Yet another PaulDotCom Security Weekly Drunken Security News! Can I Stop Typing In Caps Yet?
Please follow along at home and check out the show notes to see the stories that Paul, Larry, Jack and Allison have decided to talk about this week! Additionally, have you heard yet that Paul is putting on BSides Rhode Island? Got your ticket yet? Plus, Larry is teaching SEC616 for SANS in May in sunny San Diego. Don't miss that!
And did you check out the latest HackNaked TV by John Strand? It's an introduction to getting started with Recon-NG the new tool by Tim Tomes. If you've ever wanted a great reconnaissance tool that feels a bit like Metasploit, then give Recon-NG a try.
What are the guys busting Steve the Engineers chops about at the beginning? They thought that Steve had deleted the just-completed interview with Bill Cheswick. Much to Paul's pleasant surprise, the raw video survived and we have the interview available for you.
Paul found a story about upgrading a router by removing chips and resoldering new ones and additional ones back on. Want an overview of how this works? Larry educates us on the necessary tools and techniques. Remember, it's all about the tip size and always practice on hardware you don't care about as it's likely you'll screw it up the first time you try.
Larry also discovered the "Dave" video. Dave is a Belgian mindreader that brings people in off the street, into his New Age-y looking tent, invokes various dances, chants and feels people's energy. In the end, he is able to determine what seems like way too much personal information about these strangers. How does Dave do it? I won't reveal the trick here, but you can see the two and half minute video on YouTube for yourself. Be careful out there.
Jack gives a shoutout to Rackspace for taking on the patent trolls and Allison finds an ISP in Texas that is injecting ads in their customers' traffic. She also wonders what would happen if a customers, seeing these ads, were to simply click on them incessantly, driving up the cost to the advertisers, defeating the purpose of the advertising budget.
Hey, you know that whole "hacking back", offensive countermeasures thing? Yeah, so a guy in Russia actually tried it as we know everything's legal in Russia, right? He set up a honeypot on one of his machines that loaded malware on your machine if you went to it. Ok, maybe that doesn't sound very nice, but the only way you could get into it is if you did some SQL injection on the box. So it's not like the people affected had innocent intentions.
If you're reading this far, you're probably a security practitioner to some degree and you're aware of ATM skimmers and give an extra look for them. But do you look anywhere else other than ATMs? Skimmers are starting to pop up in all kinds of credit card terminals from the local grocery store to taxis. So be aware and maybe just pay cash.
Other stories include farting on servers, dressing like a cyberwarrior, the return of Archer and Arrested Development, sniffing, scapy and getting the government to hire security professionals who may not exactly have a pristine past.
See you next week with Mandiant's CSO Richard Bejtlich!