SecuraBit Episode 49: ConFoo.ca!

SecuraBit Episode 49:  ConFoo.ca!

Podcasters Meetup – http://www.podcastersmeetup.com/
ShmooCon – Saturday Evening @ 8PM

SANS Discount Code SB508 – Free GCFA attempt when using this link.

Philippe Gamache:
Day job is focused on secure programing, developer training and code audit.
About ConFoo.ca:
-New conference about web technology
-PHP Quebec Conference offshoot
-Get all the user groups in the Monteral area together to share information
-8 Separate tracks at the time

ShmooCon FireTalks

Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/

Hosts:
Anthony Gartner  @anthonygartner
Christopher Mills @thechrisam
Chris Gerling  @chrisgerling
Nicholas Berthaume – @aricon
Andrew Borel @andrew_secbit

Guests:
Philippe Gamache – ConFoo.ca – @SecureSymfony

Chat with us on IRC at irc.freenode.net #securabit

Links:
ConFoo.ca – http://www.confoo.ca/en

The Academy Pro – Weekly Video Review

This week The Academy Pro has released videos covering Nessus 4.2, Shavlik NetChk Analyzer, Rapid 7 NeXpose, and McAfee Security Center!  Visit their website and signup in order to view the videos! Sit back and learn something new!

(Please note, you must register with The Academy Pro before viewing these videos!)

Also, The Academy Pro has recruited bloggers to add content to their site, but they are still looking for more. If you believe you have what it takes to post up-to-date security content on their blog, drop them a line atfeedback[@]theacademypro[dot]com

Vulnerability Roundup

Well, it looks like all the big boys are here.  Microsoft, Google, Adobe, Cisco, and ISC’s BIND all make this week’s roundup.  As mentioned in last week’s roundup, Microsoft released an out-of-band update for vulnerabilities related to the attacks on Google, Adobe and others.

Speaking of Google and Adobe, Chrome 4 Stable has been released, which includes numerous security fixes, and Adobe has released an update to Shockwave Player to resolve a buffer overflow and an integer overflow.  An Cisco advisory is also listed for a DoS problem in the SSH server on the IOS XR platform, and another for a vulnerability which could allow remote code execution.

Rounding out the roundup, the ICS’s has released an update for BIND, the Tor project releases an update due to a hack of some of their directory servers, RealNetwork releases some updates, and I have also included a link concerning a briefing at the upcoming Black Hat DC conference on vulnerabilities in the Security Zones feature in IE.

SecuraBit Live tonight!

Join us as we interview Philippe Gamache as he discusses ConFoo.ca, a web techno conference based in Montreal, Canada!  The conference runs from March 10-12, 2010 and you can still register until February 20th!

We should be live around 8pm EST tonight, join us on IRC or listen in live at this link!

The Academy Pro – Weekly Video Review

The Academy Pro this week released videos covering a range of topics applying to the penetration testing software Core Impact, McAfee Security Center, GFI Network Server Monitor, Panda GateDefender Integra and more!  Here is a brief rundown of what’s new.  So be sure to stop on by, sign up, sit back and learn something!

(Please note, you must register with The Academy Pro before viewing these videos!)

Quick system scan with McAfee Security Center

Installing McAfee Security Center

GigaVUE file management with Citrus

GigaVUE file management with the CLI I

GigaVUE file management with the CLI II

Enable logging with GFI Network Server Monitor 7

Installing GFI Network Server Monitor 7

Installing and updating Core Impact 10

URL Filtering with Panda GateDefender Integra

Configuring a Panda GateDefender Integra in Route Mode

Also, The Academy Pro has recruited bloggers to add content to their site, but they are still looking for more. If you believe you have what it takes to post up-to-date security content on their blog, drop them a line at feedback[@]theacademypro[dot]com

Escaping the clutches of The GOOG

We live in a world where everything and anything is just a click or web search away. Instant access to information is the new norm and seemingly taken for granted.  When questions need answering, most “Just Google it.”; with that ease and convenience of using The GOOG though, comes a price…Your privacy.

Enter GoogleSharing.

On Tuesday, Moxie Marlinspike released a small lightweight Firefox extension that is aimed to prevent the collection of users search/behavioral data by Google. GoogleSharing works by serving all of your queries through a custom proxy that contains a collection of what Moxie calls “GoogleSharing Identities”.  When enabled, if the Firefox plug-in detects a request sent out to any of Google’s services, it routes you through the proxy, removes any identification information and then replaces that data with one of the random, pooled Google Sharing Identities.  Pretty slick!  Obviously, if you are already logged into any of Google’s many services (Gmail, iGoogle, Groups etc) GoogleSharing won’t help one bit.

While anonymous proxies are nothing new, GoogleSharing introduces a different method of anonymity for a pretty specific threat. With its lean and quick Firefox extension, GoogleSharing is a step in the right direction of trying to regain some sort of privacy back on the net.

Honeynet Forensic Challenge 2010: Challenge 1

The good folks over at The Honeynet Project have started posting challenges for this year after a long hiatus.

First up is the pcap packet trace located here.  The challenge involves analyzing the pcap file using whichever tools you are familiar with, and answering a series of questions in order to investigate what happened in the scenario.

Submissions must be sent in by 5pm EST on Monday, February 1st, 2010.

Vulnerability Roundup

The number of vulnerabilities this week isn’t as large as last week, but the impact is certainly much larger.  Leading off is the vulnerability used to break into Google’s internal systems, as well as those at more than 30 other Fortune 500 companies.  Also included is a link from SANS on what appears to be a working exploit which bypasses DEP in Internet Explorer 8.  It now appears that Microsoft will be releasing an out-of-band patch for this one.  Second, also from a ISC post, is a new escalation of privilege vulnerability in Windows which abuses the support for 16 bit applications.  Apple released their first security update of the new year, and a new version of MIT’s Kerberos is available to fix an integer underflow vulnerability.  The last two are a little more physical, one for a flaw in the ZigBee stack used in many smart grid applications, and the second is a great post from Krebs On Security on ATM skimmers.

Blog post by:  David Shpritz

SecuraBit Episode 48: Shmoocon (The Big Cheese) and PhoneFactor!

Hosts:
Anthony Gartner  @anthonygartner
Christopher Mills @thechrisam
Jason Mueller – @securabit_jay
Chris Gerling  @chrisgerling

Guests:
Bruce Potter – Shmoocon – @gdead
Steve Dispensa – CTO and Co-founder of PhoneFactor - http://www.phonefactor.com/about/management-team/steve-dispensa/ @dispensa
Marsh Ray – PhoneFactor – @marshray

Recent goings on:
If you are going to DC3 CyberCrime Conference contact Jason Mueller (@securabit_jay) to meet up!
Sean Hausauer and David Shpritz join the crew!  Check out their blog postings!

First Guest – Bruce Potter – Shmoocon – @gdead

Logistics of putting on a conference.
New events!
Ticket sales process is constantly evolving.

Wardman Park in 1920’s:  http://www.shorpy.com/files/images/29398u.jpg
ShmooCon 2010 FireTalks:  http://www.novainfosecportal.com/2010/01/06/shmoocon-2010-firetalks/
Podcasters Meetup:  http://www.podcastersmeetup.com/

PhoneFactor:
How to fix SSL/TLS in software
The process of working with vendors to get a solution implemented.
Project Mogul

End:
Join us on January 27, 2010 when we speak with Phillipe Gaumeche about the ConFoo.Ca conference.
Chat with us on IRC at irc.freenode.net #securabit

Links:
Shmoocon – http://www.shmoocon.org/
PhoneFactor –http://www.phonefactor.com/

Not on the air:
Andrew Borel @andrew_secbit

The Academy Pro – Weekly Video Review

This week The Academy Pro released videos covering a range of topics applying to the Rapid 7 NeXpose vulnerability scanner, pfSense firewall distribution, Ironport C-Series email security appliance, and more!  Here is a brief rundown of what’s new this week.  So be sure to stop on by, sign up, sit back and learn something new!

(Please note, you must register with The Academy Pro before viewing these videos!)

Creating users with Rapid 7 NeXpose

Installing pfSense

Scheduling reports with an IronPort C-Series

Creating a read-only operator account with an IronPort C-Series

Finding and exploiting a DAV misconfiguration with w3af

Using the w3af proxy MITM tool

Running w3af against wivet

Removing a configurable parameter using the w3af plugin editor

Generating requests from the w3af Fuzzy editor

Reporting a w3af bug

Mavituna Security, creators of the web application security scanner NetSparker, is The Academy Pro’s latest sponsor. Stay tuned for some fantastic web application scanning videos using NetSparker.

The Academy Pro is assisting Hackers for Charity by donating over 600 infosec videos that will be used to educate people in Uganda.