Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• You should register for SANS Las Vegas 2006, we will be there doing a live show!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

The the live stream should be active about 5:30 PM EST, today, Thursday September 26th. We should begin recording the live show at about 6:30 PM EST. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

When active, the live stream can be found at:

http://hydrogen.oshean.org:8000

Before we record the show, we will put some music on the stream. This week, Larry was a moron and forgot his CDs. But never fail, this week we will have Nervous Wreck from DJ Jackalope, as featured on the DEFCON 14 DVD. If there is additional time, we'll move into her DEFCON 14 B&W ball performance.

Please join us, and thanks for listening!

- Larry

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• You should register for SANS Las Vegas 2006, we will be there doing a live show!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com

Direct Audio Download

The PaulDotCom "empire" has grown considerably over the last year, and our current ISP is having issues delivering the support and reliability that we need. So, as a result, we are on the hunt for a new ISP.

We are looking for recommendations for STABLE ISPs that you have had good luck with, and that are affordable. Here are a list of our demands requirements:

- SSL-IMAP
- SSL/SMTP-AUTH
- SSH/SCP Access
- Some support with Movable Type
- MySQL (for Movable Type)
- Decent web space (we are NOT hosting the PaulDotCom mp3s and video with the new host, just the blog and associated files.
- Multiple domain support
- Monthly transfers of 40 gig/month or larger.

Please, if you have any recommendations that meet these requirements, please post to this entry or send us e-mail to psw@pauldotcom.com

- Larry

So, it looks like we told you so... Remember our video?

Apple has just released patches for Apple Airport drivers for both PPC and Intel platforms. Check out the advisory.

Oh, and go Digg this story while you are at it.

- Larry

UPDATE: Fixed the broken link. Sorry!

Today, Larry is speaking on an Infoworld Webcast on improving vulnerability management with penetration testing with John Pescatore from Gartner (yes, he did declare IDS dead), and Allan Paller from SANS.

The Webcast takes place at 2PM EST, and pre-registration is required. If you would like to join in, please use this link.

Please come give it a listen!

- Larry

So, as many of you know, the PaulDotCom Security Weekly crew will be traveling to Las Vegas in the coming weeks to do our live show. We have some equipment and promotional items to bring and we wanted to be certain that we would make it through security. So, we did some research. What we found on TSA's Permitted and Prohibited Items List exemplifies how ineffective our airline security measures are, and just how freaking stupid it all is:

• Be certain to leave those "Shampoos and conditioners" in your checked baggage, but feel free to take your 12" "Knitting and Crochet Needles".
• For all those who suffer from chapped lips leave your "Lip gels such as Carmex or Blistex" but feel free to take your "Screwdrivers (seven inches or less in length)"
• For those camping be certain not to put "Bug and mosquito sprays and repellents" in your carry-on, but feel free to take your "Cigar Cutters".
• Hope you don't get stuck for too long at the airport because you carry-on needs to be free of "Mouthwash" and "Toothpaste". Good thing we can still bring that bottle of wine and "Corkscrews".

Bruce Schneier has some of the best commentary in his blog posting titled "More Than 10 Ways to Avoid the Next 9/11". In it he writes:

Rather than spending money on airline security, or sports stadium security -- measures that require us to guess the plot correctly in order to be effective -- we’re better off spending money on measures that are effective regardless of the plot. Intelligence and investigation have kept us safe from terrorism in the past, and will continue to do so in the future.

I couldn't agree more.

For more airline entertainment, check out this article at The Onion.

Paul.com

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• You should register for SANS Las Vegas 2006, we will be there doing a live show!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com

Direct Audio Download
No Video This Week, we are very close to releasing the next episode, which is almost done with the editing.

We choose our sponsors because they make products that we use in our lives as information security professionals. We enjoy many of the Syngress titles and believe that they produce some awesome, very timely, publications.

Syngress has put together a promitional video that showcases some of their authors, you can find it here:

Google Video

It includes authors such as Bruce Potter and others giving their thoughts on information security issues such as passwords and trusted computing. Check it out!

Paul.com

We are proud to annouce the latest episode of PaulDotCom Security Weekly TV. This is a special edition devoted entirely to Karma. Karma is a fantastic wireless assessment tool that we felt everyone should know more about (Thanks Dino!).

Direct Video Download

Here are some supplemental links:

Karma Home Page
Larry's Guide to Karma on Ubuntu
dnsspoof (Dsniff)

Video Feeds:

Enjoy!

.com

We all love Twitchy. But where does the name come from?

twitchy
adj. twitch·i·er, twitch·i·est
1. Characterized by jerky or spasmodic motion: the twitchy whiskers of a cat.
2. Nervous; jittery.

Apparently we're not the only ones who have Twitchy:

• The Twitchy Vibrator
• Twitchy The Squirrel
• The Itchy Twitchy Song
• Twitchy The Mouse

Of course, you can always find interesting twitchy facts at TwitchyFacts.com

Got more twitchy references? Send them to psw /at/ pauldotcom.com.

Enjoy the Twitchyness!

Paul.com

The the live stream should be active about 5:30 PM EST on this friday, September 15th. We should begin recording the live show at about 7:00PM EST. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

When active, the live stream can be found at:

http://hydrogen.oshean.org:8000

Before we record the show, we will put some music on the stream. This week, we've gone old school, and even more old school! The first album is Robert Miles Dreamland, and if time allows, Emergency Broadcast Network Telecommunication Breakdown.

Please join us, and thanks for listening!

- Larry

We had the pleasure of interviewing Chris Hurley, founder of the World Wide Wireless War Drive, and author of many computer security books, including "War Driving & Wireless Penetration Testing". We talked with Chris about:

• War Driving & Wireless War Driving Setups
• Wireless Driver Vulnerabilities
• Municipal WiFi, California Wireless Legislation
• Identity Theft
• Information Security Careers
• Wireless Penetration Testing

Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian
Email: psw@pauldotcom.com

Direct Download

We at PaulDotCom Security weekly would like to take this day as a timeout. Stopping the presses, no podcasts, no videos, no blog postings. Take a moment to remember this day, those who died, and those who gave their lives trying to save others.

We will return tomorrow to our regularly scheduled programming.

The PaulDotCom Security Weekly Crew

Many of us are aware of the current situation with wireless driver vulnerabilities. We wanted to be certain that our thoughts and beliefs were conveyed in a manner that exemplifies what we are al about here at PaulDotCom Security Weekly. So, we made our own Mac "Make the switch" commercial for your viewing pleasure:

New - Digg This Video

iPod Video Format (10Mb)

Quicktime Video Format (399Mb) - Offline

Google Video - Offline

You Tube - Offline

DivX Video Format - Offline

We have also updated our video feeds:

Video Feeds:

Enjoy!

The PaulDotCom Security Weekly Crew

Live from the PaulDotCom Security Weekly Studio....

Paul, Larry, Joe, and Twitchy take on listener questions and feedback. Be certain to send us your questions!

Skype: pauldotcom
Phone: 401.369.9820

Listener Feedback Episode 2 Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" DePetrillo, Joe "Mr C" Conlin
Email: psw@pauldotcom.com

Direct Download

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• You should register for SANS Las Vegas 2006, we will be there doing a live show!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com

Direct Audio Download
No Video This Week, we are very close to releasing the next episode, which is almost done with the editing.

The the live stream is now active!

http://hydrogen,oshean.org:8000

Before we start, we will be featuring a new CD each week. This week is one of Larry's favorites: United DJs of America Volume 6, Frankie Bones.

We should begin about 7:30 PM with the live show.

or How I Stopped Worrying and Learned to Hate linux-modules-restricted.

Paul and I spent some time a few weeks back trying to get Karma working on my new Ubuntu 6.06 LTS installation. Needless to say we ran into a few problems with the MadWifi-old kernel modules.

For those not in the know, Karma is a great piece of software for demonstrating how insecure open wireless networks are, as well as illustrating problems that can be had by auto probing for insecure wireless networks. Karma uses a patch for the Madwifi-old drivers to answer for ANY open SSID request, and can perform a number of actions - DNS, DHCP as well as HTTP content redirection. The usefulness of such a tool is quite apparent, especially when delivering a demo to those management-types who like pretty pictures. We'll be releasing a video segment of PaulDotCom security Weekly of Karma in the next few weeks.

Paul and I spent a few hours trying to figure out why my installation didn't work, and I proceeded to spend several weeks scouring the internet looking for help to little avail.

I was able to put some of my research to good use, and certainly provided me the right direction. After all of this research I figured that I was not the only one in this predicament. As a result I've documented the steps that I have completed to make Karma work for me under Ubuntu with Madwifi-old. I'd like to release said documentation, so that you can learn from my experiences:

http://www.pauldotcom.com/KarmaUbuntu.pdf

I would certainly consider this a living document. Please, any and all comments and suggestions are greatly appreciated and should be directed to larry@pauldotcom.com

Enjoy, and may Karma be good to you!

- Larry

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• You should register for SANS Las Vegas 2006, we will be there doing a live show!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy", Joe Conlin
Email: psw@pauldotcom.com

Direct Audio Download
No Video This Week, we are working on the next episode, hoping for a September release. We are done shooting and plan to release three new episodes in the coming weeks.