SecuraBit Episode 43: The Academy Pro

SecuraBit Episode 43 The Academy Pro

Guest Interview: Peter Giannoulis of The Academy Pro

Metasploit Rising

http://blog.metasploit.com/2009/10/metasploit-rising.html

WordPress 2.8.5: Hardening Release
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

Blubrry PowerPress Podcasting Plugin for WordPress
http://www.blubrry.com/powerpress/

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/

Google Voice voicemails appearing in public search results
http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/

TweetDeck
http://www.tweetdeck.com/beta/

Porn, CSS History Hacking, User Recon and Blackmail
http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/

Windows 7
http://www.microsoft.com/windows/

Magic Mouse
http://www.apple.com/magicmouse/

Quick Shell Script to Extract Contents
http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-extract-contents.html

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Peter Giannoulis

Links:
The Academy Pro – http://www.theacademypro.com/
The Academy Home –http://www.theacademyhome.com/

Don’t forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery

SecuraBit Episode 42: Phreaking Sweet Con in TN.

SecuraBit Episode 42 – Phreaking Sweet Con in TN.
Phreaknic 13 – October 30 – November 1 2009
Phreaknic Curse
CCTV throughout hotel, great + for attending the con
Ware Chair Toss
Firing a jet engine in the parking lot.
Four Tracks
1 Cumberland (Main ballroom)
2 9th Floor (Vendor Area)
3 Cafe Area (Gaming)
4 Contest Area
Size of conferences
ShmooCon
Running Conferences
#RoachesMustDie from ShmooCon 2009 via Security Justice
Microsoft Security Essentials – http://www.microsoft.com/security_essentials/
Google Wave – http://wave.google.com/help/wave/about.html
New iTunes Store – http://www.apple.com/itunes/
Hotmail, Yahoo, and Gmail email passwords exposed – http://www.cso.com.au/article/321185/gmail_yahoo_mail_join_hotmail_passwords_exposed
iKeepass – http://ikeepass.de/
Metasploit hiring in Austin, TX
Rockstar QA Engineer Needed – http://austin.craigslist.org/sof/1410600092.html
New version of Pocket God for the iPhone
Hacker Consortium – http://hackerconsortium.com/
hack.rva – http://twitter.com/hackRVAhttp://hackrva.org/
TechShop – http://techshop.ws/

Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guest:
SkyDog
Links:

SecuraBit Episode 41: Speaking of Cons, and forensics…

SecuraBit Episode 41 – Speaking of Cons, and forensics…
Part 1: Marcus Carey
Dojocon – http://www.dojocon.org/ – @dojocon
November 6 & 7, 2009
Capitol College Maryland

Part 2: Scott Moulton

blackberry stuff:
bitpim

Hosts:
Chris Gerling  – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Anthony Gartner –  AnthonyGartner.com – @anthonygartner
Guest:
Marcus Carey – http://www.dojocon.org/ – @dojocon
Links:
Dojocon – http://www.dojocon.org/ – @dojocon

 

Secret I-Hacked.com Entry Form

Congrats, you found a secret i-hacked partner site giving away an additional free Defcon Contest entry!
(there are 4 other secret sites)

All you have to do is enter your twitter handle below, and then tweet the “secret phrase” that is shown to you.

 

SecuraBit Episode 40: Paul WHO????

SecuraBit Episode 40 – Paul “Pauldotcom” Asadoorian
Microsoft Security Bulletin MS09-048 – http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
  • Who are you, and what are you doing on THIS podcast?
  • Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC)
  • How long have you been using Nessus?
  • When did you start working for Tenable?
  • What is your role at Tenable?
Nessus Questions:
  • What’s new in this version of Nessus?
  • Are changes driven primarily by Tenable, or the community?
  • What does Nessus use for a scanning engine?
  • How does Nessus interact and work with Nmap?
  • Explain Nessus licensing and what an individual vs a corp is entitled to.
  • How much is a license?
  • Cost of proffesional feed = $1200.00/year
  • Home feed no longer a delay, no SCADA plugins
  • How does Nessus differ from OpenVAS?
  • Can you use the OpenVAS repo with Nessus?
  • Talk about the extensibility of Nessus. (Scripting, etc)
  • How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
  • Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
  • Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
  • Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
  • How often do you scan (and re-scan) a network?
  • How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
  • Are results parse-able and able to be fed into compliance and risk management tools?
Other Questions:
  • When is the next PaulDotCom episode?
  • What are the topics/guests?
  • What is your favorite beer?
Hosts:
Anthony Gartner  AnthonyGartner.com @anthonygartner
Christopher Mills @thechrisam
Andrew Borel @andrew_secbit
Ed Smiley – @edsmiley
Guest:
Paul Asadoorian – @pauldotcom – http://www.pauldotcom.com
Links:
Tenable Network Security Blog and Podcast – http://blog.tenablesecurity.com/

Starting a forensic investigation – what to know?

When you are handed a hard drive or a laptop and management tells you to cast your spell of forensics final report on it, what are some things that you need to know before you begin?  If it’s for a legal case, are there questions you should ask before you get your hands dirty?  Perhaps whether you’re allowed to know specific details, or whether they want you in the dark so you don’t find evidence for the sake of finishing faster and making everyone happy?

I put this out there for open discussion, because sometimes we are given nothing and expected to figure everything out immediately.