Securabit

SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!Facebook privacy settings are getting simplified.Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.Slowloris DOS the show stream.We discuss OSSEC with Andrew Hay.Join us in IRC at irc.freenode.net #securabit Next live recording is July 15, 2009 at 8pm EDT.Hosts:Andrew Borel - @andrew_secbitAnthony Gartner – http://www.anthonygartner.com – @anthonygartnerChris Gerling - http://www.chrisgerling.com - @hak5chrisChristopher Mills - http://www.packetsense.net - @thechrisamRob Fuller - Mubix - http://room362.com - @MubixGuest(s):Wesley McGrew - http://www.mcgrewsecurity.com/  - @mcgrewsecurityAndrew Hay - http://www.andrewhay.ca/ -  @andrewsmhayLinks:http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-serverhttp://www.ossec.net/OSSEC - http://www.ossec.net/Andrew Hay's Book -  http://www.

SecuraBit Episode 34This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.News Items:StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.htmlTweetDeck still passes authentication in the clearGoogle Apps criticized about their securityiPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCampDefCon and the Podcasters Meetup- In Sky box 207 and 208 8pm or after the last talk on Saturday night.- Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.Join us in IRC at irc.freenode.net #securabitOur Next live recor

In this episode we talk to Kostya about the process that is behind Cloud Burst.  He speaks about breaking out of the existing Virtual Machine and into the host.  Once you own the host you have the ability to own other Virtual Machines. Quick Topics: OS X Security Update Palm Pre North Korea Cyberware Air France Flight 447 Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Guests: Kostya Kortchinsky - http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71 Tim Krabec - http://www.SMBMinute.com - @tkrabec Links: Immunity Inc - http://www.immunitysec.com/ CLOUDBURST exploit video -  http://www.immunityinc.com/documentation/cloudburst-vista.html CVE-2009-1244 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244 53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution - http://osvdb.org/53634 Microsoft

SecuraBit Episode 32 PDF Love! Dieter talks about how the ifilter will actually allow you to use a pdf to exploit the system because ifilter uses the windows indexing service. He also discusses some of the various methods of prevention including his tool called PDFiD. Penetration Document Format http://www.flickr.com/photos/packetsense/3549486353/ Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Guests: Didier Stevens - http://blog.didierstevens.com/ Links: PDFiD - http://blog.didierstevens.com/2009/03/31/pdfid/ PDF Tools - http://blog.didierstevens.com/programs/pdf-tools/ Security Justice - http://securityjustice.com/ Exotic Liability - http://exoticliability.ning.com/

Episode 31 Show Notes - The Intertubes need a patch Episode In this episode we are joined by Russell Butturini, he speaks to the guys about the tool he authored at the suggestion of the hak5 crew.  He even talks about some of his horror stories about security. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Christopher Mills - http://www.packetsense.net - @thechrisam Andrew Borel - @Andrew_Secbit Guests: Russell Butturini - http://www.linkedin.com/pub/b/960/913 Links: U3 Incident Response Switch Blade - http://wiki.hak5.org/wiki/U3_Incident_Response_Switchblade Command Line Kung Fu Blog http://blog.commandlinekungfu.com/ http://packetsense.net/blog Extending CVSS Beyond Its Base Score - http://www.packetsense.net/blog/2009/05/12/extending-cvss-beyond-its-base-score/ http://www.splunk.com/ http://www.cisco.com/en/US/products/ps6241/index.html

This week we interview Christien Rioux and Chris Wysopal about the upcoming release of l0phtcrack 6. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Guests: Christien Rioux - @dildog Chris Wysopal - @cwysopal Links: l0phtcrack - http://www.l0phtcrack.com/ Adobe Product Security Incident Response Team (PSIRT) - http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html Finjan finds botnet of 1.9m infected computers  - http://news.zdnet.co.uk/security/0,1000000189,39643173,00.htm

This week .... Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro. Flash on the TV.  Are TV's the next big botnet? Oracle's buying Sun. Does this mean the end for MySQL? We discuss these topics and more on Securabit Episode 29. Hosts: Andrew Borel - @Andrew_Secbit Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Links: Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html

SecuraBit EP28  I am stuck in a VM, and I can't get out!!! Special Guest - Rob Randell This week we are joined by Rob Randell from VMware. We cover recommendations for using Virtual Machines securely, VM breakouts such as cloudburst, and various other issues revolving around the security of virtual machines. Hosts: Andrew Borel - @Andrew_Secbit Anthony Gartner - http://anthonygartner.com - @anthonygartner Rob Fuller - Mubix - http://room362.com - @mubix Guest: Rob Randell – http://vmware.com @rjrandell Steve McGrath - http://cutnet.net Chris Hoff - http://www.rationalsurvivability.com @beaker Links: http://vmware.com

SecuraBit EP27  No joke!! We have George Starcher!! This week we have special guest George Starcher and we recorded the show on April 1st.  George is a long time podcaster with older shows such as In The trenches which he did with Kevin Devin and later had some guests fill in including our own Anthony Gartner.  George is still very active in the security community with his job and also does spots on the The Typical Mac User Podcast as well as a big contributor to their forums. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Guest: George Starcher - http://georgestarcher.com - @GeorgeStarcher Links: http://en.wikipedia.org/wiki/Conficker http://kevindevin.com http://georgestarcher.com/ http://typicalmacuser.com/ http://en.wikipedia.org/wiki/The_Castles_of_Dr._Creep http://www.opendns.com/ http://www.govtech.com/events/vatech2009

SecuraBit Episode 26: "@Quine and back to Roots" This week we interview Zach Lanier aka @Quine, the Security Twits manager.  We ask all about Security Twits as well as delve into some security topics in the second half.  Listen all the way through to hear us as our normal selves without serious guests, it's a riot! Security Twits is a listing of security professionals on Twitter.  It's a great opportunity to discover other great people in our community.  Go to http://www.security-twits.com/ for more details and follow @securitytwits as well as @quine on twitter. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - http://www.securinate.com - @securabit_jay Guest: Zach Lanier - http://n0where.org/ - @quine Links: http://en.wikipedia.org/wiki/Conficker http://www.adam.com.au/bogaurd/PSYB0T.pdf http://it.slashdot.org/article.pl?sid=09/03/23/

We're proud to announce a new tool from HP's Application Security Center called SWFScan.  Prajakta Jagdale and Matt Wood from the HP Web Security Research Group  explain why SWFScan was created, and the hope that it will help developers produce more secure flash applications. Hosts Anthony Gartner - http://www.anthonygartner.com @AnthonyGartner Chris Gerling - Hak5Chris, http://www.chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Guest Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785) Matt Wood - HP Web Security Research Group Links SWF Scan (http://www.hp.com/go/swfscan) HP (http://www.hp.com/) Win a Cheeseburger (http://h30423.www3.hp.com/?fr_story=3a98c704f7ef61299c19ef1f648f1acb1a5aeab8&rf=sitemap)

Securabit Episode 25 Show Notes "Jayson E. Street's f0rb1dd3n" This week we interview Jayson E. Street about his new novel f0rb1dd3n. f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story reference to an appendix that will provide the detail information about the item being referenced, and where to find more information. The expected release data is in July 2009 around Black Hat and Defcon. A beta of Sumo LINUX is targeted for release the first week of April. Quine will be our next guest interview. Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Guest Jayson E. Street - http://f0rb1dd3n.com/author.php Links http://f0rb1dd3n.com http://osvdb.org http://datalossdb.org

Securabit Episode 24 ìG, Mark Hardy In this episode of Securait we are joined by G. Mark Hardy, President of National Security Corporation. Topics The history of computer security industry The Shmoocon Puzzle 2009 Badge Puzzle The Value of Information Coffee Wars IX Developing Public Speaking Skills Explaining Technical Topics to Nontechnical Audiences Are bad times good for security professionals? The Value in Investing in Yourself Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Guest G. Mark Hardy - http://www.gmarkhardy.com/ Links Shmoocon 2009 Badge Puzzle (http://shmoocon.info) CoffeeWars (http://www.coffeewars.org) Between Silk and Cyanide: A Codemaker's War, 1941-1945 (http://www.amazon.com/Between-Silk-Cyanide-Codemakers-1941-1945/dp/0684864223) Tight Security for Tough Times (http://events.techtarget.com/secdefense/)

We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area. Next we cover the details about SUMO LINUX 2.0 with our guest Marcus Carey. SUMO LINUX 2.0 - Based on a stable version of Debian so we can update with Debian packages and Unbuntu Packages. -Windows response tools will be added. -Build a wiki with detailed documentation of all the tools included to make it easy for a newbie to get started. -No plans for multi-boot. -Distributed out via Bit Torrent. -Memory analysis and RAM dumping. Cheap USB sticks have really helped with this. The analysis is also proving to be a big help in forensics. -Will be coordinating the project on the Securabit forums (http://forums.securabit.com/index.php?showforum=9) -User feedback will help us make it better for everyone. -Post in the forum if you are interested in helping out. Other News Items -Homebrew patches for zero days in the enterprise. -Cell phones and international roaming charges at the border.

Episode 22 Schmoocon RecapWe reflect back on Schmoocon 2009, the Podcasters Meetup, and look foward to DEFCON. Also we cover patch Tuesday, Back|Track 4, and a community replacement for Helix.Hosts:Anthony Gartner - AnthonyGartner.com @AnthonyGartnerChris Gerling - Hak5Chris, Chrisgerling.com @Hak5chrisChris Mills - ChrisAM @packetsenseJason Mueller - @Securabit_JayLinks:SchmooconPodcasters MeetupMicrosoft Security Bulletin MS09-003 Microsoft Security Bulletin MS09-004 Back|Track 4 DEFCONHelix

Here is the audio from the meetup on 2/6 if anyone is interested.  We're releasing this on our feed for anyone who doesn't follow pauldotcom.  It's not edited, just raw audio so if you have any complaints keep them to yourself. ;)Thanks to all who came!

Sorry folks, we will not be releasing episodes out of order anymore.In this episode we discuss:Managing IP space inside a company network. Attributing a device on the network to an employee / function.Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS).And briefly touch on the Obama Administration's Outline for their Cyber Security Strategy.Use our Forums!Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.Thanks again for all the donations for the Tip Jar.Hosts:Anthony Gartner - AnthonyGartner.com @AnthonyGartnerChris Gerling - Hak5Chris, Chrisgerling.com @Hak5chrisChris Mills - ChrisAM @packetsenseAndrew Borel - @Andrew_SecbitSpecial Guest: Tim Krabec (@tkrabec) of the SMBMinute.comImportant links for the show and documents used:Open Vulnerability Assessment SystemSecurity Content Automation ProtocolObama Administration Outlines Cyber Security StrategyMore Cyber Security Regulations Rec

In this special episode of Securabit we are interviewing Billy Hoffman and Prajakta Jagdale. Billy is the author of the book Ajax Security. Prajakta is a Security Research Engineer with HP and is presenting at this year's ShmooCon. Hosts:Anthony Gartner - AnthonyGartner.com @AnthonyGartnerChris Gerling - Hak5Chris, Chrisgerling.com @Hak5chrisChris Mills - ChrisAM @packetsenseJason Mueller - SecurabitJaySpecial Guests: Billy Hoffman (http://en.wikipedia.org/wiki/Billy_Hoffman)Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785) Important links for the show and documents used:HP (http://www.hp.com/)Ajax Security (http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939) NoScript (http://noscript.net/)SchmoonCon (http://www.shmoocon.org/presentations-all.html#flash)HP's very own Prajakta Jagdale (She is the security research engineer for HP's Web Security Research Group) & Matt Wood (HP Web Security Research Group) join SecuraBit for a very informative discussion. Questions on Ajax, Flash, and We

This show is out of order and we debated if we would even release it. Well why not, have a listen if you don't like it delete it and remember we told you so ;) This show was a hostile take over by The guys at SMB Minute. It was all just for fun and happened on Dec 31 2008. Remember we warned you.... Listen at your own risk!!! Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Important links for the show and documents used: NONE

In this episode which is likely to be out of sequence. SecuraBit did a recording on the 31st of the year and we will likely release it but episode 18 was a potential lost episode. Chris Mills talks about how twitter has changed some of it's security measures in the aftermath of the hack on its admin accounts. He even did some testing of a bogus account. We even got into some discussions on which types of phones handle what kind of sites. Please be careful, Jay is going to be getting a twitter account and might actually post. Oh FRAK!!!! The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen. After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up's and Nessus for the