Episode304

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Episode Media

MP3 pt. 1

MP3 pt. 2

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 304 for Thursday October 11th, 2012

Interview Daniel Suarez



  1. Daemon and Freedom were fairly epic. How difficult was it to begin Kill Decision knowing that you had a gang of fans with such high expectations for your next book?
  2. Tell us about Kill Decision
  3. There was a fair amount of drone usage in FreedomTM). Was there a particular event or news story which inspired you to concentrate on drone warfare for Kill Decision?
  4. What was the germination like for Kill Decision? Was it formulated before or after Daemon and Freedom(TM)
  5. What kind of research did you do to get the drone hardware to be realistic in the book?
  6. In a recent interview, you indicated that technology was being siphoned out of high tech meccas into other parts of the world via both Globalization as well as good old fashioned Espionage. Do you think, at least for the US, we're past the point of no return when it comes to ensuring that we're not giving away our intellectual property when we farm out our manufacturing overseas?
  7. Similar to the above, one of the warnings in Freedom(TM) appeared to be that a nation has to safeguard its food sources - not to be complacent about the importance of being able to grow your own food to feed its citizens. Do you feel that the government is aware of this issue or that more needs to be done?
  8. Where do you see the future of drone warfare going?
  9. Since the book has been published, have you been given any additional information concerning how close we are to the reality seen in Kill Decision?
  10. There was one term which we're told gives a lot of writers "grief": making love. How tough was the love scene to write in Kill Decision? :)

Guest Tech Segment: Charlie Eriksen on Wordpress plugin security

In this technical segment, we will look at Charlie Eriksens research into Wordpress plugin security. By searching large amounts of code for code that is often insecurely written, it is possible to find a large amount of vulnerabilities in plugins running on thousands of Wordpress sites across the internet.

The basic method involves searching for method calls that can have an undesirable side-effect or is often not properly understood by developers. While a simple search will give you 10s of thousands of results, it's possible to write regexes that will give you likely candidates for vulnerabilities. Even then, you will have to browse through a lot of code to find instances of these that are worth investigating further. One important thing to look for is a combination of a potentially dangerous method, and the presence of user input. At first, looking for these methods combined with the use of a $_POST/$_GET/$_REQUEST will give you very likely candidates for exploitation. But you can also write search patterns which searches for the methods below, with a reference to a request parameter in lines just previous to the function invocation.

Some of the methods that are often insecurely used includes, based on what is most often incorrectly used: $wpdb->get_results $wpdb->get_var $wpdb->get_row file_get_contents include(_once) require(_once) eval/exec/shell_exec/system

In the technical segment, we'll look at 4 vulnerable plugins, how we can tell that they're vulnerable, how to exploit them, and how to ensure that they can't be exploited:

More information can be found on http://ceriksen.com, and you can follow Charlie @charlieeriksen.

Teasers & Plugs

Stories

Paul's Stories

  1. How Your #Naked Pictures Ended Up on the Internet
  2. The Security-Conscious Uncle - Yea, I'm talking about ATM card security. After reading this, and hearing my thoughts and views on Debit cards, I want to keep my money in my own safe. Banks make it so hard to keep your money secure. I don't want a Debit card, its a ridiculous concept that only benefits the bank. I want more than a 4-digit pin number too. My best advice is to only tie your ATM card to an account with a small amount of cash to limit damages, if your bank even allows you to do that.
  3. No homecoming queen vote if you don't wear RFID tag? - I'm sorry, I don't want to wear an RFID tag. Tracking students has gotten way out of control. I proved how you can clone RFID tags in a MA CCDC compition. So, students, if you want a lesson on how to become any one of your classmates, please come find me.
  4. Hacker wins $60 - Don't get me wrong, I think this is a good thing. The more we encourage legit folks to find vulnerabilities, the better.
  5. Firefox 16 pulled offline following security flaw find - Firefox is becoming the new IE!
  6. Mobile Brings a New Dimension to the Enterprise Risk Equation - I think I've solved the BYOD problem, just buy all employees brand new iPhone 5s, manage them with an MDM (like Apple Profile Manager) and everyone is happy. I think this comes down to giving the people what they want.
  7. Reporting Mistakes - I agree that we need to be forthcoming about where security has failed. I don't get First, talking about the exact way to exploit an 0day makes it easier for more people to exploit it. Learning of a 0Day exploit, and the details, gives us a fighting chance to defend ourselves. I think there has to be some quiet time if you want to involved the vendor, then you gotta tell people. It also depends on the nature of the 0day, maybe the vendor won't listen, or maybe its 0Day in the DNS protocol.
  8. James Bond's Dry Erase Marker: The Hotel PenTest Pen - SpiderLabs Anterior - This is just way too super cool, best usage of Arduino and Dry Erase marker EVER (maybe the only usage of the two together).
  9. HP Communities - CISO Concerns - Security vs. Usability - CISOs love to bat around terms like security, usability, compliance, affordability, ROI, etc... These are fine, in the right context, but lets not forget, you have the word security in your title, and at some level you have to prevent people from getting pwned. Sometimes I think we lose site of that.
  10. In a Zero-Day World - I agree, you need to react to the active attacks. I never thought I would say that, but active vs. not-so-active makes a big difference.

Allison's stories

  1. Why Smaller Companies are cyber crime's sweet spot Seems like this is restating the obvious to me but you might find this interesting.
  2. Malware-infected computers rented as proxy servers on the black market Here's an article about another technique that bot herders can use to profit from their flocks, without getting into the hairy business of credit card fraud
  3. U.S. banks warned of another attack threat Russian group promotes 'Project Blitzkrieg' crimeware campaign against 30 banks

Jack's Historifacts

  1. I told you kids them flyin' saucers was real US Air Force’s 1950s supersonic flying saucer declassified. No, not infosec, but after the Daniel Suarez interview...
  2. Security industry built on a haze of 'fog' and 'hype' according to folks at RSA conference. You don't say? Painting with a broad brush, eh?