Register for PaulDotCom training at Blackhat USA: Defensive Countermeasures: Foundations for Becoming a Devious Defender & Offensive Countermeasures: The Art Of Active Defense July 27-28 & 29-30.
- Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
- Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
- Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 152 - May 14, 2009
- 2009 South Florida ISSA Conference and Exhibition - June 24th Learn more!
- SANS Security Europe: SEC 504 in Amsterdam with Larry. May 18th-23rd
- SANS Pentest Summit! Vegas Baby! Paul, Larry, John presenting. June 1st - 2nd
- Feeling cold? Want to be the envy of geeks everywhere? Look no further!
- DEFCON! The Poetry Jam is back with more even more snark!
Special Guest: Tom "Agent0x0" Eston
Tom is a security affectionado, penetration tester, social media security researcher, blogger, and co-host of the Security Justice podcast. He joins us to discuss Social Network Bots.
Tom's Notacon Presentation: How do you know that last friend request or Twitter follower was an actual live human being? The truth is ... you don't!
- How did you get started in infosec?
- How do we know we're not talking to a Bot?
- Can you prove you are not a Bot?
- What's the criteria for determining Bot or Not?
- Any good submissions for socialnetworkbots.com ?
- When you're not being a Bot (we didn't believe you) what are some security topics do you like to explore?
- Talk about your BlackBerry Facebook app analysis. (this is hot info!)
- Is social engineering in social networks new? Or just taking the old game to a new level?
- If you could wave a magic wand to change anything about social networks (or infosec in general) what would it be?
- What do you see as the next step(s) in social network bot evolution?
Tech Segment: sqlmap John Strand
From the Project Page: sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.
The full text and video of John's discussion can be found here.
Stories For Discussion
- SSLStrip write up and video!
- Social Media Pwns - [Larry] - ...and does it better than more traditional types of attacks. Nothing like giving on open API to malware developers and a legitimate method of delivery. apparently it is 10 times more successful to utilize social media to compromise machines, than sending e-mails and compromising websites.
- CAPTCHA your router - [Larry] - D-Link is including a CAPTCHA for login for their new router firmware. Wait, haven't CAPTCHAs been broken already? Sounds like a stopgap measure to addressing the real problem, or at least a starting point.
- Legality of GPS tracking - [Larry] Looks like things re starting to shape up on law enforcement ability to use GPS tracking. NY judges says no, but Wisconsin says yes.
- Make your phone the password - [Larry] Use your bluetooth on your phone as a proximity credential mechanism. In my opinion, you sill need to use a good password with this, but what about the vulnerabilities that you introduce by enabling Bluetooth? I love the demo video - they use the ultra secure pairing code of 1234.
- Hackers on Campus - Not what you think - [Larry] - A great discussion of University Students hacking the Magstripe Access control and payment systems at several universities. This stuff can happen to you in your organization with magstripe technology if not properly implemented.
- US Cyber Command - [John] - The US is looking to develop offensive Cyber Security chops. It will be interesting to see how this develops for the next US military confrontation.
- I hear the HIPAA train a comin' - [John] - Virginia Prescription Monitoring Program had a nice security breach. This story even has ransom in it. The attacker in question says that he/she/it has 8 million records.
- Finally, a patch for the PowerPoint 0 day - [John] - I know this horse is dead... But, dont you think it is time to go brush up on your metadata-fu?
- Security might be a drag for new power grid - [Mick] - New power grid: I can has security? DoE: Maybe not so much...
- DMCA/copyright warnings invalid? - [Mick] - the way BayTSP has been sending warnings are so insecure that one could make a claim they never got the notification. Not a good idea to use this as your only defense though. ;-)
- ipsec-tools NULL pointer dereference DoS - [PaulDotCom] - DoS, really? Haven't we covered this? DoS can equal execution. Now, I am not the worlds most foremost expert on this topic, however whenever developers analyze this kind of bug, they just say its a DoS. Then a really smart exploit developer comes along and says, "Hey look, remote code execution". I have seen this so many times, that DoS now makes me highly skeptical, and it should do the same for you.
- OS X - Multiple Vulns - [PaulDotCom] - I think will rant on Apple for not releasing more frequent security alerts until it changes. This stinks! Why do they wait until they have 30 security vulns to do a release? I want them when you fix them, not when you feel like releasing them. I feel, so, so, vulnerable! Like, how many were put off until the next patch cycle? And when is the next cycle?
- How do you defend against zero day? - [PaulDotCom] - Here's the thing, attackers will always have a zero day. Okay, maybe not 100% of the time, but when given a choice, and attacker will use a zero day. How do you defend yourself against this threat? Dilligence, penetration testing, system hardening, and procedures to start. You have to always take into account that a system, when faced with attacks, will get pwned. Whether this is a zero day, weak password, re-used password obtained from a system with known vulnerabilities, or just inherently breaking the system, it will get pwned. Then what do you do?
- Love THis Story On Social Engineering - [PaulDotCom] - This guy socially engineered his way into a company and worked there for 5 DAYS! Talk about having confidence! Oh, and I thought this was funny too, "9,000 USB sticks have been found at laundrettes in the past year; left in pockets when clothes are taken to be dry-cleaned." Now, I've put my share of USB thumb drives through the wash, and they work just fine. Also, imagine what kind of good stuff you can find on thumb drives? Encrypt your data, use Ironkey (they also go through the wash really well).
- CAPTCHA For Router Login - [PaulDotCom] - Way to go D-Link! Nice to see a vendor take security seriously and implement this. This will help prevent CSRF attacks, oh wait, no it won't because that happens post-authentication! Certainly this will help prevent default passwords from being used? Right? Oh wait, the attacker just needs to read the CAPTCHA, and certainly this can be automated, and has been by lots of malware. Sorry D-Link, you my friends.....FAIL!!
- China Deploys FreeBSD as Hardened Server OS - [PaulDotCom] - Wow, this is just ridiculous. Why does everyone point the finger at China and say, "OMG, you're starting cyberwar!", when there is no evidence of this? Credit to Ranum, I'm believing that cyberwar is bullshit. Like so how does creating a hardened OS put them in a cyber defensive position? What, you're not going to run apps on your servers? Also, I love this, "Currently FreeBSD has no stack or heap overflow mitigation beyond thread stacks and the heap being mapped non-executable (main process stack is executable because of the way that signal handling is implemented). " So like, you'd be better off with Win2k3 right?
Other Stories Of Interest
- My next car will run on BACON!! - [Mick] - Bacon as a biofuel? Woot!