PaulDotCom Security Weekly - Episode 230 for Thursday February 10th, 2011.
- If you listened to our ShmooCon podcast and thought John Strand couldn't get any more offensive, well then, we have a special treat for you! We proudly present Part 2 of Offensive Countermeasures with Wasted Strand on Tuesday, February 15th, 2011 at 2pm EST, sponsored by Core Security Technologies.
- Also, on Wednesday, February 16th, 2011 at 2pm EST, be sure to attend the Data Breach Edition of the Monthly Security **Fail** webcast, sponsored by the newly christened Cyber Security World.
- Get involved in the PaulDotCom Community - We have an all new Video Edition of the podcast. You can subscribe to PaulDotCom TV via iTunes, or visit the PaulDotCom Blip.tv channel (http://pauldotcom.blip.tv), and PaulDotCom YouTube Channel for all new videos, technical segments, and how-tos. Don't forget the PaulDotCom Insider, where you can access special content from our webcast series, the PaulDotCom Mailing list, and our IRC Channel #pauldotcom on irc.freenode.net.
Special Guest Discussions
To view the video of this segment, Click Here - blip.tv
Guest: Alex Horan
Alex is a Senior Product Manager for Core Security Technologies, a serial hoarder, and certified Breadth and Depth expert. Previously he ran the System Engineering team at Core, helping to provide training and customer support services to CORE IMPACT'S user base. Alex brings a deep knowledge and understanding of vulnerability assessment, penetration testing, and network administration to his work at Core as well as to cigar smoking.
Guest: Chris Hoff from Der Cloud
When Hoff is not corrupting youth via his blog, taunting folks on Twitter, or roasting large mammals, he can be found in the Emergency Room nursing various appendages after long hours of Brazilian Jiu-Jitsu, P90X, drinking Hoffacinos or a combination thereof.
Welcome mein Hoff!!
Topics For Discussion
- Layers, not just for clothing? - [pauldotcom] - What are layers as they related to security? How should they relate to each other?
I was recently in a local store to pick something up. It had been a pretty mind numbing day and so my brain was pretty bored. So, by the time I actually walked to the door of the store, my brain was trying to "spice things" up by processing anything and everything besides my shopping list. Before I knew it, I was observing the store's physical security. This particular store had multiple layers ranging from cameras in the parking lot to "door greeters" to cameras in the store to a structured checkout area that lead to a specific exit.
As I began making my way through the layers, I began really observing them. I also began to figure out how each one was tailored to a specific function and how they all interacted or complimented each other.
- 0-day exploits - Should we use them on penetration tests? What types of penetration tests should we use them on?
- Cloud Computing - What should we be doing to protect ourselves?
- It seems to me that this whole concept of "cloud computing" is a good idea. When I think of the problem of desktop security for example. Users need access to data, so they of course need computers. However, maintaining thousands of computers is hard. They have operating systems, browsers, and all this client software that needs updating, patching, and configuration. Why can't we go back to the mainframe model, put the computing power on the server, maintain the software in one place, and all be happy? Now, happiness in my mind is doing this for your company, using all your companies own network and systems. OF course, you will need a VPN to allow Internet access, but in the end, isn't this better?
Stories For Discussion
To view the video of this segment, Click Here - blip.tv
- Linksys WAP610N Vulnerability - [pauldotcom] - there are some vulnerabilities that I come across which just make my jaw drop. This is one of them. There is a backdoor in the linux-based firmware that allows you telnet to port 1111 and get a command prompt. The command prompt seems to be associated with the console administration program. This console allows you to run shell commands, in addition to several other functions. There is no password required, and it appears that the default password (as shown from dumping /etc/shadow) is wlan. There is no patch for this vulnerability which appears in select firmware versions. "bob" has confirmed that this is real...
- Sony PS3 Key Tweeted, by Sony - [pauldotcom] - So, Sony Tweets its own protection key. This key will allow, among other things, people to make copies of games and distribute them online. This could hurt Sony's sales, or would it? I'm thinking that the closed nature of video game consoles hurts sales. If you could buy a device and have it allow for even more functionality, won't they sell more systems? Also, does this really hurt video game sales? Of course, once the key is released and on the Internet, its out there. Restraining orders are a futile effort, why doesn't Sony understand this?
- Is A Network Printer Increasing Your PCI Vulnerability? - [pauldotcom] - Just title of this one sparks debate, simply because it says PCI. I never bought into the "These are my PCI systems, and they are the ones that need to be compliant". I believe there are many other devices, such as workstations, servers, mobile devices, access points, network gear, and more that make up your "PCI systems". Security is a holistic thing, its about the integrity of your network and systems, if this is breached, you're screwed.
- Linux USB "Worms" - [pauldotcom] - My gears are turning on this one. For one, don't discount Linux as being vulnerable, something we all knew, but cool to see it in action. I am curious now what types of tools exist for unlocking workstations. For physical pen tests, I'd love to have a USB drive that when I plug it into a system it will unlock it. I've heard some rumblings about such technology, but will be great if its cross platform and works on Linux, Windows, and OS X. Also, I think that USB attacks don't have to be physical, as malware, like the article said, spreads as its plugged into other systems. Its difficult to hone this attack in on a specific target, as you have no control over what system will recieve your payload.
- Patch Tuesday - People Still Run FTP! - [PauldotCom] - I just want to add that people not only still run TELNET, but they run FTP too! WTF? Why is this? I mean SSH is great, it offers a level of privacy and integrity that is worth the effort to get running, which is minimal. I did some very unscientific searches on Shodan, more Telnet our there than FTP, but SSH is the least. Even if the information you are transmitting is public, integrity is key, passwords are key too. Why tranmit a password in the clear? Hey you know, SSH runs across all platforms and can even be configured not to use passwords for authentication!
- Work at Tulane? - [strandjs] - If you work at Tunane there is a very strong chance that your SSN is exposed. Another stolen laptop. Why, exactly do I spend time writing exploits and malware?
- Google Brings In the 2 Factor Authentication - [strandjs] - While I like this there are a few questions. First, the password is being sent to my phone. That may have some security issues. However, I feel it is better than the current method. Second, I wonder if this has anything to do with Aurora. I mean, redoing and improving the authentication scheme that was taken by China has nothing to do with this... Right?
- Users reuse the same passwords... Ric Romero is proud - [strandjs] - We all knew this.. Who authorized this study? Was there money for it? I have a research project.. Users dont patch their client-side software. Please contact me if you wish to fund this project.