SecuraBit
SecuraBit Before It Bytes!

SecuraBit  Episode 71: Managing our Careers with Lee Kushner
December 15, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Lee Kushner - @LJKush - http://www.ljkushner.com/ - http://www.infosecleaders.com/

General topics:
Discussion on Career Management
The importance of having a career plan.
It’s a very crowded market in information security, and it’s getting more so every day.

www.infosecleaders.com/2010-compensation-survey/
FAQ: Compromised Commenting Accounts on Gawker Media http://lifehacker.com/5712785/

OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesBerlin (28-30 Dec 2010)
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (March 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP71.mp3
Category:podcasts -- posted at: 7:32pm EST

SecuraBit  Episode 70: Following the wh1t3Rabbit, Hat-tricks with a wh1t3Rabbit
December 1, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Chris Gerling  – @chrisgerling
Andrew Borel –  @andrew_secbit

Guests:
HP's Rafal Los - @wh1t3Rabbit
Subscribe to his blog at http://hp.com/go/white-rabbit

General topics:
Shmoocon tickets, who’s got them?

Hat-trick http://en.wikipedia.org/wiki/Hat-trick

Password security, does it really matter?

Application security to detect and prevent malicious code.

Diaspora https://joindiaspora.com/

Security Metrics

Story time with Rafal

RSnake shutting down his blog after 5 years and 1000 posts http://ha.ckers.org/

FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers: Endorses “Do Not Track” to Facilitate Consumer Choice About Online Tracking
http://www.ftc.gov/opa/2010/12/privacyreport.shtm

SANS Discount:
Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Syngress Discount:
Use our discount code 36449 to receive 20% off any order direct from Elsevier!

Upcoming events
Sunbelt Quarterly Briefing December 8th, 2010 at 9am and 2pm
DojoCon December 11-12, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2011

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP70.mp3
Category:general -- posted at: 1:08pm EST

SecuraBit Episode 69: Picking Locks and Messing up Podcasts, Welcome to Gringo Village!
November 3, 2010

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Anthony Gartner – @anthonygartner http://anthonygartner.com
Jason Mueller – @securabit_jay
Rob Fuller – @mubix
Tim Krabec – @tkrabec http://www.SMBMinute.com

Guests:
Deviant Ollum - http://deviating.net/ - Author of Syngress Practical Lock Picking
General topics:
Practical Lock Picking By Deviant Ollam http://www.syngress.com/hacking-and-penetration-testing/Practical-Lock-Picking/

Review submitted by a coworker:
Practical Lock Picking by Deviant Ollum was an enjoyable read. The author does a good job of covering the art and science of picking locks. He chose two of the most common types of locks for the bulk of his material which helps keep the focus of the book tight. He leads the reader from the basic operational principles of the locks, to flaws in the design & manufacture and finally how to pick the locks. The coverage of pick types and other tools of the trade round out the readers knowledge of the subject. His down to earth style and simple language help the reader understand the material and develop the skills to pick these types of locks. His logical progression of starting with one pin and working your way up to all the pins in the lock will help the reader build confidence in their skills. The final sections on bypassing the door reminds the reader that locks are part of a system and sometimes the way to defeat a system is not the direct approach. Overall I would give this book 4 out of 4 stars.

Shmoocon Tickets??

The Open Organization Of Lockpickers http://toool.us/
Lock Picking Videos - http://www.youtube.com/deviantollam
General Information http://deviating.net/lockpicking/

IE Zero Day
Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2458511.mspx

Enhanced Mitigation Experience Toolkit v2.0
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04

SpyEye v. ZeuS Rivalry Ends in Quiet Merger
http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is0 good for all SANS courses in all formats.

Upcoming events

#BSidesDFW November 6, 2010
#BSidesDE November 6, 2010
AppSec DC 2010 November 8-12, 2010
#BSidesOttawa November 12-13, 2010
RUXCON 2010 December 4-5, 2010
DojoCon December 11-12, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2010

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP69.mp3
Category:podcasts -- posted at: 7:58pm EST

SecuraBit  Episode 68: Teaching for handbags!

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Anthony Gartner – @anthonygartner http://anthonygartner.com
Jason Mueller – @securabit_jay

Guests:
Kevin Johnson discusses SANS SEC 542 Web App Pen Testing, Base, etc

General topics:
New Apple Macbook Air.

Recent Security
Zynga collecting data about Facebook users.
Social engineering at a capture the flag event.
Pros and cons to using social networks.
Attacking your web applications for a more secure application.
Samurai WTF (Web Testing Framework) http://samurai.inguardians.com/
Laudanum: Injectable Functionality http://laudanum.inguardians.com/
Basic Analysis and Security Engine (BASE) project http://base.secureideas.net/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesDFW November 6, 2010
#BSidesDE November 6, 2010
AppSec DC 2010 November 8-12, 2010
#BSidesOttawa November 12-13, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2010

Links:

http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP68.mp3
Category:podcasts -- posted at: 10:43pm EST

 

SecuraBit  Episode 67:  We're all gonna get HAX!
October 6, 2010

Hosts:
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Anthony Gartner

Guest: Roger Grimes

General topics:

Authored eight books, and co-authored another 4
Chasing hackers for 23 years
SCADA issues
What the bad guys are doing? Black hat cloud backup?
Offline patch and reset days to recover from a issue.
Whitelisting may be a solution, that is just too hard to implement in many environments.
Needs full sign off from the organization
Different levels of identification

Syngress book of the month club for episode 68
Utilize code 36449 for a discount on books from Syngress!

Executives should have Macs because it makes it easier on the pen tester
Patching and warranties

SANS Connector Program
10% of any SANS events or training use coupon code Connect_SecuraBit10

Lenny Zeltser Facebook Social Captcha Authentication
http://blog.zeltser.com/post/1258010402/facebook-social-captcha-authentication

Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Phreaknic 10/15. http://www.phreaknic.info/pn14/
Bsides Delaware 11/6
Bsides Dallas-FortWorth 11/6

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

 

Direct download: SecuraBit_EP67.mp3
Category:podcasts -- posted at: 12:48pm EST

 

SecuraBit  Episode 66:
September 22, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

 

Guests:
Aaron Barr (HB Gary Federal) @aaronbarr

We discuss HBGary with Aaron, and delve into some fun topics like malware analysis, forensics, and other technical skills.

General topics:
Media Sponsor for:
SecTor 2010 - http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.
Twitter XSS
http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched

Robin Sage
Malware analysis
Behavior of malware in memory

FGET is pretty pimp (free tool that remotely images NTFS volumes)
https://www.hbgary.com/community/shawnblog/fget-v10-goes-live/

Free tools from HB Gary
https://www.hbgary.com/community/free-tools/

Forensics
How flypaper plays into image grabbing

 

Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid - http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

Links:

http://www.HBGary.com/
http://www.SecuraBit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

 

Direct download: SecuraBit_EP66.mp3
Category:podcasts -- posted at: 11:06pm EST

 

SecuraBit  Episode 65: Application Security From the Ground Up!
September 8, 2010
 
Hosts:
Anthony Gartner – @anthonygartner
Jason Mueller  – @securabit_jay
Christopher Mills –  @thechrisam

Guests:
Jeff Morgan * Product manager for HP’s Application Security Center product line * 20+ years experience developing commercial software solutions in industries ranging from healthcare to payroll to commercial printing * Joined SPI Dynamics in 2006, which was later acquired by HP * Previously a software engineer and held positions in development, QA, support and account management
General topics:
 
Application Security Development Lifecycle
Flash, as usual
NoScript
Intel and McAfee

Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid - http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

SecTor 2010 - http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.

Links:
http://securabit.com
HP Application Security Center
Chat with us on IRC at irc.freenode.net #securabit

 

Direct download: SecuraBit_EP65.mp3
Category:podcasts -- posted at: 8:00am EST

SecuraBit  Episode 64:  A whole lot of organized crime going on!
August 25, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Andrew Borel –  @andrew_secbit

Guests:
Bryan Sartin - Director of Investigative Response at Verizon Business

General topics:
Verizon RISK Team - http://www.verizonbusiness.com/products/security/risk/

Bryan Sartin, the Director of Investigative Response at Verizon Business, discusses the 2010 Verizon Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

VERIS Framework - https://verisframework.wiki.zoho.com/

MalCon: A Call for ‘Ethical Malcoding’ http://krebsonsecurity.com/2010/08/malcon-a-call-for-ethical-malcoding/

SecTor 2010 - http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.

The real iTunes fraud vulnerability: Gullible users - http://news.cnet.com/8301-13579_3-20014481-37.html

Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid - http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP64.mp3
Category:general -- posted at: 6:33pm EST

SecuraBit Episode 63:  Walking to the Waffle House with Andy Willingham
August 11, 2010
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
Andy Willingham (Southern Fried Security Podcast) - @andywillingham http://www.andyitguy.com/blog/

General topics:
DEFCON/BLACKHAT/BSides Recap
--Chris’s experience this year, and a review of the medical facilities in Las Vegas
--General entertaining banter

Shiny Old VxWorks Vulnerabilities
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

Facebook name extraction based on email/wrong password
http://seclists.org/fulldisclosure/2010/Aug/130

Apple Fixes PDF Vunerability that allowed webbased Jail Break.
iOS 4.0.2 Software Update http://support.apple.com/kb/DL1061

Interview with Andy Willingham
ShmooCon 2011 Dates Announced
http://tinyurl.com/29nzc46

Microsoft drops the patch bomb
http://www.securabit.com/2010/08/10/microsoft-drops-the-patch-bomb/

Andriod Malware and Unexpected Features
http://crave.cnet.co.uk/mobiles/android-gets-its-first-texting-malware-50000303/

Free Android antivirus clocks up 2.5m downloads
http://www.theregister.co.uk/2010/08/11/free_android_security_app/

A Review of Verizon and Google's Net Neutrality Proposal
http://www.eff.org/deeplinks/2010/08/google-verizon-netneutrality

Upcoming events
South Florida ISSA’s Hack the flag and chili cook-off  Saturday August 14, 2010 from 12:00pm - 5:00pm
http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid - http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

Links:

http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Direct download: SecuraBit_EP63.mp3
Category:general -- posted at: 10:59am EST

SecuraBit  Episode 62: Visualizing Data with NetWitness

SecuraBit  Episode 62: Visualizing Data with NetWitness

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Eddie Schwartz - @eddieschwartz

General topics:
BSidesLV http://www.securitybsides.com/BSidesLasVegas
BlackHat https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
Defcon https://www.defcon.org/html/defcon-18/dc-18-schedule.html

Shmoocon Woot Video http://www.youtube.com/watch?v=HJ0ypgZU_D0
NetWitness Visualize http://visualize.netwitness.com/

Brief panel on certifications.

iPhone App Now Available. http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

http://itunes.apple.com/us/podcast/securabit/id280048405

Upcoming events
South Florida ISSA’s Hack the flag and chili cook-off  Saturday August 14, 2010 from 12:00pm - 5:00pm
http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP62.mp3
Category:podcasts -- posted at: 1:05pm EST