Part II of our exclusive interview with Joshua Wright of Aruba Networks. In part II we discuss:

• The current state of wireless intrusion detection
• Josh talks about wireless client insecurities, such as flaws in wireless drivers
• WifiPedia - a free source of WLAN-related information initially brought to you by the Secure Programming Group at University of Oulu.
• LORCON - Loss Of Radio Connectivity - A wireless driver abstraction layer
• Hottspot insecurity, and dangers of Karma, hotspotter, Airpwn, and Raw Glue AP
• "I am Your Malicious Web Site"
• Wireless defense measures for your client
• Oracle Security, or lack thereof
• Josh's trick or treat Oracle application
• Oracle Password Hashing Algorithm
• The hazards of teaching your children how to start counting from 0
• Josh talks (er, well, sorta) about the awesome cool stuff he's working on at Aruba
• Josh still teaches the wireless track for The SANS Institute, check out the Virginia conference, and SANSFIRE.
• Be certain to check out Kismet

Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Part II of our exclusive interview with Joshua Wright of Aruba Networks. In part II we discuss:

• The current state of wireless intrusion detection
• Josh talks about wireless client insecurities, such as flaws in wireless drivers
• WifiPedia - a free source of WLAN-related information initially brought to you by the Secure Programming Group at University of Oulu.
• LORCON - Loss Of Radio Connectivity - A wireless driver abstraction layer
• Hottspot insecurity, and dangers of Karma, hotspotter, Airpwn, and Raw Glue AP
• "I am Your Malicious Web Site"
• Wireless defense measures for your client
• Oracle Security, or lack thereof
• Josh's trick or treat Oracle application
• Oracle Password Hashing Algorithm
• The hazards of teaching your children how to start counting from 0
• Josh talks (er, well, sorta) about the awesome cool stuff he's working on at Aruba
• Josh still teaches the wireless track for The SANS Institute, check out the Virginia conference, and SANSFIRE.
• Be certain to check out Kismet

Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Dear listeners,

Some of you have written in and stated that you want to be more involved with the show, and we think thats great! Also, we've had some heavy debating (via email) on various topics. So, Larry and I, being the crazy podcasters that we are, came up with this idea for an "Open Show":

When: March 30, 2006 - 5:30PM - 7:00PM EST
Where: Skype - Skypeid: "pauldotcom", phone: 401.369.9820

Here's how it will work:

• If you wish to participate please be ready to discuss the topic for the show (opinions, facts, its all good) Before you come on the show you will need to use Skype chat to speak with the moderator. The moderator will ask you a few questions (name, where you are from, etc...)
• Once you are approved we will accept your Skype call
• You will be given 10 or so minutes maximum to participate in the show

Here are some ground rules:

• Please keep it clean, children could be listening! PG-13 is the general rule...
• Be polite, do not talk over anyone else
• Do not over-shamelessly plug, I mean you can shamelessly plug a thing or two, but if you are interested in advertising on the show we'd be happy to talk offline :-)

Hope to see you all there!

.com

Dear listeners,

Some of you have written in and stated that you want to be more involved with the show, and we think thats great! Also, we've had some heavy debating (via email) on various topics. So, Larry and I, being the crazy podcasters that we are, came up with this idea for an "Open Show":

When: March 30, 2006 - 5:30PM - 7:00PM EST
Where: Skype - Skypeid: "pauldotcom", phone: 401.369.9820

Here's how it will work:

• If you wish to participate please be ready to discuss the topic for the show (opinions, facts, its all good) Before you come on the show you will need to use Skype chat to speak with the moderator. The moderator will ask you a few questions (name, where you are from, etc...)
• Once you are approved we will accept your Skype call
• You will be given 10 or so minutes maximum to participate in the show

Here are some ground rules:

• Please keep it clean, children could be listening! PG-13 is the general rule...
• Be polite, do not talk over anyone else
• Do not over-shamelessly plug, I mean you can shamelessly plug a thing or two, but if you are interested in advertising on the show we'd be happy to talk offline :-)

Hope to see you all there!

.com

We are excited to bring you this exclusive interview with Joshua Wright of Aruba Networks. Josh is a good friend of ours and sits live in the PaulDotCom Security Weekly studio to discuss everything from wireless security to fingerprinting microwaves.

In part I we discuss:

• How Josh got an "A" on an assignment in College and landed his first IT security job
• His interested in wireless network security, or lack thereof, and the "hacking opportunities" they present
• The story behind the weaknesses in LEAP and how the Asleap tool came to be
• Bluetooth vulnerabilities and testing tools, research from the Trifinite group, a tool called bluepinning
• Challenges associated with auditing bluetooth wireless networks
• How CoWPAtty came to be and risks associated with WPA
• Suggestions from Josh on what works today to protect wireless networks
• WySpy - How it works and Josh's experiences with fingerprinting microwaves

Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

We are excited to bring you this exclusive interview with Joshua Wright of Aruba Networks. Josh is a good friend of ours and sits live in the PaulDotCom Security Weekly studio to discuss everything from wireless security to fingerprinting microwaves.

In part I we discuss:

• How Josh got an "A" on an assignment in College and landed his first IT security job
• His interested in wireless network security, or lack thereof, and the "hacking opportunities" they present
• The story behind the weaknesses in LEAP and how the Asleap tool came to be
• Bluetooth vulnerabilities and testing tools, research from the Trifinite group, a tool called bluepinning
• Challenges associated with auditing bluetooth wireless networks
• How CoWPAtty came to be and risks associated with WPA
• Suggestions from Josh on what works today to protect wireless networks
• WySpy - How it works and Josh's experiences with fingerprinting microwaves

Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

• Come join our very first "open show" on March 30, 2006 5:30PM EST you can Skype into our show and participate on our show! The first topic will be "Piggybacking Wireless Networks: Is it legal? Moral? Ethical? Cool? Not Cool?". Come join us and let us know what you think!
• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• If you are in the Providence, RI area the week of April 1st you can come to ACUTA to hear Twitchy and I give presentations (separate ones)
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - There will be no video release this week. Stay tuned for more wireless hacking in future episodes!

Video Feeds:

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

• Come join our very first "open show" on March 30, 2006 5:30PM EST you can Skype into our show and participate on our show! The first topic will be "Piggybacking Wireless Networks: Is it legal? Moral? Ethical? Cool? Not Cool?". Come join us and let us know what you think!
• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• If you are in the Providence, RI area the week of April 1st you can come to ACUTA to hear Twitchy and I give presentations (separate ones)
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - There will be no video release this week. Stay tuned for more wireless hacking in future episodes!

Video Feeds:

Audio Feeds:

"Networking support has been extended throughout the lifetime of Windows 2000 and Windows XP, but it was getting harder and harder for Microsoft to keep improving the old code. So for Vista, they started over from ground zero and rewrote the networking stack from scratch. IPV6 was hacked onto Windows XP in a pretty basic way, but it is built directly into the Vista networking stack in a much more robust fashion. Of course, IPV4 is still going to be the most common IP interface for quite some time, so all the new networking improvements are visible there, too."

The RFCs (documents that define the way the Internet "should" work) have been described by many as mere suggestions. It is up to the developer to correct interpret the description and translate that into source code, which eventually ends up playing on the Internet.

So when Microsoft decides to write an entirely new network protocol stack, guess what, we get a whole new round of "interpretations" to test and potential take advantage of using various tools:

• Nmap - The basis of Nmap's OS fingerprinting module is based on sending strange packets to a host and see what it sends back. The RFCs do not explicitly define how a host should respond to a TCP packet with the Syn/Fin/Rst flags set.
• Hping - Earlier versions of Windows fell victim to a LAND attack, that is a packet which sets the source and destination IP addresses to the same value. Since the RFCs do not define what is supposed to happen, some versions of Windows blue screen (I think they could have come up with a better scenario, however they did fix this in later versions of Windows, then re-introduce it in a later version, then fix it again). Hping allows you to craft packets, setting various values in the packets headers, including the source and destination IP addresses.
• Jolt/Tear Drop - Fragmentation attacks have been very popular in the past, again taking advantage of the way a host interprets packets, specifically ones that are fragmented (such as overlapping fragments, missing fragments, and never ending fragments).

Even fairly mature protocol stacks, such as the Linux TCP/IP stack, have recently uncovered vulnerabilities. What is interesting is that the original protocol stacks such as BSD are getting more resilient to attacks. I am very curious to see what kind of vulnerabilities are found in the new Windows Vista protocol stack.

Full Article

.com

"Networking support has been extended throughout the lifetime of Windows 2000 and Windows XP, but it was getting harder and harder for Microsoft to keep improving the old code. So for Vista, they started over from ground zero and rewrote the networking stack from scratch. IPV6 was hacked onto Windows XP in a pretty basic way, but it is built directly into the Vista networking stack in a much more robust fashion. Of course, IPV4 is still going to be the most common IP interface for quite some time, so all the new networking improvements are visible there, too."

The RFCs (documents that define the way the Internet "should" work) have been described by many as mere suggestions. It is up to the developer to correct interpret the description and translate that into source code, which eventually ends up playing on the Internet.

So when Microsoft decides to write an entirely new network protocol stack, guess what, we get a whole new round of "interpretations" to test and potential take advantage of using various tools:

• Nmap - The basis of Nmap's OS fingerprinting module is based on sending strange packets to a host and see what it sends back. The RFCs do not explicitly define how a host should respond to a TCP packet with the Syn/Fin/Rst flags set.
• Hping - Earlier versions of Windows fell victim to a LAND attack, that is a packet which sets the source and destination IP addresses to the same value. Since the RFCs do not define what is supposed to happen, some versions of Windows blue screen (I think they could have come up with a better scenario, however they did fix this in later versions of Windows, then re-introduce it in a later version, then fix it again). Hping allows you to craft packets, setting various values in the packets headers, including the source and destination IP addresses.
• Jolt/Tear Drop - Fragmentation attacks have been very popular in the past, again taking advantage of the way a host interprets packets, specifically ones that are fragmented (such as overlapping fragments, missing fragments, and never ending fragments).

Even fairly mature protocol stacks, such as the Linux TCP/IP stack, have recently uncovered vulnerabilities. What is interesting is that the original protocol stacks such as BSD are getting more resilient to attacks. I am very curious to see what kind of vulnerabilities are found in the new Windows Vista protocol stack.

Full Article

.com

Here we go again:

"There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution."

And as Lorna puts it, "its a heap overflow just waiting to happen". It most certainly is. And what does that mean? It means that bad people have probably known about this exploit for quite some time and have already developed an exploit. They are using this exploit to compromise unsuspecting people who are using IE, most likely in large organizations who refuse to support anything other than Internet Exposure, er, Explorer. And compromise they will, installing the latest round of Spyware, Adware, and bots that will launch the next DDoS and make some hacker a hefty sum of money per month for his or her troubles.

We still don't have a patch, and we don't have a workaround, other than to use Firefox.

Full Article

.com

Here we go again:

"There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution."

And as Lorna puts it, "its a heap overflow just waiting to happen". It most certainly is. And what does that mean? It means that bad people have probably known about this exploit for quite some time and have already developed an exploit. They are using this exploit to compromise unsuspecting people who are using IE, most likely in large organizations who refuse to support anything other than Internet Exposure, er, Explorer. And compromise they will, installing the latest round of Spyware, Adware, and bots that will launch the next DDoS and make some hacker a hefty sum of money per month for his or her troubles.

We still don't have a patch, and we don't have a workaround, other than to use Firefox.

Full Article

.com

Live from the PaulDotCom Security Weekly Studio....

(Video version has been posted, check it out!)

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• If you are in the Providence, RI area the week of April 1st you can come to ACUTA to hear Twitchy and I give presentations (separate ones)
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - Wireless Hacking - Part I

Video Feeds:

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

(Video version has been posted, check it out!)

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• If you are in the Providence, RI area the week of April 1st you can come to ACUTA to hear Twitchy and I give presentations (separate ones)
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - Wireless Hacking - Part I

Video Feeds:

Audio Feeds:

Being the geek that I am I finally decided it was time to get a phone that did more than just make calls. There are a few reasons for this, such as wanting to experiment more with bluetooth, hack around on Windows Mobile, use a headset in the car to avoid crashing, and increase my geek status :)

I decided to go with the XV6700 from Verizon:

Having just picked up the phone Wednesday night, here are my initial impressions:

• The phone comes with Wifi, and it works great. I picked up my neighbors wireless network from two houses away!
• The user interface is pretty slick, it runs Windows Mobile 5.0 (I know its Windoze), has a full querty keyboard, joystick control and stylus.
• The Motorola H500 bluetooth headset seemed to work okay at first, but it is very uncomfortable and not loud enough.
• One really annoying thing that I hope to fix with some hacks is that you can not do voice activated dialing via a bluetooth headset. This just plain sucks. If anyone knows of any hacks, please let me know.
• The phone is also much smaller than I thought, although the belt clip that I bought (along with the car charger and headset for $80) is a little clumsy and big.
• It also comes with an infrared port, which I am hoping can be used as a universal remote for my entertainment center
• I have yet to get the phone to sync with my outlook mail and calendar, not sure why yet, I get some unspecified error that I need to investigate
• No support under OS X, yet, there is a company called Markspace that makes a product that will sync PDAs with OS X, including Entourage, iCal, etc... They do not yet support Windows Mobile 5.0, but are working on it.
• The web works awesome, both through Wifi and EVDO. Its nice having the Interweb everywhere :) I plan to pick up Pocket Streets 2005 so I don't get lost (Which looks like I will also be buying a bluetooth enabled GPS to go with it).
• The camera works great, check out this pic I grabbed this morning in the parking lot. W00t!

More to come!

.com

Being the geek that I am I finally decided it was time to get a phone that did more than just make calls. There are a few reasons for this, such as wanting to experiment more with bluetooth, hack around on Windows Mobile, use a headset in the car to avoid crashing, and increase my geek status :)

I decided to go with the XV6700 from Verizon:

Having just picked up the phone Wednesday night, here are my initial impressions:

• The phone comes with Wifi, and it works great. I picked up my neighbors wireless network from two houses away!
• The user interface is pretty slick, it runs Windows Mobile 5.0 (I know its Windoze), has a full querty keyboard, joystick control and stylus.
• The Motorola H500 bluetooth headset seemed to work okay at first, but it is very uncomfortable and not loud enough.
• One really annoying thing that I hope to fix with some hacks is that you can not do voice activated dialing via a bluetooth headset. This just plain sucks. If anyone knows of any hacks, please let me know.
• The phone is also much smaller than I thought, although the belt clip that I bought (along with the car charger and headset for $80) is a little clumsy and big.
• It also comes with an infrared port, which I am hoping can be used as a universal remote for my entertainment center
• I have yet to get the phone to sync with my outlook mail and calendar, not sure why yet, I get some unspecified error that I need to investigate
• No support under OS X, yet, there is a company called Markspace that makes a product that will sync PDAs with OS X, including Entourage, iCal, etc... They do not yet support Windows Mobile 5.0, but are working on it.
• The web works awesome, both through Wifi and EVDO. Its nice having the Interweb everywhere :) I plan to pick up Pocket Streets 2005 so I don't get lost (Which looks like I will also be buying a bluetooth enabled GPS to go with it).
• The camera works great, check out this pic I grabbed this morning in the parking lot. W00t!

More to come!

.com

Introduction

Nmap is an extremely powerful tool for portscanning. However, its primary job is not to make the output look pretty, which is why it will output to XML where you can use a neat little perl library called NmapParse. New features will even allow you to call nmap from within your perl script.

The Problem

So lets say that you want to scan an entire subnet and look for web servers in preparation for putting it behind a firewall. You could just run nmap and look for open ports 80 and 443. It would be difficult to distinguish public web servers, printers, and any other device that runs a web server. For this you need to use the Nmap option "-sV" to grab the banner. You then want to have some grepable output to produce some sort of report for the local admin or for your own purpose (like a penetration test). The Nmap command to do this would be:

nmap -sV -oG report.out -p 80,443 192.168.1.1-254

The results are pretty ugly as most of us have recognized. The fields are separated by "/" and the number of fields tends to vary making it difficult to parse reliably.

Host: 192.168.1.16 (snowblood.pauldotcom.com) Ports: 80/open/tcp//http?///, 443/closed/tcp//https///
Host: 192.168.1.87 (zatoichi.pauldotcom.com) Ports: 80/open/tcp//http//Microsoft IIS webserver 5.0/, 443/closed/tcp//https///
Host: 192.168.1.140 (azumi.pauldotcom.com) Ports: 80/open/tcp//http//Apache httpd 1.3.33 ((Darwin) mod_jk|1.2.2)/, 443/filtered/tcp//https///
Host: 192.168.1.141 (izo.pauldotcom.com) Ports: 80/open/tcp//http?///, 443/filtered/tcp//https///
Host: 192.168.1.15 (shinobi.pauldotcom.com) Ports: 80/open/tcp//http//Apache httpd 1.3.28 ((Unix))/, 443/closed/tcp//https///

Using NmapParse

You can download NmapParse from their web site at http://npx.sourceforge.net/. The most recent versions are much improved, and even include functions to run nmap from within your perl script. This makes it easy to run a scan and parse the results, now we don't have to save out an xml file to parse, making for a much cleaner solution. My script, as ugly as it is, seems to work pretty good:

# ./nmapparse.pl -i 192.168.1.1-254
nmapparse.pl - ( paul@pauldotcom.com )
--------------------------------------------------
Hostname : hunggar.pauldotcom.com
Address : 192.168.1.55
Service : 80 (http) HP Jetdirect httpd
-------------------------------------
Hostname : longfist.pauldotcom.com
Address : 192.168.1.30
Service : 80 (http-mgmt) HP LaserJet Embedded webserver: Agranat-EmWeb 5.2.6
-------------------------------------
Hostname : wingchun.pauldotcom.com
Address : 192.168.1.16
Service : 80 (http) HP JetDirect printer webadmin HP-ChaiServer 3.0
-------------------------------------
Hostname : bagua.pauldotcom.com
Address : 192.168.1.98
Service : 80 (http) AXIS 1440 print server http config
-------------------------------------
Hostname : choylayfut.pauldotcom.com
Address : 192.168.1.88
Service : 80 (http) Apache httpd 1.3.22 (Unix) mod_perl/1.25
-------------------------------------

It was pretty easy to code up and make it look pretty. There is a lot more that could be added here, and NmapParse makes it pretty easy to do so. If you modify it, or create your own script please share it with the rest of us!

Download the full script here

Happy Nmaping!

.com

Introduction

Nmap is an extremely powerful tool for portscanning. However, its primary job is not to make the output look pretty, which is why it will output to XML where you can use a neat little perl library called NmapParse. New features will even allow you to call nmap from within your perl script.

The Problem

So lets say that you want to scan an entire subnet and look for web servers in preparation for putting it behind a firewall. You could just run nmap and look for open ports 80 and 443. It would be difficult to distinguish public web servers, printers, and any other device that runs a web server. For this you need to use the Nmap option "-sV" to grab the banner. You then want to have some grepable output to produce some sort of report for the local admin or for your own purpose (like a penetration test). The Nmap command to do this would be:

nmap -sV -oG report.out -p 80,443 192.168.1.1-254

The results are pretty ugly as most of us have recognized. The fields are separated by "/" and the number of fields tends to vary making it difficult to parse reliably.

Host: 192.168.1.16 (snowblood.pauldotcom.com) Ports: 80/open/tcp//http?///, 443/closed/tcp//https///
Host: 192.168.1.87 (zatoichi.pauldotcom.com) Ports: 80/open/tcp//http//Microsoft IIS webserver 5.0/, 443/closed/tcp//https///
Host: 192.168.1.140 (azumi.pauldotcom.com) Ports: 80/open/tcp//http//Apache httpd 1.3.33 ((Darwin) mod_jk|1.2.2)/, 443/filtered/tcp//https///
Host: 192.168.1.141 (izo.pauldotcom.com) Ports: 80/open/tcp//http?///, 443/filtered/tcp//https///
Host: 192.168.1.15 (shinobi.pauldotcom.com) Ports: 80/open/tcp//http//Apache httpd 1.3.28 ((Unix))/, 443/closed/tcp//https///

Using NmapParse

You can download NmapParse from their web site at http://npx.sourceforge.net/. The most recent versions are much improved, and even include functions to run nmap from within your perl script. This makes it easy to run a scan and parse the results, now we don't have to save out an xml file to parse, making for a much cleaner solution. My script, as ugly as it is, seems to work pretty good:

# ./nmapparse.pl -i 192.168.1.1-254
nmapparse.pl - ( paul@pauldotcom.com )
--------------------------------------------------
Hostname : hunggar.pauldotcom.com
Address : 192.168.1.55
Service : 80 (http) HP Jetdirect httpd
-------------------------------------
Hostname : longfist.pauldotcom.com
Address : 192.168.1.30
Service : 80 (http-mgmt) HP LaserJet Embedded webserver: Agranat-EmWeb 5.2.6
-------------------------------------
Hostname : wingchun.pauldotcom.com
Address : 192.168.1.16
Service : 80 (http) HP JetDirect printer webadmin HP-ChaiServer 3.0
-------------------------------------
Hostname : bagua.pauldotcom.com
Address : 192.168.1.98
Service : 80 (http) AXIS 1440 print server http config
-------------------------------------
Hostname : choylayfut.pauldotcom.com
Address : 192.168.1.88
Service : 80 (http) Apache httpd 1.3.22 (Unix) mod_perl/1.25
-------------------------------------

It was pretty easy to code up and make it look pretty. There is a lot more that could be added here, and NmapParse makes it pretty easy to do so. If you modify it, or create your own script please share it with the rest of us!

Download the full script here

Happy Nmaping!

.com

Live from the PaulDotCom Security Weekly Studio....

UPDATE: Video version has been added. NEW RULE: No more beer drinking during PaulDotCom Security Weekly TV. No really, I'm serious this time!

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• Its not Twitchy's birthday this week
• Smurf attacks are not so sweet
• Our first audio comment!
• Here are some good Bluetooth Links, Thanks Christian!
• Hacking into voice mail, using good voice mail passwords
• Please leave us feedback in the iTunes Store!
• Detecting botnets from Sana Security, anyone using this product?
• Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download

Video Feeds:

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

UPDATE: Video version has been added. NEW RULE: No more beer drinking during PaulDotCom Security Weekly TV. No really, I'm serious this time!

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• Its not Twitchy's birthday this week
• Smurf attacks are not so sweet
• Our first audio comment!
• Here are some good Bluetooth Links, Thanks Christian!
• Hacking into voice mail, using good voice mail passwords
• Please leave us feedback in the iTunes Store!
• Detecting botnets from Sana Security, anyone using this product?
• Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download

Video Feeds:

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

Note: Video has been added! Larry and I give a demo of Kismac.

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Last weeks winner was William Day, congrats!
• Please go update our frapper map!
• Using Cain & Abel properly
• mwcollectd, nepetheses, and differences between "Security Ninja" and "Ninja Fan"
• Larry give us the update from SANS Orlando 2006
• Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy", Martin McKeay
Email: psw@pauldotcom.com

(The show is getting long again, we apologize and will try for a shorter show next week, promise)

Direct Audio Download
Direct Video Download

Video Feeds:

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

Note: Video has been added! Larry and I give a demo of Kismac.

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Last weeks winner was William Day, congrats!
• Please go update our frapper map!
• Using Cain & Abel properly
• mwcollectd, nepetheses, and differences between "Security Ninja" and "Ninja Fan"
• Larry give us the update from SANS Orlando 2006
• Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy", Martin McKeay
Email: psw@pauldotcom.com

(The show is getting long again, we apologize and will try for a shorter show next week, promise)

Direct Audio Download
Direct Video Download

Video Feeds:

Audio Feeds:

We at PaulDotCom security weekly listen to many podcasts in an attempt to assimilate as much information as possible. Each podcast we listen to has its own strengths, and there are few on this list that I would dismiss altogether, but I'll let you be the judge. There have been a few other blog postings related to security podcasts:

• Hack Media: Security podcasts, by Eliot Phillips
• What are you listening to?, by Martin McKeay
• IT security podcasts you can't miss, by Roger A. Grimes

What follows is an attempt to be a comprehensive list of what we've found out there, so if we miss something, just let us know!

Audio

NOTE: The link for cyberspeak was incorrect and I fixed it.

• PaulDotCom Security Weekly - This is our podcast. If you are already a listener, we thank you profusely, if you are not, give us a try and let us know what you think. We are really just out to have fun and hopefully educate people at the same time.
• Security Now! - Steve Gibson and Leo Laporte talk about security topics. They did a great job covering different VPN options for home users. Steve tends to talk, a lot, and gets into trouble sometimes. I think Leo is learning more about networking than he bargained for, and continues to impress me with his professionalism.
• SABAG Security - Two employees of Mcafee do their take on a security podcast. Its very heavily Mcafee and malware/virus focused.
• Cyberspeak - I just started listening to this one again, and really enjoyed their interview with Bruce Potter. Their a down-to-earth couple of guys that talk about security, with a focus on forensics and investigation.
• Sploitcast - These are a great bunch of guys who do a great job covering various security topics. And one of the dudes mom is a security geek!
• Binrev - An underground take on security, they have a great discussion on IRC and many other hacker topics.
• Basenet Radio - If you prefer the "adolescent" approach to security/geek podcasting then this one is for you.
• PLA (Phone Losers of America) Radio - Some may question the value of this podcast beyond great entertainment, however it is a really good example of how easy it is to socially engineer people.
• Crypto-Gram Security Podcast - If you prefer to have Schnier's newsletter read to you, then this podcast is for you.
• Liveammo: Digital Forensics & Hacking Investigations - Haven't had a chance to listen to this one yet, but supposed to have some good forensics information.
• The Security Catalyst - A CISSP view of the security world, lots of info on the policy and non-techie stuff.
• Martin McKeay's Network Security Podcast - Our good buddy Martin Mckeay talks security, vulnerabilities, and general security information. He also has a roundtable series that is pretty interesting. Martin also has a security blog at Computerworld.
• A Day in the Life of an Information Security Investigator - Security Monkey Podcast - Since scrap has left the show its more enjoyable (nothing against scrap, but he scrambled his voice so it felt like I was listening to a serial murderer talk security!). Good information on security investigations.
• Security Wire Weekly - A short, very down-to-business, summary of IT security news.
• CSO Magazine Podcast - Haven't listened to enough of this one to comment, but sounds like an NPR approach to security news.
• Blue Box Podcast - All VoIP security all the time. A good podcast, but very narrow focus.
• Hacker Voice Radio - British folk talk hacking.
• T.W.A.T. Radio - This used to be a daily podcast that produced all sorts of tech and security tips, however they have not produced content in a while. However, just today they released a really good one on WRT54G hacking.

• Infonomicon TV - Great hacking tutorial show, everything from hacking printers to making custom handsets for your cell phone.
• Hak.5 - Very well done professional show on hacking, they even stop segments and say, "You are on your own from here because this violates DMCA".
• The Packet Sniffers - Some great interviews with hackers from 2600 conferences.

We at PaulDotCom security weekly listen to many podcasts in an attempt to assimilate as much information as possible. Each podcast we listen to has its own strengths, and there are few on this list that I would dismiss altogether, but I'll let you be the judge. There have been a few other blog postings related to security podcasts:

• Hack Media: Security podcasts, by Eliot Phillips
• What are you listening to?, by Martin McKeay
• IT security podcasts you can't miss, by Roger A. Grimes

What follows is an attempt to be a comprehensive list of what we've found out there, so if we miss something, just let us know!

Audio

NOTE: The link for cyberspeak was incorrect and I fixed it.

• PaulDotCom Security Weekly - This is our podcast. If you are already a listener, we thank you profusely, if you are not, give us a try and let us know what you think. We are really just out to have fun and hopefully educate people at the same time.
• Security Now! - Steve Gibson and Leo Laporte talk about security topics. They did a great job covering different VPN options for home users. Steve tends to talk, a lot, and gets into trouble sometimes. I think Leo is learning more about networking than he bargained for, and continues to impress me with his professionalism.
• SABAG Security - Two employees of Mcafee do their take on a security podcast. Its very heavily Mcafee and malware/virus focused.
• Cyberspeak - I just started listening to this one again, and really enjoyed their interview with Bruce Potter. Their a down-to-earth couple of guys that talk about security, with a focus on forensics and investigation.
• Sploitcast - These are a great bunch of guys who do a great job covering various security topics. And one of the dudes mom is a security geek!
• Binrev - An underground take on security, they have a great discussion on IRC and many other hacker topics.
• Basenet Radio - If you prefer the "adolescent" approach to security/geek podcasting then this one is for you.
• PLA (Phone Losers of America) Radio - Some may question the value of this podcast beyond great entertainment, however it is a really good example of how easy it is to socially engineer people.
• Crypto-Gram Security Podcast - If you prefer to have Schnier's newsletter read to you, then this podcast is for you.
• Liveammo: Digital Forensics & Hacking Investigations - Haven't had a chance to listen to this one yet, but supposed to have some good forensics information.
• The Security Catalyst - A CISSP view of the security world, lots of info on the policy and non-techie stuff.
• Martin McKeay's Network Security Podcast - Our good buddy Martin Mckeay talks security, vulnerabilities, and general security information. He also has a roundtable series that is pretty interesting. Martin also has a security blog at Computerworld.
• A Day in the Life of an Information Security Investigator - Security Monkey Podcast - Since scrap has left the show its more enjoyable (nothing against scrap, but he scrambled his voice so it felt like I was listening to a serial murderer talk security!). Good information on security investigations.
• Security Wire Weekly - A short, very down-to-business, summary of IT security news.
• CSO Magazine Podcast - Haven't listened to enough of this one to comment, but sounds like an NPR approach to security news.
• Blue Box Podcast - All VoIP security all the time. A good podcast, but very narrow focus.
• Hacker Voice Radio - British folk talk hacking.
• T.W.A.T. Radio - This used to be a daily podcast that produced all sorts of tech and security tips, however they have not produced content in a while. However, just today they released a really good one on WRT54G hacking.

• Infonomicon TV - Great hacking tutorial show, everything from hacking printers to making custom handsets for your cell phone.
• Hak.5 - Very well done professional show on hacking, they even stop segments and say, "You are on your own from here because this violates DMCA".
• The Packet Sniffers - Some great interviews with hackers from 2600 conferences.