[ MP3 pt1]
PaulDotCom Security Weekly - Episode 347 for Thursday October 3rd, 2013
- Episode 350 of PaulDotCom will be recorded and streamed live on October 25, 2013. We are looking for submissions for technical segments, send them to psw -at - pauldotcom.com and we will pick the best ones to be featured on the show. We are looking for panel guests as well! Support our chosen charity: Wings For Warriors. This will be an all day event!
- We've released a book on Offensive Countermeasures! Visit tinyurl.com/OCM-Amazon to add this to your summer reading list.
- We are looking for sponsors for our weekly webcasts and shows. Contact paul -at- hacknaked.tv for details!
- The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 9:00PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
Guest Interview: Jaime "WiK" Filson
Jaime enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village.
- Three words to describe yourself
- If you were a serial killer, what would be our weapon of choice?
- In a game of ass grabby-grabby do you prefer to go first or second?
- If you wrote a book about yourself, what would the title be?
- Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?
Technical Segment with Jared DeMott
Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.
- Derbycon 3.0 Videos Tracks 1 & 2
- Barclays Bank Branch Bugged In £1.3m Breach
- Exploit Disclosure
- Facebook Pushes Passwords One Step Closer to Death
- Yahoo abandons T-shirt rewards for vulnerability information
- iPhone Fingerprint Scanner Hacked; Should You Care? - Forbes
- Researchers Unite To #ScanAllTheThings
- [http://www.wired.com/wiredenterprise/2013/10/arduinolab/ Thirteen-Year-Olds Hack Their Way Into Space
==Jack's Tales of Happiness and Sunshine http://www.bostonglobe.com/opinion/2013/10/02/wanted-strong-hacker-community/b7RVsgnKS6kZr8LcBHk1PP/story.html?s_campaign=sm_tw http://securityaffairs.co/wordpress/18251/digital-id/proxy-sh-can-trust-vpn-provider-maybe.html https://resources.enablesecurity.com/advisories/juniper-vpn-ssl-domxss.txt http://support.microsoft.com/kb/2808679
- Silk Road, busted - [Larry] - This is a link to the filed criminal complaint which outlines the methods in which the agents used to tie The Dread Pirate Roberts to a specific person running the site. Some was not to get busted? 1.) Don't connect to the hosting server over a VPN, not tunneled through TOR. 2.) Don't use your real name and e-mail address at StackOverflow asking for help with tor hidden services, using code similar to that found running on the silk road. 3.) Don't have fake IDs sent to your home address 4.)…
- Yahoo bug bounty program! - [Larry] - YAY, on the bandwagon! This should be good, right? Uhhh, so the bounty offered to some researchers who found XSS was a whopping $12.50 each, and the payment was only redeemable at that Yahoo Corporate store which only sells yahoo branded merchandise. Um, Yahoo, that word "bounty" does not mean what you think it means.
- TouchID thwarted - [Larry] - and it inly took about a week for the phone to be out to have it hacked. That said, it was fairly complicated and was more than just the gummy bear attack…
- Making open hotspots safer, WiFi Alliance style - [Larry] - Hotspot 2.0 will allegedly put customers at ease because the connections are secure and the communication is encrypted. "Also, users should no longer have to search for and choose a network, request the connection to the access point each time and then in many cases re-enter their password. All that can be handled by Passpoint-compatible devices" hmmm. Looks like it is using some additional global SSIDs and some standard and new EAP types.
-  - [Larry] - New drones with F-16s. Paging Daniel Suarez..