Dec 112009

Link to MP3

OK, this was just a stupid, crazy episode, and fun episode. We had technical hiccups, a roving co-host that likes to text another cohost, plus this episode is late getting recorded because of end-of-year schedule. but we got through it, and I think you are really going to enjoy the randomness…

Show Notes:

InfoSec News Update and Geek Toys Update –

  • T-Mobile Employee causes largest data theft in the UK – Link Here
  • Government Security Woes
    Story 1 – 5 TSA workers put on leave over online posting – Link here
    Story 2 – The Party Crashing Scandal – Link Here
    Story 3 – Felon working for DHS for 2 years – Link Here
  • Nessus 4.2 is released – Link Here
  • Rapid7 and Metasploit Community Projects – Link 1 / Link 2
  • ProxMark3 now shipping completed RFID read/write/clone kits – Link here
  • Moxie launched cloud-based WPA password Cracking – Link Here
  • Cure for Eye Strain – Gunnar Glasses – Link Here

Discussion Topic –

Changes to OWASP standard for 2010 –

Link Here

Consultants Corner – Picking your tools wisely… 2009/2010 update

Music Notes –

Aug 082009


Link to MP3

Episode 22 is here. Jim was not available to join me this time (been traveling and real busy), so Dan Kuykendall from NT Objectives was kind enough to fill in as co-host for today. We had some good discussion, and a show that I thought would be a little shorter ended up being pretty long. But it is good stuff. Here are the show notes:

InfoSec News Update –

  • Vulnerable web servers on webcams, NAS, etc – Link Here
  • Obama’s cybersecurity Czar quits – Link Here

People familiar with the matter said Ms. Hathaway has been “spinning her wheels” in the White House, where the president’s economic advisers sought to marginalize her


In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day

cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the

White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official.

  • SSL Under attack this year at BlackHat/Defcon. These attacks don’t attack the math, they attack the (mis)usage of the clients and cert authorities

New Tricks For Defeating SSL In Practice (sslstrip) –Link Here

Researcher Exposes Flaws In Certificate Authority Web Applications – Link Here

  • Defcon goon “Priest” is everywhere – Links Here and Here

Discussion Topic – The ol’ security guidelines / best practices discussion

Consultants Corner – Varied BlackHat / Defcon points –

  • SSL issues
  • Unmasking You talk by Joshua “Jabra” Abraham and Robert “RSnake” Hansen
  • Dan’s general Opinions about web security talks – he was underwhelmed

Music Notes: