Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Jason Mueller – @securabit_jay
Tim Krabec – @tkrabec http://www.SMBMinute.com

Guests:
Christopher Boyd (Sunbelt Software)
http://en.wikipedia.org/wiki/Christopher_Boyd
http://www.vitalsecurity.org/
http://sunbeltblog.blogspot.com/

General topics:
Chris speaks about how he got involved in the position he is in now.  He also got into how he basically social engineers and discusses his blog.

Dodgy Dr Who Games
Orkut Shenanigans
The Sunbelt Security Blog
Fun with Internet Trolls
How Drugs and Stabby Things Led to a Career in Security
Internet Kill Switch
Twitter Agrees to Data-Security Audits
HacKid -http://www.hackid.org/

Links:

FTC Requires Twitter To Set Up Data-Security Audits
http://news.yahoo.com/s/nf/20100624/tc_nf/74031

Make sure you are there for Sunbelt’s next quarterly briefing entitled “Turning the Tables on Bad Guys:  Malware Unmasked”.  It will be at 9am and again at 2pm on August 25th, 2010.  Register here!

Chat with us on IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Chris Gerling  – @chrisgerling
Aricon
Andrew Borel –  @andrew_secbit

Guests:
Harlan Carvey
http://windowsir.blogspot.com/
Tools:  http://tech.groups.yahoo.com/group/win4n6/

Are you interested in taking an upcoming SANS course?  Dr. Eric Cole is teaching the upcoming SANS vLive! 501 course which starts on June 22.  You can register for the course using this link, and coupon code 501SB to save $500!

“System Service Descriptor Table (SSDT) patching has been widely used by rootkits and is usually easily detected.  BlackEnergy version 2 has implemented a technique which successfully hides from basic rootkit detection.  Basic rootkit detectors typically only check address ranges, on function pointers, listed in the SSDT.  If the pointers are outside the kernel address range, it implies that the SSDT is hooked.

The following will illustrate a procedural check, used to uncover this technique, using a kernel debugger…”

Read more here:

Rootkit Analysis – Hiding SSDT Hooks

Written by: Nick Jogie

We should be live around 8pm EST tonight, join us on IRC or listen in live at this link!

If you haven’t taken the Security 508 course yet we have an excellent opportunity for you!  Rob will be teaching the SEC508 (Forensics) course via the SANS vLive! platform beginning 3/23/2010.  Classes will occur every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT.

Chris Gerling has taken the 508 course and recommend anyone who is interested in computer forensics take it as well.  Even if you aren’t a full-time forensic examiner, the information you take away from the class will help you in all aspects of information security.  Understanding how file systems and memory work can be crucial.

Please check out the course and register at this link!  Use code SB508 to get a free GCFA certification attempt with the purchase of the full course.

On the first of the year The Web Application Security Consortium (WASC) released the second version of its Threat Classification Project .  While the WASC is not as well known as OWASP, it has a lot to contribute to the web application security space.

This particular project is a compendium of threats to web application security, separated into attacks and the weaknesses those attacks take advantage of.  Each attack or weakness is described and followed by examples of attack scenarios, including code samples (C, C++, C#, PHP, and SQL) as well as a large number of references to other examples, explanations or news stories about the particular threat.

The document is an easy read (available in PDF or in a wiki-style format) and contains a lot of information and reference material.  The explanations for each threat are clear and concise and provide a great introduction to web application security for both security professionals and application developers.

Additionally, the project offers different views of the data, a nice one being the “Development Phase View” which shows where in a development life-cycle (design, implementation or deployment) the vulnerability may be introduced.

Overall the document is very well done, with a lot of clear explanations and examples, and a lot of links to references where more information can be found.  Mitigation of the threats are not discussed in most instances, but according to the project’s FAQ it is currently up for discussion.  Still, this is really required reading for web developers, auditors or security professionals dealing with web applications.

Jeremiah Grossman from WhiteHat Security (and also the project lead for version 1 of the Threat Classification) has also posted a nice chart with mappings from the WASC Threat Classification to the OWASP Top Ten 2010 RC1.

Blog post by:  Dave Shpritz

Be sure to check out the trailer below:

SANS Reverse Engineering Malware

If you’re attending the conference and want to meet up or just say hey, be sure to connect with me via Twitter!

-Jay

Listen live

Guest Interview:
Dennis Hurst, Senior Application Security Architect at HP Software &
Solutions and a founding member of the Cloud Security Alliance

Discussion of security and Agile development.

Scaling agile requires feedback mechanisms and strong visibility
http://h71028.www7.hp.com/enterprise/us/en/messaging/feature-software-scale-agile.html

HP Application Security Center
http://www.hp.com/go/stophackers

Cloud Security Alliance
http://cloudsecurityalliance.org

Movember:  Chris Gerling and Andrew Borel represent SecuraBit!
http://us.movember.com/mospace/99916 (Chris)
http://us.movember.com/mospace/361416/ (Andrew)

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit

Guest:
Dennis Hurst

Links:
Movember - http://us.movember.com/
Donate to Security Podcasters Alliance - https://www.movember.com/us/donate/your-details/team_id/997
Security podcasters get hairy for charity - http://www.securecomputing.net.au/News/159403,security-podcasters-get-hairy-for-charity.aspx

This week we interview Jayson E. Street about his new novel f0rb1dd3n.

f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story there are references to an appendix that will provide detailed information about that particular part of the book, such as the exact process for using metasploit to take over a machine. The expected release date is in July 2009 around Black Hat and Defcon.

A beta of Sumo LINUX is targeted for release the first week of April.

Quine will be our next guest interview.

Hosts:
Anthony Gartner – AnthonyGartner.com @AnthonyGartner
Chris Gerling – Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills – ChrisAM @TheChrisAM

Guest:
Jayson E. Street – http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
http://osvdb.org
http://datalossdb.org

By now, most people know that you should have a complex password of at least 8 characters that are composed of upper case, lower case, numbers, punctuation marks and ,as Dilbert said, doodles, sign language and squirrel noises. Your password requirements are so secure that it would take a Beowulf cluster 10,000,000 years to crack. Your users know that if they write down their passwords on a post-it-note, they will be shot. Are your passwords secure?

The problem with a “good password” is that it is extremely difficult to remember. Passwords that are used daily can be easily remembered after a few days. Passwords that are used infrequently can be a point of vulnerability.

Unfortunately, password aging systems do not consider the frequency of use or the number of unsuccessful login attempts prior to a successful login. Sure, you can reset the error count before lockout after x number of minutes but, it treats all accounts equally. An attacker could come in “low and slow” by limiting password attempts to every 3 minutes.

If your password aging rules dictate that all passwords must be changed every 30 days, the password that is only used every two weeks will expire at the same interval as the password that is used 5 times per day. A better method for password aging systems would be to consider the number of times a password is used and maintain a counter of unsuccessful logins before a successful login in addition to a maximum password lifetime. How would this be an improvement?

If you have a complex password that is only used once every two weeks, you will probably need to write it down somewhere that is (hopefully) secure. If you don’t write it down, you may forget your password, requiring a password reset. Password resets are the unsung vulnerability in password management. Many organizations do not properly authenticate the person requesting a password reset, reset passwords to a default value, or send the new password to the user in an insecure method. Social engineering can often bypass the “authorized password requestor” list. Are your passwords really secure?