Securabit

SecuraBit Episode 53:  Thotcon If you think it you will go to Chicago thotcon - http://www.thotcon.org/ Trustwave's Spider Labs - https://www.trustwave.com/spiderLabs.php Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Guests: Nick Percoc - Thotcon & Trustwave's Spider Labs Zach Fasel - Thotcon & Trustwave's Spider Labs Links: http://www.thotcon.org/ https://www.trustwave.com/spiderLabs.php SpiderLabs Radio - http://itunes.apple.com/podcast/spiderlabs-radio/id300567984 https://www.trustwave.com/spiderLabs-tools.php lacking Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay

Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Guests: Brian Krebs  - @briankrebs - http://www.krebsonsecurity.com/ VRT Blog Post: http://vrt-sourcefire.blogspot.com/2010/03/apt-should-your-panties-be-in-bunch-and.html Eric Chien, Symantec Zeus, King of the Bots: http://www.noryak.net/papers/zeus.pdf Chat with us on IRC at   irc.freenode.net #securabit

SecuraBit EP51 - Malware Detection With Sunbelt Software Listen in as we discuss Sunbelt Software's CWSandbox and other products, along with in-depth malware detection and analysis! #BSidesSF - Tuesday/Wednesday, March 2-3, 2010 @ 10am - 5pm #BSidesAustin - Saturday, March 13, 2010 #BSidesBOS - Saturday/Sunday, April 24-25, 2010 Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Guests: Brian Jack - Sunbelt Software Chad Loeven - Sunbelt Software Links: http://www.sunbeltsoftware.com/ http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/ http://www.securitybsides.com/

This is the audio from the 2010 pod-casters meet up.  This is UNEDITED and completely raw.  This file is NOT safe for work.  You have been warned.

SecuraBit Episode 50:  Interview with Rob Lee! What is SANS vLive? Forensics DOD Cyber Crime How the forensics classes are structured. 508 course and how it's changed. Divided up into essentials and then follow on courses.  6 total courses for all of the info. APT - Advanced Persistant Threat Q & A from the IRC If you haven’t taken the Security 508 course yet we have an excellent  opportunity for you!  Rob will be teaching the SEC508 (Forensics) course  via the SANS vLive! platform beginning 3/23/2010.  Classes will occur  every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT. Use code SB508 to get a free GCFA certification attempt with the  purchase of the full course. Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Guests: Rob Lee - @robtlee Links: http://phishme.com/ http://phishtank.com/  

SecuraBit Episode 49:  ConFoo.ca! Podcasters Meetup - http://www.podcastersmeetup.com/ ShmooCon - Saturday Evening @ 8PM SANS Discount Code SB508 - Free GCFA attempt when using this link. Philippe Gamache: Day job is focused on secure programing, developer training and code audit. About ConFoo.ca: -New conference about web technology -PHP Quebec Conference offshoot -Get all the user groups in the Monteral area together to share information -8 Separate tracks at the time ShmooCon FireTalks Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/ Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Nicholas Berthaume - @aricon Andrew Borel –  @andrew_secbit Guests: Philippe Gamache - ConFoo.ca - @SecureSymfony Chat with us on IRC at irc.freenode.net #securabit Links: ConFoo.ca - http://www.confoo.ca/en

Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Jason Mueller - @securabit_jay Chris Gerling  – @chrisgerling Guests: Bruce Potter - Shmoocon - @gdead Steve Dispensa - CTO and Co-founder of PhoneFactor - http://www.phonefactor.com/about/management-team/steve-dispensa/ @dispensa Marsh Ray - PhoneFactor - @marshray Recent goings on: If you are going to Cybercrime contact Jason Mueller (@securabit_jay) and see if he wants to meet up! Sean Hausauer and David Shpritz join the crew!  Check out their blog postings! SANS vLive! January 26, 2010 @ 2PM EST  - Joshua Wright - Wireless Security (1 hour) Use coupon code SECURABIT for $20.00 registration fee. Regularly $495.00 http://www.securabit.com/2010/01/13/sans-vlive-with-joshua-wright/ First Guest - Bruce Potter - Shmoocon - @gdead Logistics of putting on a conference. New events! Ticket sales process is constantly evolving. Wardman Park in 1920's:  http://www.shorpy.com/files/images/29398u.jpg ShmooCon 2010 FireTalks:  http://www.nova

Listen in as we interview 1Password and NetWitness! Dave Teare - Co-Founder of 1Password Agile Web Solutions' 1 Password http://agilewebsolutions.com/products/1Password Q's What was the motivation to create 1Password? There are two key chain types that are used. Why the switch to the other one? When will we be able to sync across the iphone cord? (Edge/3G) 8.02.11 BGA type Are there plans to port 1Password to Win/Lin platforms? 1password Anywhere? Is there a way to import from other password managers? CSV format what is the difference between the 1password pro and the touch pro? http://help.agile.ws/1Password_touch/pro_vs_standard.html What is the diffrence between 1Password and 1Password Pro? Who actually maintains the twitter account? Find out more at http://get1password.com NetWitness - Eddie Schwartz http://www.netwitness.com/ Q's How long have you been with NetWitness? http://download.netwitness.com/ http://download.netwitness.com/download.php?src=DIRECT Google Earth integration - Very Cool!! What OS

SecuraNibble Episode 03 - Security Hour on IMP This SecuraNibble is released out of band is an extra episode outside our normal releases.  This SecuraNibble is the recording of the conversation that happened on The International Mac Podcast held during their 12 Cubed event held on December 12, 2009.  The conversation was a general security round table held between our own Anthony Gartner, and panel of 4 other security pod-casters.  The panel of pod-casters include Bart Busschots of the International Mac Podcast, George Starcher of Typical Mac User Podcast, and the one and only Paul Asadoorian of PaulDotCom.com fame. This SecuraNibble is not an extremely in depth and geeky conversation but one that covers a lot of general information and it applies to all operating systems not just the mac.

SecuraBit Episode 46 – Making a Faster and Safer Web with Billy Hoffman Details of the Academy Pro Deal New affiliation with the Academy Pro Old podcasts at http://www.theacademypro.com/podcasts.php Help people have a better user experience on the web. Zoompf -Billy's new company Common Mistakes on Low Performing Websites What is the best CMS to use. How the report on Zoompf is being run currently. New cameras and metadata http://en.wikipedia.org/wiki/Exchangeable_image_file_format -how much does the extra metadata take up in a file? AT&T service and coverage The origin of the name Zoompf Link farms and domain squating ICANN IPV6 ShmooCon Upcoming Events http://www.google.com/calendar/ical/pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com/public/basic.ics http://www.security-twits.com/ Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Jason Mueller - @securabit_jay A

SecuraBit Episode 45 – More on DOJOCON Marcus J Carey discusses MetaSponse tool to be released in mid-December. This uses the MetaSploit Framework for Incident Response. Metasploit Framework 3.3  Released! http://blog.metasploit.com/2009/11/metasploit-framework-33-released.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+metasploit%2Fblog+%28Metasploit+Blog%29 Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Jason Mueller - @securabit_jay Andrew Borel – @andrew_secbit Guest: Marcus Carey – @marcusjcarey Links: DojoCon - http://www.dojocon.org/ Hackers for Charity - http://www.hackersforcharity.org/ hak5 - http://www.hak5.org/ NoVA Hackers - http://groups.google.com/group/novahackers dojosec @ USTREAM http://www.ustream.tv/dojosec White Wolf Security - http://www.whitewolfsecurity.com/ ShmooCon 2010 - http://www.shmoocon.org/ Netwars Competition - http://www.sans.org/net

SecuraBit Episode 44 – Guest Interview: Dennis Hurst, Senior Application Security Architect at HP Software & Solutions and a founding member of the Cloud Security Alliance Discussion of security and Agile development. Scaling agile requires feedback mechanisms and strong visibility http://h71028.www7.hp.com/enterprise/us/en/messaging/feature-software-scale-agile.html HP Application Security Center http://www.hp.com/go/stophackers Cloud Security Alliance http://cloudsecurityalliance.org Movember: Chris Gerling and Andrew Borel represent SecuraBit! http://us.movember.com/mospace/99916 (Chris) http://us.movember.com/mospace/361416/ (Andrew) Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guest: Dennis Hurst Links: Movember - http://us.movember.com/ Donate to Security Podcasters Alliance - https://www.movember.com/us/donate/your-details/team_id/997 Security podcasters

SecuraBit Episode 43 – The Academy Pro Guest Interview: Peter Giannoulis of The Academy Pro Metasploit Rising http://blog.metasploit.com/2009/10/metasploit-rising.html WordPress 2.8.5: Hardening Release http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/ Blubrry PowerPress Podcasting Plugin for WordPress http://www.blubrry.com/powerpress/ Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/ Google Voice voicemails appearing in public search results http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/ TweetDeck http://www.tweetdeck.com/beta/ Porn, CSS History Hacking, User Recon and Blackmail http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/ Windows 7 http://www.microsoft.com/windows/ Magic Mouse http://www.apple.com/magicmouse/ Quick Shell Script to Extract Contents http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-ex

SecuraBit Episode 42 – Phreaking Sweet Con in TN. Phreaknic 13 – October 30 – November 1 2009 Phreaknic Curse CCTV throughout hotel, great + for attending the con Ware Chair Toss Firing a jet engine in the parking lot. Four Tracks 1 Cumberland (Main ballroom) 2 9th Floor (Vendor Area) 3 Cafe Area (Gaming) 4 Contest Area Size of conferences ShmooCon Running Conferences #RoachesMustDie from ShmooCon 2009 via Security Justice http://www.youtube.com/watch?v=6FsuvbGJ6f4 Microsoft Security Essentials - http://www.microsoft.com/security_essentials/ Google Wave - http://wave.google.com/help/wave/about.html New iTunes Store - http://www.apple.com/itunes/ Hotmail, Yahoo, and Gmail email passwords exposed - http://www.cso.com.au/article/321185/gmail_yahoo_mail_join_hotmail_passwords_exposed 1password - http://agilewebsolutions.com/products/1Password iKeepass - http://ikeepass.de/ Inside the URLZone Trojan Network - http://www.threatpost.com/blogs/inside-urlzone-trojan-network-105 Metasploit hiring in Austin, TX Roc

SecuraBit Episode 41 - Speaking of Cons, and forensics... Part 1: Marcus Carey Dojocon - http://www.dojocon.org/ - @dojocon November 6 & 7, 2009 Capitol College Maryland Part 2: Scott Moulton http://www.microforensics.com/pages/software-mercury.php (link below) blackberry stuff: bitpim Hosts: Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Anthony Gartner –  AnthonyGartner.com - @anthonygartner Guest: Marcus Carey - http://www.dojocon.org/ - @dojocon Scott Moulton - http://www.myharddrivedied.com/ Links: Dojocon - http://www.dojocon.org/ - @dojocon Mercury - http://www.microforensics.com/pages/software-mercury.php BitPim - http://www.bitpim.org/

SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx Microsoft Security Bulletin MS07-063 - http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx Renaud script to go from Nmap to Nessus Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus) Intro Questions: Who are you, and what are you doing on THIS podcast? Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC) How long have you been using Nessus? When did you start working for Tenable? What is your role at Tenable? Nessus Questions: What’s new in this version of Nessus? Are changes driven primarily by Tenable, or the community? What does Nessus use for a scanning engine? How does Nessus interact and work with Nmap? Explain Nessus licensing and what an individual vs a corp is entitled to. How much is a license? Cost of proffesional feed = $1200.00/yea

SecuraBit Episode 39 – Stealing candy from little kids everywhere!!! Jay brought up that some government web sites will be switching to an http://openid.org authentication What Does DHS Know About You? - http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you How to request your travel records - http://www.hasbrouck.org/blog/archives/001607.html TwiGUARD - http://twiguard.com/index.html TweetDeck - http://tweetdeck.com/beta/ MS IIS FTPD DoS ZER0DAY - http://www.milw0rm.com/exploits/9587 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. - http://www.milw0rm.com/exploits/9594 Poison Ivy Remote Administration Tool - http://www.poisonivy-rat.com/ FRHACK: Pentesting Live DVD - http://pentestit.com/2009/09/09/frhack-pentesting-livedvd/ Upcoming Events: SANSFIRE 2009 - http://www.sans.org/sansfire09/ Baltimore, MD - June 13 - 22, 2009 Phreaknic 13 - http://www.phreaknic.info/pn13/Site_2/Welcome.html October 30 - November 1 2009 SANS Cyber Defense Initiative -

SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content Louisville Metro InfoSec Conference in Louisville, KY October 8, 2009 8am - 5pm Sponsored by the local ISSA Chapter Some of speakers at the event include: John Strand Lee Kushner Scott Moulton Adrian "IronGeek" Crenshaw http://www.louisvilleinfosec.com/ Presentations are planed to be posted online afterwards. If you wish to attend the conference you can use the discount code of "geek seat" to get $20 off registration Round Table Topic: Who should be responsible for patching? Infrastructure or Security? There is a conversation about the new Snow Leopard for Mac and Macs mail. A brief discussion about Helix, Security Onion, and Splunk 4. Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – http://www.anthonygartner.com – @anthonygartner Chris Gerling – http://www.chrisgerling.com – @hak5chris Christopher Mills – http://www.packetsense.net – @thechrisam Andrew Borel – @andrew_secbit Guest: Brian Blanken

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP NMAP 5 with Gordon "Fyodor" Lyon * How did Nmap start? * What's new in Nmap 5? * Whe kind of legal issues have you faced in regards to NMAP? * Where did the handle Fyodor start? * Will there be a second edition of Nmap book? (below) no second e yet or planned * Where is NMAP Going? * Where do you see Nmap Scripts (NSE) going, possibly doing a community repo? * Will scans for mobile devices in future releases? * Why lua vs. python or ruby or something else? Find the answers to these questions and more by listening to the show. After our interview we cover DEFCON and the Podcasters meetup. Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – http://www.anthonygartner.com – @anthonygartner Chris Gerling – http://www.chrisgerling.com – @hak5chris Christopher Mills – http://www.packetsense.net – @thechrisam Andrew Borel – @andrew_secbit Jason Mueller – @securabit_jay Rob Fuller – Mubix – http://www.room362.com – @Mubix Guest: Gordon

SecuraBit Episode 36 - The f0rb1dd3n Network We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them. Additionally we get Jayson's input on the topic of the recent denial of service attacks not coming from North Korea after all. DJ Great Scott gives us an update on the social events at this years DEFCON. Finally we cover media destruction policies. How do you decommission old hard disks? Do you retain the ones from your copiers and fax machines? What about thumb drives? Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – http://www.anthonygartner.com – @anthonygartner Chris Gerling – http://www.chrisgerling.com – @hak5chris Christopher Mills – http://www.packetsense.net - @thechrisam Andrew Borel – @andrew_secbit Jason Mueller – @securabit_jay Guest: Jayson E. Street – http://f0rb1dd3n.com/author.php Links: http://f0rb1dd3n.com Computer attack