Register for PaulDotCom training at Blackhat USA: Defensive Countermeasures: Foundations for Becoming a Devious Defender & Offensive Countermeasures: The Art Of Active Defense July 27-28 & 29-30.
Sponsors & Announcements
"And now from the dark corners of the Internet, where the exploits run wild, packets get sniffed, and the beer flows steady its PaulDotCom Security Weekly!"
"Sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable's Security Center extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable ‚Äì Unified Security Monitoring!"
"Core Security Technologies, helping you penetrate your network. Now version 10.5 full of Jive! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool."
"Cenzic, create a Hailstorm for your web applications! Sign up for a free trial of the Hailstorm software or scan remotely with their new online service to keep you web applications in check."
"And Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!"
"Now, fire up your IRC client, pour a beer, and loan the intern your smartcard to restart the internet...."
"Here's your host, the cigar smoking, ninja fighting man-child, Paul Asadoorian!"
"go back in time and every noob used one weapon, what was that? ...Subseven"
PaulDotCom Security Weekly - Episode 209 - For Thursday September 2nd, 2010.
- Ron Gula, Renaud Deraison and Marcus Ranum invite you to a Security Showcase on September 15, at the Embarcadero Center in San Francisco! You'll receive:
- The current status of Nessus® and future development plans The advantages of pairing active and passive scanning
- “How I learned to stop worrying and love regulatory compliance”
- Free breakfast! Free lunch! :-)
More info from rstewart [AT] tenable.com
- Shoecon - "ShoeCon is being held as a charity event for the Matthew Shoemaker Memorial Care Fund. Matthew or “Shoe” was a fellow security professional, DC404 member and InfoSec podcaster who left behind two children. Thanks to the generosity of DC404, this event will be held in conjunction with their September meeting at the Wellesley Inn-Atlanta Airport. This is a donation driven event where all the proceeds will go to the Shoemaker Memorial Care Fund."
- Mark Baggett teaches SANS 504 during SANS San Antonio for 6 days. Come learn Hacker Techniques, Exploits & Incident Handling! November 13th thru 20th.
Tech Segment: VOIPSA's VoIP Security Tool List with Dan York
Dan York, CISSP, is the author of "Seven Deadliest Unified Communications Attacks" published by Syngress, the Best Practices Chair for the VOIP Security Alliance (VOIPSA) as well as the producer of "Blue Box: The VoIP Security Podcast" where he and co-host Jonathan Zar have delivered VOIP security news and interviews since 2005.
Do you work with phone or IM systems that communicate over the IP network? Do you use "unified communications" platforms that include voice, video, instant messaging, presence, collaboration and more? Will all this communication running over the regular data network, what is being done to secure it? What are the areas of risk? What technologies exist today to secure these systems? What are the common pitfalls? (Do vendors *really* ship desk phones with telnet servers on them?) What happens when you start to distribute communications endpoints all over the global IP network? How do you secure all those remote endpoints?
Dan will answer these questions, discuss how "UC security" is more than just "VoIP security", outline what tools are available and talk about what strategies you can use to defend your systems against attacks.
In the Tech Segment, Dan will discuss some of the tools available on VOIPSA's VoIP Security Tool List and give examples of how common tools like Wireshark can be used to intercept communications. He'll also provide some tips and resources for security professionals who may not be familiar with communications systems and want to learn more.
Guest Interview: Josh Wright
Joshua Wright is a Senior Security Analyst with InGuardians. A widely recognized expert in the wireless security field and an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics.
- How did you get your start in information security?
- Hacking Badge Scanners
- Bluetooth Keyboard Sniffing
- OS X "Eye of Sauron" (see picture below)
- Common ZigBee attacks and vulnerabilities
- $7500 ZigBee sniffers for $225 (http://www.atmel.com/dyn/products/tools_card.asp?tool_id=4187)
- Windows Mobile XSS Attack (see pictures below)
- How will you meet your end in information security?
Stories For Discussion
- Hack is Whack - [Larry] - What could possibly go wrong with this one? Norton and Snoop Dee Oh Dubble Gee team up for a rap contest on cyber security. I'm trying to find the motivation behind this. Maybe to take focus off of the Intel/Mcaffe deal? Hmm, can you say "don't copy that floppy"? Oh, and now not to mentuon form @mckt_, looks like the site is foll of Joomla fail. Guess these folks don;t losten to our podcast where we bash Joomla.
- Pushdo forensics - [Larry] - Getting servers shut down, and shareing the data with researchers for the win. As a result, we can profile C&C servers, identify more resources and posibly identify victims. Of course, I winder what the legality of sharing this information is…
- Castle, Fortress, what's the difference? - [Larry] - In an act of hacktivism, some "cyber-pirates" defaced a website, but got the wrong Belvoir stronghold. I bring this up to reiterate the need to work with your customers to obtain very accurate information about their networks during the course of an engagement. Even if a black box test, to stay out of jail, be sure to confirm information that you have found before moving to an attack stage. Otherwise, your hacktivism doesn't have the desired effect, and you deface the website of those hosting the Teddy Bear Picnic, not a millitary stronghold.
- MOAUB - [Larry] - A return of the "Month of XXX Bugs"? I hope so. There is plenty of discussion here about responsible disclosure, which we have beaten to death. But, what about the usefulness of stuff like this
- Month Of Undisclosed bugs! - [pauldotcom] - careful, there is a different between "undisclosed" and "0day". First, 0day is quicker to type, shorter to say, and sounds way cooler. However, some of these bugs are in older versions of software, which means at some point they were patched. I wonder how many of these the vendor knew they were fixing and didn't tell us? bastard vendors (cough adobe).
- Finding Scanners On The Internet - [pauldotcom] - I ran across a similar situation with some printers, via the web interface you can scan the document sitting in the scanners/printer/fax/copier. You can find all kinds of cool stuff, sensitive documents, etc... First thing, why are these exposed to the Internet? Secondly, if there is not authentication, what prevents an attacker from writing a script to constantly pull images of documents going through a multi-function device?
- EMET Toolkit from Microsoft - [PaulDotCom] - I think anything that helps keep 3rd party applications patched is going to help. So many organizations just can't get a handle on patching all of the end-user software. I also think that any software that actively defends the system will be defeated. Curious to see how this tool holds up to payloads in the exploit frameworks.
- Novell Netware OpenSSH Buffer Overflow - [pauldotcom] - This is really interesting to me because it shows how each Linux distribution, and associated software, is essentially its own operating system. While this may be a vulnerability on Novell Linux systems, I did not see it referenced as affecting others as well. This means that all Linux distributions have their own problems, and I'm not sure if its a good thing. I find it better to let the package maintainer fix the bugs, then carry them forward into my distribution. However, distributions will shortcut the process of upgrading a package, and backport the patch, sometimes not fixing the problem, or re-introducing the the same or a new bug! In either case, you are at the mercy of the open-source community when you run open-source software and your ony saving grace is that its open, which means you can fix it yourself and be more confident that there are no silently patches bugs or 0days. But wait, thats not true because especially at the kernel level, who else is looking at the code aside from a select team of people who again, are making decisions for you. I guess the lines between open and closed source code, in terms of security, are a little blury.