SecuraBit before it Bytes

On this episode of SecuraBit:

Multiboot Security DVD

Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to boot common security distros, all on one medium!
OS Choices:

• Backtrack 3
• Damn Small Linux 4.2.5
• GeeXBoX 1.1 (not geekbox )
• Damn Vulnerable Linux (Strychnine) 1.4
• Knoppix 5.1.1
• MPentoo 2006.1
• Ophcrack 1.2.2 (with 720 mb tables)
• Puppy Linux 3.01
• Byzantine OS i586-20040404

Make it into a bootable (NTFS formatted) USB stick using Unetbootin

Some distros the Securabit guys would like to see added:

1. Helix
2. Intelguardian’s Samurai

RedHat/Fedora OpenSSH Compromises

As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.

The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised

• Stolen SSH keys are used to gain access to the system
• After that, rootkit “phalanx2″ is installed and steals more SSH keys
• Obviously this could be used to install any malware at all

The RHEL offshoot CentOS was not affected by the compromise.

Joomla Vulnerability

• US CERT Joomla! Password Reset Vulnerability
• Joomla Core Exploit Announcement - Password Remind Functionality
• Joomla user password reset vulnerability being actively exploited

Read more »

 

 SecuraBit Episode 9 [01:02:22m]: Play Now | Play in Popup | Download

I could spend hours talking about how much of a good time Chris Mills and I had at DC16 or I figured you all could just tune in for EP8 which we’ll be recording tonight. There are a lot of people we need to thank for their hospitality as well as the free beer! We made all kinds of new friends and it was great finally being able to put names to faces. While you’re waiting for the live show tonight, follow the links below for some pics of the Podcasters Meetup as well as the live show recorded live from DC16!

Special thanks to:

Tom@SecurityJustice

surbo and hevnsnt from I-Hacked

Larry@Pauldotcom

Martin McKeay@Network Security Podcast

CyberEagle@Sploitcast

Rob aka Mubix

and everyone else who made this event happen!

On this episode of SecuraBit Chris, Jay, and the crew discuss:

Major DNS vulnerability patched!
Check your DNS vulnerability status here!
BackTrack 3:  Hard Drive?
More BT3 goodness! (Courtesy of pure_hate)
Andy’s Trip to Spain!
Various other things, and if you haven’t noticed by now.. bloopers!

We also want to announce that our T-Shirts have arrived, which you can get here! Stickers will be available very soon!  As always, hit up the forums and start talking security with other professionals, pop into our irc at irc.freenode.net #securabit (cloaks coming soon!), and send any feedback to feedback@securabit.com or through the contact page on the site here!

Thanks for listening!

Direct Link since the player won’t work is here!!!

 

 Standard Podcast [58:08m]: Play Now | Play in Popup | Download

On this episode of SecuraBit:

Anthony, Chris, Christopher, Jay, and special guest Rob (mubix) discuss:

Signature based anti-virus dead?
Rubbermaid Botmaster Sentenced
BackTrack3 Final released!
Using Google Earth to crash neighboring pools
Crazed Bovine Traversal
Distributed Honeypot Project

The iTunes link on the front page here works again!!!  Check out the forums, and our IRC at irc.freenode.net #securabit.  Any feedback is welcomed either through the contact form, or at feedback@securabit.com, or on the forums.  Thanks for listening!!

 

 SecuraBit Episode 5 [72:22m]: Play Now | Play in Popup | Download

Thanks to the guys over at Security Justice for providing this pictures to clarify what we’ve been talking about when it comes to poor security practices.  Let your imagination reign free on this one…  Check out their site and listen to their podcast as well since they have some really good information being discussed!