SecuraBit

Before It Bytes!

SecuraBit Episode 49: ConFoo.ca!

SecuraBit Episode 49:  ConFoo.ca!

Podcasters Meetup – http://www.podcastersmeetup.com/
ShmooCon – Saturday Evening @ 8PM

SANS Discount Code SB508 – Free GCFA attempt when using this link.

Philippe Gamache:
Day job is focused on secure programing, developer training and code audit.
About ConFoo.ca:
-New conference about web technology
-PHP Quebec Conference offshoot
-Get all the user groups in the Monteral area together to share information
-8 Separate tracks at the time

ShmooCon FireTalks

Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/

Hosts:
Anthony Gartner  @anthonygartner
Christopher Mills @thechrisam
Chris Gerling  @chrisgerling
Nicholas Berthaume – @aricon
Andrew Borel @andrew_secbit

Guests:
Philippe Gamache – ConFoo.ca – @SecureSymfony

Chat with us on IRC at irc.freenode.net #securabit

Links:
ConFoo.ca – http://www.confoo.ca/en

SecuraBit Episode 48: Shmoocon (The Big Cheese) and PhoneFactor!

Hosts:
Anthony Gartner  @anthonygartner
Christopher Mills @thechrisam
Jason Mueller – @securabit_jay
Chris Gerling  @chrisgerling

Guests:
Bruce Potter – Shmoocon – @gdead
Steve Dispensa – CTO and Co-founder of PhoneFactor - http://www.phonefactor.com/about/management-team/steve-dispensa/ @dispensa
Marsh Ray – PhoneFactor – @marshray

Recent goings on:
If you are going to DC3 CyberCrime Conference contact Jason Mueller (@securabit_jay) to meet up!
Sean Hausauer and David Shpritz join the crew!  Check out their blog postings!

First Guest – Bruce Potter – Shmoocon – @gdead

Logistics of putting on a conference.
New events!
Ticket sales process is constantly evolving.

Wardman Park in 1920’s:  http://www.shorpy.com/files/images/29398u.jpg
ShmooCon 2010 FireTalks:  http://www.novainfosecportal.com/2010/01/06/shmoocon-2010-firetalks/
Podcasters Meetup:  http://www.podcastersmeetup.com/

PhoneFactor:
How to fix SSL/TLS in software
The process of working with vendors to get a solution implemented.
Project Mogul

End:
Join us on January 27, 2010 when we speak with Phillipe Gaumeche about the ConFoo.Ca conference.
Chat with us on IRC at irc.freenode.net #securabit

Links:
Shmoocon – http://www.shmoocon.org/
PhoneFactor –http://www.phonefactor.com/

Not on the air:
Andrew Borel @andrew_secbit

SecuraBit Episode 45: More on DOJOCon

SecuraBit Episode 45  More on DOJOCON

Marcus J Carey discusses MetaSponse tool to be released in mid-December. This uses the MetaSploit Framework for Incident Response.

Metasploit Framework 3.3  Released!
http://blog.metasploit.com/2009/11/metasploit-framework-33-released.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+metasploit%2Fblog+%28Metasploit+Blog%29

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit

Guest:
Marcus Carey – @marcusjcarey

Links:

DojoCon – http://www.dojocon.org/
Hackers for Charity – http://www.hackersforcharity.org/
hak5 – http://www.hak5.org/

NoVA Hackers – http://groups.google.com/group/novahackers

dojosec @ USTREAM http://www.ustream.tv/dojosec
White Wolf Security – http://www.whitewolfsecurity.com/
ShmooCon 2010 – http://www.shmoocon.org/
Netwars Competition – http://www.sans.org/netwars/
International Spy Museum – http://www.spymuseum.org/
Cyber Forensics: Digital CSI – http://spymuseum.org/programs/calendar_pages/2009/q4/2009_12_01_prog.php
http://hashtags.org/tag/roachesmustdie

SecuraBit Episode 42: Phreaking Sweet Con in TN.

SecuraBit Episode 42 – Phreaking Sweet Con in TN.
Phreaknic 13 – October 30 – November 1 2009
Phreaknic Curse
CCTV throughout hotel, great + for attending the con
Ware Chair Toss
Firing a jet engine in the parking lot.
Four Tracks
1 Cumberland (Main ballroom)
2 9th Floor (Vendor Area)
3 Cafe Area (Gaming)
4 Contest Area
Size of conferences
ShmooCon
Running Conferences
#RoachesMustDie from ShmooCon 2009 via Security Justice
Microsoft Security Essentials – http://www.microsoft.com/security_essentials/
New iTunes Store – http://www.apple.com/itunes/
iKeepass – http://ikeepass.de/
Metasploit hiring in Austin, TX
Rockstar QA Engineer Needed – http://austin.craigslist.org/sof/1410600092.html
New version of Pocket God for the iPhone
Hacker Consortium – http://hackerconsortium.com/
TechShop – http://techshop.ws/

Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guest:
SkyDog
Links:

SecuraBit Episode 41: Speaking of Cons, and forensics…

SecuraBit Episode 41 – Speaking of Cons, and forensics…
Part 1: Marcus Carey
Dojocon – http://www.dojocon.org/ – @dojocon
November 6 & 7, 2009
Capitol College Maryland

Part 2: Scott Moulton

blackberry stuff:
bitpim

Hosts:
Chris Gerling  – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Anthony Gartner –  AnthonyGartner.com – @anthonygartner
Guest:
Marcus Carey – http://www.dojocon.org/ – @dojocon
Links:
Dojocon – http://www.dojocon.org/ – @dojocon

 

Secret I-Hacked.com Entry Form

Congrats, you found a secret i-hacked partner site giving away an additional free Defcon Contest entry!
(there are 4 other secret sites)

All you have to do is enter your twitter handle below, and then tweet the “secret phrase” that is shown to you.

 

SecuraBit Episode 40: Paul WHO????

SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
  • Who are you, and what are you doing on THIS podcast?
  • Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC)
  • How long have you been using Nessus?
  • When did you start working for Tenable?
  • What is your role at Tenable?
Nessus Questions:
  • What’s new in this version of Nessus?
  • Are changes driven primarily by Tenable, or the community?
  • What does Nessus use for a scanning engine?
  • How does Nessus interact and work with Nmap?
  • Explain Nessus licensing and what an individual vs a corp is entitled to.
  • How much is a license?
  • Cost of proffesional feed = $1200.00/year
  • Home feed no longer a delay, no SCADA plugins
  • How does Nessus differ from OpenVAS?
  • Can you use the OpenVAS repo with Nessus?
  • Talk about the extensibility of Nessus. (Scripting, etc)
  • How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
  • Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
  • Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
  • Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
  • How often do you scan (and re-scan) a network?
  • How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
  • Are results parse-able and able to be fed into compliance and risk management tools?
Other Questions:
  • When is the next PaulDotCom episode?
  • What are the topics/guests?
  • What is your favorite beer?
Hosts:
Anthony Gartner  AnthonyGartner.com @anthonygartner
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Guest:
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Links:
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/

SecuraBit Episode 39: Stealing candy from little kids everywhere!!!

SecuraBit Episode 39 – Stealing candy from little kids everywhere!!!

Jay brought up that some government web sites will be switching to an OpenID authentication

What Does DHS Know About You?
How to request your travel records

TwiGUARD

Seesmic Desktop
TweetDeck

MS IIS FTPD DoS ZER0DAY

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

Poison Ivy Remote Administration Tool

FRHACK: Pentesting Live DVD

Upcoming Events:

Phreaknic 13 – October 30 – November 1 2009

SANS Cyber Defense Initiative – Washington, DC – December 11 – 18, 2009

ToorCon – San Diego Convention Center -  October 23rd-25th, 2009

See our complete list of upcoming Cons and Webcasts.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

SecuraBit Episode 38: Classic Securabit, Lots of Rambling, Low Content

SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content

Louisville Metro InfoSec Conference in Louisville, KY
October 8, 2009 8am – 5pm
Sponsored by the local ISSA Chapter
Some of speakers at the event include:

  • John Strand
  • Lee Kushner
  • Scott Moulton
  • Adrian “IronGeek” Crenshaw

http://www.louisvilleinfosec.com/
Presentations are planed to be posted online afterwards.

If you wish to attend the conference you can use the discount code of “geek seat” to get $20 off registration

Round Table Topic: Who should be responsible for patching? Infrastructure or Security?

There is a conversation about the new Snow Leopard for Mac and Macs mail.

A brief discussion about Helix, Security Onion, and Splunk 4.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Brian Blankenship  – chair ( a ) louisvilleinfosec ( dot ) com

Links:
Louisville Metro InfoSec Conference – http://www.louisvilleinfosec.com/
Security Onion – http://securityonion.blogspot.com/
Splunk 4 – http://www.splunk.com/view/splunk-4-features/SP-CAAAEVR

SecuraBit Episode 37: Mapping Networks with Fyodor and NMAP

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP
NMAP 5 with Gordon “Fyodor” Lyon
* How did Nmap start?
* What’s new in Nmap 5?
* Whe kind of legal issues have you faced in regards to NMAP?
* Where did the handle Fyodor start?
* Will there be a second edition of Nmap book? (below) no second e yet or planned
* Where is NMAP Going?
* Where do you see Nmap Scripts (NSE) going, possibly doing a community repo?
* Will scans for mobile devices in future releases?
* Why lua vs. python or ruby or something else?
Find the answers to these questions and more by listening to the show.

After our interview we cover DEFCON and the Podcasters meetup.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay
Rob Fuller – Mubix – http://www.room362.com – @Mubix

Guest:
Gordon “Fyodor” Lyon – http://insecure.org/fyodor/

Links:
NMAP 5 – http://nmap.org/5/
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning – http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1
New ‘ping sweep’ – http://carnal0wnage.attackresearch.com/node/373
The Programming Language Lua – http://www.lua.org/
WordPress 2.8.4 Security Release – http://wordpress.org/development/2009/08/2-8-4-security-release/