SecuraBit Episode 38: Classic Securabit, Lots of Rambling, Low Content

SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content

Louisville Metro InfoSec Conference in Louisville, KY
October 8, 2009 8am – 5pm
Sponsored by the local ISSA Chapter
Some of speakers at the event include:

  • John Strand
  • Lee Kushner
  • Scott Moulton
  • Adrian “IronGeek” Crenshaw

http://www.louisvilleinfosec.com/
Presentations are planed to be posted online afterwards.

If you wish to attend the conference you can use the discount code of “geek seat” to get $20 off registration

Round Table Topic: Who should be responsible for patching? Infrastructure or Security?

There is a conversation about the new Snow Leopard for Mac and Macs mail.

A brief discussion about Helix, Security Onion, and Splunk 4.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Brian Blankenship  – chair ( a ) louisvilleinfosec ( dot ) com

Links:
Louisville Metro InfoSec Conference – http://www.louisvilleinfosec.com/
Security Onion – http://securityonion.blogspot.com/
Splunk 4 – http://www.splunk.com/view/splunk-4-features/SP-CAAAEVR

SecuraBit Episode 37: Mapping Networks with Fyodor and NMAP

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP
NMAP 5 with Gordon “Fyodor” Lyon
* How did Nmap start?
* What’s new in Nmap 5?
* Whe kind of legal issues have you faced in regards to NMAP?
* Where did the handle Fyodor start?
* Will there be a second edition of Nmap book? (below) no second e yet or planned
* Where is NMAP Going?
* Where do you see Nmap Scripts (NSE) going, possibly doing a community repo?
* Will scans for mobile devices in future releases?
* Why lua vs. python or ruby or something else?
Find the answers to these questions and more by listening to the show.

After our interview we cover DEFCON and the Podcasters meetup.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay
Rob Fuller – Mubix – http://www.room362.com – @Mubix

Guest:
Gordon “Fyodor” Lyon – http://insecure.org/fyodor/

Links:
NMAP 5 – http://nmap.org/5/
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning – http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1
New ‘ping sweep’ – http://carnal0wnage.attackresearch.com/node/373
The Programming Language Lua – http://www.lua.org/
WordPress 2.8.4 Security Release – http://wordpress.org/development/2009/08/2-8-4-security-release/

Web 2.0 and common sense

Web 2.0 and cloud computing seem to be getting equal amounts of publicity as of lately however despite public press about vulnerabilities associated with such, users are either unknowingly or unwillingly changing their habits and therefore fall victim to easily preventable compromises that are taking place.

Twitter has had overwhelming success in the past year and has grown well beyond initial expectations.  Facebook is another social networking site that has surpassed MySpace with nearly 200 million users.  Although there are pros to utilizing such sites, users must be aware that anytime a site generates that much traffic, bad things are to come.

In steps the latest exploit that has taken to the masses, the twitter-botnet.  Jose Nazario of Arbor Networks was the first to report on this activity taking place and gave a very thorough break down of what was/is exactly taking place.  It’s to be noted that this isn’t a vulnerability in Twitter but nearly old obfuscation techniques used in the Web 2.0 environment.  To sum it up, as you can read the complete blog post here, the malicious user would post a bit64 link which in turn resolved to a bit.ly address.  For those of you who don’t know what bit.ly is, it’s a tool/site used to shorten URL’s to allow them to be posted within the 140 character limit imposed by Twitter.  Obfuscation at it’s finest!  The malicious link is wrapped twice before directing you to the evil site where a gbpm.exe file is downloaded and you can guess what happens from there.  Typical drive-by download techniques used by attackers for whatever reason it may be.

Tom Eston, who presented at DefCon17 with Kevin Johnson last month, helped me out exponentially as both have had a stake in the latest social networking attacks.  It’s worth noting that Tom has also created a whitepaper on how to secure your Facebook settings in order to prevent/deter attacks and I highly suggest taking a look at it no matter how 1337 you may think you are.

So what’s next?  Obviously social networking sites are here to stay and are on the rise, but how do we prevent attacks in the future?  You don’t….yes that’s correct.  You’d be lying to yourself if you truly believed that we’ll be able to rid the Internet of malicious activity.  But then again if you believe that then you also believe that 2pac, Elvis, and Michael Jackson are all still alive and their deaths were nearly publicity stunts.  User awareness is always going to be the number one way of reducing compromises.  There are many elaborate attacks and even the most educated users can sometimes, and I use that loosely, fall victim.  If you get a friend request from President Obama and accept, you should refrain from ever using a computer again much less anything else in life.  It’s disturbing when you look at the amount of compromises and after analysis is complete you’ve come to the conclusion that it could have been avoided if the person behind the keyboard exhausted some common sense….

SecuraBit Episode 36: The f0rb1dd3n Network

SecuraBit Episode 36 – The f0rb1dd3n Network

We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them.

Additionally we get Jayson’s input on the topic of the recent denial of service attacks not coming from North Korea after all.

DJ Great Scott gives us an update on the social events at this years DEFCON.

Finally we cover media destruction policies. How do you decommission old hard disks? Do you retain the ones from your copiers and fax machines? What about thumb drives?

Join us in IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Guest:
Jayson E. Street – http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
Computer attack may not have originated in North Korea after all –

http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html
UK, not North Korea, source of DDOS attacks, researcher says –

http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says
DEFCON 17 – http://www.defcon.org/html/defcon-17/dc-17-index.html

Podcasters Meetup – http://www.podcastersmeetup.com/