.cx/mobp/
  
PSS: A beer recommendation: Baron Hefeweizen --- it’s a true authentic German Hefeweizen produced in the states… http://www.baronbeer.com/
+
----
 
 
Here a quick follow up --- I guess it is possible to break out of guest os on vm…
 
  
http://www.eweek.com/article2/0,1895,1904647,00.asp
+
Martin McKeay writes in:
 +
I was listening to your latest podcast, and I'm not sure if you were
 +
aware of it, but not only is NetMeeting still on your system,
 +
Netmeeting Remote Desktop sharing is still listed in the Services and
 +
set to manual.  It was never removed to the best of my knowledge.  
  
 
----
 
----
  
Irvine writes in:
+
MyQuil writes:
 
 
I have a couple of questions I'd love to hear your thoughts on during the listener feedback section of your podcast.
 
 
 
1.  Does your contract cover who owns "zero days" you find during a pen test?
 
 
 
2.  What obligation do you think you have to a vender when you have found a "zero day" within their product, during a pen test for a client.
 
 
 
3.  Do you perform your pen tests to a standard and if so which one?
 
  
4.  What are your thoughts on OSSTMM, NSA-IAM, NIST-SP 800-42, etc.
+
So what's the security/threat model for this situation?
  
NOTE: his e-mail is:  imschitti@(domain.com)  Poor guy.
+
http://www.improveverywhere.com/mission_view.php?mission_id=57
  
 
----
 
----
  
Raul writes in:
+
Brett writes in:
  
Hi there,
+
Hey Paul, Larry and Twitchy,
trying to provide some listener feedback to the VMware USB wireless NIC question asked in episode 31:
 
  
The USB wifi sticks can be used in VMware. In fact, it is the only way available nowadays to have a wireless card within a VMware virtual machine. Any other wireless card (PCI, PCMCIA...), when configured in bridge mode, is mapped (due to the VMware hardware abstraction layer) to a generic Ethernet card (without wifi capabilities).
+
I've been listening to your Podcast's now since they started and I find them to be one of the more informative and entertaining security related podcasts.
  
The main issue I'm aware of about using USB wifi NICs in VMware is that none of them (no matter the chipset) can be placed in master mode (both, managed and monitor modes work like a charm).
+
Anyway as I was listening to the latest one (episode 32) I heard Paul mention he had recently eaten Kangaroo for the first time. Well to put you at ease it's fine to eat, in fact it is becoming more popular here in Australia as a menu item in restaurants. I think that previously some Australians frowned upon the idea of eating Kangaroo as it's one of our national emblems and as far as I'm aware we are the only country that eat one of our national emblems? But it's good to hear that others around the world are getting to experience it. It's also supposed to be hard to cook correctly (without it becoming very tough) so is usually served very rare.
  
To sum up, this means you can have the Auditor CD (Backtrack...) running kismet, the aircrack suite or any other wifi hacking tool requiring monitor mode, inside a VMware machine... that's great for demonstration purposes!! ;-)
+
I also just recently noted that SANS are holding training courses in Sydney, Australia in August this year. As being in Australia it's hard to get a company to pay for a Security course, international airfare and accommodation as your looking at around $8k. So now that it's here I may have more hope in getting my work to pay for a course which is still going to cost around $4k. So I wanted to ask you 2 questions.
  
Keep the great show!
+
The first is I'm looking at doing either '504 - Hacker Techniques, Exploits & Incident Handling' or '507 - Auditing Networks, Perimeters & Systems'. I'm a Network Security Engineer so spend most of my time securing the network which involves firewalls, IDS/IPS, router, switch and server security and network auditing. I was wondering which of these courses do you think would be more applicable and more technical as a lot of courses I've attended seem to be aimed at a more basic level than I'd like.
  
 +
Secondly I'm thinking of moving to another company as my current role has started to become less challenging, given this do you think it's ethical to try and push for a course if I'm possibly not going to stay with the company for much longer?
  
 +
Thanks and keep up the good work. Looking forward to hearing the new format of the show.
  
  
Line 146: Line 142:
 
News  
 
News  
  
[[Episode32]] Show Notes
+
[[Episode33]] Show Notes
  
 
'''
 
'''

Revision as of 17:06, 22 June 2006

(15 Seconds of silince)

(Record the Welcome Intro)

(More silence)

FiT Stinger

Theme Music, Episode 33 for June 22, 2006

"Welcome to PaulDotCom Security Weekly, Episode 33 for June 22, 2006"

Via Skype

“Welcome to this edition of PaulDotCom Security Weekly, where beer is not just a social lubricant."

"I am your host Larry Pesce, “and our special host Twitchy". "And I am Kevin Devin today's special guest host."

A big thanks to Kevin for filling in for Paul while he is on his honeymoon! Kevin is from the In the Trenches Podcast, and a member of the Friends in Tech Network

No skypecast either!

Sponsors

This episode is sponsored by Syngress Publishing, read a book, learn to hack, and never have to pay for another coke again! When wil lthey start putting beer in a vending machine in the US?

Listen to the question at the end of each show, then go to the pauldotcom blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!

Last weeks winner was Wesley McGrew who stated the correct answer:

(question was from the last episode sweeper what was pauls pgp key, and why was it invalod)

The key is "fc6-47" which is invalid for a few reasons:

1) It's not armored in a BEGIN PGP PUBLIC KEY BLOCK 2) If I'm reading the draft RFC right, the dash character isn't valid in Radix-64 encoding 3) It's not quite long enough ;)

(great job Wesley, you got all 3 reasons!)

Technical junk courtesy of: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt

Second, I'm the fellow who discovered and posted the technique for modifying U3 USB drives to http://cse.msstate.edu/~rwm8/hackingU3/ and the mentioned-but-nameless-mailing-list :).

Send an email to psw@pauldotcom.com, and we'll get you hooked up.

This episode is also sponsored by Core Security Technologies.

Larry: Use Core impact to penetrate your network day and night and not get tired!

Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd it is confiormed, twitchy will be there!

Announcements

Announcement: Paul got pwn3d. Awesome wedding. I video taped, so, I'll be sire to releas a snippet or two.

Annoucenment: It is official, WRT54 Ultimate Hacking.

Announcement: iTunes comments. Don't let us get spanked - we are currently tied with ITT at 16 total. go vote for everyone else too!

Announcement: iTunes Friends in Tech group. Don't for get the Security Round Table.

Announcement: MartinMcKeay's Network Security podcast #32 features Larry! Go check it out. I tottaly spaced on the WIDS part, and totally forgot KISMET!

On to listener feedback...

Listener Feedback

Jeff writes in:

If you wouldn't mind, Please put voice on both sides of the audio track instead of splitting between the left and right sides. Cool trick but a little annoying with headphones.

Perhaps this was a technical blunder?


Attila-Mihaly Balazs writes in:

Just to drop a quick note: a very interesting site I came across: the museum of broken packets http://lcamtuf.coredump.cx/mobp/


Martin McKeay writes in: I was listening to your latest podcast, and I'm not sure if you were aware of it, but not only is NetMeeting still on your system, Netmeeting Remote Desktop sharing is still listed in the Services and set to manual. It was never removed to the best of my knowledge.


MyQuil writes:

So what's the security/threat model for this situation?

http://www.improveverywhere.com/mission_view.php?mission_id=57


Brett writes in:

Hey Paul, Larry and Twitchy,

I've been listening to your Podcast's now since they started and I find them to be one of the more informative and entertaining security related podcasts.

Anyway as I was listening to the latest one (episode 32) I heard Paul mention he had recently eaten Kangaroo for the first time. Well to put you at ease it's fine to eat, in fact it is becoming more popular here in Australia as a menu item in restaurants. I think that previously some Australians frowned upon the idea of eating Kangaroo as it's one of our national emblems and as far as I'm aware we are the only country that eat one of our national emblems? But it's good to hear that others around the world are getting to experience it. It's also supposed to be hard to cook correctly (without it becoming very tough) so is usually served very rare.

I also just recently noted that SANS are holding training courses in Sydney, Australia in August this year. As being in Australia it's hard to get a company to pay for a Security course, international airfare and accommodation as your looking at around $8k. So now that it's here I may have more hope in getting my work to pay for a course which is still going to cost around $4k. So I wanted to ask you 2 questions.

The first is I'm looking at doing either '504 - Hacker Techniques, Exploits & Incident Handling' or '507 - Auditing Networks, Perimeters & Systems'. I'm a Network Security Engineer so spend most of my time securing the network which involves firewalls, IDS/IPS, router, switch and server security and network auditing. I was wondering which of these courses do you think would be more applicable and more technical as a lot of courses I've attended seem to be aimed at a more basic level than I'd like.

Secondly I'm thinking of moving to another company as my current role has started to become less challenging, given this do you think it's ethical to try and push for a course if I'm possibly not going to stay with the company for much longer?

Thanks and keep up the good work. Looking forward to hearing the new format of the show.


[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...

[MUSIC]


News

News

Episode33 Show Notes

Ending

Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa). What style of Kung Fu does he practice? Bonus: What are his mandarin and cantonese names?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@pauldotcom.com, http://pauldotcom.com Phone number Pauldotcom Security Weekly, PO Box 860, Greenville RI, 02828

<outro>