Those of you out there who have ever moved know that it isn't always the most fun experience, but one of those things you just gotta do in life. Some may also know that it doesn't always go so well :) We are experiencing "technical difficulties" with our moving process to say the least.

So, how does this relate to computer security? It doesn't really, but I feel better "blogging" about it :) Also, the podcast, TV show, and consulting business won't be operational until sometime late next week as myself and the rest of the crew tackle life, wiring/networking, and racking servers. This only affects our labs and podcast studio, all web pages, audio, and video content will be available.

We are looking forward to getting back to business in our new location, both my family, the entire podcast team, and those that help out with the consulting business. We have so much good stuff still to come, such as our one-year podcast anniversary special, special articles, two more TV show episodes in the works, a new web site hosting company complete with many new web site upgrades, and more!

Speaking of which, if you are a web developer and have experience with CSS and Movable type please drop us a note, we are interesting in speaking with you (psw /at/ pauldotcom.com).

For now, enjoy the latest AirPwn video and stay tuned!

.com

We are proud to annouce the latest episode of PaulDotCom Security Weekly TV. This is a special edition devoted entirely to Airpwn, a wireless HTTP injection tool.

Direct Video Download

Airpwn Show Notes

Video Feeds:

Enjoy!

.com

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by Astaro, Astaro Security Gateway line of network security appliances. Listen to the show for a special offer!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin

Email: psw@pauldotcom.com

Direct Audio Download

(Bandwidth provided by OSHEAN)

Audio Feeds:

The the live stream should be active about 6:00 PM EST, today, Thursday October 17th. We should begin recording the live show at about 7:00 PM EST. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

When active, the live stream can be found at:

http://hydrogen.oshean.org:8000

Before we record the show (while we prepare), we will put some music on the stream. This week, we'll be playing some more of our favorite DJ, DJ Jackalope

Please join us, and thanks for listening!

- Larry

According to a study released by Nucleus Research and KnowledgeStorm, 1 in 3 users write their passwords down.

This of course opens a method to have that password disclosed accidentally. Give your uses some good tips on how to create good passwords that they can remember, and not need to write down!

Now why the yellow Post-it Note? Well, what is convenient, small, and easily posted somewhere? You guessed it. Guess what is also the first thing I look for on a dumpster diving expedition? Post-it Note Gold!

- Larry

A few days ago Fyodor of Nmap fame (yes, that Fyodor) posted to the nmap-hackers mailing list that he was making nmap 4.20 ALPHA 9 available for download on the Nmap download page.

So, why is this important?

In the new 4.20 version Fyodor and Zhao Lei have completely re-written the OS detection engine of Nmap. As a result the new OS detection database only contained 71 OS signatures (at the time of his post), compared to 1684 in the previous version. He's asking for our help in submitting new signatures, when you know what the target machine is. He's also happily accepting corrections when Nmap makes guesses.

Now, we all love and use Nmap, right? Go download the 4.20ALPHA9 and give it a go. This is the perfect opportunity of us to help the project along with new OS detection signatures.

Don't forget to check out all of the other new features as well, and check out the paper/documentation on how the new OS detection works in Nmap.

Thanks Fyodor!

- Larry

Live from the PaulDotCom Security Weekly Studio....

Paul, Larry, Joe, and Twitchy take on listener questions and feedback. Be certain to send us your questions!

Skype: pauldotcom Phone: 401.369.9820

Listener Feedback Episode 3 Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" DePetrillo, Joe "Mr C" Conlin
Email: psw@pauldotcom.com

Direct Download

(Bandwidth provided by OSHEAN)

Audio Feeds:

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by Astaro, Astaro Security Gateway line of network security appliances. Listen to the show for a special offer!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com

Direct Audio Download

(Bandwidth provided by OSHEAN)

Audio Feeds:

The the live stream should be active about 5:30 PM EST, today, Thursday October 12th. We should begin recording the live show at about 6:30 PM EST, and we should then move into our listener feedback show (with a possible break for dinner0. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

When active, the live stream can be found at:

http://hydrogen.oshean.org:8000

Before we record the show (while we prepare), we will put some music on the stream. This week, we'll be playing the club and lounge mixes from TAO in Las Vegas. If we need to put some music on during dinner, we will move on to more albums from TAO as well.

Please join us, and thanks for listening!

- Larry

John Bambenek had a great post over at the ISC a few days ago about the importance of patching and mitigating against "passive exploits" (i.e. Man in the Middle attacks, KARMA, Airpwn, etc). John certainly raises some very good points, and I agree with him whole heartedly. As security professionals, we need to remain vigilant in protecting and patching against these threats.

However I'd like to disagree with a few points. I'm not of the belief that passive attacks limit the attacker to a geographic location.

Take this theoretical example: I'm an evil hacker somewhere in Europe (apologies in advance to our European readers), and I happen to compromise some defenses at some coffee shop in the Midwest USA (apologies...). Now, through the compromised coffee shop network, I'm able to configure their servers and or firewall to do my bidding, such as MiTM attacks. I'm also able to discover that the wireless APs that the coffee shop is using, have some sort of open source component to them in which I can port some of those passive attack tools too - say KARMA or Airpwn.

What about compromising the clients attached to the coffee shop wireless network directly? Compromise those hosts, upload a Virtual Machine and set up KARMA and/or Airpwn on the VM running on a victim. Now when those victims leave the coffee shop and fire up their laptop elsewhere, their geographic location has changed, and is now compromising more hosts.

Now, those examples do pose some significant technical problems: Lack of appropriate drivers and code to make those attacks work on Access Points, small, hide-able VMs with appropriate PCMCIA support, etc. But, isn't our job to think about the future? I can see a works when, in some shape or form, all of those technological hurdles will not exist.

Let's start thinking about these type of threats NOW, instead of reacting to them later. In a world where everything has wireless, and everything is internet connected, doesn't the example seem reasonable? Please share your thoughts.

- Larry

Live from Las Vegas, SANS Network Security 2006!

Thank you to all those who attended, we had a blast!

Special thanks to BlackDrag0n for coming out to help and hang out! We would also like to thank Steve, Alyson, and the entire SANS staff. Everyone was truly awesome...

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" DePetrillo, "The Mason"
Email: psw@pauldotcom.com

Direct Audio Download

(Bandwidth provided by OSHEAN)

Audio Feeds: