Securabit Episode 78: Comodogate and Social Penetration!

Securabit Episode 78:  Comodogate and Social Penetration!
March 23, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony Huffman (myne-us)  – @myne_us

Guests:
Dave Kennedy – @dave_rel1k
Carlos “Darkoperator” Perez – @Carlos_Perez

General topics:

Rogue SSL certificates (“case comodogate”) http://www.f-secure.com/weblog/archives/00002128.html

PTES – Penetration Testing Execution Standard http://www.pentest-standard.org/
Social Enginer Toolkit
http://www.social-engineer.org/podcast/
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)
BackTrack http://www.backtrack-linux.org/
DerbyCon http://www.derbycon.com/

Upcoming events:
#BSidesChicago (16 – 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 – 4 Jun 2011)
SANS Orlando March 2011
CEIC Orlando April 2011
FIRST Austria June 2011
BlackHat Vegas August 2011
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Securabit Episode 77: Return to the Rabbit Hole

Securabit Episode 77:  Return to the Rabbit Hole
March 9, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman (myne-us)  – @myne_us
Andrew Borel –  @andrew_secbit

Guests:
Rafal Los – @wh1t3Rabbit

General topics:
Preview the upcoming BlackHat EU talk “Defying Logic.”

Researchers Build Tool That Roots Out Business Logic Flaws In Web Apps
http://www.darkreading.com/database-security/167901020/security/application-security/229300667/researchers-build-tool-that-roots-out-business-logic-flaws-in-web-apps.html

–News
-Malware on the andoid market place. (DroidDream)
List of infected app http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

-Google nukes 150,000 email accounts on accident
http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html

Upcoming events
BlackHat Europe 2011 (17 – 18 Mar 2011)
#BSidesChicago (16 – 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 – 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Ashton Kutcher the poster boy for SSL?

Ashton Kutcher (@aplusk) was attending the TED Conference and it looks like someone may have run Firesheep against him to hijack his Twitter account. Two tweets were made by the hijacker:

Ashton, you’ve been Punk’d. This account is not secure. Dude, where’s my SSL?

Followed about 20 minutes later with:

P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL

It looks like the tweets are still in his feed, including a “kudos” to the people responsible. The cool thing is that a lot of mainstream media/entertainment/news outlets are covering this, so perhaps this is an opportunity to bring the issue of HTTP Strict Transport Security (HSTS) to wider attention. Or maybe more people will download HTTPS Everywhere. OK, maybe those are long shots, but maybe we could get a Public Service Announcement with Ashton and Demi Moore?

More importantly, maybe a high profile attack like this will get the attention of Twitter and Facebook.

Coverage from The Huffington post

Coverage from the LA Times

SecuraBit Episode 76: E-viting you to your demise!

SecuraBit Episode 76: E-viting you to your demise!
February 23, 2011

SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure.  Thanks for understanding!

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony – @myne_us
Dan Mitchell – @danmitchell
Andrew Borel –  @andrew_secbit

Guests:
Bill Swearingen – @hevnsnt

Trent Lo – @surbo

General topics:

History of i-hacked

[HackerRun] – @HackerRun
http://hackerrun.com/doku.php

Messing with evites

http://www.i-hacked.com/content/view/293/2/

http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says

Upcoming events
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 – 11 Mar 2011)
#BSidesAustin (11 – 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 – 18 Mar 2011)
#BSidesChicago (16 – 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 – 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8