Episode41

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories for Discussion

MacBook Users in Denial Over Wifi hack- is fanboyism a disease?

The worlds newest k-r4d l33t h4x0r - ...Paris Hilton. 'nuff said.

Crying Wolf over MS06-040 - Worms are so 2003.

Web services that transmit clear text passwords- Cox webmail is clear text? amazon.com too? Department of COMMERCE??? WOOPSY-DOODLE!

Mitnick sites hacked- Mitnick got hacked; not so much his fault as his webhost's, but the defacing is pretty funny: "...THEN IM GONNA HACK YOUR GRANDMAS PUSSY OPEN WITH MY BRAND NEW POCKET BATTLE AXE..."

Phone Fraud With Extra Cheese - Schneier is on fire.

GO READ BRUCE SCHNEIER'S article in 2600 this quarter - Also, Paul has a good story about "hacking" to go along with that.

Microsoft Dismisses Powerpoint Vulnerability

Passports Receiving ID Chips (from slashdot)- RFID technology in passports. Let me take a guess at what security/privacy/fraud/abuse issues can stem from this...

Company provides RFID blocking solution for new e-passports-"An Orem Utah-based forensics company is now selling metal mesh bags that it claims will stop identity thieves from accessing the newer US E-Passports. Paraben Corporation, known for their mobile phone forensic kits, is selling a nickel, copper and silver mesh "Passport StrongHold" bag will block RFID transmissions from hitting unopened passports" .... Joe's Prediction: like wireless encryption, only a small percentage of users will probably care enough to use this while everyone else gets hosed by blackhats EDITED TO ADD: the actual product page (Paraben Forensics Look at all the cool stuff they have! wireless stronghold tent

Personal Firewalls- false sense of security? (slashdot)- "A recent test in the Munich-based computer magazine PC Professionell showed that the software often causes more problems than it solves. Not one of the six firewall programs the magazine tested, regardless of whether commercial or freeware, could prevent all attempts from the test programs at establishing outgoing connections between the PC and the internet."... browsers inherently connect to the net so they are a great target to circumvent these firewalls

MS releases 8 patches to fix bugs, but ends up creating new bug- I think MS needs more fingers to patch their leaky dam (or dike if you prefer)

10 Computers stolen from Nashville hospital firm - It jsut goes to show that there are no 100% guarantees. Reasonable physical security (keypad lock and video) at HCA were defeated by criminal active in the area. Dont forget the Analog hackers

Joat has links to feeds - Thanks to Michael Farnum for posting his security OPML feeds. Lots of security infoporn.

Podcast/Vidcast from LURHQ - 5 minute episodes, but awesome content.

Test, test, test! - Ping doesn't tell you much, so pick appropriate tests. Test your AV, Spam filter, content filtering. etc Test both scenarios - ok, port 23 outbould is blocked, but what abou the rest? Also, I;ve never heard of GTUBE - a spam tester.

Other Stories Of Interest

Issues with Wireshark - The new name for Ethereal same issues with the protocol parser

Blacklight command line - Now even more usefull for scripting! And now Sophos has thier own.

Stupid Secutity Award contest - This might be interesting to remind us of potential attack vectors, so watch the submissions.

Hardsid: the SID (C64) MIDI Synthesizer SoundCard for PC- Not new, but worth a look for people who have old C64s laying around. Take out the synth chip and plug it into one of these so you can make C64 quality songs on your PC

HITB Security Conference - Cool talks, taking place in a few weeks in Malaysia.

Cisco Firewall password oops - 2 users change password a teh same time, and they both dissapear. Oops.

Commodork: Sordid Tales from a BBS Junkie - "You know, back when we used to modem uphill, both ways in the snow."

Prevent The Evil Twin Attack - Good article to send to your users on how to secure your wireless.