SecuraBit

Before It Bytes!

SecuraBit Episode 72: Take risks, get owned!

SecuraBit  Episode 72:  Take risks, get owned!
Recorded on December 29, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
Jack Jones discusses Risk Assessment and the FAIR method http://riskmanagementinsight.com/

General topics:

Risk Management, Small biz vs Enterprise
Monte Carlo?
How to Measure Anything: Finding the Value of Intangibles in Business by Douglas W. Hubbard
http://www.amazon.com/How-Measure-Anything-Intangibles-Business/dp/0470539399/ref=tmm_hrd_title_0

OnePassword – http://agilewebsolutions.com/onepassword
KeePass – http://keepass.info/
LastPass – http://lastpass.com/

Upcoming events
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (11-12 March 2011) http://www.keepsecurityweird.org/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 70: Following the wh1t3Rabbit, Hat-tricks with a wh1t3Rabbit

SecuraBit  Episode 70: Following the wh1t3Rabbit, Hat-tricks with a wh1t3Rabbit
December 1, 2010Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Chris Gerling  – @chrisgerling
Andrew Borel –  @andrew_secbit

Guests:
HP’s Rafal Los – @wh1t3Rabbit
Subscribe to his blog at http://hp.com/go/white-rabbit

General topics:
Shmoocon tickets, who’s got them?

Hat-trick http://en.wikipedia.org/wiki/Hat-trick

Password security, does it really matter?

Application security to detect and prevent malicious code.

Diaspora https://joindiaspora.com/

Security Metrics

Story time with Rafal

RSnake shutting down his blog after 5 years and 1000 posts http://ha.ckers.org/

FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers: Endorses “Do Not Track” to Facilitate Consumer Choice About Online Tracking
http://www.ftc.gov/opa/2010/12/privacyreport.shtm

Upcoming events
Sunbelt Quarterly Briefing December 8th, 2010 at 9am and 2pm
DojoCon December 11-12, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2011

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8


SecuraBit Episode 66: The third 6 would be unlucky!

SecuraBit  Episode 66:
September 22, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbitGuests:
Aaron Barr (HB Gary Federal) @aaronbarr

We discuss HBGary with Aaron, and delve into some fun topics like malware analysis, forensics, and other technical skills.

General topics:
Media Sponsor for:
SecTor 2010 – http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.
Twitter XSS
http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched

Robin Sage
Malware analysis
Behavior of malware in memory

FGET is good (free tool that remotely images NTFS volumes)
https://www.hbgary.com/community/shawnblog/fget-v10-goes-live/

Free tools from HB Gary
https://www.hbgary.com/community/free-tools/

Forensics
How flypaper plays into image grabbingUpcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid – http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

Links:

http://www.HBGary.com/
http://www.SecuraBit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 65: Application Security From the Ground Up!

SecuraBit  Episode 65: Application Security From the Ground Up!
September 8, 2010
Hosts:
Anthony Gartner – @anthonygartner
Jason Mueller  – @securabit_jay
Christopher Mills –  @thechrisam
Guests:
Jeff Morgan
* Product manager for HP’s Application Security Center product line
* 20+ years experience developing commercial software solutions in industries ranging from healthcare to payroll to commercial printing
* Joined SPI Dynamics in 2006, which was later acquired by HP
* Previously a software engineer and held positions in development, QA, support and account management
General topics:
Application Security Development Lifecycle
Flash, as usual
NoScript
Intel and McAfee
Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid – http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/
SecTor 2010 – http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.
Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 62: Visualizing Data with NetWitness

SecuraBit  Episode 62: Visualizing Data with NetWitness

Hosts:
Anthony Gartner  @anthonygartner http://anthonygartner.com
Chris Gerling @chrisgerling
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit

Guests:
Eddie Schwartz – @eddieschwartz

General topics:
BSidesLV http://www.securitybsides.com/BSidesLasVegas
BlackHat https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
Defcon https://www.defcon.org/html/defcon-18/dc-18-schedule.html

Shmoocon Woot Video http://www.youtube.com/watch?v=HJ0ypgZU_D0
NetWitness Visualize http://visualize.netwitness.com/

Brief panel on certifications.

iPhone App Now Available. http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

http://itunes.apple.com/us/podcast/securabit/id280048405

Upcoming events
South Florida ISSA’s Hack the flag and chili cook-off  Saturday August 14, 2010 from 12:00pm – 5:00pm
http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 60: Free Calamari!!!

SecuraBit  Episode 60: Free Calamari!!!

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Jason Mueller – @securabit_jay
Tim Krabec – @tkrabec http://www.SMBMinute.com

Guests:
Christopher Boyd (Sunbelt Software)
http://en.wikipedia.org/wiki/Christopher_Boyd
http://www.vitalsecurity.org/
http://sunbeltblog.blogspot.com/

General topics:
Chris speaks about how he got involved in the position he is in now.  He also got into how he basically social engineers and discusses his blog.

Dodgy Dr Who Games
Orkut Shenanigans
The Sunbelt Security Blog
Fun with Internet Trolls
How Drugs and Stabby Things Led to a Career in Security
Internet Kill Switch
Twitter Agrees to Data-Security Audits
HacKid –http://www.hackid.org/

Links:

FTC Requires Twitter To Set Up Data-Security Audits
http://news.yahoo.com/s/nf/20100624/tc_nf/74031

Make sure you are there for Sunbelt’s next quarterly briefing entitled “Turning the Tables on Bad Guys:  Malware Unmasked”.  It will be at 9am and again at 2pm on August 25th, 2010.  Register here!

Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 59: Too many acronyms, my head is going to explode!

SecuraBit Episode 59: Too many acronyms, my head is going to explode!

Hosts:
Anthony Gartner @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Andrew Borel  @andrew_secbit
Chris Gerling @chrisgerling

Guests:
Dan Philpott discusses NIST, Information Assurance, SCAP, FISMA, etc

Contact info:
Twitter: @danphilpott

General topics:
Federal Information Security Management Act (FISMA) Implementation Project http://csrc.nist.gov/groups/SMA/fisma/index.html

Special Publications (800 Series)
http://csrc.nist.gov/publications/PubsSPs.html

Small Business Corner (SBC)
http://csrc.nist.gov/groups/SMA/sbc/index.html

FISMApedia
http://fismapedia.org/index.php?title=Main_Page

The Security Content Automation Protocol (SCAP)
http://scap.nist.gov/
-Change Management

Windows Sysinternals
http://technet.microsoft.com/en-us/sysinternals/default.aspx

Sysinternals Suite
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Links:
http://csrc.nist.gov/

Make sure you are there for Sunbelt’s next quarterly briefing entitled “Turning the Tables on Bad Guys: Malware Unmasked”.  It will be at 9am and again at 2pm on August 25th, 2010.  Register here!

Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 58: Forensic Goodness with Harlan Carvey

SecuraBit Episode 58: Forensic Goodness with Harlan Carvey

Hosts:

Anthony Gartner  @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Aricon
Andrew Borel @andrew_secbit

Guests:
Harlan Carvey
http://windowsir.blogspot.com/
Tools:  http://tech.groups.yahoo.com/group/win4n6/

General topics:
Timeline creation
Regripper
Forensic trends
SIFT
Lance Mueller http://www.forensickb.com/

SecuraBit Episode 57: Doctor Cole, I Presume?

Hosts:
Anthony Gartner @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Andrew Borel @andrew_secbitGuests:
Dr. Eric Cole, Ph.D. – @drericcoleGeneral topics:
Mr. Cole is teaching the upcoming SANS vLive! 501 course which starts on June 22.

We discussed VOIP security, or the lack thereof.
Signature based security solutions are going the way of the dinosaur, it’s all about behavior and dynamic detection, such as heuristics now.
How to protect your privacy online:
http://twitter.com/ChrisPirillo/status/13881888168Links:
http://www.sans.org/security-training/instructors_upcoming.php?id=34
http://www.securityhaven.com/Sunbelt Software Webinar: Thursday, May 27, 2010, 2PM – 3PM EDT
Quarterly Briefing: Turn the tables on Bad Guys: Malware Unmasked

The cyber threat landscape is constantly changing, and even with the most sophisticated security you’re never completely protected from attacks. As part of our mission to ‘keep the bad guys out’, SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead.

Sunbelt Software’s Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there.  During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise.

Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization.  Sign up now and turn the tables on the bad guys.

Chat with us on IRC at irc.freenode.net #securabit