Mon, 22 December 2008
This is a unique episode for SecuraBit, we are teaming up with the Security Justice Podcast to do a double header show. SecuraBit recorded their show from 8-9 PST, then handed off the reins to Security Justice to finish out the night. In doing so we had a combine set of prizes. To win the prize required that you listen and get the correct answer to a trivia question given on SecuraBit. You also had to listen to the Security Justice Podcast to and know the answer to their question as well. SecuraBit even manged to start on time as well as hand off on time. It was a very different type of show due to trying to condense everything in to a single hour. (Good thing we didn't have any real content, Just kidding) SecuraBit opened the show but because Jay needed to switch some things out we actually went to a break faster than normal. When we returned from the break we did indeed have Jay on the line. We started to go into the new Microsoft Zero Day, and Jay informed us that he had been out of the loop for a week but since the patch only came out 73 minute before he found out about it he figured he was right on time. The next topic was Chris Gerling going to sans and taking the forensics 508 course. Chris then told us that he felt like he should never have picked up a helix disk based on the level of knowledge he has now compared to before the course. We also discussed that many states are requiring a Private Investigators license to do forensics. That none of us on the show agreed that this was a good idea, but yet several lobbyists have been pushing for this very idea. Jay asked the question about what was thought about the BGP security vulnerability. Anthony discussed a new site he went to as a security review. After the break, we went into the trivia question. The trivia Question was: What are the flags you have to set in order to do an NMAP-style XMAS scan in Unicornscan? We will post the winner soon in conjunction with the Security Justice podcast. After the trivia question we went into thoughts on what to do about prior employees, handling creditials, voice mails, and emails. We referenced the guy in San Francisco who was fired from the job, but yet still was able to hold the network he left hostage. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Important links for the show and documents used: No links this time! |
Wed, 10 December 2008
In this episode we talk about Chris Gerling attending the SANS Cyber Defense Initiative 2008 in Washing DC. He will be taking the Security 508 Computer Forensics, Investigation, and Response course. If you are at the conference please make sure you look for Chris. He also plans to take the new GPEN test while there. We might be bringing the sock monkey to Shmoocon and have him do some interviews. We also spoke about how few businesses are actually checking a persons signature or id for credit cards. Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married. After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room. Went into the issue of dns forwarding being done on CheckFree.com The article was actually from The Washington Post by Brian Krebs. Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of 1password. It was a Great hookup. Then we covered various apps on the IPhone. We touched on what the encryption is on a 3g network. We found a great powerpoint slide show explaining it. After the last break we went into firewall set ups. Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued. You will just have to listen to it to see what kind of sense it makes. We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit). From there the show just went down hill with strippers and alcohol. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.sans.org/cdi08/ |
Sun, 30 November 2008
Sorry for the delay in getting this episode out this time. Anthony got stuck with doing some actual work and then we all got hit by the holidays. We do hope you enjoy the show this week. Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility. If something happens how and to what extent as security professionals are we responsible and accountable. This is a topic he brought up on twitter as well and got a lot of replies back. Some agreeing and some not, Feel free to weigh in on this one. Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust. After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU. You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk . The conversation went into WPA is not Busted. We referenced Steven Gibson's explantion and Joel Eslers blog posts on the subject. During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits After the Break we were able to bring in the real Joel Esler. Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress. He actually works for sourcefire. This is an organzation that you should take a look at, it is well worth your time. He also is an avid security blogger and has his own blog at Joel Esler.net Joel talks about he IPS's of today are simply not the same as many of the original IPS's. We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do. Sorry about that! But we kind of ran out of content and time. SecuraBit would like to make sure everyone has a Happy Holidays and don't forget to leave us feedback on Itunes even if you don't listen via Itunes. We want to get some of these casts out of there that have not posted in years. Hosts: Rob Fuller - Mubix, room362.com Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.phishtank.com/ |
Mon, 10 November 2008
In this episode we have a special guest Adrian from Irongeek.com. We conversed about the going's on at phreaknic. Adrian presented down there and this is where he ended up meeting Bruce and Heidi Potter from the Shmoocon Group. The discussion covered a little more on the MS08-067 issues, Sans Training, and CEH. This is the first episode where we experimented and used stickam.com to allow the listeners to see just how messed up we really are. After the break, Adrian spoke about how one of the guys from binrev.com turned him on to a book for review called Googling Security: How Much Does Google Know About You? written by Greg Conti. Anthony ended up going into some of new virus / trojan infections. These were on the lines of antivirus 2009 and others of the type. Consensus was that a good cleaner tool was called Rougefix (recommendatin from the IRC channel by Tim Krabek). Adrian recommended a song by Tom Smith about Technical Suport for Dad. We went into a little more information on the New York School district's vulnerability. We also went into a little bit on how to lock down a printer as well. Found a list of the PJL commands for HP. Securabit wanted to remind everyone that if you have anything to say you are welcome to come on the show and tell us what you think and know. It is an open invitation. We want to thank those individuals who have donated to the podcast as well. Check out a couple of our friends podcasts at http://securityjustice.com and the http://SMBminute.com Hosts: Chris Mills - ChrisAM Chris Gerling - Hak5Chris, Chrisgerling.com Anthony Gartner - AnthonyGartner.com Jason Mueller - SecurabitJay Special Guest: Adrian from Irongeek.com Important links for the show and documents used: http://irongeek.com |
Thu, 30 October 2008
In the Halloween Episode 13 where we neglected to mention Halloween, the guys talk about a wide range of topics on the show. The topics we covered included Australia joining the Great Firewall of China, The FBI's Dark Market Takedown, National Cyber Security Awareness Month, CERT Training, spaghetti sauce, and phreaknic 12 (where Chris was going to go but was not able to at the last minute) The East Coast is represented up and down with Chris G traveling to New York. We even had a ghostly apparition that sounded a lot like Jason Mueller. Hosts: Chris Mills - ChrisAM Chris Gerling - Hak5Chris Anthony Gartner - AnthonyGartner.com Jason Mueller - Important links for the show and documents used: http://www.techcrunch.com/2007/12/30/australia-joins-china-in-censoring-the-internet/ http://www.fbi.gov/page2/oct08/darkmarket_102008.html http://www.us-cert.gov/press_room/cyber_security_awareness_month.html https://www.vte.cert.org/vteweb/ |
Sat, 25 October 2008
This evening we had a podcast about the new Zero Day Exploit. This exploit covers all versions of windows from 2000 and above. Securabit brought in Tim Krabec from the smbminute.com podcast. This covers the article from Microsoft MS08-067. Hosts: Chris Gerling - Hak5Chris Anthony Gartner - AnthonyGartner.com Guests: Tim Krabec (Cray Beck) Important links for the show and documents used: http://docs.google.com/Presentation?id=dghttrwg_26c47c5xcx Tim's beer Optimator Spaten Munich |
Mon, 13 October 2008
Securabit Episode 12 |
Mon, 29 September 2008
This week Anthony Gartner & Rob Fuller discuss the latest computer security news. Special guests are Vyrus and CP from the dc949.org group. Episode 11 Discussions covered the following topics: Skynet, Advanced Dork, Google Site Indexer, These tools work worked on by CP and Vyrus and the dc949 group and are written as open source. Rob brought up a Firefox add on called Barrier Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to. Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours. A mention of Cisco was brought up and we also spoke of a visualized version for the Cisco Mips processors and the specific virtualized version of the Cisco 7200 Routers. BlackBerry Encryption keys may be in the hands of the Indian Government as part of the deal with Rim. |
Fri, 19 September 2008
(Apologies in advance for the short term 'wiki' look of these show notes, the public wiki will be up soon!) On this Episode of Securabit: Chris Gerling - Hak5chris Chris Mills - ChrisAM Anthony Gartner - AnthonyGartner Jason Mueller - SecuraBit_Jay Guest Chris Wilson Episode 10 - A milestone! We are all still alive even though the CERN Particle Collider has been started up. OpenSource Projects, Software, Patches New SecuraBit VPS! (We have since cancelled and will be moving to something else soon)Linode with CentOS. However, no SELinux available For CentOS help go to: #CentOS on irc.freenode.net Tips for configuring the new server: Disable root login on ssh Good passwords Lock down ports The Securabit guys started using the CentOS distribution because of its interconnections with Snort See this site for details on how to configure Snort on CentOS In non-security related news: Steve Jobs Apple Special Event "Let's Rock" Netbooks are everywhere: Even Commodore joins Netbook Crowd: http://news.cnet.com/8301-17938_105-10029963-1.html Google Chrome: Milworm Chrome Exploit/Vulnerabilities http://www.milw0rm.com/exploits/6353 http://www.milw0rm.com/exploits/6355 http://www.milw0rm.com/exploits/6365 http://www.milw0rm.com/exploits/6367 http://www.milw0rm.com/exploits/6372 http://www.milw0rm.com/exploits/6386 Google Chrome and Germany: http://www.salon.com/wires/ap/scitech/2008/09/09/D9338OT80_germany_google_chrome/index.html MS commercial analysis: http://www.purpleslinky.com/Humor/Satire/A-Commercial-About-Nothing-Analysis-of-the-First-Microsoft-Seinfeld-Ad.245991 MS Mouse: http://www.maximumpc.com/tags/bluetrack BREAK Schneier and portable device security: http://www.schneier.com/blog/archives/2008/07/open_source_lap.html http://www.schneier.com/blog/archives/2005/07/risks_of_losing.html Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on the Linode VPS Chris Mills: Employer Security Expo Talked about Password Security and showed off Rainbow Tables/Ophcrack (http://ophcrack.sourceforge.net/) and Driftnet (http://ex-parrot.com/~chris/driftnet/) BREAK Chris Wilson |
Tue, 16 September 2008
Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS. I hope this is of use to everyone, it is very very well done! |
Wed, 10 September 2008
Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group. Chris Gerling - Hak5Chris Guests: |
Thu, 4 September 2008
On this episode of SecuraBit: Multiboot Security DVDMubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to choose which common security distros, all on one medium!
GeeXBoX 1.1 (not geekbox ) Damn Vulnerable Linux (Strychnine) 1.4 Ophcrack 1.2.2 (with 720 mb tables)
Some distros the Securabit guys would like to see added:
RedHat/Fedora OpenSSH CompromisesAs noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised. The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised -Stolen SSH keys are used to gain access to the system -After that, rootkit "phalanx2" is installed and steals more SSH keys -Obviously this could be used to install any malware at all The RHEL offshoot CentOS was not affected by the compromise.
Joomla VulnerabilityUS CERT Joomla! Password Reset Vulnerability Joomla Core Exploit Announcement - Password Remind Functionality Joomla user password reset vulnerability being actively exploited
After Break BanterAwesome Quote: "Fear makes the wolf look bigger"
Best Western PwnedOriginally Discovered by The Sunday Herald. As many as 8 million accounts compromised
Vulnerbilty of BGPThis exploit of Border Gateway Protocol allows the attacker to monitor internet traffic and forward it to anywhere in the world. Five hours of traffic was forwarded to New York during Defcon 16. This vulnerability is going to be bigger than the Kaminsky DNS Vuln. Speaking of Dan, he loves Securabit! Defcon presentation from Anton Kapela and Alex Pilosov Wired - Revealed: The Internet's Biggest Security Hole Wired - More on BGP Attacks -- Updated
The MiddlerJay Beale - Middler - Release it already! DefCon Talk Audio SteganographyHiding information by slightly altering the binary sequence of a sound file From simple algorithms that insert info in the form of signal noise, to more powerful methods that exploit sophisticated signal processing techniques to hide information. LSB coding (least significant bit):  substitute with a binary msg Parity coding Phase coding:  #  The original sound signal is broken up into smaller segments whose lengths equal the size of the message to be encoded. A Discrete Fourier Transform (DFT) is applied to each segment to create a matrix of the phases and Fourier transform magnitudes. Phase differences between adjacent segments are calculated. Phase shifts between consecutive segments are easily detected. In other words, the absolute phases of the segments can be changed but the relative phase differences between adjacent segments must be preserved. Therefore the secret message is only inserted in the phase vector of the first signal segment as follows: Spread spectrum Two versions of SS can be used in audio steganography: the direct-sequence and frequency-hopping schemes. In direct-sequence SS, the secret message is spread out by a constant called the chip rate and then modulated with a pseudorandom signal. It is then interleaved with the cover-signal. In frequency-hopping SS, the audio file's frequency spectrum is altered so that it hops rapidly between frequencies.
Security Justice stops byTom and Dave from Security Justice -Search for pics of Mubix gets you this -Shmoocon will have another Podcasters Meetup and Hak5 will be there. -List of Hacker/Security Con's Forensic recovery on SSDSSD Forensics: - no physical security hooks that prevent them from being removed from enclosures - ultraviolet laser to wipe out lock bits (encryption) from fuses on chips that secure SSDs - overall easier to erase data on SSD (with encryption) vs HDD Forensics: - Harder to fully erase data 9have to overwrite or physically damage) - easier to fully encrypt Jim handy: hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer, then reassembled using data recovery software. SSDs are hot, but not without security risks Scott A. Moulton presentations on data recovery and forensics. Contact SecurabitIRC: #securabit on irc.feenode.net Skype Number: (469) 277-2248 |
Fri, 15 August 2008
On this Episode of SecuraBit Jason Mueller Chris Gerling Anthony Gartner Back from three week hiatus. Defcon and BlackHat Defcon Parties: Core Impact Party EthicalHacker.net party Cisco Party Isight Party I-hacked Party StillSecure Freakshow Party ChicagoCon: Boot Camps: Oct 27 - 31 Conference: Oct 31 - Nov 1: http://www.chicagocon.com/ Defcon Badges Ran out of Badges on first day: http://search.twitter.com/search?q=Defcon+badges+out TV-B-Gone built into the badges: http://www.hackaday.com/2008/08/05/defcon-16-badge-details-released/ Servo hacks the badges - http://edge.i-hacked.com/new-defcon16-details Podcasters Meetup - http://www.podcastersmeetup.com/ and http://securabit.com/2008/08/13/dc16-recap/ Documentary: Hackers are People Too: http://www.hackersarepeopletoo.com/ BREAK More from Podcasters meetup: Maltego - Maltego is an open source intelligence and forensics application - http://www.paterva.com/maltego/ Iphone Metasploit: http://secmaniac.blogspot.com/2008/07/metasploit-3-on-iphone.html Hak5 plug: Show every Monday - http://www.hak5.org/ Drinks: Absolut Mandarin: http://www.absolut.com/us Rain Vodka: http://www.rainvodka.com/ Current news: Georgia and Russia: Cyber Warfare: http://it.slashdot.org/article.pl?sid=08/08/10/0126232&from=rss Estonia to help Georgia: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112399& Watch out for tanks in Atlanta: http://is.gd/1qNy MIT Subway Card Hacking Pulled from Defcon: http://news.cnet.com/8301-1009_3-10012612-83.html Talk Posted Here: http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf Naval PostGraduate School wins capture the flag: http://swampie.wordpress.com/2008/08/11/naval-postgraduate-school-wins-defcon-capture-the-flag-competition/ Wall of Sheep: http://www.blackhat.com/html/bh-usa-08/wallofsheep.html Lesson: Don't take your production (or perhaps any) computer to hacker conferences Driftnet to catch Jpegs at Defcon: http://ex-parrot.com/~chris/driftnet/ Anthony will be working on Iphone Security Apple sells 95 Iphones/day/store: http://is.gd/1qND Tshirts and Stickers gone, but more on there way? Martin McKeay at Defcon: http://www.cwes01.com/1083/7776/psw/separated.png Direct DL. |
Sun, 27 July 2008
On this episode of SecuraBit, we talk to Chris Eng and Chris Wysopal from Veracode about SOURCE Boston, as well as Jennifer Leggio about Twitter and more:
I'm going to be installing wiki software and recruiting some folks to help us do proper full show notes for each episode. We're also looking for people to help out with the forums, IRC, and research for technical segments. If you can contribute in any way we'll make sure you get recognized. Remember to hit up the T-Shirt and Sticker page.
Soon I will remove the T-Shirt donate link as I will be shipping the
box of T-Shirts to Jay to take with him to Defcon. Hit us up on the
forums, or at irc.freenode.net #securabit. Thanks for listening! |
Fri, 25 July 2008
Last night we decided to discuss a little more on the DNS vulnerability issue that's been the hot topic everywhere in terms of detection and defense. Thanks to guest Chris Wilson for his invaluable insight into the snort signature we were provided by alexkirk in #snort on irc.freenode.net. We also discussed detection of encrypted traffic on a network, and some of the implications of it. Direct link to the mp3 is here. Apologies for Chris Wilson's audio, his speakers were on unbeknown-st to us, and I cleaned it up as best I could. :) Also, the stickers are finally in! Get your T-Shirts and stickers here! |
Tue, 22 July 2008
Today we introduce a new portion of the show: Securabytes. Securabytes are unannounced episodes, they could be last minute interviews or just more beer induced security speak. So, without further ado, here is the first Securabyte from the Securabit Podcast. "Introducing haiku-DNS: [laughing corruption collapsing kittens gallop nectars forgiving] = usa.gov" - Chris Wesley McGrew of McGrew Security, Martin McKeay of the Network Security Blog / Podcast, and some guy name Joel joined me (Rob Fuller) last night to discuss the DNS vulnerability leakage that happened about quitting time yesterday (7/21). We discuss the leak, how the vulnerability works, mitigating, and the potential it has on mass scales. Every one of the gentlemen that joined us, and we here at Securabit urge you to patch as soon as possible. If you need further information, please check the following links: Direct link to this episode: Check to see if you are vulnerable: http://www.doxpara.com/ In depth explanation of the vulnerability: http://www.mcgrewsecurity.com/?p=151 More supporting links: |
Wed, 16 July 2008
On this episode of SecuraBit Chris, Jay, and the crew discuss: Major DNS vulnerability patched! We also want to announce that our T-Shirts have arrived, which you can get here! Stickers will be available very soon! As always, hit up the forums and start talking security with other professionals, pop into our irc at irc.freenode.net #securabit (cloaks coming soon!), and send any feedback to feedback@securabit.com or through the contact page on the site here!
Thanks for listening! |
Sun, 29 June 2008
On this episode of SecuraBit:Anthony, Chris, Christopher, Jay, and special guest Rob (mubix) discuss: Signature based anti-virus dead? Rubbermaid Botmaster Sentenced BackTrack3 Final released! Using Google Earth to crash neighboring pools Crazed Bovine Traversal Distributed Honeypot Project The iTunes link on the front page here works again!!! Check out the forums, and our IRC at irc.freenode.net #securabit. Any feedback is welcomed either through the contact form, or at feedback@securabit.com, or on the forums. Thanks for listening!! |
Tue, 17 June 2008
On this episode of SecuraBit, Chris, Jay, Anthony, Andy, and Chris Mills discuss:* Integrity of Fax Signatures. * Metasploit hacked? Layer 2 VLAN fun. * Clever Museum Theft. * Ironkey-like USB Flash Drive: DiskGO GUARDIAN. * Virus that encrypts your data. * Safari Carpet Bombing, and more! Make sure to hit up our forums, and IRC at irc.freenode.net channel #securabit Send all feedback to feedback@securabit.com or use the contact page on the site. We apologize for the delay! Thanks for listening! |
Mon, 2 June 2008
On this episode of SecuraBit, Chris, Jay, Anthony, Andy, and Chris Mills discuss:
Going MP3 only on this episode. Thanks for listening! Direct DL: SecuraBit Episode 3 MP3 |
Fri, 16 May 2008
On this episode of SecuraBit. Chris, Jay, and Anthony discuss:
Please leave feedback either via comments or to feedback@securabit.com. Thanks for tuning in! |
Sat, 3 May 2008
On this episode of SecuraBit Chris, Jay and company discuss:
For any questions or comments email feedback@securabit.com or post a comment here! |
SecuraBit
SecuraBit Before It Bytes!
Categories
podcastsgeneral
SecuraBits
Compromises
Risk Management
SecuraLabs
Labs
Archives
DecemberOctober
August
May
March
February
January
December
November
October
September
May
March
February
January
December
November
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Syndication
