SecuraBit
SecuraBit Before It Bytes!
Join the crew as they interview special guest Marisa Fagan of SECore! Please visit our wiki for full show notes!
Direct download: SecuraBit_EP95.mp3
Category:SecuraBits -- posted at: 11:03am EST

Join us as we talk some lab shop with Mike Bailey and the rest of the crew! Please visit http://wiki.securabit.com/ShowNotes/EP94 for our show notes!
Direct download: SecuraBit_EP94.mp3
Category:SecuraBits -- posted at: 6:49pm EST

Please re-download the Steganography file from the original post.  The first one was corrupted.  It will now export with the proper lowercase key.
Category:SecuraLabs -- posted at: 2:15pm EST

Join us as we interview Nick Keuning from GFI about their Sandbox solution! Our show notes are now housed on our wiki.  Please visit this link to view them!
Direct download: SecuraBit_EP93.mp3
Category:SecuraBits -- posted at: 5:42pm EST

This time around we are giving away books! The contest officially starts NOW and will run until 11:59PM on 11/19.  We will announce winners promptly after that. Prizes will be awarded to 1st and 2nd place.  Everyone else who scores any amount of points will be entitled to a free sticker mailed to them if [...]
Category:general -- posted at: 4:16pm EST

On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security.  We touched on some pretty amazing points and we hope you'll enjoy this show!   Please visit our wiki for full show notes!
Direct download: SecuraBit_EP92.mp3
Category:Compromises -- posted at: 11:53am EST

Hey folks, This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon.  Fortunately for all, there were enough tickets that nobody actually needed ours. We had a great time meeting folks and talking security, as well as meeting up with you, our valued [...]
Category:general -- posted at: 11:26pm EST

Please visit our Wiki for full show notes
Direct download: SecuraBit_EP91.mp3
Category:Risk Management -- posted at: 3:30pm EST

Join us this Friday 9/30 at the Bluegrass Brewing Company @ 10pm eastern time.  Come by and grab a beer, hang out, and let us throw stickers at you! The location is: Bluegrass Brewing Company 2 Theater Sq, Louisville, KY 40202(502) 568-2224  Here are walking directions as well.  It's 0.5 miles to walk it, and [...]
Category:general -- posted at: 4:41pm EST

  Join us as we interview Saviour Emmanuel Ekiko, author of the Ghost Phisher tool. Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP90
Direct download: SecuraBit_EP90.mp3
Category:SecuraBits -- posted at: 10:18am EST

Challenge closed. tuts for solutions will be submitted soon.  Congrats to our winners who completed all the challenges.  Andrew Fastow              - 13 points jgor      @indiecom        - 13 points Thanks to all that participated Look forward to seeing you next month for our #SecurabitChallenge   Anyone competing [...]
Category:general -- posted at: 11:21am EST

  Hosts Chris Gerling - @secbitchris Chris Mills - @chrisam Andrew Borel - @andrew_secbit Tony Huffman - @myne_us Guests Rafal Los - @Wh1t3Rabbit http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/bg-p/sws-119 Topics Vericode vs Oracle Root Certificate Authorities Anonymous Item X Use Our Discount Code Use "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all [...]
Direct download: SecuraBIt_EP89.mp3
Category:Compromises -- posted at: 6:25pm EST

  We are now doing our show notes inside of our wiki.  If you have suggestions or comments please feel free to leave them here. http://wiki.securabit.com/ShowNotes/EP88 Thank you for listening!  
Direct download: SecuraBit_EP88.mp3
Category:Compromises -- posted at: 6:36pm EST

Check out our wiki for show notes!

http://wiki.securabit.com/ShowNotes/EP87

Direct download: SecuraBit_EP87.mp3
Category:general -- posted at: 11:56pm EST

Join us as we interview Lance Spitzner, Technical Director for the SANS Securing the Human Program.

Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP86

Direct download: SecuraBit_EP86.mp3
Category:general -- posted at: 11:20pm EST

Hosts

myne-us @myne_us

Jacob hammack @hammackj

Guest Host

Dave Kennedy @dave_rel1k

Guest

Dr. Tyler Bletsch (Tyler.Bletsch {at} gmail.com)

Tyler's former security group at NC State University under Xuxian Jiang - http://www.csc.ncsu.edu/faculty/jiang/

Topics

JOP programming

Turing complete exploit development (http://en.wikipedia.org/wiki/Turing_completeness)

links

JOP

JOP technical report

ftp://ftp.ncsu.edu/pub/tech/2010/TR-2010-8.pdf

JOP academic paper

http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf

Tyler's dissertation (JOP in x86 and MIPS, and a few other techniques)

http://repository.lib.ncsu.edu/ir/bitstream/1840.16/6698/1/etd.pdf

ROP

http://cseweb.ucsd.edu/~hovav/dist/rop.pdf

http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/

http://sandsprite.com/CodeStuff/Understanding_imports.html

http://j00ru.vexillium.org/?p=893

http://www.braid-game.com/

http://qubes-os.org/Architecture.html

If you like the intro music and the closing music check out http://dualcoremusic.com/nerdcore/

break music http://www.audiomicro.com/saxophone-piano-drums-short-jazz-introduction-royalty-free-stock-music-94

Direct download: securabit_SEG_style_2_JOP_with_Tyler_Bletsch.mp3
Category:general -- posted at: 12:48pm EST

Hosts
myne-us @myne_us
Jabob hammack @jhammack

Guest
Dave Kennedy @dave_rel1k
http://www.derbycon.com/
http://www.secmaniac.com/
http://seorg.org/

Topics
is BOF dead
what got you started
what are some of things that helped you get started
Heap
osx exploitation
and more....

links
http://advancedwindowsdebugging.com/
https://net-ninja.net/blog/?p=293
http://www.exploit-db.com/
http://www.offensive-security.com/live-information-security-training/

Intro by http://dualcoremusic.com/nerdcore/

@dave_rel1k
Direct download: Securabit_SEG_style_1.mp3
Category:podcasts -- posted at: 9:00pm EST

SecuraBit Episode 84:  Tech Talk with Scott Moulton
June 15, 2011   

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us

Guests:
Scott Moulton - @scottamoulton - http://www.myharddrivedied.com/

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.


Upcoming events
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: Securabit_EP84.mp3
Category:podcasts -- posted at: 4:44am EST

SecuraBit Episode 83:  Hey look its the Human Hacker!!!
June 1, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling - MIA
Christopher Mills – @thechrisam - MIA
Jason Mueller – @securabit_jay - MIA
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Tim Krabec  - @tkrabec

Guests:
Chris Hadnagy ( @humanhacker on Twitter ) discusses Social Engineering: The Art of Human Hacking

General topics:
Social Engineering: The Art of Human Hacking
http://www.amazon.com/Social-Engineering-Human-Hacking-ebook/dp/B004EEOWH0/ref=tmm_kin_title_0?ie=UTF8&m=AG56TWVU5XWC2
Social-Enginer.org
- variety of guests who use social enginering
Does Social Engineering Always Involve Deception?
Marketing or Social Engineering
Stereotypes
online help from skype :) <LOL
Social Engineer CTF for DEFCON 19
Five Key Points of Social Engineering

Links to News:
http://www.rollingstone.com/music/news/hackers-plant-fake-tupac-story-on-pbs-website-20110531http://www.redstate.com/neil_stevens/2011/05/28/anthony-weiner-and-his-eponymous-twitter-hack/
http://threatpost.com/en_us/blogs/report-l3-warns-employees-attacks-using-compromised-securid-tokens-060111


Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.


Upcoming events
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
SANS Boston 2011(8 - 15 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP83.mp3
Category:general -- posted at: 7:45am EST

SecuraBit Episode 82:  Totally Rad Man!

May 18, 2011

Hosts:

Anthony Gartner – @anthonygartner http://anthonygartner.com

Chris Gerling  – @chrisgerling

Christopher Mills – @thechrisam

Jason Mueller – @securabit_jay

Andrew Borel –  @andrew_secbit

Tony Huffman – @myne_us

Guests:

Carl Herberger from http://www.radware.com/ 

General topics:

 DDOS: Recent attacks from groups like anonymous , attack vectors, technique information and how it can effect you.

Signatures: Signature based detection and the effects it had on todays security

General security: Some general discussion on security 

Securibit exploit development group (SEG)  starting up blog post coming soon.

 

NEWS:

PSN hacked again! : 

 Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackersduring the initial PSN attack.

http://arstechnica.com/gaming/news/2011/05/report-playstation-network-passwords-exploited-accounts-compromised.ars

international_strategy_for_cyberspace.pdf

http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf

Backtrack 5 is out

http://www.backtrack-linux.org/

Facebook privacy demo gets guy arrested in austrelia

http://www.net-security.org/secworld.php?id=11045

Microsoft patch tuesday

http://www.microsoft.com/technet/security/bulletin/ms11-may.mspx

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events

#BSidesDetroit (3 - 4 Jun 2011)

#BSidesStJohns St. John's, NL (10 Jun 2011)

#BSidesCT Meriden, CT (11 Jun 2011)

FIRST Austria (12 - 17 June 2011)

#BSidesVienna(18 June 2011)

Toorcon (18 - 19 June 2011)

#BSidesLasVegas (3-4 August 2011)

BlackHat Vegas (3 - 4 August 2011)

DEFCON 19 (4 - 7 August 2011)

#BSidesLA Los Angeles, CA (18 - 19 August 2011)

#BSidesMO(21 Oct 2011)

#BSidesNewDelhi (22 - 23 October 2011)

VB Barcelona October 2011

Links:

http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP82.mp3
Category:general -- posted at: 9:00am EST

SecuraBit Episode 81:  Network Admins Takeover
May 4, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Andrew Borel –  @andrew_secbit
Tim Krabec  - @tkrabec

Guests:
Sam Bowne discusses IPv6 and the RA 0day attack
Twitter: @sambowne
Home page: samsclass.info


General topics:
IPv6 Info: http://samsclass.info/ipv6/60_S11.php
RA 0day attack: http://samsclass.info/ipv6/proj/flood-router6a.htm
http://orchilles.com/2011/04/ssl-renegotiation-dos-faq.html


NIST Guidelines for the Secure Deployment of IPv6
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf

Hurricane Electric cert and info
http://ipv6.he.net/certification/

BackTrack 5 Available on May 10, 2011
http://www.backtrack-linux.org/

Netwitness
http://www.netwitness.com/products-services/investigator-freeware
http://www.netwitness.com/resources/videos/investigator-tutorial-1-overview-navigation

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP81.mp3
Category:podcasts -- posted at: 8:55am EST

SecuraBit Episode 80:  Our 8080 Episode
April 20, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Dan Mitchell - @danmitchell

Guests:
int80 - @dualcoremusic
DualcoreMusic

General topics:
http://dualcoremusic.com/nerdcore/
http://www.youtube.com/watch?v=CMNry4PE93Y

NEWS:

Patch Tuesday April 2011 64 patched:
http://www.microsoft.com/technet/security/current.aspx
http://isc.sans.edu/diary.html?date=2011-04-11

Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Verizon 2011 Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Barracuda
http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/
http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter
http://www.flyingpenguin.com/?p=11513
“Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters.  After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market.  As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees.  The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later.  We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”

Texas
http://www.txsafeguard.org/
http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html
“Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”

Michigan Police taking your phones
http://www.thenewspaper.com/news/34/3458.asp
http://www.geekosystem.com/cellebrite-cellphone-hacker/
“The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”

Wordpress
http://en.blog.wordpress.com/2011/04/13/security/
http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter
http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311

Georgian woman cuts off web access to whole of Armenia
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access

Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice
http://www.f-secure.com/weblog/archives/00002134.html
“Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”

Quick Mentions:
FBI take down botnet
http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411
Facebook adds 2 factor
http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Flash 0 day:
http://www.adobe.com/software/flash/about/
Anything below version 10.2.153.1 is vulnerable

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
http://dualcoremusic.com/nerdcore/

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP80.mp3
Category:podcasts -- posted at: 8:00am EST

SecuraBit Episode 79:  Back to the basics with Marcus Carey!
April 6, 2011

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman – @myne_us

Guests:
Marcus J Carey- @iFail
http://hackersforcharity.org/

General topics:

NEWS:
Epsilon:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411
http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3

"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said.

LizaMoon:
http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511
In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports.

https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111
“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code”

Pandora.com data leak:
http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3
“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “

RSA attack:
http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111
“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html

¾ Energy Firms Had Data Breach over last year:
http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511
Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said.

Comodo what really happened:
https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311
http://pastebin.com/uSdKNDN5
“ I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “

FBI asks for help on cracking code:
http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html

Other Stories:
http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml
http://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
ThotCon (15 Apr 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP79.mp3
Category:general -- posted at: 11:43pm EST

Securabit Episode 78:  Comodogate and Social Penetration!
March 23, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony Huffman (myne-us)  – @myne_us

Guests:
Dave Kennedy - @dave_rel1k
Carlos “Darkoperator” Perez - @Carlos_Perez

General topics:

Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html

PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/
Social Enginer Toolkit
http://www.social-engineer.org/podcast/
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)
BackTrack http://www.backtrack-linux.org/
DerbyCon http://www.derbycon.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
SANS Orlando March 2011
CEIC Orlando April 2011
FIRST Austria June 2011
BlackHat Vegas August 2011
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP78.mp3
Category:podcasts -- posted at: 2:03pm EST

Securabit Episode 77:  Return to the Rabbit Hole
March 9, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman (myne-us)  – @myne_us
Andrew Borel –  @andrew_secbit

Guests:
Rafal Los - @wh1t3Rabbit

General topics:
Preview the upcoming BlackHat EU talk "Defying Logic."

Researchers Build Tool That Roots Out Business Logic Flaws In Web Apps
http://www.darkreading.com/database-security/167901020/security/application-security/229300667/researchers-build-tool-that-roots-out-business-logic-flaws-in-web-apps.html

--News
-Malware on the andoid market place. (DroidDream)
List of infected app http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

-Google nukes 150,000 email accounts on accident
http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP77.mp3
Category:podcasts -- posted at: 8:37pm EST

SecuraBit Episode 76: E-viting you to your demise!
February 23, 2011

SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure.  Thanks for understanding!

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony – @myne_us
Dan Mitchell - @danmitchell
Andrew Borel –  @andrew_secbit

Guests:
Bill Swearingen - @hevnsnt

Trent Lo - @surbo

General topics:

History of i-hacked

[HackerRun] - @HackerRun
http://hackerrun.com/doku.php

Messing with evites

http://www.i-hacked.com/content/view/293/2/

http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP76.mp3
Category:podcasts -- posted at: 10:11am EST

Securabit Episode 75:  Booze over IP
February 9, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony  (myne-us)  – @myne_us

Guests:
Mike Dahn
twitter:  @mikd

Joe Gottlieb
Twitter: joe_gottlieb

General topics:
Mike:Bsides origins and other.  http://chaordicmind.com/blog/
Joe: Open Security Intelligence http://www.opensecurityintelligence.com/

On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss:
- Current challenges with today’s SIEM tools, which are a decade old
- Why security analytics needs to be ‘open’
- Why integrating business intelligence tools (i.e. Pentaho, Microsoft Exchange, Cognos, etc.) with SIEM tools can create useful dashboards that help security analysts mine huge data stores for the ‘needle in the haystack’ information they need
- Why ‘security quants’ (analysts that can look deep into the data and develop complex yet useful SQL queries) will become the next role in the SOC
- The benefits of joining the community and sharing best practices

The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides  SF on 2/14 at 3pm PT on this very topic.

--HBGary Federal
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/

--Nasdaq
attack does not yet have reports of how they where attacked. The comment on the website was for the 1999 attack where someone defaced the nasdaq website.

Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267

The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.

"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.

--Bsides
http://www.securitybsides.com/w/page/12194156/FrontPage
to contact: info (at) securitybsides dot org -or- call 415-742-1739

--Exploit developers corner
Looking for exploit developers!

If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery.

List of common questions.

-How did you find the vulnerability?
-What is your goal in vulnerability research?
-How did you go about disclosing the vulnerability and how did the vendor respond?
-And more...

!!Caution!!:  No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE.

Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP75.mp3
Category:podcasts -- posted at: 12:16pm EST

Securabit Episode 74: Podcasting in the Dark with Brian Krebs
January 26, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Brian Krebs - @briankrebs - http://krebsonsecurity.com/

General topics:

  • I recall reading about various greeting card based attacks over the years.  Do you think they've all been originated by the same folks who did this one?  Or at least, with the same goals in mind?
  • How prevalent do you think ATM skimmers are?  What are some ways the common person can look out for them?
  • Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E?
  • Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses?
  • Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller financials to merge? How can they balance the need to offer more convenient services (such as mobile banking) with the need to improve security at the same time?
  • What do you think the top 3 stories for 2010 were? Why do you think they were the top stories?


Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP74.mp3
Category:general -- posted at: 3:43pm EST

Securabit Episode 73:  Eber Kneber and botnet stuntmen
January 12, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
We discuss Kneber and other fun security topics with Alex Cox of NetWitness
@perpetualsec http://www.networkforensics.com/

General topics:
Kneber Botnet
Mariposa
Responsible disclosure
Evil Virustotal
http://socialmediasecurity.com/downloads/Facebook_Privacy_and_Security_Guide.pdf

PROGRAMMABLE HID USB KEYSTROKE DONGLE: USING THE TEENSY AS A PEN TESTING DEVICE https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Crenshaw

http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos


Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
ShmooCon (28 - 31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Direct download: SecuraBit_EP73.mp3
Category:podcasts -- posted at: 7:11pm EST

SecuraBit  Episode 72:  Take risks, get owned!
Recorded on December 29, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
Jack Jones discusses Risk Assessment and the FAIR method http://riskmanagementinsight.com/

General topics:

Risk Management, Small biz vs Enterprise
Monte Carlo?
How to Measure Anything: Finding the Value of Intangibles in Business by Douglas W. Hubbard
http://www.amazon.com/How-Measure-Anything-Intangibles-Business/dp/0470539399/ref=tmm_hrd_title_0

OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (11-12 March 2011) http://www.keepsecurityweird.org/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP72.mp3
Category:podcasts -- posted at: 8:39am EST