Difference between revisions of "Episode33Script"

From Security Weekly Wiki
Jump to navigationJump to search
m (Text replacement - "psw@pauldotcom.com" to "psw@securityweekly.com")
m (Text replacement - "http://pauldotcom.com" to "http://securityweekly.com")
Line 159: Line 159:
SANS discount code is <pauldotcom>.
SANS discount code is <pauldotcom>.
Thank you for listening, psw@securityweekly.com, http://pauldotcom.com Phone number
Thank you for listening, psw@securityweekly.com, http://securityweekly.com Phone number
Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828
Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828

Revision as of 19:49, 10 October 2014

(15 Seconds of silince)

(Record the Welcome Intro)

(More silence)

Pause for FiT Stinger

Pause for Intro music

Theme Music, Episode 33 for June 22, 2006

"Welcome to Security Weekly, Episode 33 for June 22, 2006"

Via Skype

“Welcome to this edition of Security Weekly, where beer is not just a social lubricant."

"I am your host Larry Pesce, “and our special host Twitchy". "And I am Kevin Devin today's special guest host."

A big thanks to Kevin for filling in for Paul while he is on his honeymoon! Kevin is from the In the Trenches Podcast, and a member of the Friends in Tech Network

No skypecast either!


This episode is sponsored by Syngress Publishing, read a book, learn to hack, and never have to pay for another coke again! When wil lthey start putting beer in a vending machine in the US?

Listen to the question at the end of each show, then go to the pauldotcom blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!

Last weeks winner was Wesley McGrew who stated the correct answer:

(question was from the last episode sweeper what was pauls pgp key, and why was it invalod)

The key is "fc6-47" which is invalid for a few reasons:

1) It's not armored in a BEGIN PGP PUBLIC KEY BLOCK 2) If I'm reading the draft RFC right, the dash character isn't valid in Radix-64 encoding 3) It's not quite long enough ;)

(great job Wesley, you got all 3 reasons!)

Technical junk courtesy of: http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt

Second, I'm the fellow who discovered and posted the technique for modifying U3 USB drives to http://cse.msstate.edu/~rwm8/hackingU3/ and the mentioned-but-nameless-mailing-list :).

Send an email to psw@securityweekly.com, and we'll get you hooked up.

This episode is also sponsored by Core Security Technologies.

Larry: Use Core impact to penetrate your network day and night and not get tired!

Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd it is confiormed, twitchy will be there!


Announcement: Paul got pwn3d. Awesome wedding. I video taped, so, I'll be sire to releas a snippet or two.

Annoucenment: It is official, WRT54 Ultimate Hacking.

Announcement: iTunes comments. Don't let us get spanked - we are currently tied with ITT at 16 total. go vote for everyone else too!

Announcement: iTunes Friends in Tech group. Don't for get the Security Round Table.

Announcement: MartinMcKeay's Network Security podcast #32 features Larry! Go check it out. I tottaly spaced on the WIDS part, and totally forgot KISMET!

On to listener feedback...

Pause for sweeper

Listener Feedback

Jeff writes in:

If you wouldn't mind, Please put voice on both sides of the audio track instead of splitting between the left and right sides. Cool trick but a little annoying with headphones.

Perhaps this was a technical blunder?

Attila-Mihaly Balazs writes in:

Just to drop a quick note: a very interesting site I came across: the museum of broken packets http://lcamtuf.coredump.cx/mobp/

Martin McKeay writes in: I was listening to your latest podcast, and I'm not sure if you were aware of it, but not only is NetMeeting still on your system, Netmeeting Remote Desktop sharing is still listed in the Services and set to manual. It was never removed to the best of my knowledge.

MyQuil writes:

So what's the security/threat model for this situation?


Brett writes in:

Hey Paul, Larry and Twitchy,

I've been listening to your Podcast's now since they started and I find them to be one of the more informative and entertaining security related podcasts.

Anyway as I was listening to the latest one (episode 32) I heard Paul mention he had recently eaten Kangaroo for the first time. Well to put you at ease it's fine to eat, in fact it is becoming more popular here in Australia as a menu item in restaurants. I think that previously some Australians frowned upon the idea of eating Kangaroo as it's one of our national emblems and as far as I'm aware we are the only country that eat one of our national emblems? But it's good to hear that others around the world are getting to experience it. It's also supposed to be hard to cook correctly (without it becoming very tough) so is usually served very rare.

I also just recently noted that SANS are holding training courses in Sydney, Australia in August this year. As being in Australia it's hard to get a company to pay for a Security course, international airfare and accommodation as your looking at around $8k. So now that it's here I may have more hope in getting my work to pay for a course which is still going to cost around $4k. So I wanted to ask you 2 questions.

The first is I'm looking at doing either '504 - Hacker Techniques, Exploits & Incident Handling' or '507 - Auditing Networks, Perimeters & Systems'. I'm a Network Security Engineer so spend most of my time securing the network which involves firewalls, IDS/IPS, router, switch and server security and network auditing. I was wondering which of these courses do you think would be more applicable and more technical as a lot of courses I've attended seem to be aimed at a more basic level than I'd like.

Secondly I'm thinking of moving to another company as my current role has started to become less challenging, given this do you think it's ethical to try and push for a course if I'm possibly not going to stay with the company for much longer?

Thanks and keep up the good work. Looking forward to hearing the new format of the show.

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


Pause for sweeper



Episode33 Show Notes


Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa). What style of Kung Fu does he practice? Bonus: What are his mandarin and cantonese names?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com Phone number Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828