SecuraBit before it Bytes

SecuraBit Episode 10

(Apologies in advance for the short term ‘wiki’ look of these show notes, the public wiki will be up soon!)

This week Anthony Gartner, Chris Gerling, Chris Mills, Jason Mueller discuss the latest computer security news.  Special guest, Chris Wilson, talks about the increase of traffic on port 808.

Episode 10 - A milestone!

We are all still alive even though the CERN Particle Collider has been started up.

OpenSource Projects, Software, Patches

Obama Sex Video Spam

New SecuraBit VPS! (We have since cancelled and will be moving to something else soon)  

     Linode with CentOS. However, no SELinux available

     For CentOS help go to: #CentOS on irc.freenode.net

Tips for configuring the new server:

     -Disable root login on ssh

     -Good passwords

     -Lock down all unnecessary ports

The Securabit guys started using the CentOS distribution because of its interconnections with Snort

     See InternetSecurityGuru.com for details on how to configure Snort on CentOS

In non-security related news:

     Steve Jobs Apple Special Event “Let’s Rock”

     Apple did update QuicktTime and Bonjour

     Netbooks are everywhere: Even Commodore joins Netbook Crowd

Google Chrome:

     Milworm Chrome Exploit/Vulnerabilities: Six different Exploits/Vulnerabilities to date

     Germany says do not use Google Chrome

Other news:

New Microsoft/Jerry Seinfeld commercial analysis

New Microsoft Mouse

BREAK

Anthony recently had a laptop theft and recommends the following sites to learn how to secure your computer:

     Schneier and portable device security

     Risk of losing portable devices

Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on a VPS

Chris Mills talks about his employer Security Expo where they showed off Rainbow Tables/Ophcrack and Driftnet

BREAK

Special Guest: Chris Wilson

   Port 808 traffic is up over the last 24 hours.
   WinHole Trojan is what was noted as causing this traffic in the past.   
 
icon for podpress  Standard Podcast [49:46m]: Play Now | Play in Popup | Download

Filed in Show Releases by Chris | September 19, 2008 | Comments  

SecuraNibble: Snort Sensor Tutorial

Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS.

I hope this is of use to everyone, it is very very well done!

 
icon for podpress  Podcast Video [37:26m]: Play Now | Play in Popup | Download

Filed in Show Releases by Chris | September 16, 2008 | Comments  

SecuraByte Episode 3

Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group.

Hosts:
Rob Fuller - Mubix

Chris Mills - ChrisAM

Chris Gerling - Hak5Chris

Guests:

Nick Farr - Treasurer HacDC
Mitch Altman - NoiseBridge San Francisco, Hackerspace
Bryce - HacDC

HacDC and Hackerspaces.

What is a Hackerspace?: Physical space where hackers make things, in
person place to do things rather in addition to online.  People can
work on their own projects and collaborate with others.

Mitch has been working on Brain machines.

Tips on how to start a hackerspace:

- Visit a hackerspace

- Document on Hackerspace design patterns (PDF).

- Go to Visit: Hackerspaces.org and email questions about getting started to info@hacdc.org

- Last Hope Talk: Building Hacker Spaces Everywhere: Your Excuses are Invalid - Nick Farr and Friends (MP3).

If I am not a member, can I go: Yes!

Some hackerspaces mentioned:

NY Resistor (New York City)
C-base (Berlin Germany)
The Hacktory (Philadelphia)

Mitch working on SF Space, NoiseBridge
Join the NoiseBridge email list

Intersting Hackerspace projects:

Blinkenlights -

Project Blinkenlights was a light installation in the Haus des Lehrers
building at the Alexanderplatz in Berlin that transformed the building
front into a giant low-resolution monochrome computer screen.

tmplab - Paris, France Hackerspace (French)

Columbia heights Wireless -

The Columbia Heights Wireless Project aims to provide wireless access to
the Internet to HacDC’s neighbors in Columbia Heights. This project, in
three phases, will help test different technologies and methods for
providing this access as well as building local neighborhood IT
infrastructure.

 
icon for podpress  Standard Podcast [46:41m]: Play Now | Play in Popup | Download

Filed in Show Releases by Chris | September 10, 2008 | Comments  

New Season of Hak5!

A new season of Hak5 just began with a bang with Securabit’s own Mubix showing off the open source forensics and intelligence gathering tool Maltego.  Look for future shows featuring both Mubix and Chris Gerling.

Filed in News, Show Releases by edsmiley | September 8, 2008 | Comments  

SecuraBit Episode 9

On this episode of SecuraBit:

Multiboot Security DVD

Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to boot common security distros, all on one medium!
OS Choices:

Make it into a bootable (NTFS formatted) USB stick using Unetbootin

Some distros the Securabit guys would like to see added:

  1. Helix
  2. Intelguardian’s Samurai

RedHat/Fedora OpenSSH Compromises

As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.

The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised

  • Stolen SSH keys are used to gain access to the system
  • After that, rootkit “phalanx2″ is installed and steals more SSH keys
  • Obviously this could be used to install any malware at all

The RHEL offshoot CentOS was not affected by the compromise.

Joomla Vulnerability


Read more »

 
icon for podpress  SecuraBit Episode 9 [01:02:22m]: Play Now | Play in Popup | Download

Filed in Show Releases by Chris | September 4, 2008 | Comments  

« Previous

SecuraBit is powered by Wordpress | WordPress Theme Design | Logo design by Darren Kitchen | Proudly hosted by Divergent Networks