This week we interview Jayson E. Street about his new novel f0rb1dd3n.

f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story there are references to an appendix that will provide detailed information about that particular part of the book, such as the exact process for using metasploit to take over a machine. The expected release date is in July 2009 around Black Hat and Defcon.

A beta of Sumo LINUX is targeted for release the first week of April.

Quine will be our next guest interview.

Hosts:
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @TheChrisAM

Guest:
Jayson E. Street – http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
http://osvdb.org
http://datalossdb.org

The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen.

After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up’s and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN but none of us had used it. Chris Mills also went into one of the tools he used back in the day but recently started to use again called NTop.
Talked about itunes going DRM free. Always a good thing!!! This then drifted in to a conversation about players in general. Jay recommended engadget.com and how they covered CES so well. This then divulged into computers for kids as well as netbooks.
Anthony is getting close to being able to do the Mix MInus. This means there will be the chance to play the music / voice mails / audio feedback on to everyone so that we can comment or answer the questions. This will be a welcome addition to the show.
Jay stated our new goal – to be “Internet Famous”

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay

Important links for the show and documents used:

http://www.iss.net/

http://www.nessus.org/nessus

hotspotshield.com

http://openvpn.net

http://www.ntop.org

Check out the end of the cast for Jay’s audition for American 1dol!!!

The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen.

After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up’s and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN but none of us had used it. Chris Mills also went into one of the tools he used back in the day but recently started to use again called NTop.
Talked about itunes going DRM free. Always a good thing!!! This then drifted in to a conversation about players in general. Jay recommended engadget.com and how they covered CES so well. This then divulged into computers for kids as well as netbooks.
Anthony is getting close to being able to do the Mix MInus. This means there will be the chance to play the music / voice mails / audio feedback on to everyone so that we can comment or answer the questions. This will be a welcome addition to the show.
Jay stated our new goal – to be “Internet Famous”

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay

Important links for the show and documents used:

http://www.iss.net/

http://www.nessus.org/nessus

hotspotshield.com

http://openvpn.net

http://www.ntop.org

Check out the end of the cast for Jay’s audition for American 1dol!!!

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com @mubix
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @packetsense
Jason Mueller – SecurabitJay

Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of the SMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave (@Securi-D) securityjustice.com

Important links for the show and documents used:

Naivete: Web 2.0’s biggest security threat

http://blogs.zdnet.com/feeds/?p=382

Britney, Obama Twitter Feeds Hijacked Following Phishing Attack
http://blog.wired.com/27bstroke6/2009/01/twits-get-phish.html
Fire Fox Addon “Long URL Please”
http://www.longurlplease.com/
WIRED just posted this follow up:
http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html

We opened the show but because Jay needed to switch some things out we actually went to a break faster than normal. When we returned from the break Jay was back with us. We started to go into the new Microsoft Zero Day, and Jay informed us that he had been out of the loop for a week but since the patch only came out 73 minutes before he found out about it he figured he was right on time.

The next topic was Chris Gerling going to SANS and taking the forensics 508 course. Chris then told us that he felt like he should never have picked up a helix disk based on the level of knowledge he has now compared to before the course. We also discussed that many states are requiring a Private Investigators license to do forensics. That none of us on the show agreed that this was a good idea, but yet several lobbyists have been pushing for this very idea. Jay asked the question about what was thought about the BGP security vulnerability. Anthony discussed a new site he went to as a security review.

After the break, we went into the trivia question. The trivia Question was: What are the flags you have to set in order to do an NMAP-style XMAS scan in Unicornscan? We will post the winner soon in conjunction with the Security Justice podcast. After the trivia question we went into thoughts on what to do about prior employees, handling creditials, voice mails, and emails. We referenced the guy in San Francisco who was fired from the job, but yet still was able to hold the network he left hostage.

Send all answers to the trivia question to feedback@securabit.com

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com
Anthony Gartner – AnthonyGartner.com
Chris Gerling – Hak5Chris, Chrisgerling.com
Chris Mills – ChrisAM
Jason Mueller – SecurabitJay

Important links for the show and documents used:

No links this time!

We also spoke about how few businesses are actually checking a persons signature or id for credit cards.  Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married.

After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room.  Went into the issue of dns forwarding being done on  CheckFree.com The article was actually from The Washington Post by Brian Krebs.  Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of  1password.  It was a Great hookup.  Then we covered various apps on the IPhone.  We touched on what the encryption is on a 3g network.  We found a great powerpoint slide show explaining it.

After the last break we went into firewall set ups.  Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued.  You will just have to listen to it to see what kind of sense it makes.  We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit).  From there the show just went down hill with strippers and alcohol.

Don’t forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller – Mubix, room362.com
Anthony Gartner – AnthonyGartner.com
Chris Gerling – Hak5Chris, Chrisgerling.com
Chris Mills – ChrisAM
Jason Mueller – SecurabitJay

Special Guest: Joel Esler from sourcefire.com and Joelesler.net

Important links for the show and documents used:

http://www.sans.org/cdi08/

http://www.sans.org/training/description.php?mid=98

http://www.sans.org/press/giac_pentest_cert.php

http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?nav=rss_blog

Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility.  If something happens how and to what extent as security professionals are we responsible and accountable.  This is a topic he brought up on twitter as well and got a lot of replies back.  Some agreeing and some not, Feel free to weigh in on this one.

Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust.

After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU.   You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk .  The conversation went into WPA is not Busted.  We referenced Steven Gibson’s explantion and Joel Eslers blog posts on the subject.  During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits

After the Break we were able to bring in the real Joel Esler.  Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress.  He actually works for sourcefire.  This is an organzation that you should take a look at, it is well worth your time.  He also is an avid security blogger and has his own blog at Joel Esler.net  Joel talks about he IPS’s of today are simply not the same as many of the original IPS’s.

We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do.  Sorry about that!  But we kind of ran out of content and time.

SecuraBit would like to make sure everyone has a Happy Holidays and don’t forget to leave us feedback on Itunes even if you don’t listen via Itunes.  We want to get some of these casts out of there that have not posted in years.

Hosts:

Rob Fuller – Mubix, room362.com
Anthony Gartner – AnthonyGartner.com
Chris Gerling – Hak5Chris, Chrisgerling.com
Chris Mills – ChrisAM
Jason Mueller – SecurabitJay

Special Guest: Joel Esler from sourcefire.com and Joelesler.net

Important links for the show and documents used:

http://www.phishtank.com/

http://projecthoneypot.org/

http://www.sourcefire.com/products/3D/?semg=USSFR2&gclid=CISstozXgpcCFQVKtAodijdxXQ

http://www.joelesler.net/finshake/Blog/Blog.html

http://www.wirelessve.org/news_entries

http://en.wikipedia.org/wiki/Dd_(Unix)

http://en.wikipedia.org/wiki/QEMU

http://isc.sans.org/diary.html?rss

http://isc.sans.org/diary.html?storyid=5300

http://www.clamav.net/

http://sandboxie.com/

http://www.castlecops.com/

http://en.wikipedia.org/wiki/Web_of_trust

After the break, Adrian spoke about how one of the guys from binrev.com turned him on to a book for review called Googling Security: How Much Does Google Know About You? written by Greg Conti.  Anthony ended up going into some of new virus / trojan infections.  These were on the lines of antivirus 2009 and others of the type.  Consensus was that a good cleaner tool was called Rougefix (recommendatin from the IRC channel by Tim Krabek).  Adrian recommended a song by Tom Smith about Technical Suport for Dad.

We went into a little more information on the New York School district’s vulnerability. We also went into a little bit on how to lock down a printer as well.  Found a list of the PJL commands for HP.

Securabit wanted to remind everyone that if you have anything to say you are welcome to come on the show and tell us what you think and know.  It is an open invitation. We want to thank those individuals who have donated to the podcast as well.  Check out a couple of our friends podcasts at http://securityjustice.com and the http://SMBminute.com

Hosts:

Chris Mills – ChrisAM

Chris Gerling – Hak5Chris, Chrisgerling.com

Anthony Gartner – AnthonyGartner.com

Jason Mueller – SecurabitJay

Special Guest: Adrian from Irongeek.com

Important links for the show and documents used:

http://irongeek.com
http://www.phreaknic.info/pn12/
http://shmoocon.org
http://www.binrev.com/
Googling Security: How Much Does Google Know About You?
http://www.technibble.com/repair-tool-of-the-week-roguefix/
http://www.tomsmithonline.com/main1.htm
http://timesunion.com/AspStories/story.asp?storyID=732745
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=84028&prodTypeId=18972&prodSeriesId=84028&objectID=bpl01965