Episode42

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Stories for Discussion

Great book - "Ross Anderson, author of 'Security Enginnering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses. - Nick

oh noes!- NetBSD asplode. :( - Nick

How to Hack into a Diebold voting machine-...and vote Marty Kaplan as a.... "fancy man"!

Jump up, Jump up, and Get down! - A mobile virus that can jump from PC to a symbian phone. Kewl. I think we have yet to see the proliferation of mobile malware, even across wireless, but I believe its coming, it just needs a business model....

The 3 Dirty Little Secrets of Disclosure No One Wants to Talk About - I agree, full disclosure does help the hackers, but it also helps those who are trying to protect computers and IT infrastructure. Furthermore, the vendors seem to want to take responsible disclosure and use it to their advantage.

Municipay WiFi in Manhattan - Imagine a wireless worm running loose in NY? That could be damaging, and maybe then people would pay attention to wireless security issues. It seems that if problems only lead to targeted attacks, people don't pay too much attention. But worm it and take out a few huge networks and people seem to react and then put proper procedures in place, like regular patching.

Larry Elison to address RSA conference - Oracle is also a Platinum sponsor at $220,000. I hope that Larry E. doesn'tt hink that this will make them more secure, or keep us from picking on their shoddy security.

Cell Phones Leak Data - Buy a phone on ebay and track affairs and government business deals. Nice. Don't forget to wipe! (your PDAs and phones that is) - They need to implement the PSW Potato Cannon Method Of Data Destruction.

Apple, Smug Users, and Malware - Think that if Mac people think they are immune, they are sadly mistaken. It wouldn't take much to write malware for OS X, there's just not enough of a business model for it to be widespread. Many thought that by running Windows 98 that they were immune to many of the threats and malware for XP, then the Metasploit project proved them wrong. It won't be long before people start adding OS X exploits into their botnet building software...

CBS Fall Linuep ads via Bluetooth- Hey can I use a BT tool to advertise that I'm CBS and use it to pwn your phone? yes? k thx!

Multiple tor vulnerabilities - A malicious server can fool your client into routing additional/unwanted traffic. Hooray for information disclosure!

Remember the Hospital turd, erm, bot herder? - He got 3 years in the pound me where the bots, erm turds, come from prison. The lead investigator for the FBI was also interviewed by the guys at Cyberspeak.

LiveView VMware utility - This sounds like a cool tool, "Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk.". Sweet!

"Stolen Smart Phones Scream to be Found" - Company provides a service which makes your smartphone scream a horrible noise if its stolen

http://www.schneier.com/blog/archives/2006/08/usbdumper_1.html USB dumper] - any usb storage plugged into a machine with this software gets all of the data copied off of the key. Interesting possibilities.

RaDaJo - A new blog from three smart Spanish dudes - They are actually all SANS GSE certified, and one (Raul Siles) is a frequent listener of our show and regularly provides us with feedback. So, check it out!

Janus wifi project - 8 mini pci cards running simultaneously grabbing wifi traffic and cracking passwords.

Stories of Interest

fonefinder.net: find the carrier of a phone number - byte_bucket on IRC needed to find who was calling his cell with spanish spam messages. Used this to find the carrier and talk to the telco's(Pac West) abuse group at the NOC

http://www.schneier.com/blog/archives/2006/08/usbdumper_1.html Stephen Colbert computer security tips] - Hillarious. And not too far off the mark.

byte_bucket from irc requests security measures for blackberries- Larry?