Live from the PaulDotCom Security Weekly Studio....
We had two special guests on the show, Kevin Amorin from Harvard and co-deveoper of Packet Fence, and Martin Mckeay of the Network Security Podcast.
This episode was also broadcast over SkypeCast, so look for us each week when we record. It will also be announced in our IRC chatroom #pauldotcom on Freenode (irc.freenode.net).
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
- Please go update our frapper map!
- Help us get a cool logo and slogan! Go to our contest page and read all about how you can win free Snort gear and a one-year subscription to VRT rules. Sponsored by Sourcefire
- Full Show Notes
Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com
Direct Audio Download
No video this week...
"SCORE! Get the lotion!" alerts on users surfing porn, appeared in snort 1.8.2 and can be found in the file classification.config.
Small correction, kick-ass porn is the classification.
The classification is "kickass-porn" and the file you would have to edit is "classification.config"
Site: http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=13
QOTW answer:
kickass-porn and classification.config.
Enjoy the lotion guys ;-)
config classification: kickass-porn,SCORE! Get the lotion!
The classification is porn and the config file to edit is :
classification.config
Info from http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=13
really good doco from those gentoo folk
Syngress QOTW
Part 1 - config classification: kickass-porn,SCORE! Get the lotion!,1
Part 2 - classification.config
-jhs
www.johnhsawyer.com
based on this: http://www.gentoo.org/doc/ro/security/shb-intrusion.xml?glang=ro the answer would be: kickass-porn and the file you should edit is /etc/snort/classification.config
In older version of snort the classification is:
config classification: kickass-porn,SCORE! Get the lotion!,1
The file to edit to change this message to an office friendly message is
/etc/snort/classification.config
This answer was taken from:
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=13
The classification would be kickass-porn, and to change the message you would have to edit the classification.config file.
Just some feedback from a junior AV analyst :)
You were talking about web "hacking" tools, so here are a few which I've found usefull in my prior life (when I was a web "security" man):
These two are Firefox addons:
http://livehttpheaders.mozdev.org/
https://addons.mozilla.org/firefox/966/
Now some standalone programs:
http://www.portswigger.net/suite/
http://www.parosproxy.org/index.shtml
And an informative page:
http://ha.ckers.org/xss.html
Also the guy over at MightySeek (http://www.mightyseek.com/) did a show about SQL injection which is kind of basic but should be a good primer for anyone interested in this stuff. Now regarding the "AV companies making viruses": I don't believe this to be true, because there is enough malware out there to keep us entertained for the next 100 years :). And yes, most of the malware is very primitive and is based on (stupid) tutorials found on the net.
Keep up the good work guys. Also if you have questions regarding the AV industry, don't hesitate to contact me (should point out though that I'm still a jr. analyst and possibly I don't have a deep insight in future trends, etc)
Hey guys! Great podcast as usual. If you still have your Stealing the Network books around, I believe that in the first book (how to own the box) there is an example of this type of attack, and includes some of Paul's favorite - Printer Hacking!. And the vulnerable system is in a university setting.
Have a good one!
Hey, you guys every consider dialing down the bitrate on your podcasts? (Love the show BTW)