Episode29

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories For Discussion

26 Milllion Veteran IDs stolen - ...from violation of policy. Can you say identity theft?

The enenmy behind the firewall: Users - So my question this week is, do you use TELNET and RDP behind the firewall? If so, why? The argument I hear is that "well, if someone breaks into a box behind the firewall its game over". But why make it easy for them to break into more machines? Defense-In-Depth is using SSH and Radmin on the inside too.

Good Things Happening at Nmap - TONS of new features!

Intro To Bluesnarfing - Retrieve phone book, call history, delete phone book, and place calls over bluetooth. Nice flash tutorial.

Metasploit 2.6 - New exploits. Allways good to stay up to date.

Afraid to reveal vulnerabilities? - This is bad, is no one discloses vulnerabiltiies, it means that bad guys will have the knowledge but no one else will. Kinda like gun control laws that only effect the law abiding public (that analogy comes from Dan, from the Mighty Seek podcast)

Turkish Hacker Update - Thanks for the preinstalled ASP scripts! All your sites belong to Turkey.

Save The Internet - This is important. Save first ammentment rights, and keep the internet "free". Quote ask a ninja: "the wall is built on the shreads of the first amendment held together by glu-reed, which is glue that comes from greed"

VisualSploit - Luke, see the exploit, be the exploit. Love the icons!

Linksys WRT54G UPnP Port Mapping Vulnerability - Turn off UPNP! No authorization for router configuration? I don't think so!

Diebold Doesn't Get It - If you want to prevent attacks, you'd better have a good idea of who your attacker might be.

See the super easy RealVNC exploit in Action - And yes, you should compile from source if you are not in a test lab.

MySpace Not Hacked Two guys find possible flaw in MySpace, decide to try and extort $150k from MySpace. For some reason when when they tried to show up to collect they got arrested. Check the names you'll find them on MySpace.

Other Stories Of Interest

We've relocated the WPA and WEP cracking videos from crime machine:

Cracking WEP with Auditor

Cracking WPA with Auditor

Text Version on Cracking WPA and WEP

Ohio University are belong to someone for a year - Scary part is, happens all the time.

net neutrality Bill passes house committtee for the authority on "net Neutrality" see

SpraJax - Open source AJAX cleaner, er, vulnerability tester.

Ask A Ninja

Informational Non-Security Related Stories

Oh Deals! A Linksys WRT54GC Compact router for $20!