Coming to you LIVE from fabulous Las Vegas, from SANS Network Security 2008!

The stream should be live at about 12:00 AM EDT (midnight!) and we'll begin the interview at about 12:15 AM EDT.

Please keep in mind that these times are all estimates, but we will try to do the best that we can.

Don't forget to join in on the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

Ustream: http://ustream.tv/channel/pauldotcom-security-weekly

Icecast: http://radio.oshean.org:8000

Please join us, and thanks for listening!

- Larry & Paul

For those of you who haven't heard already, friend of the show, Michael Santarcangelo (The Security Catalyst) had his mobile home robbed while he's on US tour with his family taking his security messages on the road. The thieves made off with his computing gear. I have to say that he's been very upfront about his predicament so that we can all learn from his situation; He did lose some data, but for the most part his backup and disaster recovery plan went well. He's deriving a great amount of inspiration for some more security training out of this as well. I have to applaud him on taking some lemons and making lemonade.

I have to admit that the incident has inspired me as well. It got me thinking about some possible issues with mobile workforces. I mean, we all (for the most part) do a pretty good job of securing our assets while they are in our corporate environment; Whole disk encryption, AV, Desktop and Network firewalls...the list goes on. We also have those locked doors, a security guard, alarm system and so forth.

But what happens when someone takes (with permission) that asset, such as a laptop, home to do some work in the evenings, work from home, or visit client sites? What do the employees have for protection? Do they have a network firewall, or do they plug directly in to their cable modem? Do they have a security guard (dog or alarm system at that)? Typically no. Unsecured wireless? Yikes, all of the same things that we've thought about as challenges in the corporate environment, we have think think about "on the road" I see these as some potential issues for security for both data on the machine, as well as a possible connection to the corporate network.

Let's set the scene. Intellectual property gets loaded on to a laptop with fill disk encryption. The employee takes the laptop home to telecommute (which is a regular occurrence), connects the laptop to the home network and initiates the VPN connection (with cached VPN credentials possibly) to the corporate network. the employee decides to take a breath of fresh air with a trip to the local coffee shop for an invigorating mocha-chino. While away form home, a burglar (or attacker in this case) breaks in and has a few minutes to play on the VPN, and so forth. Without full disk encryption, this situation looks like a disaster to me.

So, you are asking, how does the attacker find where the "target" lives to break in? A little Google searching (and maybe even some Maltego action), could turn up a photo sharing service account for the "target". Combine that with a Nokia N95 or iPhone with firmware 2.0 or later, and some nice, geotagged photos get uploaded (such as the one to the right, with output from a nice Firefox greasemonkey script to pull map info from google). Now you know where to search...

Protect your corporate assets on the move! It is hard to make unreasonable requirements of folks at home, so a little education needs to go a long way. Make those corporate assets as secure as possible, and design a policy framework that will appropriateley guard against the high risk areas; include screen saver locking with a short delay, workstation login timeouts, whole disk encryption, VPN activity timeouts and maybe even a good cable lock for good measure, amongst a myriad of other things.

Educate staff about what they share on the internet; in most cases it would be in bad form to restrict what folks do in their spare time.

Best of luck securing your mobile workforce, and Michael, best of luck to you and your family recovering from your ordeal.

- Larry "haxorthematrix" Pesce

We're doing things a little different tonight. We'll be breaking ths show up in to two parts.

The live stream for the news portion of the show should be active about 5:00 PM EDT, Thursday, September 25th. We should begin recording the live show at about 5:10 PM EDT.

We even have a very special guest again this week, Alex Horan from Core Security Technologies (and some other distinguished guests from Core). The stream should be live at about 8:45 PM EDT and we'll begin the interview at about 9:00 PM EDT.

Please keep in mind that these times are all estimates, but we will try to do the best that we can.

Don't forget to join in on the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

Ustream: http://ustream.tv/channel/pauldotcom-security-weekly

Icecast: http://radio.oshean.org:8000

Please join us, and thanks for listening!

- Larry & Paul

Paul & Larry interview Fyodor (Part II), Fyodor critiques Paul's Nmap Foo, and we discuss stories...

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Be sure to check out "Maltego" from Paterva, try the community edition for free!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

All:

The September Late-Breaking Computer Attack Vectors webcast this month will be held on:

Wednesday, September 24, 2008 2:00 pm EDT (GMT -04:00, New York)

Register Here For This Webcast

Summer is coming to a close (okay, I guess summer is over at this point) and we are moving into fall. The weather is a bit chilly, we're all still soaking in all of the juicy research from Blackhat/Defcon, and drinking Octoberfest and maybe even thinking about making some apple pie. So, while you're sipping on some of the finest Octoberfest Germany has to offer, join me while I discuss some of the latest attacks, including:

• Botnets Are Everywhere
• Practical Nmap Tips
• Mobile Malware Examples
• Wireless Router Driver Vulnerabilities
• FAIL Of The Month (FOTM) - How Not To Work From The Coffee Shop

This webcast will run about 45 minutes and I will get excited, probably rant about a few more things, hopefully show you how to do something, and improve your defenses.

One of my rants may even include cable management :)

PaulDotCom

Paul & Larry interview Fyodor, author of Nmap!

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Be sure to check out "Maltego" from Paterva, try the community edition for free!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

This week there has been some breaking news about Vice Presedential candidate Sarah Palin's Yahoo e-mail account becoming compromised. We're not here to discuss the politics, but the security. Part of this story does revolve around the politics; Mrs. Palin has been accused of using free e-mail services to conduct government business - because it is not subject to the same monitoring and archiving as government e-mail.

That's where the inclusion of politics end.

The point that I want to make, is that no matter how hard you try to keep data (or bending of the rules) inside of your organization, at some point, those protections are bound to fail. Why? Because someone always builds a better mouse trap, and someone always builds a better mouse.

As some examples that we've seen in the past, the latest being the e-mail controversy. The government installed the ability to monitor and archive e-mails for accountability, so officials (allegedly) take their e-mail elsewhere. You place epoxy in your USB ports to keep intellectual property internal to the company, and the staff use firewire drives to do the same. You epoxy the firewire, and they e-mail it. You install a (signature based, which is only as good as the signatures) e-mail content scanner, so the staff used places like Amazon S3 to upload that. You block file sharing websites, proxies and so on. The staff set up a server on one of these and use a crossover cable to connect and upload the content. I think you get the drift. The story never ends.

Now, that's not to say that appropriately managing your risk in these type of situations isn't appropriate. By all means, practice defense in depth! Sometimes just a little bit of defense is enough to discourage the casual offender, which may be just enough. No matter how much you defend (to the point of making it too secure, i.e. unusable), that person willing to go the extra mile with the mini-pc and crossover cable will always be willing to go that extra mile.

The point? Evaluate and manage your data ex-filtration to an appropriate level of risk; there is a diminishing level of return! Develop an appropriate and comprehensive method of dealing with a breach when it does happen.

...because it will eventually happen.

- L

The live stream should be active about 6:30 PM EDT, Thursday, September 18th. We should begin recording the live show at about 7:00 PM EDT. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

We even have a very special guest again this week. Fyodor of Nmap fame will be on the show to tell us about scanning the Internet, sexy hacker chicks, and much more!

Don't forget to join in on the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

Ustream: http://ustream.tv/channel/pauldotcom-security-weekly

Icecast: http://radio.oshean.org:8000

Please join us, and thanks for listening!

- Larry & Paul

Paul & Larry discuss stories with the visitor from Kalamazoo, and much more!

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Be sure to check out "Maltego" from Paterva, try the community edition for free!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Paul & Larry interview Jay "MF" Beale, get a visitor from Kalamazoo, and much more!

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Be sure to check out "Maltego" from Paterva, try the community edition for free!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

The live stream should be active about 6:30 PM EDT, Thursday, September 11th. We should begin recording the live show at about 7:00 PM EDT. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

We even have some special guests this week. Tune in to see who!

Don't forget to join in on the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

Ustream: http://ustream.tv/channel/pauldotcom-security-weekly

Icecast: http://radio.oshean.org:8000

Please join us, and thanks for listening!

- Larry & Paul

If you are a regular listener to our podcast, you will remember that Paul and I have just been waiting for the day when all those social media sites will get used for malware. Of course, Myspace, in our oppinion, has been the "wretched hive of scum and villainy" for some time, we have recently seen some issues with Facebook application being used for creating botnets.

While I personally thought that the Facebook botnet was a neat concept; create a "legit app", then update it later to include the bot goodies after lots of people of using it (man, those Scrabulous guys had it ALL wrong!), I must say I was completely underwhelmed by the recent malware distribution by a Twitter account.

This new distribution with Twitter posted a link to a photo gallery, which ultimately included some malware to harvest Orkut credentials. The Twitter post still required manual intervention from the user, and attempted to create some legitimacy of the account by having 17 other followers - all obvious fakes.

I will say that the features (or lack there of) of Twitter, really do make it hard at this point to deliver attacks, due to the lack of third party applications, or scripting in posts. The only attack I can see at this point is something delivered through a malformed image, or in this case through a link that requires user intervention.

Of course automatic URL shortening by Twitter make this easier to get by users...so, the long and the short. Be careful what you click on on Twitter; it could be an exploit, or something NSFW.

Be safe, and don't drink and use social networks.

- Larry "haxorthematrix" Pesce

Paul & Larry interview White Wolf Security and discuss the stories of the week.

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Paul & Larry interview Mike Kershaw, Brad Haines, and Frank Thorton to discuss Kismet, the ultimate open-source wireless monitoring/IDS tool!

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Sponsored by Astaro, download a free trial of the Astaro Security gateway today!
• Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel!
• Full Show Notes

Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

The PaulDotCom Security Weekly Monthly Summaries are the recordings from the monthly Late-Breaking Computer Attack Vectors webcast. This month we I will discuss some of the latest attacks, including:

• Post-exploitation techniques & defense
• Fyoder scans the Internet, finds TELNET!
• Attack between the client and the server
• Social Networks - A tool for all attackers
• Web Application Testing Tips
• FAIL Of The Month (FOTM)

Direct Audio Download

You can download the slides to this presentation here:

August 2008 Monthly Summary Slides

The live stream should be active about 5:15 PM EDT, Thursday, September 4th. We should begin recording the live show at about 5:30 PM EDT. Please keep in mind that these times are all estimates, but we will try to do the best that we can.

We even have some special guests this week. Tune in to see who!

Don't forget to join in on the IRC channel during the stream - we can take live comments and discussion from the channel! Find us on IRC at irc.freenode.net #pauldotcom.

When active, the live stream(s) can be found at:

Ustream: http://ustream.tv/channel/pauldotcom-security-weekly

Icecast: http://radio.oshean.org:8000

Please join us, and thanks for listening!

- Larry & Paul