SecuraBit
SecuraBit Before It Bytes!
SecuraBit Episode 47: Double Dutch! Listen in as we interview 1Password and NetWitness! Dave Teare - Co-Founder of 1Password Agile Web Solutions' 1 Password http://agilewebsolutions.com/products/1Password Q's What was the motivation to create 1Password? There are two key chain types that are used. Why the switch to the other one? When will we be able to sync across the iphone cord? (Edge/3G) 8.02.11 BGA type Are there plans to port 1Password to Win/Lin platforms? 1password Anywhere? Is there a way to import from other password managers? CSV format what is the difference between the 1password pro and the touch pro? http://help.agile.ws/1Password_touch/pro_vs_standard.html What is the diffrence between 1Password and 1Password Pro? Who actually maintains the twitter account? Find out more at http://get1password.com NetWitness - Eddie Schwartz http://www.netwitness.com/ Q's How long have you been with NetWitness? http://download.netwitness.com/ http://download.netwitness.com/download.php?src=DIRECT Google Earth integration - Very Cool!! What OS will the free or paid version work on and will it work from within a VM? What does netwitness do at the layer 7 level? Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Jason Mueller - @securabit_jay Andrew Borel – @andrew_secbit Guests: Dave Teare - 1Password Eddie Schwartz - Netwitness
Direct download: SecuraBit_EP47.mp3
Category:podcasts -- posted at: 4:32pm EDT

SecuraNibble Episode 03 - Security Hour on IMP

SecuraNibble Episode 03 - Security Hour on IMP

This SecuraNibble is released out of band is an extra episode outside our normal releases.  This SecuraNibble is the recording of the conversation that happened on The International Mac Podcast held during their 12 Cubed event held on December 12, 2009.  The conversation was a general security round table held between our own Anthony Gartner, and panel of 4 other security pod-casters.  The panel of pod-casters include Bart Busschots of the International Mac Podcast, George Starcher of Typical Mac User Podcast, and the one and only Paul Asadoorian of PaulDotCom.com fame.

This SecuraNibble is not an extremely in depth and geeky conversation but one that covers a lot of general information and it applies to all operating systems not just the mac.

Direct download: SecuraNibble_EP03.mp3
Category:podcasts -- posted at: 10:46am EDT

SecuraBit Episode 46 – Making a Faster and Safer Web with Billy Hoffman

SecuraBit Episode 46 – Making a Faster and Safer Web with Billy Hoffman

Details of the Academy Pro Deal
New affiliation with the Academy Pro
Old podcasts at http://www.theacademypro.com/podcasts.php

Help people have a better user experience on the web.

Zoompf
-Billy's new company

Common Mistakes on Low Performing Websites

What is the best CMS to use.

How the report on Zoompf is being run currently.

New cameras and metadata
http://en.wikipedia.org/wiki/Exchangeable_image_file_format
-how much does the extra metadata take up in a file?

AT&T service and coverage

The origin of the name Zoompf

Link farms and domain squating

ICANN

IPV6

ShmooCon

Upcoming Events

http://www.google.com/calendar/ical/pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com/public/basic.ics

http://www.security-twits.com/

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller - @securabit_jay
Andrew Borel – @andrew_secbit

Guest:
Billy Hoffman - @zoompf - http://zoompf.com/blog/

Direct download: SecuraBit_EP46.mp3
Category:podcasts -- posted at: 6:13pm EDT

SecuraBit Episode 45 – More on DOJOCON

SecuraBit Episode 45 – More on DOJOCON

Marcus J Carey discusses MetaSponse tool to be released in mid-December. This uses the MetaSploit Framework for Incident Response.

Metasploit Framework 3.3  Released!
http://blog.metasploit.com/2009/11/metasploit-framework-33-released.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+metasploit%2Fblog+%28Metasploit+Blog%29

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller - @securabit_jay
Andrew Borel – @andrew_secbit

Guest:
Marcus Carey – @marcusjcarey

Links:

DojoCon - http://www.dojocon.org/
Hackers for Charity - http://www.hackersforcharity.org/
hak5 - http://www.hak5.org/

NoVA Hackers - http://groups.google.com/group/novahackers

dojosec @ USTREAM http://www.ustream.tv/dojosec
White Wolf Security - http://www.whitewolfsecurity.com/
ShmooCon 2010 - http://www.shmoocon.org/
Netwars Competition - http://www.sans.org/netwars/
International Spy Museum - http://www.spymuseum.org/
Cyber Forensics: Digital CSI - http://spymuseum.org/programs/calendar_pages/2009/q4/2009_12_01_prog.php
http://hashtags.org/tag/roachesmustdie

Direct download: SecuraBit_EP45.mp3
Category:podcasts -- posted at: 12:53pm EDT

SecuraBit Episode 44 - Dennis Hurst and Movember! SecuraBit Episode 44 – Guest Interview: Dennis Hurst, Senior Application Security Architect at HP Software & Solutions and a founding member of the Cloud Security Alliance Discussion of security and Agile development. Scaling agile requires feedback mechanisms and strong visibility http://h71028.www7.hp.com/enterprise/us/en/messaging/feature-software-scale-agile.html HP Application Security Center http://www.hp.com/go/stophackers Cloud Security Alliance http://cloudsecurityalliance.org Movember: Chris Gerling and Andrew Borel represent SecuraBit! http://us.movember.com/mospace/99916 (Chris) http://us.movember.com/mospace/361416/ (Andrew) Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guest: Dennis Hurst Links: Movember - http://us.movember.com/ Donate to Security Podcasters Alliance - https://www.movember.com/us/donate/your-details/team_id/997 Security podcasters get hairy for charity - http://www.securecomputing.net.au/News/159403,security-podcasters-get-hairy-for-charity.aspx
Direct download: SecuraBit_EP44.mp3
Category:podcasts -- posted at: 3:47pm EDT

SecuraBit Episode 43 – The Academy Pro

SecuraBit Episode 43 – The Academy Pro

Guest Interview: Peter Giannoulis of The Academy Pro

Metasploit Rising

http://blog.metasploit.com/2009/10/metasploit-rising.html

WordPress 2.8.5: Hardening Release
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

Blubrry PowerPress Podcasting Plugin for WordPress
http://www.blubrry.com/powerpress/

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/

Google Voice voicemails appearing in public search results
http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/

TweetDeck
http://www.tweetdeck.com/beta/

Porn, CSS History Hacking, User Recon and Blackmail
http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/

Windows 7
http://www.microsoft.com/windows/

Magic Mouse
http://www.apple.com/magicmouse/

Quick Shell Script to Extract Contents
http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-extract-contents.html

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Peter Giannoulis

Links:
The Academy Pro - http://www.theacademypro.com/
The Academy Home - http://www.theacademyhome.com/

Don't forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery

Direct download: SecuraBit_EP43.mp3
Category:podcasts -- posted at: 10:21am EDT

SecuraBit Episode 42 - Phreaking Sweet Con in TN.
SecuraBit Episode 42 – Phreaking Sweet Con in TN.
Phreaknic 13 – October 30 – November 1 2009
Phreaknic Curse
CCTV throughout hotel, great + for attending the con
Ware Chair Toss
Firing a jet engine in the parking lot.
Four Tracks
1 Cumberland (Main ballroom)
2 9th Floor (Vendor Area)
3 Cafe Area (Gaming)
4 Contest Area
Size of conferences
ShmooCon
Running Conferences
#RoachesMustDie from ShmooCon 2009 via Security Justice
Microsoft Security Essentials - http://www.microsoft.com/security_essentials/
New iTunes Store - http://www.apple.com/itunes/
Metasploit hiring in Austin, TX
New version of Pocket God for the iPhone
Hacker Consortium - http://hackerconsortium.com/

Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guest:
SkyDog
Links:
Direct download: Securabit_EP42.mp3
Category:podcasts -- posted at: 12:09pm EDT

SecuraBit Episode 41 - Speaking of Cons, and forensics...
SecuraBit Episode 41 - Speaking of Cons, and forensics...
Part 1: Marcus Carey
Dojocon - http://www.dojocon.org/ - @dojocon
November 6 & 7, 2009
Capitol College Maryland

Part 2: Scott Moulton

blackberry stuff:
bitpim

Hosts:
Chris Gerling  – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Anthony Gartner –  AnthonyGartner.com - @anthonygartner
Guest:
Marcus Carey - http://www.dojocon.org/ - @dojocon
Links:
Dojocon - http://www.dojocon.org/ - @dojocon
Direct download: SecuraBit_EP41.mp3
Category:podcasts -- posted at: 10:12am EDT

SecuraBit Episode 40 - Paul WHO????
SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
  • Who are you, and what are you doing on THIS podcast?
  • Tell us about the PaulDotCom podcast (I’ve talked to SecuraBit listeners who have never heard of PDC)
  • How long have you been using Nessus?
  • When did you start working for Tenable?
  • What is your role at Tenable?
Nessus Questions:
  • What’s new in this version of Nessus?
  • Are changes driven primarily by Tenable, or the community?
  • What does Nessus use for a scanning engine?
  • How does Nessus interact and work with Nmap?
  • Explain Nessus licensing and what an individual vs a corp is entitled to.
  • How much is a license?
  • Cost of proffesional feed = $1200.00/year
  • Home feed no longer a delay, no SCADA plugins
  • How does Nessus differ from OpenVAS?
  • Can you use the OpenVAS repo with Nessus?
  • Talk about the extensibility of Nessus. (Scripting, etc)
  • How does Nessus work with OVAL definitions? How does this help for FDCC compliance?
  • Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?
Implementation and Operation questions (How Paul Does Things):
  • Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?
  • Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?
  • How often do you scan (and re-scan) a network?
  • How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)
  • Are results parse-able and able to be fed into compliance and risk management tools?
Other Questions:
  • When is the next PaulDotCom episode?
  • What are the topics/guests?
  • What is your favorite beer?
Hosts:
Anthony Gartner – AnthonyGartner.com @anthonygartner
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Ed Smiley - @edsmiley
Guest:
Paul Asadoorian - @pauldotcom - http://www.pauldotcom.com
Links:
Tenable Network Security Blog and Podcast - http://blog.tenablesecurity.com/
Direct download: SecuraBit_EP40.mp3
Category:podcasts -- posted at: 10:11pm EDT

SecuraBit Episode 39 - Stealing candy from little kids everywhere!!!

SecuraBit Episode 39 – Stealing candy from little kids everywhere!!!

Jay brought up that some government web sites will be switching to an http://openid.org authentication

What Does DHS Know About You? - http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you
How to request your travel records - http://www.hasbrouck.org/blog/archives/001607.html

TwiGUARD - http://twiguard.com/index.html
TweetDeck - http://tweetdeck.com/beta/

MS IIS FTPD DoS ZER0DAY - http://www.milw0rm.com/exploits/9587

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. - http://www.milw0rm.com/exploits/9594

Poison Ivy Remote Administration Tool - http://www.poisonivy-rat.com/

FRHACK: Pentesting Live DVD - http://pentestit.com/2009/09/09/frhack-pentesting-livedvd/

Upcoming Events:
SANSFIRE 2009 - http://www.sans.org/sansfire09/
Baltimore, MD - June 13 - 22, 2009

Phreaknic 13 - http://www.phreaknic.info/pn13/Site_2/Welcome.html
October 30 - November 1 2009

SANS Cyber Defense Initiative - http://www.sans.org/cyber-defense-initiative-2009
Washington, DC - December 11 - 18, 2009

ToorCon - http://www.toorcon.org/
San Diego Convention Center -  October 23rd-25th, 2009

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Direct download: SecuraBit_EP39.mp3
Category:podcasts -- posted at: 7:18pm EDT

SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content

SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content

Louisville Metro InfoSec Conference in Louisville, KY
October 8, 2009 8am - 5pm
Sponsored by the local ISSA Chapter
Some of speakers at the event include:

  • John Strand
  • Lee Kushner
  • Scott Moulton
  • Adrian "IronGeek" Crenshaw

http://www.louisvilleinfosec.com/
Presentations are planed to be posted online afterwards.

If you wish to attend the conference you can use the discount code of "geek seat" to get $20 off registration

Round Table Topic: Who should be responsible for patching? Infrastructure or Security?

There is a conversation about the new Snow Leopard for Mac and Macs mail.

A brief discussion about Helix, Security Onion, and Splunk 4.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Brian Blankenship  - chair ( a ) louisvilleinfosec ( dot ) com

Links:
Louisville Metro InfoSec Conference - http://www.louisvilleinfosec.com/
Security Onion - http://securityonion.blogspot.com/
Splunk 4 - http://www.splunk.com/view/splunk-4-features/SP-CAAAEVR

Direct download: SecuraBit_EP38.mp3
Category:podcasts -- posted at: 3:32pm EDT

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP

SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP
NMAP 5 with Gordon "Fyodor" Lyon
* How did Nmap start?
* What's new in Nmap 5?
* Whe kind of legal issues have you faced in regards to NMAP?
* Where did the handle Fyodor start?
* Will there be a second edition of Nmap book? (below) no second e yet or planned
* Where is NMAP Going?
* Where do you see Nmap Scripts (NSE) going, possibly doing a community repo?
* Will scans for mobile devices in future releases?
* Why lua vs. python or ruby or something else?
Find the answers to these questions and more by listening to the show.

After our interview we cover DEFCON and the Podcasters meetup.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay
Rob Fuller – Mubix – http://www.room362.com – @Mubix

Guest:
Gordon "Fyodor" Lyon - http://insecure.org/fyodor/

Links:
NMAP 5 - http://nmap.org/5/
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning - http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1
New 'ping sweep' - http://carnal0wnage.attackresearch.com/node/373
The Programming Language Lua - http://www.lua.org/
WordPress 2.8.4 Security Release - http://wordpress.org/development/2009/08/2-8-4-security-release/

Direct download: SecuraBit_EP37.mp3
Category:podcasts -- posted at: 8:47am EDT

SecuraBit Episode 36 - The f0rb1dd3n Network

SecuraBit Episode 36 - The f0rb1dd3n Network

We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n

Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them.

Additionally we get Jayson's input on the topic of the recent denial of service attacks not

coming from North Korea after all.

DJ Great Scott gives us an update on the social events at this years DEFCON.

Finally we cover media destruction policies. How do you decommission old hard disks? Do you

retain the ones from your copiers and fax machines? What about thumb drives?

Join us in IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net - @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Guest:
Jayson E. Street – http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
Computer attack may not have originated in North Korea after all -

http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html
UK, not North Korea, source of DDOS attacks, researcher says -

http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says
DEFCON 17 - http://www.defcon.org/html/defcon-17/dc-17-index.html

Podcasters Meetup - http://www.podcastersmeetup.com/

Direct download: SecuraBit_EP36.mp3
Category:podcasts -- posted at: 12:29pm EDT

SecuraBit Episode 35 - Content, what content? Oh, THAT content!!!  NSFW!!! <p><strong>SecuraBit Episode 35</strong> - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p>
<p>Facebook privacy settings are getting simplified.<br />
Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.<br />
Slowloris DOS the show stream.<br />
We discuss OSSEC with Andrew Hay.</p>
<p>Join us in IRC at irc.freenode.net #securabit
<p>Next live recording is July 15, 2009 at 8pm EDT.</p>
<p><strong>Hosts:</strong></p>
<p>Andrew Borel - @andrew_secbit<br />
Anthony Gartner – <a href="http://www.anthonygartner.com">http://www.anthonygartner.com</a> – @anthonygartner<br />
Chris Gerling - <a href="http://www.chrisgerling.com">http://www.chrisgerling.com</a> - @hak5chris<br />
Christopher Mills - <a href="http://www.packetsense.net">http://www.packetsense.net -</a> @thechrisam<br />
Rob Fuller - Mubix - <a href="http://room362.com">http://room362.com</a> - @Mubix</p>
<p><strong>Guest(s):</strong></p>
<p>Wesley McGrew - <a href="http://www.mcgrewsecurity.com/">http://www.mcgrewsecurity.com/</a>  - @mcgrewsecurity<br />
Andrew Hay - <a href="http://www.andrewhay.ca/">http://www.andrewhay.ca/</a> -  @andrewsmhay</p>
<p><strong>Links:</strong></p>
<p><a href="Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.">http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</a><br />
<a href="http://www.ossec.net/">http://www.ossec.net/</a><br />
OSSEC - <a href="http://www.ossec.net/">http://www.ossec.net/</a><br />
Andrew Hay's Book -  <a href="http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X">http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</a></p>
<p>SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p>
<p>Facebook privacy settings are getting simplified.</p>
<p>Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.</p>
<p>Slowloris DOS the show stream.</p>
<p>We discuss OSSEC with Andrew Hay.</p>
<p>Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.</p>
<p>Next live recording is July 15, 2009 at 8pm EDT.</p>
<p>Hosts:</p>
<p>Chris Gerling - http://www.chrisgerling.com - @hak5chris</p>
<p>Christopher Mills - http://www.packetsense.net - @thechrisam</p>
<p>Anthony Gartner – http://www.anthonygartner.com – @anthonygartner</p>
<p>Andrew Borel - @andrew_secbit</p>
<p>Rob Fuller - Mubix - http://room362.com - @Mubix </p>
<p>Guest(s):</p>
<p>Wesley McGrew - http://www.mcgrewsecurity.com/  - @mcgrewsecurity</p>
<p>Andrew Hay - http://www.andrewhay.ca/ -  @andrewsmhay</p>
<p>Links:</p>
<p>http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</p>
<p>http://www.ossec.net/</p>
<p>OSSEC - http://www.ossec.net/</p>
<p>Andrew Hay's Book -  http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</p>

Direct download: SecuraBit_EP35.mp3
Category:podcasts -- posted at: 11:20pm EDT

SecuraBit Episode 34 RoundTable Well Virtually anyway!!! <p>SecuraBit Episode 34</p>
<p>This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.</p>
<p>News Items:<br />
StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html</p>
<p>TweetDeck still passes authentication in the clear</p>
<p>Google Apps criticized about their security</p>
<p>iPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/</p>
<p>RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/</p>
<p>Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCamp</p>
<p>DefCon and the Podcasters Meetup<br />
- In Sky box 207 and 208 8pm or after the last talk on Saturday night.<br />
- Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.</p>
<p>PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.</p>
<p>Join us in IRC at irc.freenode.net #securabit</p>
<p>Our Next live recording is July 1, 2009 at 8pm EDT.</p>
<p>Hosts:<br />
Chris Gerling - http://www.chrisgerling.com - @hak5chris<br />
Jason Mueller - @securabit_jay<br />
Christopher Mills - http://www.packetsense.net - @thechrisam<br />
Rob Fuller - Mubix - http://room362.com - @Mubix<br />
Andrew Borel - @andrew_secbit</p>
<p>Guests:<br />
Scott Fitzpatrick</p>
<p>Links:<br />
Symantec - http://www.symantec.com/<br />
Mubix - Couch to Career - http://www.room362.com/archives/564-couch-to-career-follow-up.html</p>

Direct download: SecuraBit_EP34.mp3
Category:podcasts -- posted at: 4:34pm EDT

SecuraBit Episode 33 - Bursting Clouds with Kostya Kortchinsky

In this episode we talk to Kostya about the process that is behind Cloud Burst.  He speaks about breaking out of the existing Virtual Machine and into the host.  Once you own the host you have the ability to own other Virtual Machines.

Quick Topics:
OS X Security Update
Palm Pre
North Korea Cyberware
Air France Flight 447

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - @securabit_jay

Guests:
Kostya Kortchinsky - http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71
Tim Krabec - http://www.SMBMinute.com - @tkrabec

Links:
Immunity Inc - http://www.immunitysec.com/
CLOUDBURST exploit video -  http://www.immunityinc.com/documentation/cloudburst-vista.html
CVE-2009-1244 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244
53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution - http://osvdb.org/53634
Microsoft Security Bulletin MS08-067 - http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
SyScan '09 Singapore July 2-3 - http://www.syscan.org/Sg/program.html
The Cassandra Tool - https://cassandra.cerias.purdue.edu/main/index.html
Apple Security Update 2009-002 / Mac OS X v10.5.7 - http://support.apple.com/kb/HT3549
Palm® Pre™ - http://www.palm.com/us/products/phones/pre/
North Korea Builds Up Cyber Warfare Unit - http://news.yahoo.com/s/afp/20090505/ts_afp/nkoreaitmilitary
Air France Flight 447 - http://en.wikipedia.org/wiki/Air_France_Flight_447
DEFCON® Hacking Conference - http://www.defcon.org/
Immunity CANVAS - http://www.immunitysec.com/products-canvas.shtml

Direct download: SecuraBit_EP33.mp3
Category:podcasts -- posted at: 1:50am EDT

SecuraBit Episode 32 PDF Love!

SecuraBit Episode 32 PDF Love!

Dieter talks about how the ifilter will actually allow you to use a pdf to exploit the system because ifilter uses the windows indexing service. He also discusses some of the various methods of prevention including his tool called PDFiD.


Penetration Document Format

http://www.flickr.com/photos/packetsense/3549486353/

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam

Guests:
Didier Stevens - http://blog.didierstevens.com/

Links:
PDFiD - http://blog.didierstevens.com/2009/03/31/pdfid/
PDF Tools - http://blog.didierstevens.com/programs/pdf-tools/
Security Justice - http://securityjustice.com/
Exotic Liability - http://exoticliability.ning.com/

Direct download: SecuraBit_EP32.mp3
Category:podcasts -- posted at: 10:32am EDT

Securabit Episode 31 Show Notes - The Intertubes need a patch Episode
Episode 31 Show Notes - The Intertubes need a patch Episode
In this episode we are joined by Russell Butturini, he speaks to the guys about the tool he authored at the suggestion of the hak5 crew.  He even talks about some of his horror stories about security.
Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Christopher Mills - http://www.packetsense.net - @thechrisam
Andrew Borel - @Andrew_Secbit
Guests:
Links:
Direct download: SecuraBit_EP31.mp3
Category:podcasts -- posted at: 10:46am EDT

SecuraBit EP30 l0phtcrack 6

This week we interview Christien Rioux and Chris Wysopal about the upcoming release of l0phtcrack 6.

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - @securabit_jay

Guests:

Christien Rioux - @dildog

Chris Wysopal - @cwysopal

Links:

l0phtcrack - http://www.l0phtcrack.com/

Adobe Product Security Incident Response Team (PSIRT) - http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

Finjan finds botnet of 1.9m infected computers  - http://news.zdnet.co.uk/security/0,1000000189,39643173,00.htm

Direct download: SecuraBit_EP30.mp3
Category:podcasts -- posted at: 4:43pm EDT

 SecuraBit EP29 Flash in the TV

This week ....

Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro.

Flash on the TV.  Are TV's the next big botnet?

Oracle's buying Sun. Does this mean the end for MySQL?

We discuss these topics and more on Securabit Episode 29.

Hosts:
Andrew Borel - @Andrew_Secbit
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - @securabit_jay

Links:

Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf

Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html

Direct download: SecuraBit_EP29.mp3
Category:podcasts -- posted at: 3:40pm EDT

SecuraBit EP28 I am stuck in a VM, and I can't get out!!!

SecuraBit EP28  I am stuck in a VM, and I can't get out!!!

Special Guest - Rob Randell

This week we are joined by Rob Randell from VMware. We cover recommendations for using Virtual Machines securely, VM breakouts such as cloudburst, and various other issues revolving around the security of virtual machines.

Hosts:
Andrew Borel - @Andrew_Secbit
Anthony Gartner - http://anthonygartner.com - @anthonygartner
Rob Fuller - Mubix - http://room362.com - @mubix

Guest:
Rob Randell – http://vmware.com @rjrandell
Steve McGrath - http://cutnet.net
Chris Hoff - http://www.rationalsurvivability.com @beaker

Links:
http://vmware.com

Direct download: SecuraBit_EP28.mp3
Category:podcasts -- posted at: 12:06pm EDT

SecuraBit EP27  No joke!! We have George Starcher!!

SecuraBit EP27  No joke!! We have George Starcher!!

This week we have special guest George Starcher and we recorded the show on April 1st.  George is a long time podcaster with older shows such as In The trenches which he did with Kevin Devin and later had some guests fill in including our own Anthony Gartner.  George is still very active in the security community with his job and also does spots on the The Typical Mac User Podcast as well as a big contributor to their forums.

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris

Guest:
George Starcher - http://georgestarcher.com - @GeorgeStarcher

Links:
http://en.wikipedia.org/wiki/Conficker
http://kevindevin.com
http://georgestarcher.com/
http://typicalmacuser.com/
http://en.wikipedia.org/wiki/The_Castles_of_Dr._Creep
http://www.opendns.com/
http://www.govtech.com/events/vatech2009

Direct download: SecuraBit_EP27.mp3
Category:podcasts -- posted at: 1:48pm EDT

SecuraBit Episode 26:

SecuraBit Episode 26: "@Quine and back to Roots"

This week we interview Zach Lanier aka @Quine, the Security Twits manager.  We ask all about Security Twits as well as delve into some security topics in the second half.  Listen all the way through to hear us as our normal selves without serious guests, it's a riot!

Security Twits is a listing of security professionals on Twitter.  It's a great opportunity to discover other great people in our community.  Go to http://www.security-twits.com/ for more details and follow @securitytwits as well as @quine on twitter.

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - http://www.securinate.com - @securabit_jay

Guest:
Zach Lanier - http://n0where.org/ - @quine

Links:
http://en.wikipedia.org/wiki/Conficker
http://www.adam.com.au/bogaurd/PSYB0T.pdf
http://it.slashdot.org/article.pl?sid=09/03/23/2257252&from=rss
http://ciscofatty.com/

Direct download: SecuraBit_EP26.mp3
Category:podcasts -- posted at: 10:30pm EDT

SecuraByte Episode 06:  HP SWFScan

We're proud to announce a new tool from HP's Application Security Center called SWFScan.  Prajakta Jagdale and Matt Wood from the HP Web Security Research Group  explain why SWFScan was created, and the hope that it will help developers produce more secure flash applications.

Hosts
Anthony Gartner - http://www.anthonygartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, http://www.chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense

Guest
Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785)
Matt Wood - HP Web Security Research Group

Links
SWF Scan (http://www.hp.com/go/swfscan)
HP (http://www.hp.com/)
Win a Cheeseburger (http://h30423.www3.hp.com/?fr_story=3a98c704f7ef61299c19ef1f648f1acb1a5aeab8&rf=sitemap)

Direct download: SecuraByte_EP06.mp3
Category:podcasts -- posted at: 7:31am EDT

SecuraBit EP25 Jayson E. Street's Talks about his book f0rb1dd3n

Securabit Episode 25 Show Notes "Jayson E. Street's f0rb1dd3n"

This week we interview Jayson E. Street about his new novel f0rb1dd3n.

f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story reference to an appendix that will provide the detail information about the item being referenced, and where to find more information. The expected release data is in July 2009 around Black Hat and Defcon.

A beta of Sumo LINUX is targeted for release the first week of April.

Quine will be our next guest interview.

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense

Guest
Jayson E. Street - http://f0rb1dd3n.com/author.php

Links
http://f0rb1dd3n.com
http://osvdb.org
http://datalossdb.org

Direct download: SecuraBit_EP25.mp3
Category:podcasts -- posted at: 2:57pm EDT

Securabit Episode 24 ìG, Mark Hardy

In this episode of Securait we are joined by G. Mark Hardy, President of National Security Corporation.

Topics
The history of computer security industry
The Shmoocon Puzzle 2009 Badge Puzzle
The Value of Information
Coffee Wars IX
Developing Public Speaking Skills
Explaining Technical Topics to Nontechnical Audiences
Are bad times good for security professionals?
The Value in Investing in Yourself

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Guest
G. Mark Hardy - http://www.gmarkhardy.com/

Links
Shmoocon 2009 Badge Puzzle (http://shmoocon.info)
CoffeeWars (http://www.coffeewars.org)
Between Silk and Cyanide: A Codemaker's War, 1941-1945 (http://www.amazon.com/Between-Silk-Cyanide-Codemakers-1941-1945/dp/0684864223)
Tight Security for Tough Times (http://events.techtarget.com/secdefense/)

Direct download: SecuraBit_EP24.mp3
Category:podcasts -- posted at: 6:17pm EDT

SecuraBit EP 23 The Echo Show!!!  with Guest Marcus Carey

We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area.

Next we cover the details about SUMO LINUX 2.0 with our guest Marcus Carey.

SUMO LINUX 2.0
- Based on a stable version of Debian so we can update with Debian packages and Unbuntu Packages.
-Windows response tools will be added.
-Build a wiki with detailed documentation of all the tools included to make it easy for a newbie to get started.
-No plans for multi-boot.
-Distributed out via Bit Torrent.
-Memory analysis and RAM dumping. Cheap USB sticks have really helped with this. The analysis is also proving to be a big help in forensics.
-Will be coordinating the project on the Securabit forums (http://forums.securabit.com/index.php?showforum=9)
-User feedback will help us make it better for everyone.
-Post in the forum if you are interested in helping out.

Other News Items
-Homebrew patches for zero days in the enterprise.
-Cell phones and international roaming charges at the border.
-What hardware tools should you have in a forensic toolkit?

Have something you want plugged on Securabit? Send it to Feedback@securabit.com.

If you are interested in helping with the Richmond, VA area hackerspace contact Chris Gerling.

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Guest
Marcus Carey ñ SUMO LINUX http://www.sumolinux.com

Links
Hackerspaces http://hackerspaces.org
SUMO LINUX http://www.sumolinux.com
Adobe Zero Day http://isc.sans.org/diary.html?storyid=5902&rss
Excel Zero Day http://isc.sans.org/diary.html?storyid=5923  & http://www.microsoft.com/technet/security/advisory/968272.mspx
Forensic Talon http://www.logicubeforensics.com/products/hd_duplication/talon.asp

Direct download: SecuraBit_EP23.mp3
Category:podcasts -- posted at: 9:03am EDT

SecuraBit Episode 22 Episode 22 Schmoocon Recap

We reflect back on Schmoocon 2009, the Podcasters Meetup, and look foward to DEFCON.
Also we cover patch Tuesday, Back|Track 4, and a community replacement for Helix.

Hosts:
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Links:
<a href="http://www.shmoocon.org/">Schmoocon</a>
<a href="http://www.podcastersmeetup.com/">Podcasters Meetup</a>
<a href="http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx">Microsoft Security Bulletin MS09-003</a>
<a href="http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx">Microsoft Security Bulletin MS09-004</a>
<a href="http://backtrack4.blogspot.com/">Back|Track 4</a>
<a href="https://www.defcon.org/">DEFCON</a>
<a href="http://www.e-fense.com/products.php">Helix</a>

Direct download: SecuraBit_EP22.mp3
Category:podcasts -- posted at: 12:54pm EDT

Shmoocon Podcaster Meetup Live Audio Here is the audio from the meetup on 2/6 if anyone is interested.  We're releasing this on our feed for anyone who doesn't follow pauldotcom.  It's not edited, just raw audio so if you have any complaints keep them to yourself. ;)

Thanks to all who came!
Direct download: ShmooCon09-PodcasterMeetup.mp3
Category:podcasts -- posted at: 6:35pm EDT

Episode 20: Time Warp Again! Sorry folks, we will not be releasing episodes out of order anymore.

In this episode we discuss:

Managing IP space inside a company network. Attributing a device on the network to an employee / function.

Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS).

And briefly touch on the Obama Administration's Outline for their Cyber Security Strategy.

Use our Forums!

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Andrew Borel - @Andrew_Secbit

Special Guest:
 
Tim Krabec (@tkrabec) of the <a href="http://smbminute.com/">SMBMinute.com</a>

Important links for the show and documents used:

<a href="http://www.openvas.org/">Open Vulnerability Assessment System</a>
<a href="http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol">Security Content Automation Protocol</a>
<a href="http://www.diigo.com/annotated/5e5c73ed44f27f40631af447951b4bf8">Obama Administration Outlines Cyber Security Strategy</a>
<a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/12/08/AR2008120801944.html">More Cyber Security Regulations Recommended</a>
Direct download: SecuraBit_EP20.mp3
Category:podcasts -- posted at: 6:21pm EDT

SecuraBit EP 21 HP Security reasearchers speak with SecuraBit
In this special episode of Securabit we are interviewing Billy Hoffman and Prajakta Jagdale. Billy is the author of the book Ajax Security. Prajakta is a Security Research Engineer with HP and is presenting at this year's ShmooCon.

Hosts:

Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Special Guests:
Billy Hoffman (http://en.wikipedia.org/wiki/Billy_Hoffman)
Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785)

Important links for the show and documents used:
HP (http://www.hp.com/)
Ajax Security (http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939)
NoScript (http://noscript.net/)
SchmoonCon (http://www.shmoocon.org/presentations-all.html#flash)HP's very own Prajakta Jagdale (She is the security research engineer for
HP's Web Security Research Group) & Matt Wood (HP Web
Security Research Group) join SecuraBit for a very informative discussion.

Questions on Ajax, Flash, and Web Application security.
Direct download: SecuraBit_EP21.mp3
Category:podcasts -- posted at: 11:02am EDT

SecuraBit EP18  Don't say we didn't warn you.

This show is out of order and we debated if we would even release it. Well why not, have a listen if you don't like it delete it and remember we told you so ;)

This show was a hostile take over by The guys at SMB Minute. It was all just for fun and happened on Dec 31 2008. Remember we warned you.... Listen at your own risk!!!

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com @mubix
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Important links for the show and documents used:

NONE

Direct download: SecuraBit_EP18.mp3
Category:podcasts -- posted at: 3:36pm EDT

Securabit EP 19 MS DOS's itself, and more!!!

In this episode which is likely to be out of sequence. SecuraBit did a recording on the 31st of the year and we will likely release it but episode 18 was a potential lost episode. Chris Mills talks about how twitter has changed some of it's security measures in the aftermath of the hack on its admin accounts. He even did some testing of a bogus account. We even got into some discussions on which types of phones handle what kind of sites. Please be careful, Jay is going to be getting a twitter account and might actually post. Oh FRAK!!!!

The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen.

After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up's and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN but none of us had used it. Chris Mills also went into one of the tools he used back in the day but recently started to use again called NTop.
Talked about itunes going DRM free. Always a good thing!!! This then drifted in to a conversation about players in general. Jay recommended engadget.com and how they covered CES so well. This then divulged into computers for kids as well as netbooks.
Anthony is getting close to being able to do the Mix MInus. This means there will be the chance to play the music / voice mails / audio feedback on to everyone so that we can comment or answer the questions. This will be a welcome addition to the show.
Jay stated our new goal - to be "Internet Famous"

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com @mubix
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Important links for the show and documents used:

http://www.iss.net/
http://www.nessus.org/nessus
hotspotshield.com
http://openvpn.net
http://www.ntop.org

Check out the end of the cast for Jay's audition for American 1dol!!!

Direct download: SecuraBit_EP19.mp3
Category:podcasts -- posted at: 11:58am EDT

SecuraByte Episode 05 Happiness, Fail Whale beaches Itself!!!

News at 11. Well really we started recording about 8 PM on Monday January 5th.  In this SecuraByte episode, Securabit had its largest conference call yet.  Securabit was joined by the guys from both SecurityJustice.com and SMBMinute.com, as well as Melissa on Twitter AKA @Geekgrrl. We discussed the security vulnerability discovered with twitter.com's tech support.  This is a service many of us use and enjoy.  Please have a listen in while we discuss amongst ourselves.

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com @mubix
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of the SMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave (@Securi-D) securityjustice.com

Important links for the show and documents used:

Britney, Obama Twitter Feeds Hijacked Following Phishing Attack
http://blog.wired.com/27bstroke6/2009/01/twits-get-phish.html
Fire Fox Addon "Long URL Please"
http://www.longurlplease.com/
WIRED just posted this follow up:
http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html

Direct download: SecuraByte_EP05.mp3
Category:podcasts -- posted at: 2:58pm EDT