Fri, 15 August 2014
Join us on this special SecuraByte interview episode with Graham Speake as we discuss Industrial Control Systems and their security! Hosts
Guests
Topics
Use Our Discount Codes
Upcoming events Links
Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 Register for any SANS Network Security 2014 course and receive $150 off using coupon code “SANS_SecuraBit150”. The training event takes place in Las Vegas, NV – Oct 19-27, 2014. |
Thu, 31 January 2013
After nearly 4 years dormant, we're bringing back the SecuraByte! These are designed to cover things that can't wait for our normal podcast cycle. In our 7th iteration, we interview Jake Kouns regarding the RVAsec security conference he is organizing in Richmond, VA which will be hosted again at VCU! Host:
Guest:
What you need to know:
Links: |
Fri, 20 July 2012
Hosts
Guests
Topics
Use Our Discount Codes
Upcoming events Links Chat with us on IRC at irc.freenode.net #securabit |
Sat, 2 July 2011
Hosts Guest Topics links Intro by http://dualcoremusic.com/nerdcore/ @dave_rel1k
|
Tue, 28 June 2011
SecuraBit Episode 84: Tech Talk with Scott Moulton |
Mon, 9 May 2011
SecuraBit Episode 81: Network Admins Takeover |
Wed, 27 April 2011
SecuraBit Episode 80: Our 8080 Episode Hosts: Guests: General topics: NEWS: Patch Tuesday April 2011 64 patched: Oracle Critical Patch Update Advisory - April 2011 Verizon 2011 Data Breach Report Barracuda Texas Michigan Police taking your phones Wordpress Georgian woman cuts off web access to whole of Armenia Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice Quick Mentions: Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events Links: Chat with us on IRC at irc.freenode.net #securabit |
Wed, 30 March 2011
Securabit Episode 78: Comodogate and Social Penetration! Hosts: Guests: General topics: Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/ Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events: Links: |
Sun, 13 March 2011
Securabit Episode 77: Return to the Rabbit Hole |
Wed, 2 March 2011
SecuraBit Episode 76: E-viting you to your demise! SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure. Thanks for understanding! Hosts: Guests: Trent Lo - @surbo General topics: History of i-hacked [HackerRun] - @HackerRun Messing with evites
http://www.i-hacked.com/content/view/293/2/ http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events Links: |
Mon, 14 February 2011
Securabit Episode 75: Booze over IP Hosts: Guests: Joe Gottlieb General topics: On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss: The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides SF on 2/14 at 3pm PT on this very topic. --HBGary Federal --Nasdaq Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267 The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files. "What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog. --Bsides --Exploit developers corner If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery. !!Caution!!: No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE. Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events Links: |
Wed, 19 January 2011
Securabit Episode 73: Eber Kneber and botnet stuntmen
January 12, 2011 Hosts: Guests: General topics: PROGRAMMABLE HID USB KEYSTROKE DONGLE: USING THE TEENSY AS A PEN TESTING DEVICE https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Crenshaw http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos Upcoming events Links: Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 |
Thu, 6 January 2011
SecuraBit Episode 72: Take risks, get owned! Hosts: Guests: General topics: Risk Management, Small biz vs Enterprise OnePassword - http://agilewebsolutions.com/onepassword Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events Links: |
Sun, 19 December 2010
SecuraBit Episode 71: Managing our Careers with Lee Kushner |
Sun, 7 November 2010
SecuraBit Episode 69: Picking Locks and Messing up Podcasts, Welcome to Gringo Village! Hosts: Guests: Review submitted by a coworker: Shmoocon Tickets?? The Open Organization Of Lockpickers http://toool.us/ IE Zero Day Enhanced Mitigation Experience Toolkit v2.0 SpyEye v. ZeuS Rivalry Ends in Quiet Merger Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is0 good for all SANS courses in all formats. Links: |
Mon, 25 October 2010
SecuraBit Episode 68: Teaching for handbags! Hosts: Guests: General topics: Recent Security Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events |
Wed, 13 October 2010
SecuraBit Episode 67: We're all gonna get HAX!
October 6, 2010 Hosts: Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Anthony Gartner
Guest: Roger Grimes General topics: Authored eight books, and co-authored another 4 Chasing hackers for 23 years SCADA issues What the bad guys are doing? Black hat cloud backup? Offline patch and reset days to recover from a issue. Whitelisting may be a solution, that is just too hard to implement in many environments. Needs full sign off from the organization Different levels of identification Syngress book of the month club for episode 68 Utilize code 36449 for a discount on books from Syngress! Executives should have Macs because it makes it easier on the pen tester Patching and warranties SANS Connector Program 10% of any SANS events or training use coupon code Connect_SecuraBit10 Lenny Zeltser Facebook Social Captcha Authentication http://blog.zeltser.com/post/1258010402/facebook-social-captcha-authentication Upcoming events Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th Phreaknic 10/15. http://www.phreaknic.info/pn14/ Bsides Delaware 11/6 Bsides Dallas-FortWorth 11/6 Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Sun, 3 October 2010
SecuraBit Episode 66: Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit
Guests: We discuss HBGary with Aaron, and delve into some fun topics like malware analysis, forensics, and other technical skills. General topics: Robin Sage FGET is pretty pimp (free tool that remotely images NTFS volumes) Free tools from HB Gary Forensics
How flypaper plays into image grabbing
Upcoming events http://www.HBGary.com/
http://www.SecuraBit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Wed, 22 September 2010
SecuraBit Episode 65: Application Security From the Ground Up!
September 8, 2010 Hosts: Anthony Gartner – @anthonygartner Jason Mueller – @securabit_jay Christopher Mills – @thechrisam Guests: Jeff Morgan * Product manager for HP’s Application Security Center product line * 20+ years experience developing commercial software solutions in industries ranging from healthcare to payroll to commercial printing * Joined SPI Dynamics in 2006, which was later acquired by HP * Previously a software engineer and held positions in development, QA, support and account management General topics:
Application Security Development Lifecycle
Flash, as usual
NoScript
Intel and McAfee
Upcoming events Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/ Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta HacKid - http://www.hackid.org/ 10/9-10/10 Phreaknic 10/15. http://www.phreaknic.info/pn14/
|
Sun, 1 August 2010
SecuraBit Episode 62: Visualizing Data with NetWitness |
Thu, 22 July 2010
SecuraBit Episode 61: Reverse Engineering Malware with a Spider Monkey Hosts: Guests: General topics: New Linux Distro to analyze malware SANS Digital Forensics Summit The innovator's dilemma http://www.amazon.com/Innovators-Dilemma-Revolutionary-Business-Essentials/dp/0060521996 http://www.sans.org/vlive/ Links: |
Wed, 7 July 2010
SecuraBit Episode 60: Free Calamari!!! Hosts: Guests: General topics: Dodgy Dr Who Games Links: FTC Requires Twitter To Set Up Data-Security Audits Chat with us on IRC at irc.freenode.net #securabit |
Mon, 21 June 2010
SecuraBit Episode 59: Too many acronyms, my head is going to explode! Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Chris Gerling – @chrisgerling Guests: Dan Philpott discusses NIST, Information Assurance, SCAP, FISMA, etc Contact info: Twitter: @danphilpott General topics: Federal Information Security Management Act (FISMA) Implementation Project http://csrc.nist.gov/groups/SMA/fisma/index.html Special Publications (800 Series) http://csrc.nist.gov/publications/PubsSPs.html Small Business Corner (SBC) http://csrc.nist.gov/groups/SMA/sbc/index.html FISMApedia http://fismapedia.org/index.php?title=Main_Page The Security Content Automation Protocol (SCAP) http://scap.nist.gov/ -Change Management Windows Sysinternals http://technet.microsoft.com/en-us/sysinternals/default.aspx Sysinternals Suite http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx Links: http://csrc.nist.gov/ Chat with us on IRC at irc.freenode.net #securabit |
Mon, 7 June 2010
SecuraBit Episode 58: Forensic Goodness with Harlan Carvey Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Harlan Carvey http://windowsir.blogspot.com/ Tools: http://tech.groups.yahoo.com/group/win4n6/ General topics:
Timeline creation Regripper Forensic trends SIFT Lance Mueller http://www.forensickb.com/
Are you interested in taking an upcoming SANS course? Dr. Eric Cole is teaching the upcoming SANS vLive! 501 course which starts on June 22. You can register for the course using this link, and coupon code 501SB to save $500! |
Wed, 26 May 2010
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Andrew Borel – @andrew_secbit
Guests: General topics: We discussed VOIP security, or the lack thereof.
Signature based security solutions are going the way of the dinosaur, it's all about behavior and dynamic detection, such as heuristics now.
How to protect your privacy online:
http://twitter.com/ChrisPirillo/status/13881888168
Links: The cyber threat landscape is constantly changing, and even with the most sophisticated security you’re never completely protected from attacks. As part of our mission to ‘keep the bad guys out’, SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead. Sunbelt Software’s Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there. During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise. Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization. Sign up now and turn the tables on the bad guys. Chat with us on IRC at irc.freenode.net #securabit |
Sun, 9 May 2010
SecuraBit Episode 56: "Try Harder" - Used with permission Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Chris Hadnagy - @humanhacker Operations Manager and involved with www.offensive-security.com www.backtrack-linux.org http://www.social-engineer.org/ General topics: MSFU course Saturday the 8th from 10am to 5pm in Louisville, KY Chris Speaks of a new kernel update released around the day of recording for Backtrack 4 Since you are able to listen to this podcast the DNS Security Update did not affect you SANS Investigative Forensic Toolkit (SIFT) was updated Links: http://www.exploit-db.com/ http://www.offensive-security.com/images/ryu-help-me.png Kid Friendly Podcast http://www.social-engineer.org/framework/Social_Engineering_Framework Free MSFU Course http://www.offensive-security.com/metasploit-unleashed/ SANS SIFT https://computer-forensics2.sans.org/community/siftkit/ Sponsor mention: Sunbelt Software Webinar: Thursday, May 27, 2010, 2PM - 3PM EDT Quarterly Briefing: Turn the tables on Bad Guys: Malware Unmasked The cyber threat landscape is constantly changing, and even with the most sophisticated security you’re never completely protected from attacks. As part of our mission to ‘keep the bad guys out’, SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead. Sunbelt Software’s Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there. During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise. Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization. Sign up now and turn the tables on the bad guys. Chat with us on IRC at irc.freenode.net #securabit |
Sun, 25 April 2010
Sponsored by Sunbelt Software! Creators of the Sunbelt CWSandbox, for all your malware analysis needs! Visit their website for more details! Hosts: Missing Hosts: Guests: - Josh talks about the MiFi hack General topics:
Mcafee Released a failed (fubar) virus definition Discussion thread
Gmail authentication code stolen
Someone we know was owned
Links: Chat with us on IRC at irc.freenode.net #securabit |
Sun, 11 April 2010
Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Sean-Paul Correll - @lithium -http://malwaredatabase.net/blog/ Threat researcher at Panda Security According to the Panda Annual security report, 66% of all malware are trojans: http://www.pandasecurity.com/img/enc/Annual_Report_Pandalabs_2009.pdf Definition of a Banking Trojan. Mariposa bot net take down: http://pandalabs.pandasecurity.com/mariposa-botnet/ Virus Total Web: http://www.virustotal.com/ Appeared at Security B-side in San Francisco Playing with Fire – Live Demonstration of Today’s Most Dangerous Malware http://www.ustream.tv/recorded/5143692 http://www.securitybsides.com/ Chat with us on IRC at irc.freenode.net #securabit |
Sun, 28 March 2010
SecuraBit Episode 53: Thotcon If you think it you will go to Chicago thotcon - http://www.thotcon.org/ Trustwave's Spider Labs - https://www.trustwave.com/spiderLabs.php Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guests: Nick Percoc - Thotcon & Trustwave's Spider Labs Zach Fasel - Thotcon & Trustwave's Spider Labs Links: http://www.thotcon.org/ https://www.trustwave.com/spiderLabs.php SpiderLabs Radio - http://itunes.apple.com/podcast/spiderlabs-radio/id300567984 https://www.trustwave.com/spiderLabs-tools.php lacking Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay |
Wed, 17 March 2010
Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Brian Krebs - @briankrebs - http://www.krebsonsecurity.com/ VRT Blog Post: http://vrt-sourcefire.blogspot.com/2010/03/apt-should-your-panties-be-in-bunch-and.html Eric Chien, Symantec Zeus, King of the Bots: http://www.noryak.net/papers/zeus.pdf Chat with us on IRC at irc.freenode.net #securabit |
Tue, 2 March 2010
SecuraBit EP51 - Malware Detection With Sunbelt Software Listen in as we discuss Sunbelt Software's CWSandbox and other products, along with in-depth malware detection and analysis! #BSidesSF - Tuesday/Wednesday, March 2-3, 2010 @ 10am - 5pm #BSidesAustin - Saturday, March 13, 2010 #BSidesBOS - Saturday/Sunday, April 24-25, 2010 Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Brian Jack - Sunbelt Software Chad Loeven - Sunbelt Software Links: http://www.sunbeltsoftware.com/ http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/ |
Tue, 16 February 2010
This is the audio from the 2010 pod-casters meet up. This is UNEDITED and completely raw. This file is NOT safe for work. You have been warned. |
Mon, 15 February 2010
SecuraBit Episode 50: Interview with Rob Lee!
If you haven’t taken the Security 508 course yet we have an excellent opportunity for you! Rob will be teaching the SEC508 (Forensics) course via the SANS vLive! platform beginning 3/23/2010. Classes will occur every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT. Use code SB508 to get a free GCFA certification attempt with the purchase of the full course. Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Rob Lee - @robtlee
|
Sun, 31 January 2010
SecuraBit Episode 49: ConFoo.ca! Podcasters Meetup - http://www.podcastersmeetup.com/ ShmooCon - Saturday Evening @ 8PM SANS Discount Code SB508 - Free GCFA attempt when using this link. Philippe Gamache: Day job is focused on secure programing, developer training and code audit. About ConFoo.ca: -New conference about web technology -PHP Quebec Conference offshoot -Get all the user groups in the Monteral area together to share information -8 Separate tracks at the time ShmooCon FireTalks Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/ Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Nicholas Berthaume - @aricon Andrew Borel – @andrew_secbit Guests: Philippe Gamache - ConFoo.ca - @SecureSymfony Chat with us on IRC at irc.freenode.net #securabit Links: ConFoo.ca - http://www.confoo.ca/en |
Sun, 17 January 2010
Hosts: Guests: Recent goings on: SANS vLive! First Guest - Bruce Potter - Shmoocon - @gdead Logistics of putting on a conference. Wardman Park in 1920's: http://www.shorpy.com/files/images/29398u.jpg PhoneFactor: End: Links: Not on the air: |
Mon, 21 December 2009
Listen in as we interview 1Password and NetWitness!
Dave Teare - Co-Founder of 1Password
Agile Web Solutions' 1 Password
http://agilewebsolutions.com/products/1Password
Q's
What was the motivation to create 1Password?
There are two key chain types that are used. Why the switch to the other one?
When will we be able to sync across the iphone cord? (Edge/3G) 8.02.11 BGA type
Are there plans to port 1Password to Win/Lin platforms? 1password Anywhere?
Is there a way to import from other password managers? CSV format
what is the difference between the 1password pro and the touch pro?
http://help.agile.ws/1Password_touch/pro_vs_standard.html
What is the diffrence between 1Password and 1Password Pro?
Who actually maintains the twitter account?
Find out more at http://get1password.com
NetWitness - Eddie Schwartz
http://www.netwitness.com/
Q's
How long have you been with NetWitness?
http://download.netwitness.com/
http://download.netwitness.com/download.php?src=DIRECT
Google Earth integration - Very Cool!!
What OS will the free or paid version work on and will it work from within a VM?
What does netwitness do at the layer 7 level?
Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Christopher Mills – @thechrisam
Jason Mueller - @securabit_jay
Andrew Borel – @andrew_secbit
Guests:
Dave Teare - 1Password
Eddie Schwartz - Netwitness
|
Sun, 13 December 2009
SecuraNibble Episode 03 - Security Hour on IMP This SecuraNibble is released out of band is an extra episode outside our normal releases. This SecuraNibble is the recording of the conversation that happened on The International Mac Podcast held during their 12 Cubed event held on December 12, 2009. The conversation was a general security round table held between our own Anthony Gartner, and panel of 4 other security pod-casters. The panel of pod-casters include Bart Busschots of the International Mac Podcast, George Starcher of Typical Mac User Podcast, and the one and only Paul Asadoorian of PaulDotCom.com fame. This SecuraNibble is not an extremely in depth and geeky conversation but one that covers a lot of general information and it applies to all operating systems not just the mac. |
Sat, 5 December 2009
SecuraBit Episode 46 – Making a Faster and Safer Web with Billy Hoffman Details of the Academy Pro Deal Help people have a better user experience on the web. Zoompf Common Mistakes on Low Performing Websites What is the best CMS to use. How the report on Zoompf is being run currently. New cameras and metadata AT&T service and coverage The origin of the name Zoompf Link farms and domain squating ICANN IPV6 ShmooCon Upcoming Events http://www.security-twits.com/ Join us in IRC at irc.freenode.net #securabit Hosts: Guest: |
Tue, 24 November 2009
SecuraBit Episode 45 – More on DOJOCON Marcus J Carey discusses MetaSponse tool to be released in mid-December. This uses the MetaSploit Framework for Incident Response. Metasploit Framework 3.3 Released! Join us in IRC at irc.freenode.net #securabit Hosts: Guest: Links: DojoCon - http://www.dojocon.org/ NoVA Hackers - http://groups.google.com/group/novahackers dojosec @ USTREAM http://www.ustream.tv/dojosec |
Fri, 20 November 2009
SecuraBit Episode 44 –
Guest Interview:
Dennis Hurst, Senior Application Security Architect at HP Software &
Solutions and a founding member of the Cloud Security Alliance
Discussion of security and Agile development.
Scaling agile requires feedback mechanisms and strong visibility
http://h71028.www7.hp.com/enterprise/us/en/messaging/feature-software-scale-agile.html
HP Application Security Center
http://www.hp.com/go/stophackers
Cloud Security Alliance
http://cloudsecurityalliance.org
Movember: Chris Gerling and Andrew Borel represent SecuraBit!
http://us.movember.com/mospace/99916 (Chris)
http://us.movember.com/mospace/361416/ (Andrew)
Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guest:
Dennis Hurst
Links:
Movember - http://us.movember.com/
Donate to Security Podcasters Alliance - https://www.movember.com/us/donate/your-details/team_id/997
Security podcasters get hairy for charity - http://www.securecomputing.net.au/News/159403,security-podcasters-get-hairy-for-charity.aspx
|
Tue, 27 October 2009
SecuraBit Episode 43 – The Academy Pro Guest Interview: Peter Giannoulis of The Academy Pro Metasploit Rising http://blog.metasploit.com/2009/10/metasploit-rising.html WordPress 2.8.5: Hardening Release Blubrry PowerPress Podcasting Plugin for WordPress Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/ Google Voice voicemails appearing in public search results TweetDeck Porn, CSS History Hacking, User Recon and Blackmail Windows 7 Magic Mouse Quick Shell Script to Extract Contents Join us in IRC at irc.freenode.net #securabit Hosts: Guest: Links: Don't forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery |
Tue, 13 October 2009
SecuraBit Episode 42 – Phreaking Sweet Con in TN.
Phreaknic 13 – October 30 – November 1 2009
Phreaknic Curse
CCTV throughout hotel, great + for attending the con
Ware Chair Toss
Firing a jet engine in the parking lot.
Four Tracks
1 Cumberland (Main ballroom)
2 9th Floor (Vendor Area)
3 Cafe Area (Gaming)
4 Contest Area
Size of conferences
ShmooCon
Running Conferences
#RoachesMustDie from ShmooCon 2009 via Security Justice
Microsoft Security Essentials - http://www.microsoft.com/security_essentials/
Google Wave - http://wave.google.com/help/wave/about.html
New iTunes Store - http://www.apple.com/itunes/
Hotmail, Yahoo, and Gmail email passwords exposed - http://www.cso.com.au/article/321185/gmail_yahoo_mail_join_hotmail_passwords_exposed
1password - http://agilewebsolutions.com/products/1Password
iKeepass - http://ikeepass.de/
Inside the URLZone Trojan Network - http://www.threatpost.com/blogs/inside-urlzone-trojan-network-105
Metasploit hiring in Austin, TX
Rockstar QA Engineer Needed - http://austin.craigslist.org/sof/1410600092.html
jQuery/Ruby Ninja Needed - http://austin.craigslist.org/sof/1410620402.html
New version of Pocket God for the iPhone
Hacker Consortium - http://hackerconsortium.com/
TechShop - http://techshop.ws/
Join us in IRC at irc.freenode.net #securabit
Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guest:
SkyDog
Links:
Phreaknic 13 - http://www.phreaknic.info/pn13/
|
Tue, 6 October 2009
SecuraBit Episode 41 - Speaking of Cons, and forensics...
Part 1: Marcus Carey
November 6 & 7, 2009
Capitol College Maryland
Part 2: Scott Moulton blackberry stuff:
bitpim
Hosts:
Chris Gerling – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Anthony Gartner – AnthonyGartner.com - @anthonygartner
Guest:
Scott Moulton - http://www.myharddrivedied.com/
Links:
BitPim - http://www.bitpim.org/
|
Fri, 2 October 2009
SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian
Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
Microsoft Security Bulletin MS07-063 - http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
Renaud script to go from Nmap to Nessus
Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)
Intro Questions:
Nessus Questions:
Implementation and Operation questions (How Paul Does Things):
Other Questions:
Hosts:
Anthony Gartner – AnthonyGartner.com @anthonygartner
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Ed Smiley - @edsmiley
Guest:
Paul Asadoorian - @pauldotcom - http://www.pauldotcom.com
Links:
Nessus - http://www.nessus.org/nessus/
Tenable Network Security Blog and Podcast - http://blog.tenablesecurity.com/
|
Mon, 14 September 2009
SecuraBit Episode 39 – Stealing candy from little kids everywhere!!! Jay brought up that some government web sites will be switching to an http://openid.org authentication What Does DHS Know About You? - http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you TwiGUARD - http://twiguard.com/index.html MS IIS FTPD DoS ZER0DAY - http://www.milw0rm.com/exploits/9587 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. - http://www.milw0rm.com/exploits/9594 Poison Ivy Remote Administration Tool - http://www.poisonivy-rat.com/ FRHACK: Pentesting Live DVD - http://pentestit.com/2009/09/09/frhack-pentesting-livedvd/ Upcoming Events: Phreaknic 13 - http://www.phreaknic.info/pn13/Site_2/Welcome.html SANS Cyber Defense Initiative - http://www.sans.org/cyber-defense-initiative-2009 ToorCon - http://www.toorcon.org/ Join us in IRC at irc.freenode.net #securabit Hosts: |
Sun, 30 August 2009
SecuraBit Episode 38 – Classic Securabit, Lots of Rambling, Low Content Louisville Metro InfoSec Conference in Louisville, KY
http://www.louisvilleinfosec.com/ If you wish to attend the conference you can use the discount code of "geek seat" to get $20 off registration Round Table Topic: Who should be responsible for patching? Infrastructure or Security? There is a conversation about the new Snow Leopard for Mac and Macs mail. A brief discussion about Helix, Security Onion, and Splunk 4. Join us in IRC at irc.freenode.net #securabit Hosts: Guest: Links: |
Tue, 25 August 2009
SecuraBit Episode 37 – Mapping Networks with Fyodor and NMAP After our interview we cover DEFCON and the Podcasters meetup. Join us in IRC at irc.freenode.net #securabit Hosts: Guest: Links: |
Fri, 7 August 2009
SecuraBit Episode 36 - The f0rb1dd3n Network We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them. Additionally we get Jayson's input on the topic of the recent denial of service attacks not coming from North Korea after all. DJ Great Scott gives us an update on the social events at this years DEFCON. Finally we cover media destruction policies. How do you decommission old hard disks? Do you retain the ones from your copiers and fax machines? What about thumb drives? Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – http://www.anthonygartner.com – @anthonygartner Guest: Links: http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says |
Sun, 12 July 2009
<p><strong>SecuraBit Episode 35</strong> - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p><p>Facebook privacy settings are getting simplified.<br /> Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.<br /> Slowloris DOS the show stream.<br /> We discuss OSSEC with Andrew Hay.</p> <p>Join us in IRC at irc.freenode.net #securabit <p>Next live recording is July 15, 2009 at 8pm EDT.</p> <p><strong>Hosts:</strong></p> <p>Andrew Borel - @andrew_secbit<br /> Anthony Gartner – <a href="http://www.anthonygartner.com">http://www.anthonygartner.com</a> – @anthonygartner<br /> Chris Gerling - <a href="http://www.chrisgerling.com">http://www.chrisgerling.com</a> - @hak5chris<br /> Christopher Mills - <a href="http://www.packetsense.net">http://www.packetsense.net -</a> @thechrisam<br /> Rob Fuller - Mubix - <a href="http://room362.com">http://room362.com</a> - @Mubix</p> <p><strong>Guest(s):</strong></p> <p>Wesley McGrew - <a href="http://www.mcgrewsecurity.com/">http://www.mcgrewsecurity.com/</a> - @mcgrewsecurity<br /> Andrew Hay - <a href="http://www.andrewhay.ca/">http://www.andrewhay.ca/</a> - @andrewsmhay</p> <p><strong>Links:</strong></p> <p><a href="Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.">http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</a><br /> <a href="http://www.ossec.net/">http://www.ossec.net/</a><br /> OSSEC - <a href="http://www.ossec.net/">http://www.ossec.net/</a><br /> Andrew Hay's Book - <a href="http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X">http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</a></p> <p>SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p> <p>Facebook privacy settings are getting simplified.</p> <p>Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.</p> <p>Slowloris DOS the show stream.</p> <p>We discuss OSSEC with Andrew Hay.</p> <p>Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.</p> <p>Next live recording is July 15, 2009 at 8pm EDT.</p> <p>Hosts:</p> <p>Chris Gerling - http://www.chrisgerling.com - @hak5chris</p> <p>Christopher Mills - http://www.packetsense.net - @thechrisam</p> <p>Anthony Gartner – http://www.anthonygartner.com – @anthonygartner</p> <p>Andrew Borel - @andrew_secbit</p> <p>Rob Fuller - Mubix - http://room362.com - @Mubix </p> <p>Guest(s):</p> <p>Wesley McGrew - http://www.mcgrewsecurity.com/ - @mcgrewsecurity</p> <p>Andrew Hay - http://www.andrewhay.ca/ - @andrewsmhay</p> <p>Links:</p> <p>http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</p> <p>http://www.ossec.net/</p> <p>OSSEC - http://www.ossec.net/</p> <p>Andrew Hay's Book - http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</p> |
Wed, 1 July 2009
<p>SecuraBit Episode 34</p><p>This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.</p> <p>News Items:<br /> StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html</p> <p>TweetDeck still passes authentication in the clear</p> <p>Google Apps criticized about their security</p> <p>iPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/</p> <p>RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/</p> <p>Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCamp</p> <p>DefCon and the Podcasters Meetup<br /> - In Sky box 207 and 208 8pm or after the last talk on Saturday night.<br /> - Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.</p> <p>PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.</p> <p>Join us in IRC at irc.freenode.net #securabit</p> <p>Our Next live recording is July 1, 2009 at 8pm EDT.</p> <p>Hosts:<br /> Chris Gerling - http://www.chrisgerling.com - @hak5chris<br /> Jason Mueller - @securabit_jay<br /> Christopher Mills - http://www.packetsense.net - @thechrisam<br /> Rob Fuller - Mubix - http://room362.com - @Mubix<br /> Andrew Borel - @andrew_secbit</p> <p>Guests:<br /> Scott Fitzpatrick</p> <p>Links:<br /> Symantec - http://www.symantec.com/<br /> Mubix - Couch to Career - http://www.room362.com/archives/564-couch-to-career-follow-up.html</p> |
Sat, 13 June 2009
In this episode we talk to Kostya about the process that is behind Cloud Burst. He speaks about breaking out of the existing Virtual Machine and into the host. Once you own the host you have the ability to own other Virtual Machines. Quick Topics: Hosts: Guests: Links: |
Wed, 27 May 2009
SecuraBit Episode 32 PDF Love! Dieter talks about how the ifilter will actually allow you to use a pdf to exploit the system because ifilter uses the windows indexing service. He also discusses some of the various methods of prevention including his tool called PDFiD.
Hosts: Guests: Links: |
Fri, 22 May 2009
Episode 31 Show Notes - The Intertubes need a patch Episode
In
this episode we are joined by Russell Butturini, he speaks to the guys
about the tool he authored at the suggestion of the hak5 crew. He even
talks about some of his horror stories about security.
Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Christopher Mills - http://www.packetsense.net - @thechrisam
Andrew Borel - @Andrew_Secbit
Guests:
Russell Butturini - http://www.linkedin.com/pub/b/960/913
Links:
|
Sat, 2 May 2009
This week we interview Christien Rioux and Chris Wysopal about the upcoming release of l0phtcrack 6. Hosts: Guests: Christien Rioux - @dildog Chris Wysopal - @cwysopal Links: l0phtcrack - http://www.l0phtcrack.com/ Adobe Product Security Incident Response Team (PSIRT) - http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html Finjan finds botnet of 1.9m infected computers - http://news.zdnet.co.uk/security/0,1000000189,39643173,00.htm |
Sun, 26 April 2009
This week .... Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro. Flash on the TV. Are TV's the next big botnet? Oracle's buying Sun. Does this mean the end for MySQL? We discuss these topics and more on Securabit Episode 29. Hosts: Links: Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html |
Wed, 15 April 2009
SecuraBit EP28 I am stuck in a VM, and I can't get out!!! Special Guest - Rob Randell This week we are joined by Rob Randell from VMware. We cover recommendations for using Virtual Machines securely, VM breakouts such as cloudburst, and various other issues revolving around the security of virtual machines. Hosts: Guest: Links: |
Sun, 5 April 2009
SecuraBit EP27 No joke!! We have George Starcher!! This week we have special guest George Starcher and we recorded the show on April 1st. George is a long time podcaster with older shows such as In The trenches which he did with Kevin Devin and later had some guests fill in including our own Anthony Gartner. George is still very active in the security community with his job and also does spots on the The Typical Mac User Podcast as well as a big contributor to their forums. Hosts: Guest: Links: |
Sun, 29 March 2009
SecuraBit Episode 26: "@Quine and back to Roots" This week we interview Zach Lanier aka @Quine, the Security Twits manager. We ask all about Security Twits as well as delve into some security topics in the second half. Listen all the way through to hear us as our normal selves without serious guests, it's a riot! Security Twits is a listing of security professionals on Twitter. It's a great opportunity to discover other great people in our community. Go to http://www.security-twits.com/ for more details and follow @securitytwits as well as @quine on twitter. Hosts: Guest: Links: |
Mon, 23 March 2009
We're proud to announce a new tool from HP's Application Security Center called SWFScan. Prajakta Jagdale and Matt Wood from the HP Web Security Research Group explain why SWFScan was created, and the hope that it will help developers produce more secure flash applications. Hosts Guest Links |
Sat, 21 March 2009
Securabit Episode 25 Show Notes "Jayson E. Street's f0rb1dd3n" This week we interview Jayson E. Street about his new novel f0rb1dd3n. f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story reference to an appendix that will provide the detail information about the item being referenced, and where to find more information. The expected release data is in July 2009 around Black Hat and Defcon. A beta of Sumo LINUX is targeted for release the first week of April. Quine will be our next guest interview. Hosts Guest Links |
Sun, 15 March 2009
Securabit Episode 24 ìG, Mark Hardy In this episode of Securait we are joined by G. Mark Hardy, President of National Security Corporation. Topics Hosts Guest Links |
Fri, 27 February 2009
We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area. |
Fri, 13 February 2009
Episode 22 Schmoocon RecapWe reflect back on Schmoocon 2009, the Podcasters Meetup, and look foward to DEFCON. Also we cover patch Tuesday, Back|Track 4, and a community replacement for Helix. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Links: <a href="http://www.shmoocon.org/">Schmoocon</a> <a href="http://www.podcastersmeetup.com/">Podcasters Meetup</a> <a href="http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx">Microsoft Security Bulletin MS09-003</a> <a href="http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx">Microsoft Security Bulletin MS09-004</a> <a href="http://backtrack4.blogspot.com/">Back|Track 4</a> <a href="https://www.defcon.org/">DEFCON</a> <a href="http://www.e-fense.com/products.php">Helix</a> |
Tue, 10 February 2009
Here is the audio from the meetup on 2/6 if anyone is interested. We're releasing this on our feed for anyone who doesn't follow pauldotcom. It's not edited, just raw audio so if you have any complaints keep them to yourself. ;)Thanks to all who came! |
Tue, 10 February 2009
Sorry folks, we will not be releasing episodes out of order anymore.In this episode we discuss: Managing IP space inside a company network. Attributing a device on the network to an employee / function. Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS). And briefly touch on the Obama Administration's Outline for their Cyber Security Strategy. Use our Forums! Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Andrew Borel - @Andrew_Secbit Special Guest: Tim Krabec (@tkrabec) of the <a href="http://smbminute.com/">SMBMinute.com</a> Important links for the show and documents used: <a href="http://www.openvas.org/">Open Vulnerability Assessment System</a> <a href="http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol">Security Content Automation Protocol</a> <a href="http://www.diigo.com/annotated/5e5c73ed44f27f40631af447951b4bf8">Obama Administration Outlines Cyber Security Strategy</a> <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/12/08/AR2008120801944.html">More Cyber Security Regulations Recommended</a> |
Sat, 7 February 2009
In this special episode of Securabit we are interviewing Billy Hoffman and Prajakta Jagdale. Billy is the author of the book Ajax Security. Prajakta is a Security Research Engineer with HP and is presenting at this year's ShmooCon. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Special Guests: Billy Hoffman (http://en.wikipedia.org/wiki/ Prajakta Jagdale (http://www.linkedin.com/pub/ Important links for the show and documents used: HP (http://www.hp.com/) Ajax Security (http://www.amazon.com/Ajax- NoScript (http://noscript.net/) SchmoonCon (http://www.shmoocon.org/ HP's Web Security Research Group) & Matt Wood (HP Web Security Research Group) join SecuraBit for a very informative discussion. Questions on Ajax, Flash, and Web Application security. |
Sun, 25 January 2009
This show is out of order and we debated if we would even release it. Well why not, have a listen if you don't like it delete it and remember we told you so ;) This show was a hostile take over by The guys at SMB Minute. It was all just for fun and happened on Dec 31 2008. Remember we warned you.... Listen at your own risk!!! Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Important links for the show and documents used: NONE |
Sat, 24 January 2009
In this episode which is likely to be out of sequence. SecuraBit did a recording on the 31st of the year and we will likely release it but episode 18 was a potential lost episode. Chris Mills talks about how twitter has changed some of it's security measures in the aftermath of the hack on its admin accounts. He even did some testing of a bogus account. We even got into some discussions on which types of phones handle what kind of sites. Please be careful, Jay is going to be getting a twitter account and might actually post. Oh FRAK!!!! The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen. After the break we started to go into some tools we actually use or
have used and wanted to recommend. Jay spoke of his Retina software
they use. We did play a nice practical joke on jay and left him hanging
in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up's and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN
but none of us had used it. Chris Mills also went into one of the tools
he used back in the day but recently started to use again called NTop. Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Important links for the show and documents used: http://www.iss.net/ Check out the end of the cast for Jay's audition for American 1dol!!! |
Wed, 7 January 2009
News at 11. Well really we started recording about 8 PM on Monday January 5th. In this SecuraByte episode, Securabit had its largest conference call yet. Securabit was joined by the guys from both SecurityJustice.com and SMBMinute.com, as well as Melissa on Twitter AKA @Geekgrrl. We discussed the security vulnerability discovered with twitter.com's tech support. This is a service many of us use and enjoy. Please have a listen in while we discuss amongst ourselves. Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of the SMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave (@Securi-D) securityjustice.com Important links for the show and documents used: Britney, Obama Twitter Feeds Hijacked Following Phishing Attack |
Mon, 22 December 2008
This is a unique episode for SecuraBit, we are teaming up with the Security Justice Podcast to do a double header show. SecuraBit recorded their show from 8-9 PST, then handed off the reins to Security Justice to finish out the night. In doing so we had a combine set of prizes. To win the prize required that you listen and get the correct answer to a trivia question given on SecuraBit. You also had to listen to the Security Justice Podcast to and know the answer to their question as well. SecuraBit even manged to start on time as well as hand off on time. It was a very different type of show due to trying to condense everything in to a single hour. (Good thing we didn't have any real content, Just kidding) SecuraBit opened the show but because Jay needed to switch some things out we actually went to a break faster than normal. When we returned from the break we did indeed have Jay on the line. We started to go into the new Microsoft Zero Day, and Jay informed us that he had been out of the loop for a week but since the patch only came out 73 minute before he found out about it he figured he was right on time. The next topic was Chris Gerling going to sans and taking the forensics 508 course. Chris then told us that he felt like he should never have picked up a helix disk based on the level of knowledge he has now compared to before the course. We also discussed that many states are requiring a Private Investigators license to do forensics. That none of us on the show agreed that this was a good idea, but yet several lobbyists have been pushing for this very idea. Jay asked the question about what was thought about the BGP security vulnerability. Anthony discussed a new site he went to as a security review. After the break, we went into the trivia question. The trivia Question was: What are the flags you have to set in order to do an NMAP-style XMAS scan in Unicornscan? We will post the winner soon in conjunction with the Security Justice podcast. After the trivia question we went into thoughts on what to do about prior employees, handling creditials, voice mails, and emails. We referenced the guy in San Francisco who was fired from the job, but yet still was able to hold the network he left hostage. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Important links for the show and documents used: No links this time! |
Wed, 10 December 2008
In this episode we talk about Chris Gerling attending the SANS Cyber Defense Initiative 2008 in Washing DC. He will be taking the Security 508 Computer Forensics, Investigation, and Response course. If you are at the conference please make sure you look for Chris. He also plans to take the new GPEN test while there. We might be bringing the sock monkey to Shmoocon and have him do some interviews. We also spoke about how few businesses are actually checking a persons signature or id for credit cards. Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married. After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room. Went into the issue of dns forwarding being done on CheckFree.com The article was actually from The Washington Post by Brian Krebs. Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of 1password. It was a Great hookup. Then we covered various apps on the IPhone. We touched on what the encryption is on a 3g network. We found a great powerpoint slide show explaining it. After the last break we went into firewall set ups. Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued. You will just have to listen to it to see what kind of sense it makes. We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit). From there the show just went down hill with strippers and alcohol. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.sans.org/cdi08/ |
Sun, 30 November 2008
Sorry for the delay in getting this episode out this time. Anthony got stuck with doing some actual work and then we all got hit by the holidays. We do hope you enjoy the show this week. Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility. If something happens how and to what extent as security professionals are we responsible and accountable. This is a topic he brought up on twitter as well and got a lot of replies back. Some agreeing and some not, Feel free to weigh in on this one. Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust. After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU. You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk . The conversation went into WPA is not Busted. We referenced Steven Gibson's explantion and Joel Eslers blog posts on the subject. During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits After the Break we were able to bring in the real Joel Esler. Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress. He actually works for sourcefire. This is an organzation that you should take a look at, it is well worth your time. He also is an avid security blogger and has his own blog at Joel Esler.net Joel talks about he IPS's of today are simply not the same as many of the original IPS's. We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do. Sorry about that! But we kind of ran out of content and time. SecuraBit would like to make sure everyone has a Happy Holidays and don't forget to leave us feedback on Itunes even if you don't listen via Itunes. We want to get some of these casts out of there that have not posted in years. Hosts: Rob Fuller - Mubix, room362.com Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.phishtank.com/ |
Mon, 10 November 2008
In this episode we have a special guest Adrian from Irongeek.com. We conversed about the going's on at phreaknic. Adrian presented down there and this is where he ended up meeting Bruce and Heidi Potter from the Shmoocon Group. The discussion covered a little more on the MS08-067 issues, Sans Training, and CEH. This is the first episode where we experimented and used stickam.com to allow the listeners to see just how messed up we really are. After the break, Adrian spoke about how one of the guys from binrev.com turned him on to a book for review called Googling Security: How Much Does Google Know About You? written by Greg Conti. Anthony ended up going into some of new virus / trojan infections. These were on the lines of antivirus 2009 and others of the type. Consensus was that a good cleaner tool was called Rougefix (recommendatin from the IRC channel by Tim Krabek). Adrian recommended a song by Tom Smith about Technical Suport for Dad. We went into a little more information on the New York School district's vulnerability. We also went into a little bit on how to lock down a printer as well. Found a list of the PJL commands for HP. Securabit wanted to remind everyone that if you have anything to say you are welcome to come on the show and tell us what you think and know. It is an open invitation. We want to thank those individuals who have donated to the podcast as well. Check out a couple of our friends podcasts at http://securityjustice.com and the http://SMBminute.com Hosts: Chris Mills - ChrisAM Chris Gerling - Hak5Chris, Chrisgerling.com Anthony Gartner - AnthonyGartner.com Jason Mueller - SecurabitJay Special Guest: Adrian from Irongeek.com Important links for the show and documents used: http://irongeek.com |
Thu, 30 October 2008
In the Halloween Episode 13 where we neglected to mention Halloween, the guys talk about a wide range of topics on the show. The topics we covered included Australia joining the Great Firewall of China, The FBI's Dark Market Takedown, National Cyber Security Awareness Month, CERT Training, spaghetti sauce, and phreaknic 12 (where Chris was going to go but was not able to at the last minute) The East Coast is represented up and down with Chris G traveling to New York. We even had a ghostly apparition that sounded a lot like Jason Mueller. Hosts: Chris Mills - ChrisAM Chris Gerling - Hak5Chris Anthony Gartner - AnthonyGartner.com Jason Mueller - Important links for the show and documents used: http://www.techcrunch.com/2007/12/30/australia-joins-china-in-censoring-the-internet/ http://www.fbi.gov/page2/oct08/darkmarket_102008.html http://www.us-cert.gov/press_room/cyber_security_awareness_month.html https://www.vte.cert.org/vteweb/ |
Sat, 25 October 2008
This evening we had a podcast about the new Zero Day Exploit. This exploit covers all versions of windows from 2000 and above. Securabit brought in Tim Krabec from the smbminute.com podcast. This covers the article from Microsoft MS08-067. Hosts: Chris Gerling - Hak5Chris Anthony Gartner - AnthonyGartner.com Guests: Tim Krabec (Cray Beck) Important links for the show and documents used: http://docs.google.com/Presentation?id=dghttrwg_26c47c5xcx Tim's beer Optimator Spaten Munich |
Mon, 13 October 2008
Securabit Episode 12 |
Mon, 29 September 2008
This week Anthony Gartner & Rob Fuller discuss the latest computer security news. Special guests are Vyrus and CP from the dc949.org group. Episode 11 Discussions covered the following topics: Skynet, Advanced Dork, Google Site Indexer, These tools work worked on by CP and Vyrus and the dc949 group and are written as open source. Rob brought up a Firefox add on called Barrier Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to. Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours. A mention of Cisco was brought up and we also spoke of a visualized version for the Cisco Mips processors and the specific virtualized version of the Cisco 7200 Routers. BlackBerry Encryption keys may be in the hands of the Indian Government as part of the deal with Rim. |
Fri, 19 September 2008
(Apologies in advance for the short term 'wiki' look of these show notes, the public wiki will be up soon!) On this Episode of Securabit: Chris Gerling - Hak5chris Chris Mills - ChrisAM Anthony Gartner - AnthonyGartner Jason Mueller - SecuraBit_Jay Guest Chris Wilson Episode 10 - A milestone! We are all still alive even though the CERN Particle Collider has been started up. OpenSource Projects, Software, Patches New SecuraBit VPS! (We have since cancelled and will be moving to something else soon)Linode with CentOS. However, no SELinux available For CentOS help go to: #CentOS on irc.freenode.net Tips for configuring the new server: Disable root login on ssh Good passwords Lock down ports The Securabit guys started using the CentOS distribution because of its interconnections with Snort See this site for details on how to configure Snort on CentOS In non-security related news: Steve Jobs Apple Special Event "Let's Rock" Netbooks are everywhere: Even Commodore joins Netbook Crowd: http://news.cnet.com/8301-17938_105-10029963-1.html Google Chrome: Milworm Chrome Exploit/Vulnerabilities http://www.milw0rm.com/exploits/6353 http://www.milw0rm.com/exploits/6355 http://www.milw0rm.com/exploits/6365 http://www.milw0rm.com/exploits/6367 http://www.milw0rm.com/exploits/6372 http://www.milw0rm.com/exploits/6386 Google Chrome and Germany: http://www.salon.com/wires/ap/scitech/2008/09/09/D9338OT80_germany_google_chrome/index.html MS commercial analysis: http://www.purpleslinky.com/Humor/Satire/A-Commercial-About-Nothing-Analysis-of-the-First-Microsoft-Seinfeld-Ad.245991 MS Mouse: http://www.maximumpc.com/tags/bluetrack BREAK Schneier and portable device security: http://www.schneier.com/blog/archives/2008/07/open_source_lap.html http://www.schneier.com/blog/archives/2005/07/risks_of_losing.html Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on the Linode VPS Chris Mills: Employer Security Expo Talked about Password Security and showed off Rainbow Tables/Ophcrack (http://ophcrack.sourceforge.net/) and Driftnet (http://ex-parrot.com/~chris/driftnet/) BREAK Chris Wilson |
Tue, 16 September 2008
Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS. I hope this is of use to everyone, it is very very well done! |
Wed, 10 September 2008
Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group. Chris Gerling - Hak5Chris Guests: |
Thu, 4 September 2008
On this episode of SecuraBit: Multiboot Security DVDMubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to choose which common security distros, all on one medium!
GeeXBoX 1.1 (not geekbox ) Damn Vulnerable Linux (Strychnine) 1.4 Ophcrack 1.2.2 (with 720 mb tables)
Some distros the Securabit guys would like to see added:
RedHat/Fedora OpenSSH CompromisesAs noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised. The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised -Stolen SSH keys are used to gain access to the system -After that, rootkit "phalanx2" is installed and steals more SSH keys -Obviously this could be used to install any malware at all The RHEL offshoot CentOS was not affected by the compromise.
Joomla VulnerabilityUS CERT Joomla! Password Reset Vulnerability Joomla Core Exploit Announcement - Password Remind Functionality Joomla user password reset vulnerability being actively exploited
After Break BanterAwesome Quote: "Fear makes the wolf look bigger"
Best Western PwnedOriginally Discovered by The Sunday Herald. As many as 8 million accounts compromised
Vulnerbilty of BGPThis exploit of Border Gateway Protocol allows the attacker to monitor internet traffic and forward it to anywhere in the world. Five hours of traffic was forwarded to New York during Defcon 16. This vulnerability is going to be bigger than the Kaminsky DNS Vuln. Speaking of Dan, he loves Securabit! Defcon presentation from Anton Kapela and Alex Pilosov Wired - Revealed: The Internet's Biggest Security Hole Wired - More on BGP Attacks -- Updated
The MiddlerJay Beale - Middler - Release it already! DefCon Talk Audio SteganographyHiding information by slightly altering the binary sequence of a sound file From simple algorithms that insert info in the form of signal noise, to more powerful methods that exploit sophisticated signal processing techniques to hide information. LSB coding (least significant bit):  substitute with a binary msg Parity coding Phase coding:  #  The original sound signal is broken up into smaller segments whose lengths equal the size of the message to be encoded. A Discrete Fourier Transform (DFT) is applied to each segment to create a matrix of the phases and Fourier transform magnitudes. Phase differences between adjacent segments are calculated. Phase shifts between consecutive segments are easily detected. In other words, the absolute phases of the segments can be changed but the relative phase differences between adjacent segments must be preserved. Therefore the secret message is only inserted in the phase vector of the first signal segment as follows: Spread spectrum Two versions of SS can be used in audio steganography: the direct-sequence and frequency-hopping schemes. In direct-sequence SS, the secret message is spread out by a constant called the chip rate and then modulated with a pseudorandom signal. It is then interleaved with the cover-signal. In frequency-hopping SS, the audio file's frequency spectrum is altered so that it hops rapidly between frequencies.
Security Justice stops byTom and Dave from Security Justice -Search for pics of Mubix gets you this -Shmoocon will have another Podcasters Meetup and Hak5 will be there. -List of Hacker/Security Con's Forensic recovery on SSDSSD Forensics: - no physical security hooks that prevent them from being removed from enclosures - ultraviolet laser to wipe out lock bits (encryption) from fuses on chips that secure SSDs - overall easier to erase data on SSD (with encryption) vs HDD Forensics: - Harder to fully erase data 9have to overwrite or physically damage) - easier to fully encrypt Jim handy: hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer, then reassembled using data recovery software. SSDs are hot, but not without security risks Scott A. Moulton presentations on data recovery and forensics. Contact SecurabitIRC: #securabit on irc.feenode.net Skype Number: (469) 277-2248 |
Fri, 15 August 2008
On this Episode of SecuraBit Jason Mueller Chris Gerling Anthony Gartner Back from three week hiatus. Defcon and BlackHat Defcon Parties: Core Impact Party EthicalHacker.net party Cisco Party Isight Party I-hacked Party StillSecure Freakshow Party ChicagoCon: Boot Camps: Oct 27 - 31 Conference: Oct 31 - Nov 1: http://www.chicagocon.com/ Defcon Badges Ran out of Badges on first day: http://search.twitter.com/search?q=Defcon+badges+out TV-B-Gone built into the badges: http://www.hackaday.com/2008/08/05/defcon-16-badge-details-released/ Servo hacks the badges - http://edge.i-hacked.com/new-defcon16-details Podcasters Meetup - http://www.podcastersmeetup.com/ and http://securabit.com/2008/08/13/dc16-recap/ Documentary: Hackers are People Too: http://www.hackersarepeopletoo.com/ BREAK More from Podcasters meetup: Maltego - Maltego is an open source intelligence and forensics application - http://www.paterva.com/maltego/ Iphone Metasploit: http://secmaniac.blogspot.com/2008/07/metasploit-3-on-iphone.html Hak5 plug: Show every Monday - http://www.hak5.org/ Drinks: Absolut Mandarin: http://www.absolut.com/us Rain Vodka: http://www.rainvodka.com/ Current news: Georgia and Russia: Cyber Warfare: http://it.slashdot.org/article.pl?sid=08/08/10/0126232&from=rss Estonia to help Georgia: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112399& Watch out for tanks in Atlanta: http://is.gd/1qNy MIT Subway Card Hacking Pulled from Defcon: http://news.cnet.com/8301-1009_3-10012612-83.html Talk Posted Here: http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf Naval PostGraduate School wins capture the flag: http://swampie.wordpress.com/2008/08/11/naval-postgraduate-school-wins-defcon-capture-the-flag-competition/ Wall of Sheep: http://www.blackhat.com/html/bh-usa-08/wallofsheep.html Lesson: Don't take your production (or perhaps any) computer to hacker conferences Driftnet to catch Jpegs at Defcon: http://ex-parrot.com/~chris/driftnet/ Anthony will be working on Iphone Security Apple sells 95 Iphones/day/store: http://is.gd/1qND Tshirts and Stickers gone, but more on there way? Martin McKeay at Defcon: http://www.cwes01.com/1083/7776/psw/separated.png Direct DL. |
Sun, 27 July 2008
On this episode of SecuraBit, we talk to Chris Eng and Chris Wysopal from Veracode about SOURCE Boston, as well as Jennifer Leggio about Twitter and more:
I'm going to be installing wiki software and recruiting some folks to help us do proper full show notes for each episode. We're also looking for people to help out with the forums, IRC, and research for technical segments. If you can contribute in any way we'll make sure you get recognized. Remember to hit up the T-Shirt and Sticker page.
Soon I will remove the T-Shirt donate link as I will be shipping the
box of T-Shirts to Jay to take with him to Defcon. Hit us up on the
forums, or at irc.freenode.net #securabit. Thanks for listening! |
Fri, 25 July 2008
Last night we decided to discuss a little more on the DNS vulnerability issue that's been the hot topic everywhere in terms of detection and defense. Thanks to guest Chris Wilson for his invaluable insight into the snort signature we were provided by alexkirk in #snort on irc.freenode.net. We also discussed detection of encrypted traffic on a network, and some of the implications of it. Direct link to the mp3 is here. Apologies for Chris Wilson's audio, his speakers were on unbeknown-st to us, and I cleaned it up as best I could. :) Also, the stickers are finally in! Get your T-Shirts and stickers here! |
Tue, 22 July 2008
Today we introduce a new portion of the show: Securabytes. Securabytes are unannounced episodes, they could be last minute interviews or just more beer induced security speak. So, without further ado, here is the first Securabyte from the Securabit Podcast. "Introducing haiku-DNS: [laughing corruption collapsing kittens gallop nectars forgiving] = usa.gov" - Chris Wesley McGrew of McGrew Security, Martin McKeay of the Network Security Blog / Podcast, and some guy name Joel joined me (Rob Fuller) last night to discuss the DNS vulnerability leakage that happened about quitting time yesterday (7/21). We discuss the leak, how the vulnerability works, mitigating, and the potential it has on mass scales. Every one of the gentlemen that joined us, and we here at Securabit urge you to patch as soon as possible. If you need further information, please check the following links: Direct link to this episode: Check to see if you are vulnerable: http://www.doxpara.com/ In depth explanation of the vulnerability: http://www.mcgrewsecurity.com/?p=151 More supporting links: |
Wed, 16 July 2008
On this episode of SecuraBit Chris, Jay, and the crew discuss: Major DNS vulnerability patched! We also want to announce that our T-Shirts have arrived, which you can get here! Stickers will be available very soon! As always, hit up the forums and start talking security with other professionals, pop into our irc at irc.freenode.net #securabit (cloaks coming soon!), and send any feedback to feedback@securabit.com or through the contact page on the site here!
Thanks for listening! |
Sun, 29 June 2008
On this episode of SecuraBit:Anthony, Chris, Christopher, Jay, and special guest Rob (mubix) discuss: Signature based anti-virus dead? Rubbermaid Botmaster Sentenced BackTrack3 Final released! Using Google Earth to crash neighboring pools Crazed Bovine Traversal Distributed Honeypot Project The iTunes link on the front page here works again!!! Check out the forums, and our IRC at irc.freenode.net #securabit. Any feedback is welcomed either through the contact form, or at feedback@securabit.com, or on the forums. Thanks for listening!! |
Tue, 17 June 2008
On this episode of SecuraBit, Chris, Jay, Anthony, Andy, and Chris Mills discuss:* Integrity of Fax Signatures. * Metasploit hacked? Layer 2 VLAN fun. * Clever Museum Theft. * Ironkey-like USB Flash Drive: DiskGO GUARDIAN. * Virus that encrypts your data. * Safari Carpet Bombing, and more! Make sure to hit up our forums, and IRC at irc.freenode.net channel #securabit Send all feedback to feedback@securabit.com or use the contact page on the site. We apologize for the delay! Thanks for listening! |
Mon, 2 June 2008
On this episode of SecuraBit, Chris, Jay, Anthony, Andy, and Chris Mills discuss:
Going MP3 only on this episode. Thanks for listening! Direct DL: SecuraBit Episode 3 MP3 |
Fri, 16 May 2008
On this episode of SecuraBit. Chris, Jay, and Anthony discuss:
Please leave feedback either via comments or to feedback@securabit.com. Thanks for tuning in! |
Sat, 3 May 2008
On this episode of SecuraBit Chris, Jay and company discuss:
For any questions or comments email feedback@securabit.com or post a comment here! |
SecuraBit (podcasts)
SecuraBit Before It Bytes!
Categories
podcastsgeneral
SecuraBits
Compromises
Risk Management
SecuraLabs
Labs
Archives
DecemberOctober
August
May
March
February
January
December
November
October
September
May
March
February
January
December
November
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 | ||||||
Syndication
