Securabit Episode 43: The Academy Pro

SecuraBit Episode 43 – The Academy Pro

Guest Interview: Peter Giannoulis of The Academy Pro

Metasploit Rising

http://blog.metasploit.com/2009/10/metasploit-rising.html

WordPress 2.8.5: Hardening Release
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

Blubrry PowerPress Podcasting Plugin for WordPress
http://www.blubrry.com/powerpress/

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/

Google Voice voicemails appearing in public search results
http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/

TweetDeck
http://www.tweetdeck.com/beta/

Porn, CSS History Hacking, User Recon and Blackmail
http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/

Windows 7
http://www.microsoft.com/windows/

Magic Mouse
http://www.apple.com/magicmouse/

Quick Shell Script to Extract Contents
http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-extract-contents.html

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Peter Giannoulis

Links:
The Academy Pro – http://www.theacademypro.com/
The Academy Home – http://www.theacademyhome.com/

Don’t forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery

SecuraBit EP18 Don’t say we didn’t warn you.

This show is out of order and we debated if we would even release it. Well why not, have a listen if you don’t like it delete it and remember we told you so 😉

This show was a hostile take over by The guys at SMB Minute. It was all just for fun and happened on Dec 31 2008. Remember we warned you…. Listen at your own risk!!!

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay @SecuraBit_Jay

Important links for the show and documents used:

NONE

Securabit EP 19 MS DOS’s itself, and more!!!

In this episode which is likely to be out of sequence. SecuraBit did a recording on the 31st of the year and we will likely release it but episode 18 was a potential lost episode. Chris Mills talks about how twitter has changed some of it’s security measures in the aftermath of the hack on its admin accounts. He even did some testing of a bogus account. We even got into some discussions on which types of phones handle what kind of sites. Please be careful, Jay is going to be getting a twitter account and might actually post. Oh FRAK!!!!

The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen.

After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up’s and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN but none of us had used it. Chris Mills also went into one of the tools he used back in the day but recently started to use again called NTop.
Talked about itunes going DRM free. Always a good thing!!! This then drifted in to a conversation about players in general. Jay recommended engadget.com and how they covered CES so well. This then divulged into computers for kids as well as netbooks.
Anthony is getting close to being able to do the Mix MInus. This means there will be the chance to play the music / voice mails / audio feedback on to everyone so that we can comment or answer the questions. This will be a welcome addition to the show.
Jay stated our new goal – to be “Internet Famous”

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay

Important links for the show and documents used:

http://www.iss.net/
http://www.nessus.org/nessus
hotspotshield.com
http://openvpn.net
http://www.ntop.org

Check out the end of the cast for Jay’s audition for American 1dol!!!

Twitter’s New Account Protections

It’s been about a week since that Twitter admin account was brute forced. What was done at Twitter to make it better?

CAPTCHA’s. And errors. CAPTCHA’s and errors.

I created a Twitter account for testing (I didn’t want to lose access to my account). First, I logged in with the correct password just to make sure everything works.

I then tried logging in with a bad password. It gave me six chances to login. After the sixth attempt, I was presented with a CAPTCHA to solve.

Twitter CAPTCHA

I of course did not supply the correct credentials once again. I figured I’d get another attempt. I got some Twitterfail instead.

TwitterFail

I’m not sure if this is their version of an account lockout message, or if there is something actually wrong.

It’s been about 25 minutes since I took the screenshots, and I still get the error message.

Then, I tried to get in via Twitterberry. I wanted to see if it was just a website restriction. I supplied the correct credentials on my BlackBerry and initially thought that I was in.

Twitter Success!But it seems that it does not test authentication. When I went to view my timeline, I got this:

Twitter Invalid Password

I was just about to finish this post, when I decided to try connecting with Twitteriffic. It connected! I was able to login and tweet.

I went back to check the Twitter website, still fail. I tried on my BlackBerry again… still invalid username or password. If anyone has insight into how the Twitter API separates its authentication, I would like to hear from you. I am wondering why some login methods work, while some do not.

SecuraByte Episode 05 Happiness, Fail Whale beaches Itself!!!

News at 11. Well really we started recording about 8 PM on Monday January 5th.  In this SecuraByte episode, Securabit had its largest conference call yet.  Securabit was joined by the guys from both SecurityJustice.com and SMBMinute.com, as well as Melissa on Twitter AKA @Geekgrrl. We discussed the security vulnerability discovered with twitter.com’s tech support.  This is a service many of us use and enjoy.  Please have a listen in while we discuss amongst ourselves.

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay

Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of the SMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave (@Securi-D) securityjustice.com

Important links for the show and documents used:

Naivete: Web 2.0’s biggest security threat
http://blogs.zdnet.com/feeds/?p=382

Britney, Obama Twitter Feeds Hijacked Following Phishing Attack
http://blog.wired.com/27bstroke6/2009/01/twits-get-phish.html
Fire Fox Addon “Long URL Please”
http://www.longurlplease.com/
WIRED just posted this follow up:
http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html

SecuraBit Episode 18 Coming to a player near you!

SecuraBit will be recording Jan 7th due to Jan 1st being a day of relaxation.  We will be Recoding 8 Pm EST on the 7th and then again the following week on the 14th which is the normally scheduled date and time.  Hope everyone had a great holiday.

The Guys at SecuraBit