Security and Forensics Podcasts Irongeek Listens To

These are just the podcasts I listen to about every week, if you know others I should check out let me know. Also, check out http://getmon.com/ for many more.

RSSMix.com Mix ID 743664: Episode 86 Better Late than Never ISD Podcast Episode 86 for March 12, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Data Recovery Class April 12th to the 16th in Washington DC goto MyHardDriveDied.com or email smoulton at [...] Episode 85 RSA 1024, broken or not? ISD Podcast Episode 85 for March 11, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Data Recovery Class April 12th to the 16th in Washington DC goto MyHardDriveDied.com or email smoulton at [...] Episode 84 Dont Forget to Press the Button ISD Podcast Episode 84 for March 10, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Data Recovery Class April 12th to the 16th in Washington DC goto MyHardDriveDied.com or email smoulton at [...] Episode 83 Its Microsoft, How hard can it be? ISD Podcast Episode 83 for March 9, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Data Recovery Class April 12th to the 16th in Washington DC goto MyHardDriveDied.com or email smoulton at [...] PaulDotCom Security Weekly - Episode 189 - March 5, 2010 Episode 189 Show Notes Top ten tips to socially engineer management into implementing security the right way, plus all sorts of interesting stories including the "porn detection stick"! Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Episode 82 Feeling the Funk! ISD Podcast Episode 82 for March 8, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Data Recovery Class April 12th to the 16th in Washington DC goto MyHardDriveDied.com or email smoulton at [...] Exotic Liability 51: Hungover w/ Ian Amit -More Tech Problems -Ian Amit joins in -http://www.securityandinnovation.com/ -Cyberwar Jedi mind trick -Nerd Thunderdome and BSidesLV 2010 -Botnet Fun -Legalities -ExcaliberCon -A bunch more   Intro: Cyborg Love by Mac Lethal Outro: Dirty Girl by Felt 2 Using Persuasion on the Mindless Masses Join the Social-Engineer.org team as we discuss the topics of persuasion and mindlessness with Harvard psychologist and world renowned persuasion expert, Ellen Langer. Episode 81 Security is Perception ISD Podcast Episode 81 for March 5, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Scott will be putting on his SANS version of the Data Recovery Class in Orlando at SANS [...] Episode 80 Dont Stire Me ISD Podcast Episode 80 for March 4, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Scott will be putting on his SANS version of the Data Recovery Class in Orlando at SANS [...] CyberSpeak February 28, 2010 - Bret talks about his new toys - Ovie flees the country, again News and Commentary New Britain Youth Bureau Gets Conviction After a two year long investigation, two individuals have been sentenced to jail time for child molestation. Via Forensics Released Android Forensics Application Via Forensics has released a beta version of its open source Android Forensics application. Exclusive Interview This week we speak with Christa Miller about the need for law enforcement and digital forensics specialists to manage their online resumes. With so many different social networking sites, it's important that they all appear consistent in voice and purpose. Tech Topics FreeBSD Tips on SANS Forensic Blog Hal Pomeranz has a great post on the SANS forensic blog detailing tips for how to conduct a forensics investigation against a FreeBSD system. FireFox Internet History Analysis A new FireFox Internet history analysis program, dubbed FoxAnalysis, has been released.  This software purports to gather all kinds of interesting goodies from FireFox history files. Website of the Week http://grc.com/passwords.htm - Randomly generated passwords (Thanks Ralph) Read It Later - Keep a list of web pages your want to read from your computer or iPhone InstaPaper - Allow you to read a webpage later from your computer, Kindle or iPhone Gazelle - Get cash for your old gadgets Check out our iPhone App! Episode 79 Got A Map? ISD Podcast Episode 79 for March 3, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Scott will be putting on his SANS version of the Data Recovery Class in Orlando at SANS [...] Episode 78 60% Cut-n-Paste, 88% Insecure ISD Podcast Episode 78 for March 2, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Scott will be putting on his SANS version of the Data Recovery Class in Orlando at SANS [...] SecuraBit EP51 - Malware Detection With Sunbelt Software SecuraBit EP51 - Malware Detection With Sunbelt Software Listen in as we discuss Sunbelt Software's CWSandbox and other products, along with in-depth malware detection and analysis! #BSidesSF - Tuesday/Wednesday, March 2-3, 2010 @ 10am - 5pm #BSidesAustin - Saturday, March 13, 2010 #BSidesBOS - Saturday/Sunday, April 24-25, 2010 Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Guests: Brian Jack - Sunbelt Software Chad Loeven - Sunbelt Software Links: http://www.sunbeltsoftware.com/ http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/ http://www.securitybsides.com/ Episode 77 More Funner ISD Podcast Episode 77 for March 1, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.Announcements:MyHardDriveDied.com:Scott will be putting on his SANS version of the Data Recovery Class in Orlando at SANS [...] Conversation with Rob Lee Rob Lee spent some time talking with me this last week. Hear the conversation here. PaulDotCom Security Weekly - Episode 188 Part 2 - February 25, 2010 Episode 187 Show Notes Part 2: DNS sub-domain brute forcing & Penetration We discuss when penetration is important, how to talk to management, coolest WRT54G hack, and a technical segment on DNS sub-domain brute forcing. 188 Part 2 - Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: PaulDotCom Security Weekly - Episode 188 Part 1 - February 25, 2010 Episode 187 Show Notes Part 1: "Freedom TM" The PaulDotCom crew interviews Daniel Suarez to discuss his new book Freedom TM, security, privacy, socialogy, and more! Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Exotic Liability 50: Double Stuffed w/ Joe Grand -EL's 50th Episode Double the length -Joe Grand joins in -Tons of fun Hardware hacking stuff -Technical Problems -Badges, that shit ain't easy -TV Sucks -Jhaddix drops in -CN goes to Jail -Wet your noodle for the EFF -Lady Laz3r show in Vegas -A ton more   Intro: Closer to the Club by NIN vs 50 Cent Outro: Poker Face Cover by Chris Daughtry Security Justice Episode 22 Physical Security, Interview with a Locksmith This is the 22nd episode of the Security Justice podcast recorded February 17, 2010 live at Damons Grill in Independence, OH. This episode was hosted by Tom, Dave, Matt and Chris with special guest John Doe the Locksmith. Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating [...] CyberSpeak Febuary 21, 2010 - Check out our iPhone App on the Apple App Store. Listener Email  - Darrell asks how to build your forensics business  - Bobby wants to know what computer bag Ovie recommends, check out the Brenthaven Prolite II News and Commentary Craig's List Rapist Former boyfriend posts an ad on Craig's List pretending to be his ex-girlfriend and leads viewers to believe the female is asking to be raped. One individual then broke into her home and raped her in response to the ad. Online Personal Information Security Bret and Ovie discuss a number of websites related that give people a little too much information on where you are. Non-Metadata Clues in Video and Audio Files Remember to look beyond the metadata when looking at audio and video files. An FBI investigator reviewed 14 video tapes and found evidence that lead to a sexual abuse conviction. Exclusive Interview This week we speak with Sean Morrissey of Katana Forensics.  Katana produces forensic imaging software for the iPhone called "Lantern."  The Lantern software is a Mac based tool that purports to provide a "legally defensible forensic methodology for the iPhone." Website of the Week CyberSpeak iPhone App David Kovar's Blog Exotic Liability 49: Misogyny -First live stream(ish)! -Rickrolled Live -EL Android/iPhone Apps -Boyscout, It's magic -nmap String of Doom -Unexpected Guests -A ton of security stuff! -Shmoocon -Hackcon Intro/Outro - Put it in Your Mouth by Akinyele PaulDotCom Security Weekly - Episode 187 Part 2 - February 18, 2010 Episode 187 Show Notes Part 2: Windows command line kung fu and discussion of the stories for the week! Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 187 Part 1 - February 18, 2010 Episode 187 Show Notes Part 1: Pwning VMware and the Smart Grid... Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 186 Part 2 - February 11, 2010 PaulDotCom talks smack about security... We love Irongeek (but not like that). Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Shmoocon 2010 Podcasters Meetup - NSFW!!!!!! This is the audio from the 2010 pod-casters meet up.  This is UNEDITED and completely raw.  This file is NOT safe for work.  You have been warned. SecuraBit Episode 50: Interview with Rob Lee! SecuraBit Episode 50:  Interview with Rob Lee! What is SANS vLive? Forensics DOD Cyber Crime How the forensics classes are structured. 508 course and how it's changed. Divided up into essentials and then follow on courses.  6 total courses for all of the info. APT - Advanced Persistant Threat Q & A from the IRC If you haven’t taken the Security 508 course yet we have an excellent  opportunity for you!  Rob will be teaching the SEC508 (Forensics) course  via the SANS vLive! platform beginning 3/23/2010.  Classes will occur  every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT. Use code SB508 to get a free GCFA certification attempt with the  purchase of the full course. Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Guests: Rob Lee - @robtlee Links: http://phishme.com/ http://phishtank.com/   Shmoocon 2010 Podcaster Meetup Chaos. Intelligent Debate. Shmooball fights. Keg Stands. Educated Opinions. Thats right get all of that and more when you listen to the audio from the 2010 Shmoocon Podcaster Meetup! Here's what the press has to say: "The security podcasters meet-up on Saturday night was more like a Motley Crue concert than anything else. The podcasters on stage resembled the head table at a Klingon wedding. But drunken antics conference-wide were minimal, and some decent food for thought came out of the podcasting event despite the rowdiness." -- Bill Brenner, CSO Online "The podcasters meetup is like watching a bunch of monkeys fn a football with add!" -- "@secbarbie" You be the judge! Audio Feeds: PaulDotCom Security Weekly - Episode 186 Part 1 - February 11, 2010 David Hoelzer comes and hangs out with the PaulDotCom crew... Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Exotic Liability 48: Benevolent -iPad -Only in Vegas -Tech Crunch -Joomla -Laz3r is useless -Addictomatic.com -Socialmention.com -Entitycube.research.microsoft.com -Yasni.com Intro - What's the Story Morning Glory by Oasis Outro - El Chupa Nibre by Dangerdoom Using the Information We Gather As Social Engineers A live edition of the podcast done at Shmoo Con. We had a very lively topic on how we use the information that is gathered on our social engineering audits. We invited TWO special guests, Tom Eston from Security Justice as well as Shawn Moyer. Both are experienced and seasoned pentesters and social engineers. We rip apart the information security field as well as policies, education and user relation in this podcast. CyberSpeak February 7, 2010 Listener Email  - Aaron sends us to tell about using Stitcher feed  - Paul writes to ask how someone without forensics background should go about starting out. Ovie and Bret give some pointers.  - Ovie is starting a SANS vLive course on June 8th! News and Commentary GPS Forensics Used to Find Body A fugitive wanted for questioning about a number of murders committed suicide before law enforcement officers were able to find the bodies of the victims.  Using computer forensics, however, the officers were able to recover GPS data and locate the remains. Exclusive Interview Todd Shipley, president and CEO of Vere Software speaks to use about looking into the cloud to find forensics data.  He speaks to use about products from his company to assist in capturing this kind of evidence. Website of the Week CrowbarPGP  - A new tool by George Starcher to brute force PGP passphrases DigitalCertainty.Biz - WiFi Investigator to identify the location of WiFi devices   PaulDotCom Security Weekly - Episode 185 Part 2 - January 28, 2010 The PaulDotCom crew discuss the stories of the week... Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: PaulDotCom Security Weekly - Episode 185 Part 1 - January 28, 2010 The PaulDotCom crew discuss the stories of the week... Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Shmoocon and how to protect yourself from Shmooball attackers! It’s upon us. The con that is Shmoocon! The full Security Justice crew will be there in full force. If you see any of us around the con or at the parties be sure to say “Hi” as we have some new Security Justice stickers for ya!Security Justice Shields for Rent!We also want you to [...] Exotic Liability 47: Fast Forward -Aluc joins in (@thealuc) -Useful/Cool phone apps -Give credit where it's due -Red Teaming -Much More PaulDotCom Security Weekly - Episode 184 Part 2 - January 21, 2010 The PaulDotCom crew discuss the stories of the week... Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: CyberSpeak January 31, 2010 DoD CyberCrime Conference was last week in St Louis MO and was their biggest event ever with over 1100 attendees, 175 presentations and 15 simultaneous tracks. Check out the SANS website (http://www.sans.org/) for the SANS 2010 Orlando coming up March 6-15. News and Commentary SanDisk Corp and Verbatim join Kingston in a Crypto No-no A hole found in the AES-256 encryption on USB flash drives from these three companies allows unauthorized access to the devices without knowing the password. Creedent Finds 4,500 Drives Sent to Dry Cleaners UK based company Creedent finds large amounts of devices left in pockets of clothes sent to dry cleaners and left behind in taxis. Exclusive Interview Robert Botcheck, founder and owner of Tableau, joins us today.  Tableau, makes some of the most popular and reasonably priced write-blocking devices.  Their newest product is a software imaging program that promises such features as multi-threading and sequential scheduling.  Check out the interview for more information. Website of the Week  - The Macintosh Forensics Podcast SecuraBit Episode 49: ConFoo.ca! SecuraBit Episode 49:  ConFoo.ca! Podcasters Meetup - http://www.podcastersmeetup.com/ ShmooCon - Saturday Evening @ 8PM SANS Discount Code SB508 - Free GCFA attempt when using this link. Philippe Gamache: Day job is focused on secure programing, developer training and code audit. About ConFoo.ca: -New conference about web technology -PHP Quebec Conference offshoot -Get all the user groups in the Monteral area together to share information -8 Separate tracks at the time ShmooCon FireTalks Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/ Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling  – @chrisgerling Nicholas Berthaume - @aricon Andrew Borel –  @andrew_secbit Guests: Philippe Gamache - ConFoo.ca - @SecureSymfony Chat with us on IRC at irc.freenode.net #securabit Links: ConFoo.ca - http://www.confoo.ca/en PaulDotCom Security Weekly - Episode 184 Part 1 - January 21, 2010 The PaulDotCom crew go one on one with an FBI agent, no handcuffs this time! No really, it sucks. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Episode 21 Woot.com, Hack Challenge, @dave_rel1k and SET This is the 21st episode of the Security Justice podcast recorded January 20, 2010 live at Damons Grill in Independence, OH. This episode was hosted by Tom, Dave, Matt and Chris with special guests Dave Kennedy creator of the Social Engineer Toolkit (SET) and Shawn Miller from Woot.com. Music as always provided by dualCORE. Thanks [...] PaulDotCom Security Weekly - Episode 183 Part 2 - January 14, 2010 Google/China/Auora crapola, security stuff, fixing the real problems. This week we all road the FUD train Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: Exotic Liability 46: Ninja Grillz -Rafal Los is a Ninja Gangsta -Web Scanners -US getting hacked isn't new -iQuake, app for quake victims -Tons, I do mean tons, more CyberSpeak January 24, 2010 This week on CyberSpeak, Bret or Ovie are both regretful that they are not going to the DoD CyberCrime Conference. CyberSpeak is not on STITCHER. Now you can listen to the latest show, on demand from your cell phone. You can also go directly there by going to this link http://stitcher.com/listen.php?fid=11119 Bret and Ovie briefly discuss Apple's big announcement, everyone is thinking it is the ipad/slate. Bret says he don not know exactly what it is but he is getting one....with his wife's permission.  Listener Email - Tom sent us an email saying : Hi fellas, and suggest we check out his UK forensic blog called Happy as a Monkey.  In the news, Forensic Focus have compiled a directory that details all the academic institutions worldwide that offer computer forensics courses.  We discuss an interesting murder trial in Waco TX that has some great forensics work, nice job to the forensic examiner, Neal Kersh. We also discuss a Twitter Jokester being banned for life from an airport after twittering "Robin Hood airport is closed," he wrote. "You've got a week and a bit to get your shit together, otherwise I'm blowing the airport sky high!!" We also talk about Secretary of State Hillary Clinton's speech last week where she said that her department will introduce several initiatives aimed at fighting Internet censorship. Clinton said: Those who disrupt the free flow of information in our society pose a threat to our economy, our government and our civil society. Countries or individuals that engage in cyber-attacks should face consequences and international condemnation. Last, we talk about the latest Microsoft vulnerability that affects all 32 bit versions of Windows 7, Vista, XP, 2000, and Server 2003 and 2008. Our Web Sites of the week are https://www.mobiledefense.com and http://www.domystuff.com. PaulDotCom Security Weekly - Episode 183 Part 1 (for real) - January 14, 2010 Didier Stevens comes on the show to talk about PDF hacking! Chicken Corn Noodles are a valid PDF document Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 182 Part 2 - January 7, 2010 Mick walks us through sneaky web crawling, GSM & DECT cracked, and more stories and tech news! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: CyberSpeak January 17, 2010 Listener Email  - PGP released PGP10 with one license for all operating systems  - Expunging data vs destruction of data  - Reaction of the industry to push-button tools like Paraben's Porn Detection Stick News and Commentary Google Grows a Pair Last week brought computer security into the spotlight when Google announced it was no longer going to abide by the Chinese censorship rules and might be pulling out of China all together.  This news was closely followed by reports that Google, and many other US companies, had their computer networks compromised by agents of the Chinese government. Exclusive Interview Didier Stevens joins us this week to talk about some of his recent forensic tools and research, including the changes to the UserAssist registry keys in Windows 7 and his malicious PDF tools.  He speaks about some of his other tools like his SafeMode restore tool. Website of the Week L5 Technology Stitcher.com WoanWare Exotic Liability 45: The Couch -The Goog vs China -Haiti -Vegas -CES -Dogs Invade -Porn and plot lines -Upcoming Cons -Tons More SecuraBit Episode 48: Shmoocon (The Big Cheese) and PhoneFactor! Hosts: Anthony Gartner @anthonygartner Christopher Mills @thechrisam Jason Mueller - @securabit_jay Chris Gerling  @chrisgerling Guests: Bruce Potter - Shmoocon - @gdead Steve Dispensa - CTO and Co-founder of PhoneFactor - http://www.phonefactor.com/about/management-team/steve-dispensa/ @dispensa Marsh Ray - PhoneFactor - @marshray Recent goings on: If you are going to Cybercrime contact Jason Mueller (@securabit_jay) and see if he wants to meet up! Sean Hausauer and David Shpritz join the crew!  Check out their blog postings! SANS vLive! January 26, 2010 @ 2PM EST  - Joshua Wright - Wireless Security (1 hour) Use coupon code SECURABIT for $20.00 registration fee. Regularly $495.00 http://www.securabit.com/2010/01/13/sans-vlive-with-joshua-wright/ First Guest - Bruce Potter - Shmoocon - @gdead Logistics of putting on a conference. New events! Ticket sales process is constantly evolving. Wardman Park in 1920's:  http://www.shorpy.com/files/images/29398u.jpg ShmooCon 2010 FireTalks:  http://www.novainfosecportal.com/2010/01/06/shmoocon-2010-firetalks/ Podcasters Meetup:  http://www.podcastersmeetup.com/ PhoneFactor: How to fix SSL/TLS in software The process of working with vendors to get a solution implemented. Project Mogul End: Join us on January 27, 2010 when we speak with Phillipe Gaumeche about the ConFoo.Ca conference. Chat with us on IRC at irc.freenode.net #securabit Links: Shmoocon - http://www.shmoocon.org/ PhoneFactor - http://www.phonefactor.com/ Not on the air: Andrew Borel @andrew_secbit Exclusive Interview with the BackTrack 4 Development Team Have you ever wondered where BackTrack came from? Want to know how new editions of our favorite pentesting tool come about? Join us as we talk with muts, balding_parrot, pure_hate as well our panel and special guest and web developer DigiP.This exclusive will be one to remember. Episode 26 Make Mine a DECAF DECAF, Into the Boxes, Computers in Every Home, Inside the Core, and Cybercrime 101. PaulDotCom Security Weekly - Episode 182 Part 1 - January 7, 2010 Bruce Potter comes on the show to talk about the death of defense in depth, full disclosure, netflow analysis, trusted computing, and Lard. Because sometimes you just need pure lard. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez NLP, SE and Manipulation Secrets Revealed Join us as we reveal some of the secrets that are widely used in marketing. From social engineering tactics, NLP secrets and manipulation strategies are now unmasked. We join forces with NLP and SE Expert Brad Smith to discuss these hot topics. Exotic Liability 44: A New Year of Terrorism -Hezbolla -Epic failures -TSA -The system works -Voicemail -Facebook Apps -A TON more PaulDotCom Security Weekly - Episode 181 - December 23, 2009 John analyzes Windows firewall logs, and they guys discuss yet even more mitigations that don't work, laugh at the "top 5 essential patches of 2009", and hacking ATMs. Merry Christmas From Everyone At PaulDotCom Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez CyberSpeak January 3, 2010 Thanks for all the Decaf feedback News and Commentary Digital Forensic Research Challenge Results are in from the DFRWS Forensics challenge. This year contestants look at forensics of a Sony Playstation. GSM Vulnerability Released At the recent 26th Computer Chaos Conference Chris Paget and Karsten Nohl presented a new crack in the GSM armor. By using an equivalent of rainbow tables they can economically crack GSM encryption. Exclusive Interview Ovie interviews CEO of Paraben Forensics, Amber Schroader.  Schroader talks about and what's going on at Paraben and what we have to look forward to! Website of the Week iFixIt.Com - Repair manuals, now for FREE! Anti-Forensics for Mac OSX from BlackHat DC PaulDotCom Security Weekly - Episode 180 Part 2 - December 17, 2009 Using OSVDB to find vulnerable software, SQL injection by example, Fake Steve jobs article enlightens the PaulDotCom crew. Warning: Contains explicit language! High alcohol content beer makes for interesting podcasts Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 180 Part 1 - December 17, 2009 Deviant comes on the show and we talk about locking picking, bumping, and raking! Make sure you visit the show notes page for this episode to get the Powerpoint slides and videos associated with the interview! Deviant ready for the PaulDotCom Interview Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 43: An Exotic Christmas - Brittney Murphy - Sky Hacking - Gates calls in - Security, it's nothing new - Bad Santa - And more PaulDotCom Security Weekly - Episode 179 Part 2 - December 11, 2009 Paul calls out Bruce Schneier, Ping Of Death returns, don't trust the devil on the inside, cloning fingerprints, and Paul makes the D-list! The Devil is not only in the details, its on the inside. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Episode 20 Shmoocon 2010 Interview with Bruce Potter (@gdead) This is the 20th episode of the Security Justice podcast recorded December 16, 2009 live at Damon’s Grill in Independence, OH. This episode was hosted by Tom, Dave and Chris with very special guest Bruce Potter founder of the Shmoo Group. * Photo of Bruce and Heidi from album.textfiles.com.Bruce talks to us about Shmoocon 2010, [...] SecuraBit Episode 47: Double Dutch! Listen in as we interview 1Password and NetWitness!Dave Teare - Co-Founder of 1PasswordAgile Web Solutions' 1 Passwordhttp://agilewebsolutions.com/products/1PasswordQ'sWhat was the motivation to create 1Password?There are two key chain types that are used. Why the switch to the other one?When will we be able to sync across the iphone cord? (Edge/3G) 8.02.11 BGA typeAre there plans to port 1Password to Win/Lin platforms? 1password Anywhere?Is there a way to import from other password managers? CSV formatwhat is the difference between the 1password pro and the touch pro?http://help.agile.ws/1Password_touch/pro_vs_standard.htmlWhat is the diffrence between 1Password and 1Password Pro?Who actually maintains the twitter account?Find out more at http://get1password.comNetWitness - Eddie Schwartzhttp://www.netwitness.com/Q'sHow long have you been with NetWitness?http://download.netwitness.com/http://download.netwitness.com/download.php?src=DIRECTGoogle Earth integration - Very Cool!!What OS will the free or paid version work on and will it work from within a VM?What does netwitness do at the layer 7 level?Join us in IRC at irc.freenode.net #securabitHosts:Anthony Gartner @anthonygartnerChristopher Mills @thechrisamJason Mueller - @securabit_jayAndrew Borel @andrew_secbitGuests:Dave Teare - 1PasswordEddie Schwartz - Netwitness CyberSpeak December 20, 2009 Listener Email - Lots of email this week regarding the DECAF product and Interview - Ovie is not against transparency, just wants responsible disclosure Exclusive Interview Michael, one of the creators and developers of DECAF product spills the beans to Ovie. News and Commentary DECAF There's been a lot of coverage of this, most of it bad. But we've compiled a list of accurate stories for ya:     - Lots of media coverage, most bad, but a few good sources:     - Harlan Carvey's Windows IR     - Forensics Focus     - Digital Forensic Investigator     - Praetorian Prefect         - Reactivating DECAF in two minutes Collection of Evidence From the Internet Todd Shipley over at DFI News has a great article about collecting evidence from the Internet. Scientific Working Group on Digital Evidence (SWGDE) The folks over at SWGDE have done some great work on creating standards and strenthening the handling of digital evidence.  Check out their recommendations and responses to other industry movments at their website. Also check out the Forensics Certification board at http://www.ncfs.org/dfcb. Website of the Week  Ovie: http://www.mint.com/ - Best free way to manage your money. Basically an online Quicken  Bret: http://www.dfinews.com/ - Great resource for forensic news Check out Friends in Tech's Geek Christmas Story! PaulDotCom Security Weekly - Episode 179 Part 1 - December 11, 2009 Its Larry's Birthday! Spankings ensue, radio frequencies are snooped upon for pager traffic, beer is consumed, cigars are smoked. Special guest Ben Jackson! On The Airways, Stealin' Your Info Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez CyberSpeak Exclusive Decaf Interview Full interview of Developer of Decaf PaulDotCom Security Weekly - Episode 178 Part 2 - December 4, 2009 Pauldotcom crew talks about Nessus 4.2, Point-of-Sale security woes, Dave K. dials in again, and more! "Security FAIL" Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 42: Tom Brennan -Delchi starts off the show -Tom Brennan talks OWASP Top10 -And more of the offensive security you love CyberSpeak December 13, 2009 Only 9 shopping days until Christmas!!. In today's show Ovie lets slip details from his latest incident response job, Bret interviews Simson Garfinkel, and lots of great forensics talk. And at the end, Ovie tells you how you can save your marriage! Website of the Week Ovie: http://www.familylife.com - Check out great holiday romance ideas Bret: Check out the Digital Forensics wave on Google Wave, search for "with:public forensics" SecuraNibble Episode 03 - Security Hour on IMP SecuraNibble Episode 03 - Security Hour on IMP This SecuraNibble is released out of band is an extra episodeoutside our normal releases.  This SecuraNibble is the recording of theconversation that happened on The International Mac Podcast held duringtheir 12 Cubed event held on December 12, 2009.  The conversation was ageneral security round table held between our own Anthony Gartner, and panel of 4 other security pod-casters.  The panel of pod-casters include Bart Busschots of the International Mac Podcast, George Starcher of Typical Mac User Podcast, and the one and only Paul Asadoorian of PaulDotCom.com fame. This SecuraNibble is not an extremely in depth and geekyconversation but one that covers a lot of general information and itapplies to all operating systems not just the mac. PaulDotCom Security Weekly - Episode 178 Part 1 - December 4, 2009 The PaulDotCom crew interviews Christ Brenton and talks about firewalls, perimeter protection, and cats in the office. "Firewalls Are Still HOT" Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 41: That's My Face -Cyborg Bruce -Passwords are easy -7 Scam Principles -SE -and more! CyberSpeak December 6, 2009 Show Notes for December 6th 2009, we have a great show for you today. Today we have an interview with Brian Karney the COO of AccessData.  Brian talks with us about FTK 3.0 and support for Helix. Ovie makes a stunning confession, listener email, new important changes to Rule 41 of Search and Seizure, Passware Kit 9.5 Decrypts BitLocker Hard Drives, Supports PGP, and Windows 7. Web Sites of the Week: http://www.zagg.com/accessories/zaggsparq.php http://ralphlosey.wordpress.com - great resource for legal cyber information http://audiko.net/ PaulDotCom Security Weekly - Episode 177 Part 2 - November 27, 2009 The PaulDotCom crew talks about the differences between exploit frameworks, how we overcome our handicaps, and we rock the kung fu because you hacked my master! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez SecuraBit Episode 46 Making a Faster and Safer Web with Billy Hoffman SecuraBit Episode 46 Making a Faster and Safer Web with Billy Hoffman Details of the Academy Pro Deal New affiliation with the Academy Pro Old podcasts at http://www.theacademypro.com/podcasts.php Help people have a better user experience on the web. Zoompf -Billy's new company Common Mistakes on Low Performing Websites What is the best CMS to use. How the report on Zoompf is being run currently. New cameras and metadata http://en.wikipedia.org/wiki/Exchangeable_image_file_format -how much does the extra metadata take up in a file? AT&T service and coverage The origin of the name Zoompf Link farms and domain squating ICANN IPV6 ShmooCon Upcoming Events http://www.google.com/calendar/ical/pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com/public/basic.ics http://www.security-twits.com/ Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner @anthonygartner Chris Gerling  @chrisgerling Christopher Mills @thechrisam Jason Mueller - @securabit_jay Andrew Borel @andrew_secbit Guest: Billy Hoffman - @zoompf - http://zoompf.com/blog/ Framing - Alter the Reality Frame We discuss the aspect of framing from a very unique perspective. Join us as we delve into the depths of framing and see how we use it in our daily lives and what we can learn from a Harvard Math Genius. Episode 25 The Little iPhone Worm That Could The iPhone has worms, more COFEE news, bitlocker broken, and Android Forensics CyberSpeak November 29, 2009 CYBERSPEAK Notes - November 29, 2009 This week in Listener Email, we talk about an alternative way our friends in DOD can listen to the show - Just call (510) 495-6339 and you will hear the latest podcast over the phone. Twitter as a life line for information during Ft Hood shooting, more on Internet connected jury members and online recon when choosing juries. In the news we discuss Virus planting porn and there is nothing wrong with working with defense. This weeks Interview with Drew Fahey - formerly from e-Fense, maker of Helix, now with BLACKBOX. **************Web Sites of the Week: Ovie: http://sixminutes.dlugan.com - A great public speaking website Bret: www.lala.com - listen to any song full length...one time PaulDotCom Security Weekly - Episode 177 Part 1 - November 27, 2009 The PaulDotCom crew interview Chris Hoff and talk about security in the real world, the cloud, cigars, and martial arts! "Don't Hassle The Hoff" Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 176 Part 2 - November 19, 2009 Paul talks about building a security lab on the cheap, and a SPECIAL GUEST APPEARANCE!!! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Episode 19 Epic Interview with Jason Scott (@textfiles) This is the 19th episode of the Security Justice podcast recorded November 18, 2009 live at the Chris Clymer Bar & Grill (his basement actually). This episode was hosted by Tom, Matt, Dave and Chris with very special guest Jason Scott from textfiles.com (picture of Jason in this post courtesy of roy-sac).Jason is probably the [...] SecuraBit Episode 45 More on DOJOCON SecuraBit Episode 45 More on DOJOCON Marcus J Carey discusses MetaSponse tool to be released inmid-December. This uses the MetaSploit Framework for Incident Response. Metasploit Framework 3.3  Released! http://blog.metasploit.com/2009/11/metasploit-framework-33-released.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+metasploit%2Fblog+%28Metasploit+Blog%29 Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner @anthonygartner Chris Gerling  @chrisgerling Christopher Mills @thechrisam Jason Mueller - @securabit_jay Andrew Borel @andrew_secbit Guest: Marcus Carey @marcusjcarey Links: DojoCon - http://www.dojocon.org/ Hackers for Charity - http://www.hackersforcharity.org/ hak5 - http://www.hak5.org/ NoVA Hackers - http://groups.google.com/group/novahackers dojosec @ USTREAM http://www.ustream.tv/dojosec White Wolf Security - http://www.whitewolfsecurity.com/ ShmooCon 2010 - http://www.shmoocon.org/ Netwars Competition - http://www.sans.org/netwars/ International Spy Museum - http://www.spymuseum.org/ Cyber Forensics: Digital CSI - http://spymuseum.org/programs/calendar_pages/2009/q4/2009_12_01_prog.php http://hashtags.org/tag/roachesmustdie CyberSpeak November 22, 2009 Show Notes Here Soon.. PaulDotCom Security Weekly - Episode 176 Part 1 - November 19, 2009 In Part one of the episode we interview the CTO of Cenzic, Lars Ewe. Paul butchers the pronunciation of his last name, but Lars sticks around to talk shop, discuss web application vulnerabilities, same origin polices, and the recent controversey over the latest trends report. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Select Talks from ISS2009 Now Available for Download We have uploaded the audio recording of select talks from the Ohio Information Security Summit that took place October 29-30, 2009 in Cleveland, Ohio. There is a separate RSS feed for these talks located here. If you are using iTunes you can simply use the RSS feed to download all the talks, it’s different then [...] SecuraBit Episode 44 - Dennis Hurst and Movember! SecuraBit Episode 44 Guest Interview:Dennis Hurst, Senior Application Security Architect at HP Software &Solutions and a founding member of the Cloud Security AllianceDiscussion of security and Agile development.Scaling agile requires feedback mechanisms and strong visibilityhttp://h71028.www7.hp.com/enterprise/us/en/messaging/feature-software-scale-agile.htmlHP Application Security Centerhttp://www.hp.com/go/stophackersCloud Security Alliancehttp://cloudsecurityalliance.orgMovember: Chris Gerling and Andrew Borel represent SecuraBit!http://us.movember.com/mospace/99916 (Chris)http://us.movember.com/mospace/361416/ (Andrew)Join us in IRC at irc.freenode.net #securabitHosts:Anthony Gartner @anthonygartnerChris Gerling @chrisgerlingChristopher Mills @thechrisamAndrew Borel @andrew_secbitGuest:Dennis HurstLinks:Movember - http://us.movember.com/Donate to Security Podcasters Alliance - https://www.movember.com/us/donate/your-details/team_id/997Security podcasters get hairy for charity - http://www.securecomputing.net.au/News/159403,security-podcasters-get-hairy-for-charity.aspx PaulDotCom Security Weekly - Episode 175 - November 12, 2009 The PaulDotCom crew talks about DNS enumeration, network packet analysis with Xplico, spilled COFEE, Pwning your own ATM machine, and more! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 40: The CN vs .cn - China stories galore - Walmart, No questions asked - France takes it again - ELCon?!?! We need your input! CyberSpeak November 14th 2009 Welcome to CyberSpeak, your computer forensics, computer security, and computer crime podcast.  I am Ovie Carroll, and I am Bret Padres, today is November 14st 2009, and we have a great show for you today.  We have a short show for you this week.  Ovie's on vacation but we are trying not to miss another week so we thought we would bring you a shorter show rather than missing a week.   **************Administrative Ovie That's right, as we speak I am touring around in the mountains of North Carolina and Tennessee.  me the wife and the dog     **************Listener Email   Jim - What affect do you see the buzz word "Cloud Computing" having on computer forensics. Incident Response Identify Social Networking, chat clients (twitter and others) web based email, file storage space, etc identify and issue preservation order **************News   http://www.star-telegram.com/local/story/1719591.html The Texas Department of Public Safety plans to reduce its "unacceptable" backlog of computer examinations that are crucial in child pornography investigations, agency Director Steven C. McCraw announced Wednesday.  Currently, 45 examinations are pending at the crime lab, and about half of those involve possible child pornography, according to DPS. Each examination takes 30 days to several months, depending on the cases complexity. The agency has not set goals on how quickly it hopes to complete examinations because each is different, said Tom Vinger, a DPS spokesman. Some agencies are actually outsourcing some of their forensic work which i think can be a good thing. www.google.com/dashboard   **************Tech Topics   File Saving saving process. See Documentation at the following links: Documentation of Creating File 1 Documentation of Creating File 2 See Chart of File Creation Watch the movie of how I did it.   **************Web Sites   www.bringfido.com www.informationleak.net PaulDotCom Security Weekly - Episode 174 Part 2 - November 5, 2009 Larry finishes up a tech segment on Mass 0wnage with Jaseger and complimentary tools, and we discuss the stories of the week, including why MS patch Tuesday is a bad idea and tons of other hacks, tips, ticks, and security fail. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Episode 24 No Good Crying Over Spilled COFEE In this episode Lee and Simon discuss COFEE, CRB checks, more stupid Texas laws, and Johnny Long joins us to talk about Hackers For Charity. Exotic Liability 39: Marcus J. Carey Marcus J. Carey joins us DojoSec/DojoCon Mitnick bashing Tigerteam is bullshit Giving earns respect A new meaning to ATM PaulDotCom Security Weekly - Episode 174 Part 1 - November 5, 2009 The PaulDotCom Crew interviews Ethan Galstad, the founder of Nagios open source project! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Cyber Speak November 7, 2009 Today on Cyberspeak we have an interview with Matt Shannon from f-Response about the new, soon to be released Tactical edition of f-Response. Ovies on Google Wave - but no one else is. Listeners email, Windows 7 sold over 200% more in first week of sales than Vista. Sofos lab says you still need to run anti-virus on Windows 7. Microsoft, in the Microsoft Security Intelligence Report released yesterday, stated that "The infection rate of Windows Vista SP1 was 61.9 percent less than that of Windows XP SP3." Firefox 3.6 Beta (for Mac Win & Lin) is out for those who like living on the edge and for those forensic examiners that like testing new versions to identify .  Forensic Evidence Secures Death Penalty-Gang Members use Social Networking Too.  IC3 reports increase in compromise of user's online banking credentials target commercial bank accounts The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee by a vote of 15-5 The bill would required notifications of not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service (not FBI). It would establish a new Office of Federal Identity Protection within the FTC. Let's get ready to Rumble earns 400 million in IP revenue. Web Sites of the Week: http://statbrain.com http://www.searchlores.org/defpasslist1.htm  Security Justice Special Edition Interview with Richard Bejtlich (@taosecurity) In this special edition of Security Justice we interview Richard Bejtlich at this year’s Ohio Information Security Summit. Richard is the Director of Incident Response for General Electric. Prior to joining GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation’s Computer Forensics and Intrusion Analysis division, investigated intrusions [...] Security Podcasters Go the Mo for Mens Health The biggest names in security podcasting (talk about star power!!) are shaving down for charity, raising money for men’s heath in November.“Movember” participants have 30 days to grow a moustache from a clean shave, while earning support from friends and family in the form of donations. All money raised supports men’s health issues including prostate [...] PaulDotCom Security Weekly - Episode 173 Part 2 - October 29, 2009 The sock puppets talk about letting your users access the Internet, bad Internet users, bad! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Pretexting - Not just for social engineers anymore Pretexting is one of the key components of social engineering. When we decided to search out a professional radio host we never thought we would meet one as dynamic and intriguing as Tom Mischke. Join us as Tom helps us to analyze a side of pretexting we rarely consider. Exotic Liability 38: Jayson Street - Jayson E. Street - Dissectingthehack.com - The return of Skype - Dale and Delchi call in - Tech problems make Laz3r cry - Infosec Camps - Sharing Info - It's a community - Strippers to hackers program CyberSpeak Nov 1, 2009 Today Ovie and Bret talk about SANS What Works in Incident Detection, SSD Drives, Data Breach Notification Laws, Rob Lee in Computer World, Tips for the Courtroom, Interview of Joseph Mykytyn from Sky Catcher Solutions, and Linux Boot Disk Forensics Research. Web Sites of the Week: http://www.zdziarski.com/projects/amberalert/ http://ceevee.com/ http://www.bing-vs-google.com/ PaulDotCom Security Weekly - Episode 173 Part 1 - October 29, 2009 Paul, Larry, John, Mick, and Carlos are joined by a wide array of guests, including Anthony Jacobin (talking about Barcrawl a tool for scouring pastebin for interesting stuff), the entire Security Justice crew, Jack Daniel, and last, but not least (at least that's what we tell him) intern Darren! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Special Edition Jayson Street and Dissecting the hack: the f0rb1dd3n network This special edition was recorded during the 7th Annual Ohio Information Security Summit. Jayson Street is the author of a book titled “Dissecting the hack: the f0rb1dd3n network”. Jayson updates us on the recent controversy regarding the plagiarism by the technical editor of the book. You can check out the book review by Wesley [...] PaulDotCom Security Weekly - Episode 172 Part 2 - October 22, 2009 Paul, Mick, Larry (and the "intern", and Carlos talk about a tech segment on Jaseger, and we unlock that magic that was gifted to us by unicorns. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Episode 18 Louisville InfoSec, Rapid7, Interview with Wesley McGrew This is the 18th episode of the Security Justice podcast recorded October 21st 2009 live at Mavis Winkles Irish Pub. This was the last episode recorded at Mavis Winkle’s. Apparently, they can’t handle any more of the “justice”. This episode was hosted by Tom, Matt, Dave and Chris with special guests Wesley McGrew from McGrewSecurity.com [...] SecuraBit Episode 43 The Academy Pro SecuraBit Episode 43 The Academy Pro Guest Interview: Peter Giannoulis of The Academy Pro Metasploit Rising http://blog.metasploit.com/2009/10/metasploit-rising.html WordPress 2.8.5: Hardening Release http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/ Blubrry PowerPress Podcasting Plugin for WordPress http://www.blubrry.com/powerpress/ Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/ Google Voice voicemails appearing in public search results http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/ TweetDeck http://www.tweetdeck.com/beta/ Porn, CSS History Hacking, User Recon and Blackmail http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/ Windows 7 http://www.microsoft.com/windows/ Magic Mouse http://www.apple.com/magicmouse/ Quick Shell Script to Extract Contents http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-extract-contents.html Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner @anthonygartner Chris Gerling  @chrisgerling Christopher Mills @thechrisam Andrew Borel @andrew_secbit Guest: Peter Giannoulis Links: The Academy Pro - http://www.theacademypro.com/ The Academy Home - http://www.theacademyhome.com/ Don't forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery PaulDotCom Security Weekly - Episode 172 Part 1 - October 22, 2009 Paul, Mick, Larry (and the "intern", and Carlos talk Flash vulnerabilities with the expert web application security engineer from HP Prajakta Jagdale, tech segment on Jaseger, and we unlock that magic that was gifted to us by unicorns. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 37: Social Security Engineer -Tool Runners -Information Gathering -Social Security Engineers -Mistreating Strippers CyberSpeak Oct 25 2009 We're BAAAACCCKKK! After a summer hiatus we are back in the studio again. Catch up on what we have been doing while we were gone, why Bret did this podcast in the nude, how Bret used F-Response to boot a LiveView image across the network, FTK 3.0, some iPhone apps, and web sites of the week. We missed you and glad to be back. Send us email at cyberspeak at gmail dot com. SPECIAL THANKS to George Starcher for doing our audio!!! Security Justice International BBQ Edition Nick Owen (@wikidsystems) This special edition was recorded during our 1st annual International BBQ podcast.Nick Owen is CEO of WiKID Systems a open source two-factor authentication solution. Nick talks to us about the WiKID solution, how it works and why it’s better then most expensive two-factor authentication solutions. Be sure to check out the rockin’ Python based command [...] Episode 23 The Butt of Everyones Jokes e-fense, porn hacking, stupid criminals, and John McCash joins us to talk about certifications. Security Justice International BBQ Edition Chris John Riley (@ChrisJohnRiley) and Robin Wood (@digininja) This special edition was recorded during our 1st annual International BBQ podcast.Chris John Riley is a penetration tester and well known security blogger currently located in Austria. Robin Wood is from the UK and is the creator of many well known open source security projects includingJasager, the Interceptor and KreiosC2. Find out more about Chris [...] Exotic Liability 36: Money Shot -Read your scans -Tools can't do it all -Fun with Phishing -Web Server drops -Free in-flight TV -SecTor sniffing PaulDotCom Security Weekly - Episode 171 - October 15, 2009 Paul, John, Larry, and Carlos gather around some beer to talk about Microsoft patches, John does a tech segment on Windows Prefetch, and we discuss possibly the most hilarious and disgusting story ever on the show! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: SecuraBit Episode 42 - Phreaking Sweet Con in TN. SecuraBit Episode 42 Phreaking Sweet Con in TN. Phreaknic 13 October 30 November 1 2009 Phreaknic Curse CCTV throughout hotel, great + for attending the con Ware Chair Toss Firing a jet engine in the parking lot. Four Tracks 1 Cumberland (Main ballroom) 2 9th Floor (Vendor Area) 3 Cafe Area (Gaming) 4 Contest Area Size of conferences ShmooCon Running Conferences #RoachesMustDie from ShmooCon 2009 via Security Justice http://www.youtube.com/watch?v=6FsuvbGJ6f4 Microsoft Security Essentials - http://www.microsoft.com/security_essentials/ Google Wave - http://wave.google.com/help/wave/about.html New iTunes Store - http://www.apple.com/itunes/ Hotmail, Yahoo, and Gmail email passwords exposed - http://www.cso.com.au/article/321185/gmail_yahoo_mail_join_hotmail_passwords_exposed 1password - http://agilewebsolutions.com/products/1Password iKeepass - http://ikeepass.de/ Inside the URLZone Trojan Network - http://www.threatpost.com/blogs/inside-urlzone-trojan-network-105 Metasploit hiring in Austin, TX Rockstar QA Engineer Needed - http://austin.craigslist.org/sof/1410600092.html jQuery/Ruby Ninja Needed - http://austin.craigslist.org/sof/1410620402.html New version of Pocket God for the iPhone Hacker Consortium - http://hackerconsortium.com/ hack.rva - http://twitter.com/hackRVA - http://hackrva.org/ TechShop - http://techshop.ws/ Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner @anthonygartner Chris Gerling  @chrisgerling Christopher Mills @thechrisam Andrew Borel @andrew_secbit Guest: SkyDog Links: Phreaknic 13 - http://www.phreaknic.info/pn13/ PaulDotCom Security Weekly - Episode 170 - October 9, 2009 Paul, John, Larry, Mick, and Carlos all apear on the show and we're MAD AS HELL and we're not going to take it anymore! Larry does a great technical segment on username harvesting from Social Media. The crew then discusses the latest computer security news such as Moxie's trouble with Paypal, Netgear's new "killer router", watching your logs, and much more! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 35: Long Awaited Return -EL is back! -Outage Explained. -Brucon, and lots of it. -M$/Danger Fail. -Much much more. Security Justice International BBQ Edition Frank Breedijk (@autonessus) This special edition was recorded during our 1st annual International BBQ podcast.Frank Breedijk is the creator of AutoNessus which automates regular Nessus scans and provides delta reporting. Frank also talks about good beer, the European hacking scene, HAR, international hacking/privacy laws and more! If you want to find out more about Frank you can find [...] SecuraBit Episode 41 - Speaking of Cons, and forensics... SecuraBit Episode 41 - Speaking of Cons, and forensics... Part 1: Marcus Carey Dojocon - http://www.dojocon.org/ - @dojocon November 6 & 7, 2009 Capitol College Maryland Part 2: Scott Moulton http://www.microforensics.com/pages/software-mercury.php (link below) blackberry stuff: bitpim Hosts: Chris Gerling  @chrisgerling Jason Mueller @securabit_jay Andrew Borel @andrew_secbit Anthony Gartner   AnthonyGartner.com - @anthonygartner Guest: Marcus Carey - http://www.dojocon.org/ - @dojocon Scott Moulton - http://www.myharddrivedied.com/ Links: Dojocon - http://www.dojocon.org/ - @dojocon Mercury - http://www.microforensics.com/pages/software-mercury.php BitPim - http://www.bitpim.org/ Interrogation and Social Engineering This month we are interviewing ex-Law Enforcement agent Matt Churchill. He has experience in interrogation and interview tactics. SecuraBit Episode 40 - Paul WHO???? SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx Microsoft Security Bulletin MS07-063 - http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx Renaud script to go from Nmap to Nessus Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus) Intro Questions: Who are you, and what are you doing on THIS podcast? Tell us about the PaulDotCom podcast (Ive talked to SecuraBit listeners who have never heard of PDC) How long have you been using Nessus? When did you start working for Tenable? What is your role at Tenable? Nessus Questions: Whats new in this version of Nessus? Are changes driven primarily by Tenable, or the community? What does Nessus use for a scanning engine? How does Nessus interact and work with Nmap? Explain Nessus licensing and what an individual vs a corp is entitled to. How much is a license? Cost of proffesional feed = $1200.00/year Home feed no longer a delay, no SCADA plugins How does Nessus differ from OpenVAS? Can you use the OpenVAS repo with Nessus? Talk about the extensibility of Nessus. (Scripting, etc) How does Nessus work with OVAL definitions? How does this help for FDCC compliance? Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus? Implementation and Operation questions (How Paul Does Things): Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why? Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff? How often do you scan (and re-scan) a network? How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT) Are results parse-able and able to be fed into compliance and risk management tools? Other Questions: When is the next PaulDotCom episode? What are the topics/guests? What is your favorite beer? Hosts: Anthony Gartner AnthonyGartner.com @anthonygartner Christopher Mills @thechrisam Andrew Borel @andrew_secbit Ed Smiley - @edsmiley Guest: Paul Asadoorian - @pauldotcom - http://www.pauldotcom.com Links: Nessus - http://www.nessus.org/nessus/ Tenable Network Security Blog and Podcast - http://blog.tenablesecurity.com/ PaulDotCom Security Weekly - Episode 169 Part 2 - September 25, 2009 In Part 2 of this episode we interview Thomas Wilhelm! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Episode 22 Captain Forensics vs. Jonathan Parker FTK3, the IWF, Drive Prophet, and Mike Jasorka PaulDotCom Security Weekly - Episode 169 Part 1 - September 25, 2009 In this episode we announce the winners of the Network Forensics Puzzle, do a technical segment on using encryption and good passwords together, and discuss the stories of the week! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice Episode 17 Pokens, CUDA, Physical Security Exercises, Makerbots, Hawt Chicks This is the 17th episode of the Security Justice podcast recorded September 16th 2009 live at Mavis Winkles Irish Pub. This episode was hosted by Tom, Matt, Dave and Chris with special guests Tony Macisco and much0mas. Music provided by dualCORE and Pokens provided by PokenZoo.com. Did you know we have a Facebook Fan Page? [...] PaulDotCom Security Weekly - Episode 168 - September 17, 2009 Rowin' with the anchor up behind the firewall! In this episode we talk to Ryan Dewhurst, the author of Damn Vulnerable Web App, a distrobution that is insecure and secure all at the same time! We also talk about all kinds of security fail, introduce a studio guest, and more! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Security Justice International BBQ Edition James Arlen (@myrcurial) FINALLY! It’s edited and posted!This special edition was recorded during our 1st annual International BBQ podcast. This is our second attempt interviewing James Arlen (@myrcurial) who is a Infosec Geek, Hacker, Social Activist, Author, Speaker and Parent. James was recently a speaker at Notacon 6, DEFCON 17 and HAR. You can watch his recent talks [...] Exotic Liability 34: Social-engineer.org In this episode:- A chat with the founders of social-engineer.org PaulDotCom Security Weekly - Episode 167 - September 11, 2009 This week we interview Moxie Marlinspike of thoughtcrime.org to speak about hitchhiking and breaking SSL! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez SecuraBit Episode 39 - Stealing candy from little kids everywhere!!! SecuraBit Episode 39 Stealing candy from little kids everywhere!!! Jay brought up that some government web sites will be switching to an http://openid.org authentication What Does DHS Know About You? - http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you How to request your travel records - http://www.hasbrouck.org/blog/archives/001607.html TwiGUARD - http://twiguard.com/index.html TweetDeck - http://tweetdeck.com/beta/ MS IIS FTPD DoS ZER0DAY - http://www.milw0rm.com/exploits/9587 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. - http://www.milw0rm.com/exploits/9594 Poison Ivy Remote Administration Tool - http://www.poisonivy-rat.com/ FRHACK: Pentesting Live DVD - http://pentestit.com/2009/09/09/frhack-pentesting-livedvd/ Upcoming Events: SANSFIRE 2009 - http://www.sans.org/sansfire09/ Baltimore, MD - June 13 - 22, 2009 Phreaknic 13 - http://www.phreaknic.info/pn13/Site_2/Welcome.html October 30 - November 1 2009 SANS Cyber Defense Initiative - http://www.sans.org/cyber-defense-initiative-2009 Washington, DC - December 11 - 18, 2009 ToorCon - http://www.toorcon.org/ San Diego Convention Center -  October 23rd-25th, 2009 Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner http://www.anthonygartner.com @anthonygartner Chris Gerling http://www.chrisgerling.com @hak5chris Christopher Mills http://www.packetsense.net @thechrisam Andrew Borel @andrew_secbit Jason Mueller @securabit_jay Episode 21 Curveball to the Forensic Field The U.S. Circuit Court of Appeals for the Ninth Circuit has thrown a curveball to digital forensics PaulDotCom Security Weekly - Episode 166 - September 4, 2009 This week we interview Nick Harbour of rnicrosoft.net to speak about Forensic Software tools and techniques! We've got two fabulous technical segments, one on stealing Firefox passwords and another on enumerating VPN concentrators. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Cyber Speak Aug 2009 - The Podcast from the Grave!! Our live show from SANS What works in Incident Response and Forensics 2009 if here!!!   Lost in a freak Snow Leopard accident involving several rolls of duct tape and a back of Frito's - it has be resurrected!   Audio quality still sketchy but it is here. So, now you can stop with all of the emails...   Enjoy. Bret Exotic Liability 33: Lost In this gi-normous episode: -Hardware hacking -Goings on around the local area -Snow calls in -Jaku calls in -Mystery challenge history and hints -Stalkers -Another quiz, another prize! -Education -The cloud strikes again -Lawn mower man -Fire and water -Voicemails -European vacation (a.k.a Brucon) -Contest for Karen's stand-in 1st Annual International Podcast BBQ Details Since tomorrow is labor day here in the USA, we decided that it’s a great day to BBQ, drink some brews and interview some of our international friends (and a few in the states). Ironically, Labor day began in…Canada. So you can thank James Arlen for allowing all of us in the US a [...] Security Justice Episode 16 DEFCON Recovery with @dave_rel1k This is the 16th episode of the Security Justice podcast recorded August 19th 2009 live at Mavis Winkles Irish Pub. This episode was hosted by Tom, Matt, Dave and Chris with special guests Dave Kennedy (ReL1K) and dotzero. Music provided by dualCORE! Thanks to everyone listening to the live stream and for participating in the [...] PaulDotCom Security Weekly - Episode 165 - August 27, 2009 In this episode of PaulDotCom Security Weekly we have a very special guest, Daniel Suarez the author of "Daemon", one of the best books we've ever read here at PaulDotCom. You can read my full review of the book, and listen to a full interview with Dan on this episode! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez SecuraBit Episode 38 Classic Securabit, Lots of Rambling, Low Content SecuraBit Episode 38 Classic Securabit, Lots of Rambling, Low Content Louisville Metro InfoSec Conference in Louisville, KY October 8, 2009 8am - 5pm Sponsored by the local ISSA Chapter Some of speakers at the event include: John Strand Lee Kushner Scott Moulton Adrian "IronGeek" Crenshaw http://www.louisvilleinfosec.com/ Presentations are planed to be posted online afterwards. If you wish to attend the conference you can use the discount code of "geek seat" to get $20 off registration Round Table Topic: Who should be responsible for patching? Infrastructure or Security? There is a conversation about the new Snow Leopard for Mac and Macs mail. A brief discussion about Helix, Security Onion, and Splunk 4. Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner http://www.anthonygartner.com @anthonygartner Chris Gerling http://www.chrisgerling.com @hak5chris Christopher Mills http://www.packetsense.net @thechrisam Andrew Borel @andrew_secbit Guest: Brian Blankenship  - chair ( a ) louisvilleinfosec ( dot ) com Links: Louisville Metro InfoSec Conference - http://www.louisvilleinfosec.com/ Security Onion - http://securityonion.blogspot.com/ Splunk 4 - http://www.splunk.com/view/splunk-4-features/SP-CAAAEVR Exotic Liability 32: Gas Money In this episode: -Zombie Jesus or Brad Pitt -Reading list -Ponyo and disturbing stuff -BSides at RSA? -Attack Research domination -More shirts and stickers coming soon -A small detour... -Malware ascension -Trivia competition -Shout out to PDC.com -Kaminsky password generator -Twitter covert channels -Metafish -Ghostnet -Thanks Laz3r! -Buxback -Get the logo -Pyro, Pyro, Pyro -Stripes -Bible school -Love the taser -Chris rant in 3...2...1 -Things to do SecuraBit Episode 37 Mapping Networks with Fyodor and NMAP SecuraBit Episode 37 Mapping Networks with Fyodor and NMAP NMAP 5 with Gordon "Fyodor" Lyon * How did Nmap start? * What's new in Nmap 5? * Whe kind of legal issues have you faced in regards to NMAP? * Where did the handle Fyodor start? * Will there be a second edition of Nmap book? (below) no second e yet or planned * Where is NMAP Going? * Where do you see Nmap Scripts (NSE) going, possibly doing a community repo? * Will scans for mobile devices in future releases? * Why lua vs. python or ruby or something else? Find the answers to these questions and more by listening to the show. After our interview we cover DEFCON and the Podcasters meetup. Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner http://www.anthonygartner.com @anthonygartner Chris Gerling http://www.chrisgerling.com @hak5chris Christopher Mills http://www.packetsense.net @thechrisam Andrew Borel @andrew_secbit Jason Mueller @securabit_jay Rob Fuller Mubix http://www.room362.com @Mubix Guest: Gordon "Fyodor" Lyon - http://insecure.org/fyodor/ Links: NMAP 5 - http://nmap.org/5/ Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning - http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1 New 'ping sweep' - http://carnal0wnage.attackresearch.com/node/373 The Programming Language Lua - http://www.lua.org/ WordPress 2.8.4 Security Release - http://wordpress.org/development/2009/08/2-8-4-security-release/ Exotic Liability 31: Recovery in progress In this episode: -What happens @ DefCon, stays @ Defcon -Long lost voicemails -Last wishes -Mitnick denied -Best rickrolling in human history -DefCon ATM -Bungie jumping the Riviera -South Korean intelligence fail -Schwag coming to SecTor -Thanks for the pics PaulDotCom Security Weekly - Episode 164 - August 20, 2009 The Splunk Ninja himself, Michael Wilde, appears on the show to talk about all things log searching and management! Paul, Mick, and Carlos do a fabulous segment on Security FAIL. Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez DEFCON 17 Podcaster Meetup Audio Posted! We almost forgot to announce this…but…the DEFCON 17 audio has been posted by our friends over at PaulDotCom! Matt, Tom and Chris from Security Justice participated. You can download the podcast from PaulDotCom’s iTunes feed or from this post. Enjoy! PaulDotCom Security Weekly - Episode 163 - August 13, 2009 Roelof Temmingh and his henchman "Andrew" from Paterva / Maltego discuss penetration testing evolutions, information gathering, drinking, and the latest features in the soon to be released version 3 of Maltego! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 162 - August 6, 2009 Our guest this week is Renaud Deraison, author of the Nessus the world best vulnerability scanner! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Episode 20 Not another Kitty Porn Joke! FTK 3, Kitty Porn, and Larry Daniel joins us. PaulDotCom Security Weekly - Special Edition - Defcon 17 Podcasters Meetup All: For your listening pleasure I have (finally!) edited the podcaster meetup audio. You can hear the likes of: PaulDotCom Security Weekly Security Justice Exotic Liability Securabit The Network Security Podcast SMB Minute GRM N00bs At this meetup we took questions from the audience, performed strip teases, and did some general ranting. Special guest appearance by none other than Twitchy! Exotic Liability 30: Blake In this episode: -Blake stops by to discuss VOIP attacks via the OWASP Top 10 -Fuzzers and SQL injections -DNS games -Twitter ban -Recent DDOS activities -VA vs. Pen Test -Understanding risk SecuraBit Episode 36 - The f0rb1dd3n Network SecuraBit Episode 36 - The f0rb1dd3n Network We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them. Additionally we get Jayson's input on the topic of the recent denial of service attacks not coming from North Korea after all. DJ Great Scott gives us an update on the social events at this years DEFCON. Finally we cover media destruction policies. How do you decommission old hard disks? Do you retain the ones from your copiers and fax machines? What about thumb drives? Join us in IRC at irc.freenode.net #securabit Hosts: Anthony Gartner http://www.anthonygartner.com @anthonygartner Chris Gerling http://www.chrisgerling.com @hak5chris Christopher Mills http://www.packetsense.net - @thechrisam Andrew Borel @andrew_secbit Jason Mueller @securabit_jay Guest: Jayson E. Street http://f0rb1dd3n.com/author.php Links: http://f0rb1dd3n.com Computer attack may not have originated in North Korea after all - http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html UK, not North Korea, source of DDOS attacks, researcher says - http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says DEFCON 17 - http://www.defcon.org/html/defcon-17/dc-17-index.html Podcasters Meetup - http://www.podcastersmeetup.com/ Episode 19 Bullet Holes and Cat Burglars In this episode we discuss bad computer repairs, phone exploits, and Scott Moulton joins us for an interview. Exotic Liability 29: Anonymous In this episode: -Da5id from Anonymous -The usual strangeness... Exotic Liability 28: Special Con Edition In this special episode: -Voicemails! -BlackHat talks you wish you were at -B-sides you need to be at -DefCon talks you should be at -Delchi calls in -Brawndo! -Our contest (act quickly - deadline Friday, July 31) -Travel tips -Phat32 calls and wins! Exotic Liability 27: Introspection In this episode: -Another huge FU to Anti-Sec -HNN -IMPORTANT! B-side talks @ the house -Matt Yoder interviews The CN, Ryan and Jackalope -Jeff Espinoza calls in -The Afterlife Security Justice Episode 15 dualCORE Interview with int080! This is the 15th episode of the Security Justice podcast recorded July 15th 2009 live from HurricaneLabs in Cleveland Ohio. This episode was hosted by Tom, Matt, Dave and Chris with special guests int0×80 from dualCORE and his hacker girlfriend.Opening intro by RBCP from Phone Losers of America…please don’t hate us PaulDotCom crew! We really [...] PaulDotCom Security Weekly - Episode 161 - July 24, 2009 Our guest this week is Lance Spitzner, co-founder of the Honeynet Project and former tank operator :) Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez PaulDotCom Security Weekly - Episode 160 - July 16, 2009 Our guest this week is none other than David Rice, author of Geekonomics! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Simons Faraday Experiment Simon wraps himself in tin foil. Exotic Liability 26: Steam Valve In this episode: -Viva Mexico -History lessons -Mubix on the road -PCI train wreck -A big FU to Anti-Sec -Banking woes -WAF is not security -Voicemails -DefCon draws closer and closer -Thomas Jefferson = encryption badass -Our talks @ Blackhat and DefCon -Espionage -Way to go Microsoft -Missing your PI data -Leeroy Jenkins! Forensic 4cast Awards Announcement As I’m sure you’ve already heard, the Forensic 4cast Awards are upon us. This Sunday (19th July 2009) at 2pm Eastern the awards will be broadcast across the internet. You can view it right here on the Forensic 4cast website.We have had a flood of votes but every vote counts. Please take 5 minutes out [...] PaulDotCom Security Weekly - Episode 159 - July 9, 2009 Our guests this Episode are Lee Kushner and Mike Murray, here to talk about infosec career hacking! Full Show Notes SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW!!! <p><strong>SecuraBit Episode 35</strong> - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p> <p>Facebook privacy settings are getting simplified.<br /> Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.<br /> Slowloris DOS the show stream.<br /> We discuss OSSEC with Andrew Hay.</p> <p>Join us in IRC at irc.freenode.net #securabit <p>Next live recording is July 15, 2009 at 8pm EDT.</p> <p><strong>Hosts:</strong></p> <p>Andrew Borel - @andrew_secbit<br /> Anthony Gartner <a href="http://www.anthonygartner.com">http://www.anthonygartner.com</a> @anthonygartner<br /> Chris Gerling - <a href="http://www.chrisgerling.com">http://www.chrisgerling.com</a> - @hak5chris<br /> Christopher Mills - <a href="http://www.packetsense.net">http://www.packetsense.net -</a> @thechrisam<br /> Rob Fuller - Mubix - <a href="http://room362.com">http://room362.com</a> - @Mubix</p> <p><strong>Guest(s):</strong></p> <p>Wesley McGrew - <a href="http://www.mcgrewsecurity.com/">http://www.mcgrewsecurity.com/</a>  - @mcgrewsecurity<br /> Andrew Hay - <a href="http://www.andrewhay.ca/">http://www.andrewhay.ca/</a> -  @andrewsmhay</p> <p><strong>Links:</strong></p> <p><a href="Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.">http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</a><br /> <a href="http://www.ossec.net/">http://www.ossec.net/</a><br /> OSSEC - <a href="http://www.ossec.net/">http://www.ossec.net/</a><br /> Andrew Hay's Book -  <a href="http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X">http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</a></p> <p>SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!</p> <p>Facebook privacy settings are getting simplified.</p> <p>Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.</p> <p>Slowloris DOS the show stream.</p> <p>We discuss OSSEC with Andrew Hay.</p> <p>Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.</p> <p>Next live recording is July 15, 2009 at 8pm EDT.</p> <p>Hosts:</p> <p>Chris Gerling - http://www.chrisgerling.com - @hak5chris</p> <p>Christopher Mills - http://www.packetsense.net - @thechrisam</p> <p>Anthony Gartner http://www.anthonygartner.com @anthonygartner</p> <p>Andrew Borel - @andrew_secbit</p> <p>Rob Fuller - Mubix - http://room362.com - @Mubix </p> <p>Guest(s):</p> <p>Wesley McGrew - http://www.mcgrewsecurity.com/  - @mcgrewsecurity</p> <p>Andrew Hay - http://www.andrewhay.ca/ -  @andrewsmhay</p> <p>Links:</p> <p>http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</p> <p>http://www.ossec.net/</p> <p>OSSEC - http://www.ossec.net/</p> <p>Andrew Hay's Book -  http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</p> Exotic Liability 25: Iron Geek In this episode: -A chat with Adrian Crenshaw (irongeek.com) -Incident response switchblade -Tiger Team: The Whole Story -Our neighborhood memories -Conboot -Cool tools for data collection -P/W cracker speed test challenge -Look at my thumb -Olympic games -Louisville Info Sec Conference -Anti-forensics -Legalities Thanks to DJ Bloodpreshah for the music! PaulDotCom Security Weekly - Episode 158 - July 2, 2009 Our guests this Episode are the SecuraBit folks, who will discuss current security events alongside the PDC crew, with Technical Segments by Larry "sniff" Pesce on "Sniffing DECT for fun and Penetration Testing" and Mick "Hella" Douglas on "Kon-Boot". Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Exotic Liability 24: Dark Tangent In this episode: -A chat with Jeff Moss -Tiger Team storytime -Watch your mouth -Your voicemails -Parlez-vous francais? -Sincere apologies for video recommendations -Music provided by DJ Bloodpreshah CyberSpeak July 3, 2009 BACK!!! Bret and Ovie discuss SANS What Works in Forensics and Incident Response Summit 2009, Drive Hell, Firefox 3.5, U.S. Supreme Court ruling on lab analysts in court, and new data breach notification laws on the books. Episode 18 Standing Room Only Lance Mueller, Confrontation Clause, and Virtual Porn Security Justice Episode 14 This is the 14th episode of the Security Justice podcast recorded June 17th 2009 live at Mavis Winkles Irish Pub. This episode was hosted by Tom, Matt, Dave and Chris with special guests dotzero and much0mas. Music provided by dualCORE! Thanks to everyone listening to the live stream and for participating in the chat [...] SecuraBit Episode 34 RoundTable Well Virtually anyway!!! <p>SecuraBit Episode 34</p> <p>This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.</p> <p>News Items:<br /> StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html</p> <p>TweetDeck still passes authentication in the clear</p> <p>Google Apps criticized about their security</p> <p>iPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/</p> <p>RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/</p> <p>Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCamp</p> <p>DefCon and the Podcasters Meetup<br /> - In Sky box 207 and 208 8pm or after the last talk on Saturday night.<br /> - Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.</p> <p>PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.</p> <p>Join us in IRC at irc.freenode.net #securabit</p> <p>Our Next live recording is July 1, 2009 at 8pm EDT.</p> <p>Hosts:<br /> Chris Gerling - http://www.chrisgerling.com - @hak5chris<br /> Jason Mueller - @securabit_jay<br /> Christopher Mills - http://www.packetsense.net - @thechrisam<br /> Rob Fuller - Mubix - http://room362.com - @Mubix<br /> Andrew Borel - @andrew_secbit</p> <p>Guests:<br /> Scott Fitzpatrick</p> <p>Links:<br /> Symantec - http://www.symantec.com/<br /> Mubix - Couch to Career - http://www.room362.com/archives/564-couch-to-career-follow-up.html</p> PaulDotCom Security Weekly - Episode 157 - June 25, 2009 Special guest Valsmith comes to talk to us about Phishing, post exploitation, recon and al sorts of other evil goodies! Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez Audio Feeds: PaulDotCom Security Weekly - Special Edition - PCI Round Table- June 24, 2009 An all out, no holds barred PCI Round Table Featuring all types of industry luminaries, including Anton Chauvakin, Jericho and others. The gloves come off and the debate gets bloody! Direct Audio Download Hosts: Paul "PaulDotCom" Asadoorian, Carlos "Dark0perator" Perez Audio Feeds: Exotic Liability 23: Fish Boots In this episode: -What the #@!?? -Arr...pirates ahoy -Map to the stars -ALPA domination -Stripper phone -Physical controls -Army games -Birdcage -DefCon prelims -Lab update -Gary McKinnon -Fail whale -Tool talk -Iron Geek! -Thanks to the listeners -Twitter fun never ends -What the #@!?? PaulDotCom Security Weekly - Web Application Interviews - June 2009 We are very excited to release two interviews with some of the leaders in the field when it comes to web application testing and vulnerabilities. The first interview is with Andres Riancho, lead developer of w3af, one of the most comprehensive open-source web application testing frameworks. We talk with Andres about breaking up with girlfriends, the differences between w3af and commercial web application testing packages, and much more! The second interview is with Sandro Gauci, founder of Enable Security and the co-author of WafW00f, a suite of tools to test web application firewalls. There is some serious security FAIL going on here, and we get all of the details. Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, Carlos "dark0perator" Perez Exotic Liability 2: Val Smith In case you missed it the first time around, another historic show! Exotic Liability 1: In the beginning...with Chris Gates! The genesis episode! Enjoy! PaulDotCom Security Weekly - Episode 156 - June 18, 2009 Special guest speaker Rob talking about MiTM and virtualization, live from SANSFIRE! Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Audio Feeds: Exotic Liability 22: Christien Rioux In this episode: -L0phtcrack update -Source Boston and Barcelona -Growing up in security -Veracode -Chris's new speech Forensic 4cast Episode 17 Free is not Free Harlan Carvey joins us for an interview. PaulDotCom Security Weekly - Episode 155 - June 11, 2009 Special guest Peter Kleissner, WMIC command line fun, and more! Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Audio Feeds: Exotic Liability 21: .cn safari In this episode: -MPAA games -Thumbs up -NIN -What the @#$!! -American cyber coordinator -Oh Canada -CAULDRON -Appliances -Where is your phone -Paterva -Tickling -WRT54G lab space -RAPIER -COFFE -Recruitment -White Wolf Security rox -Careers -Parties or something like that... SecuraBit Episode 33 - Bursting Clouds with Kostya Kortchinsky In this episode we talk to Kostya about the process that is behindCloud Burst.  He speaks about breaking out of the existing VirtualMachine and into the host.  Once you own the host you have the abilityto own other Virtual Machines. Quick Topics: OS X Security Update Palm Pre North Korea Cyberware Air France Flight 447 Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Guests: Kostya Kortchinsky - http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71 Tim Krabec - http://www.SMBMinute.com - @tkrabec Links: Immunity Inc - http://www.immunitysec.com/ CLOUDBURST exploit video -  http://www.immunityinc.com/documentation/cloudburst-vista.html CVE-2009-1244 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244 53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution - http://osvdb.org/53634 Microsoft Security Bulletin MS08-067 - http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx SyScan '09 Singapore July 2-3 - http://www.syscan.org/Sg/program.html The Cassandra Tool - https://cassandra.cerias.purdue.edu/main/index.html Apple Security Update 2009-002 / Mac OS X v10.5.7 - http://support.apple.com/kb/HT3549 Palm Pre - http://www.palm.com/us/products/phones/pre/ North Korea Builds Up Cyber Warfare Unit - http://news.yahoo.com/s/afp/20090505/ts_afp/nkoreaitmilitary Air France Flight 447 - http://en.wikipedia.org/wiki/Air_France_Flight_447 DEFCON Hacking Conference - http://www.defcon.org/ Immunity CANVAS - http://www.immunitysec.com/products-canvas.shtml Forensic 4cast Episode 16 Tool Don't forget to nominate and vote in the Forensic 4cast Awards also Rob Lee Joins us from Sans. PaulDotCom Security Weekly - Episode 154 - June 1, 2009 Live from Las Vegas, the entire crew gets together for the first time live on stage! Note: We did NOT figure out a way to get free access to "adult" programming at the hotel. Although we heard some reports that it was as easy going into the setup menu, add/delete channels, then using the regular channel up/down buttons. So we heard... Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Exotic Liability 20: Chris Wysopal In this episode: -L0phtcrack is back! -Chris's lab -Compliance is not security -Patch management -OpenVAS -FBI sniffles -Don't tase me bro... Security Justice Episode 13 This is the 13th episode of the Security Justice podcast recorded May 20th 2009 live at Mavis Winkles Irish Pub! This episode was hosted by Tom, Dave and Chris with special guest The Security Shoggoth! Music provided by dualCORE! Thanks to everyone listening to the live stream and for participating in the chat via [...] Exotic Liability 19: Frank Thornton In this episode: -Info Sec book publishing discussion -Twitter unfolds -Spymaster -Def Con tools -Wiki vs. Scientology -Chris & Ryan vs. Scientology Exotic Liability 18: Matt Harrigan In this episode: Matt Harrigan (Guest) Compliance blow out/discussion and Relationship advice from the crew... PaulDotCom Security Weekly - Episode 153 Part 2 - May 21, 2009 A tutorial on winenum, a Metasploit meterpreter script that performs post-exploitation information gathering by "Dark0perator". A video tutorial can be viewed below: Windows Enumeration Script for Meterpreter from PaulDotCom on Vimeo. Full Show Notes Direct Audio Download Hosts: Larry Pesce, Paul Asadoorian, John Strand, Mick Douglas, & Carlos Perez SecuraBit Episode 32 PDF Love! SecuraBit Episode 32 PDF Love! Dieter talks about how the ifilter will actually allow you to use apdf to exploit the system because ifilter uses the windows indexingservice. He also discusses some of the various methods of preventionincluding his tool called PDFiD. Penetration Document Format http://www.flickr.com/photos/packetsense/3549486353/ Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Guests: Didier Stevens - http://blog.didierstevens.com/ Links: PDFiD - http://blog.didierstevens.com/2009/03/31/pdfid/ PDF Tools - http://blog.didierstevens.com/programs/pdf-tools/ Security Justice - http://securityjustice.com/ Exotic Liability - http://exoticliability.ning.com/ PaulDotCom Security Weekly - Episode 153 Part I - May 21, 2009 Interview with Steve Sims talking about breaking software! Full Show Notes Direct Audio Download Hosts: Larry Pesce, Paul Asadoorian, John Strand, Mick Douglas, & Carlos Perez Exotic Liability 17: Alex Horan In this episode: Alex Horan of Core Security Technologies Steven Chu is still ignorant WiFi skinny dip Government IT security fail Hackstar Pen test reports and offshoring VOIP Warvox Telesweep Baby talk Ho whispering and SE Picture taking hysteria Don't steal and ...do you own VM tool evals Securabit Episode 31 Show Notes - The Intertubes need a patch Episode Episode 31 Show Notes - The Intertubes need a patch Episode Inthis episode we are joined by Russell Butturini, he speaks to the guysabout the tool he authored at the suggestion of the hak5 crew.  He eventalks about some of his horror stories about security. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Christopher Mills - http://www.packetsense.net - @thechrisam Andrew Borel - @Andrew_Secbit Guests: Russell Butturini - http://www.linkedin.com/pub/b/960/913 Links: U3 Incident Response Switch Blade - http://wiki.hak5.org/wiki/U3_Incident_Response_Switchblade Command Line Kung Fu Blog http://blog.commandlinekungfu.com/ http://packetsense.net/blog Extending CVSS Beyond Its Base Score - http://www.packetsense.net/blog/2009/05/12/extending-cvss-beyond-its-base-score/ http://www.splunk.com/ http://www.cisco.com/en/US/products/ps6241/index.html PaulDotCom Security Weekly - Episode 150 - PCI Roundtable - April 30, 2009 Panelists: Ron Gula, Tenable Network Security Mandeep Khera, Cenzic Martin McKeay, Network Security Podcast Rich Mogull, Network Security Podcast/Securosis Anton Chuvakin, Qualys Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Quench your thirst for knowledge at www.syngress.com and use the discount code "PaulDotCom" to save 20% of all security book titles! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Audio Feeds: Exotic Liability 16: Mubix Interview In this episode: Rob Fuller (a.k.a Mubix) Def Con Toorcamp Shell-fu.org Train the customer Missing corporate clues Pen tester ranking system White Wolf Security Blow-up dolls Switchblades Don't be an ass Yar, software piracy, arr... PaulDotCom Security Weekly - Episode 152 - May 14, 2009 Special guest Tom Eston From Security Justice Podcast, SQmap tech segment. Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Quench your thirst for knowledge at www.syngress.com and use the discount code "PaulDotCom" to save 20% of all security book titles! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Exotic Liability 15: Social Disease In this episode: Tom Easton and Kevin Johnson Botnets & spammers Rickroll yourself or others via Twitter Security Justice Podcast Emo kids Social Butterfly Twitterbots Evil hacker stereotypes Content permanency Samurai Fight club Exotic Liability 14: Rickrolled In this episode: Your voicemails, our answers Thanks for the rickrolling Steven Chu, nice job buddy! Secure your bidness Cheese sammiches Hack the developers L33t vs. 4ssh013 Security prayer Netwitness Investigator Encrypt your porn Stanford wins Angry squirrels = happy ninjas Pangolin Virus check yer payloads Validate the pen test Security Justice Special Edition Hacking your Car with OpenOtto In this special edition of Security Justice Dave, Tom and Chris interview Tiffany Rad who is one of the co-founders of the OpenOtto project. The goal of the OpenOtto Project is to provide complete free and open access to the networked electronic devices in an automobile. Yes, you can turn your car into a car [...] PaulDotCom Security Weekly - Episode 151 - May 7, 2009 Special guest Harlan Carvey talks Windows forensics, W3af Part II. Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Quench your thirst for knowledge at www.syngress.com and use the discount code "PaulDotCom" to save 20% of all security book titles! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes "PaulDotCom Foresics Exam" Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas PaulDotCom Security Weekly - Episode 150 - Intro & Interview with Lenny Zeltser- April 30, 2009 In this first part of Episode 150 we crack the keg, introduce the show, and do a short interview with Lenny Zeltser: "Much of security advice under the "best practices" umbrella seems to assume that the company is interested in having strong security or in being a high performer of IT/security practices. Yet, most companies (e.g SMBs) don't care about high performance: they just want to survive and conduct business and to have security that's just good enough. So, what advice should we offer to companies who will never be proactive about security, who will never implement defense-in-depth, and who maybe don't need to worry about these issues? That's why I've been creating one-page cheat-sheets to assist companies who haven't prepared, yet a stuck in a tough spot. " More information here Exotic Liability 13: Spray Tan In this episode: Adobe earns our thanks Check your perimeter Security Focus creative editing Tool talk Facejacking Another deal... PLAID vs. WHORE Get ready for the brown-outs Nigerians help Lexis-Nexis to help themselves Want to see the Great Firewall? Break your iPhone out of jail Social engineering tips Chris rant's on compliance Episode 15 Vacations Over Don’t know what happened with this episode, we just both seemed to be on a bit of a downer.In this episode we discuss Guidance lay-offs, more fun suggestions from the UK police, and Virginia being held ransom. PaulDotCom Security Weekly - Episode 150 - April 30, 2009 The PaulDotCom crew are over 9 hours into the 12 hour marathon and talking to Stephen Northcutt! We also have a great segment on Google Hacking. This is just the "show" portion of the episode, look for the other segments in the coming weeks. Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Quench your thirst for knowledge at www.syngress.com and use the discount code "PaulDotCom" to save 20% of all security book titles! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand, Mick Douglas Security Justice Episode 12 This is the 12th episode of the Security Justice podcast recorded April 15th 2009 live at Mavis Winkles Irish Pub! This episode was hosted by Tom, Dave and Chris with special guests Dave Kennedy (ReL1K). Music provided by dualCORE! This was our one year anniversary episode!! Thanks to everyone listening to the live stream and [...] Exotic Liability 12: WiFi Warriors In this episode: Cr1me and punishments Keystone Kops in Houston Mike Kershaw talks Kismet Talk of DefCon's past Here's the deal... Get ready for ChicagoCon good samaritanism InfoSec News needs help Ugandan children SecuraBit EP30 l0phtcrack 6 This week we interview Christien Rioux and Chris Wysopal about the upcoming release of l0phtcrack 6. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Guests: Christien Rioux - @dildog Chris Wysopal - @cwysopal Links: l0phtcrack - http://www.l0phtcrack.com/ Adobe Product Security Incident Response Team (PSIRT) - http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html Finjan finds botnet of 1.9m infected computers  - http://news.zdnet.co.uk/security/0,1000000189,39643173,00.htm SecuraBit EP29 Flash in the TV This week .... Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro. Flash on the TV.  Are TV's the next big botnet? Oracle's buying Sun. Does this mean the end for MySQL? We discuss these topics and more on Securabit Episode 29. Hosts: Andrew Borel - @Andrew_Secbit Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Links: Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html Exotic Liability 11: Thanks EFF! In this episode: Those pesky Chineses, Russians and Ukrainians Don's hacker diet RSA releases another something Lophtcrack U.S. Government antics RFID sniffing in Washington State EFF helps us (and you) out Twitter fail conclusion...maybe Upcoming webcast on social engineering and neurolinguistic programming ChicagoCon next week! CyberSpeak April 23, 2009-Caffeine Induced This week on CyberSpeak, Autographed Washington Wizards Basketball for sale to support charity Samaritans Feet, www.samaritansfeet.org, SANS Forensic Summit Discount CodeCYBERSPEAK10, new EnScripts at 42LLC http://42llc.net/index.php?option=com_myblog&Itemid=39, Digital Forensic Challenge www.dfrws.org, discussions about the 2009 Cyber Security Act, Philly RCFL gets ASCLAD, Ft Smith Police Dept overwhelmed with Child Porn cases, Ikena's new video forensics software http://www.matek.co.uk/#/ikena/4532507196, and web picks are: http://www.trapcall.com/ http://www.google.com/insights/search/# http://www.msisac.org/dashboard/Show Notes... Hey Ovie... Show notes got wasted fixing the feed.. I think they were messing it up somehow... Good news.. Feed Fixed... Bad news... Notes are gone.. :( Exotic Liability 10: Advice In this episode: Eating rabbits in Michigan Justin calls in for advice and collegiate discussions How to get into the pen testing world Family time with Ryan NSA flip-flops again JSF data breach Thanks to all teh listeners! and some assorted weirdness... Exotic Liability 9: NCCDC Event In this episode: Remote correspondent and Red Team member, Ryan Jones, reports from the National Collegiate Cyber Defense Competition in San Antonio, Texas. Exotic Liability 8: Don Bailey Interview In this episode: Don Bailey stops by for chat about exploits and assessments CVSS version 2 Hack-in-the-box Dubai Exotic Liability 7: Lions, Tigers and Bears...oh my! In this episode: Our first voicemail! Excessive animal noises Intelligence gathering Document metadata and FOCA XOBNI Verizon report reactions Cyber militia News and rants! Exotic Liability 6: Nick Farr Interview In this episode: Tiger enrichment Hackers on A Plane Hacker spaces Survive DC update Security stereotypes Denver area events Boston College is out to get you! PaulDotCom Security Weekly - Episode 149 - April 16, 2009 The PaulDotCom crew drink, hack, and get merry with our new sponsor Cenzic, we teach you about Argus and UPnP Nmap hacking, and announce our 12 Hour podcast! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand SecuraBit EP28 I am stuck in a VM, and I can't get out!!! SecuraBit EP28  I am stuck in a VM, and I can't get out!!! Special Guest - Rob Randell This week we are joined by Rob Randell from VMware. We coverrecommendations for using Virtual Machines securely, VM breakouts suchas cloudburst, and various other issues revolving around the securityof virtual machines. Hosts: Andrew Borel - @Andrew_Secbit Anthony Gartner - http://anthonygartner.com - @anthonygartner Rob Fuller - Mubix - http://room362.com - @mubix Guest: Rob Randell http://vmware.com @rjrandell Steve McGrath - http://cutnet.net Chris Hoff - http://www.rationalsurvivability.com @beaker Links: http://vmware.com Some great speakers and events not to miss @Notacon 6! It’s almost here! Notacon 6 starts this Thursday at 7pm with a special free preview of the conference! Some of the speakers will be there giving some information about their talks and be sure to stick around for Jason Scott from textfiles.com around 9pm.Security Justice will be at Notacon this year in full effect! Almost [...] Live Recording Notice Episode 12 We will be recording Security Justice Episode 12 and will stream live at Mavis Winkles Irish Pub (Independence location) this Wednesday, April 15th beginning around 9pm EST right after the Northeast Ohio Information Security Forum meeting. We will have Notacon updates as well as Dave Kennedy (ReLiK) joining us once again for your listening pleasure!Listen [...] Exotic Liability 3: Delchi interview In this episode: Chris and Ryan talk news Delchi gives his Top 10 security boo-boo's organizations make PaulDotCom Security Weekly - Episode 148 - April 9, 2009 Paul's laptop lives, but the soundboard doesn't, talking shop about MQ series and security FAIL, sniff wireless on all 14 channels AT THE SAME TIME! All brought to you by the fine acoustic sound of the McDonald's drive-thru. Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Email: psw@pauldotcom.com Direct Audio Download Audio Feeds: Exotic Liability 5: Y3t1 report from Kathmandu In this episode: Mobile correspondant Y3t1 calls in from Katmandu Health care security Story time with Chris and Ryan Chris's $5000.00 Challenge Christmas Tree hacking... Exotic Liability 4: Cornucopia In this episode: We discover Twitter exposes phone numbers without consent Cloud computing security Paper tigers Security incident planning Story time with Chris and Ryan Upcoming security conventions (which ones to go to...) PaulDotCom Security Weekly - Episode 147 - April 2, 2009 This week we have special guests from www.i-hacked.com, the show gets hijacked, Paul's laptop gets thirsty, one crazy show! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand SecuraBit EP27 No joke!! We have George Starcher!! SecuraBit EP27  No joke!! We have George Starcher!! This week we have special guest George Starcher and we recorded theshow on April 1st.  George is a long time podcaster with older showssuch as In The trenches which he did with Kevin Devin and later hadsome guests fill in including our own Anthony Gartner.  George is stillvery active in the security community with his job and also does spotson the The Typical Mac User Podcast as well as a big contributor totheir forums. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Guest: George Starcher - http://georgestarcher.com - @GeorgeStarcher Links: http://en.wikipedia.org/wiki/Conficker http://kevindevin.com http://georgestarcher.com/ http://typicalmacuser.com/ http://en.wikipedia.org/wiki/The_Castles_of_Dr._Creep http://www.opendns.com/ http://www.govtech.com/events/vatech2009 SecuraBit Episode 26: SecuraBit Episode 26: "@Quine and back to Roots" This week we interview Zach Lanier aka @Quine, the Security Twitsmanager.  We ask all about Security Twits as well as delve into somesecurity topics in the second half.  Listen all the way through to hearus as our normal selves without serious guests, it's a riot! Security Twits is a listing of security professionals on Twitter. It's a great opportunity to discover other great people in ourcommunity.  Go to http://www.security-twits.com/ for more details andfollow @securitytwits as well as @quine on twitter. Hosts: Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - http://www.securinate.com - @securabit_jay Guest: Zach Lanier - http://n0where.org/ - @quine Links: http://en.wikipedia.org/wiki/Conficker http://www.adam.com.au/bogaurd/PSYB0T.pdf http://it.slashdot.org/article.pl?sid=09/03/23/2257252&from=rss http://ciscofatty.com/ PaulDotCom Security Weekly - Episode 146 - March 26, 2009 This week we have special guests, Hal Pomeranz and Ed Skoudis will be joining us to talk about the Command Line Kung Fu blog! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Security Justice Episode 11 This is the eleventh episode of the Security Justice podcast recorded March 18th 2009 live at Mavis Winkles Irish Pub! This episode was hosted by Tom, Matt, Dave and Chris with special guests Dave Kennedy (ReLiK), Dotzero, Froggy, Tiger, Jeremy (Notacon) and Mark W. Schumann. Music provided by dualCORE! Thanks to everyone listening to the [...] Episode 14 BBC (Big Botnet Controversy) In this episode Lee & Simon discuss the BBC hacking into thousands of computers and Lee talks with Matthew Shannon of F-Response. PaulDotCom Security Weekly - Episode 145 - March 19, 2009 Paul, Larry, and John welcome special guests, Jonathan Ham, SANS instructor/owner of Jham Corp and Sherri Davidoff, blogger at philosecurity.org/owner of Davidoff Information Security Consulting! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand SecuraByte Episode 06: HP SWFScan We're proud to announce a new tool from HP's Application Security Center called SWFScan.  Prajakta Jagdale and Matt Wood from the HP Web Security Research Group  explain why SWFScan was created, and the hope that it will help developers produce more secure flash applications. Hosts Anthony Gartner - http://www.anthonygartner.com @AnthonyGartner Chris Gerling - Hak5Chris, http://www.chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Guest Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785) Matt Wood - HP Web Security Research Group Links SWF Scan (http://www.hp.com/go/swfscan) HP (http://www.hp.com/) Win a Cheeseburger (http://h30423.www3.hp.com/?fr_story=3a98c704f7ef61299c19ef1f648f1acb1a5aeab8&rf=sitemap) CyberSpeak March 22, 2009 Welcome to CyberSpeak, your computer forensics, computer security, and computer crime podcast.  I am Ovie Carroll, and I am Bret Padres, today is March 22, 2009 *****Administrative***** The Sans Forensic Summit is now on the books and scheduled for July 7-8 2009 in Washington DC and SANS new Sec 408 Computer Forensics Course.  Also check out the Sans Forensic Blog for some GREAT forensic reading. *****Listener Email***** *****News*****  Reading keystrokes with a laser.... *****Interview***** Mark Menz on MFT Ripper Send email to markmenz@mykeytech.com 2009 HTCIA Conference www.htcia.org or www.htcia2009.com *****Tech Topics***** VOOM TECH HARD COPY III LOGICUBE DOSSIER *****Web Sites****** www.getsatisfaction.com http://www.newseum.org/todaysfrontpages/ SecuraBit EP25 Jayson E. Street's Talks about his book f0rb1dd3n Securabit Episode 25 Show Notes "Jayson E. Street's f0rb1dd3n" This week we interview Jayson E. Street about his new novel f0rb1dd3n. f0rb1dd3n is a fictional story that also provides an overview of thetools, techniques, and culture of hackers. Throughout the storyreference to an appendix that will provide the detail information aboutthe item being referenced, and where to find more information. Theexpected release data is in July 2009 around Black Hat and Defcon. A beta of Sumo LINUX is targeted for release the first week of April. Quine will be our next guest interview. Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Guest Jayson E. Street - http://f0rb1dd3n.com/author.php Links http://f0rb1dd3n.com http://osvdb.org http://datalossdb.org CyberSpeak March 15, 2009 Show notes for March 15, 2009 Welcome back CyberSpeak, your computer forensics, computer security, and computer crime podcast.  I am Ovie Carroll, and I am Bret Padres, today is March 15, 2009. *****Administrative***** The new Windows Forensic Analysis DVD Toolkit, Second Edition (Paperback) by Harlan Carvey (Author) is available for preorder through Amazon. http://www.amazon.com/gp/product/1597494224?tag=multimecom-20]Windows Put it on your calendar - The Sans 2009 Forensic Summit is now on the books and scheduled for July 7-8 2009 in Washington DC.  Ovie will be there speaking about Current Trends and the Future of Forensics. *****News*****  The Digital Forensics Certification Board (DFCB) founded by the National Institute of Justice through a Cooperative Agreement at the University of Central Florida's National Center for Forensic Science are accepting applications for Founders certification. For a limited time, March 2, 2009 through August 30, 2009 experienced members of the digital forensics community can achieve these certifications through the Founders Process. Go to http://www.ncfs.org/dfcb/index.html for more information. The New version of iLook PI is available at http://www.perlustro.com/ *****Interview *****  Interview With Drew Fahey, Chief Technology Officer for e-fense about the new Helix3 *****Web Sites*****  http://www.google.com http://www.adrive.com/ Windows powershell 2.0 http://www.microsoft.com/downloadS/details.aspx?familyid=60DEAC2B-975B-41E6-9FA0-C2FD6AA6BC89&displaylang=en SecuraBit EP24 A Night with G. Mark Hardy!!! Securabit Episode 24 G, Mark Hardy In this episode of Securait we are joined by G. Mark Hardy, President of National Security Corporation. Topics The history of computer security industry The Shmoocon Puzzle 2009 Badge Puzzle The Value of Information Coffee Wars IX Developing Public Speaking Skills Explaining Technical Topics to Nontechnical Audiences Are bad times good for security professionals? The Value in Investing in Yourself Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Guest G. Mark Hardy - http://www.gmarkhardy.com/ Links Shmoocon 2009 Badge Puzzle (http://shmoocon.info) CoffeeWars (http://www.coffeewars.org) Between Silk and Cyanide: A Codemaker's War, 1941-1945(http://www.amazon.com/Between-Silk-Cyanide-Codemakers-1941-1945/dp/0684864223) Tight Security for Tough Times (http://events.techtarget.com/secdefense/) PaulDotCom Security Weekly - Episode 144 - March 12, 2009 Paul, Larry, and John do a tech segment extravaganza with special guest Seth Misener! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand PaulDotCom Security Weekly - Episode 143 - March 3, 2009 Paul, Larry, and John are together in the same room for the first time podcasting live from SANS Orlando 2009! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand CyberSpeak March 1 2009 Welcome back to CyberSpeak. Bret and Ovie are back in the country. This show we have an interview with the developers of Highlighter, a new log analysis tool, Jed Mitten - Senior Consultant and Jason Luttgens - Principal Consultant from Mandiant. Check out this free tool at www.mandiant.com/software/highlighter.htm. Also, check out the Mandiant blog for some other tools. In listener email we discuss U3 thumb drives and encryption and schools doing data recovery without a private investigators license. Helix pro is being released and the Polytechnic University in Brooklyn has discovered a digital fingerprint that will allow you to tie a digital image to a specific made and model of camera. Web picks are www.tineye.com and www.spokeo.com . Security Justice Episode 10 This is the tenth episode of the Security Justice podcast recorded February 18th 2009 live at Mavis Winkles Irish Pub! This episode was hosted by Tom, Matt, Dave and Chris with special guests Chris Mills from Securabit, Dan, Steve(s) and many other locals. Music provided by dualCORE! Sorry for some of the Skype quality issues. [...] PaulDotCom Security Weekly - Episode 142 - February 26, 2009 Paul, Larry and John talkin' security and memory dumping with special guest Marcus Carey! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand SecuraBit EP 23 The Echo Show!!! with Guest Marcus Carey We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area. Next we cover the details about SUMO LINUX 2.0 with our guest Marcus Carey. SUMO LINUX 2.0 - Based on a stable version of Debian so we can update with Debian packages and Unbuntu Packages. -Windows response tools will be added. -Build a wiki with detailed documentation of all the tools included to make it easy for a newbie to get started. -No plans for multi-boot. -Distributed out via Bit Torrent. -Memory analysis and RAM dumping. Cheap USB sticks have really helpedwith this. The analysis is also proving to be a big help in forensics. -Will be coordinating the project on the Securabit forums (http://forums.securabit.com/index.php?showforum=9) -User feedback will help us make it better for everyone. -Post in the forum if you are interested in helping out. Other News Items -Homebrew patches for zero days in the enterprise. -Cell phones and international roaming charges at the border. -What hardware tools should you have in a forensic toolkit? Have something you want plugged on Securabit? Send it to Feedback@securabit.com. If you are interested in helping with the Richmond, VA area hackerspace contact Chris Gerling. Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Guest Marcus Carey SUMO LINUX http://www.sumolinux.com Links Hackerspaces http://hackerspaces.org SUMO LINUX http://www.sumolinux.com Adobe Zero Day http://isc.sans.org/diary.html?storyid=5902&rss Excel Zero Day http://isc.sans.org/diary.html?storyid=5923  &http://www.microsoft.com/technet/security/advisory/968272.mspx Forensic Talon http://www.logicubeforensics.com/products/hd_duplication/talon.asp PaulDotCom Security Weekly - Episode 141 - February 21, 2009 Paul, Larry and John talkin' security and WMIC with special guest Mick! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Live Recording Notice Episode 10 We will be recording Security Justice Episode 10 and “attempting” to stream live at Mavis Winkles Irish Pub (Independence location) this Wednesday, February 18th beginning around 9pm EST right after the Northeast Ohio Information Security Forum meeting.Listen to the podcast live on Hak5radio.com (note the new link) and chat with us on IRC at irc.freenode.net [...] PaulDotCom Security Weekly - Episode 140 - February 12, 2009 Paul, Larry and John rappin' security Special guest Shlomo from Israel! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Security Justice Special Edition Notacon 2009 with Froggy and Tyger This fun special edition episode was recorded last year at the Ohio Linux Fest. The reason it took so long to release was mostly because of the “editing challenges” (Froggy likes to hijack our podcasts) and we wanted to release this at the beginning of 2009 to drum up some hype for Notacon 6 which [...] SecuraBit Episode 22 Episode 22 Schmoocon Recap We reflect back on Schmoocon 2009, the Podcasters Meetup, and look foward to DEFCON. Also we cover patch Tuesday, Back|Track 4, and a community replacement for Helix. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Links: <a href="http://www.shmoocon.org/">Schmoocon</a> <a href="http://www.podcastersmeetup.com/">Podcasters Meetup</a> <a href="http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx">Microsoft Security Bulletin MS09-003</a> <a href="http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx">Microsoft Security Bulletin MS09-004</a> <a href="http://backtrack4.blogspot.com/">Back|Track 4</a> <a href="https://www.defcon.org/">DEFCON</a> <a href="http://www.e-fense.com/products.php">Helix</a> Shmoocon Podcaster Meetup Live Audio Here is the audio from the meetup on 2/6 if anyone is interested.  We're releasing this on our feed for anyone who doesn't follow pauldotcom.  It's not edited, just raw audio so if you have any complaints keep them to yourself. ;) Thanks to all who came! Episode 20: Time Warp Again! Sorry folks, we will not be releasing episodes out of order anymore. In this episode we discuss: Managing IP space inside a company network. Attributing a device on the network to an employee / function. Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS). And briefly touch on the Obama Administration's Outline for their Cyber Security Strategy. Use our Forums! Dont forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Andrew Borel - @Andrew_Secbit Special Guest:   Tim Krabec (@tkrabec) of the <a href="http://smbminute.com/">SMBMinute.com</a> Important links for the show and documents used: <a href="http://www.openvas.org/">Open Vulnerability Assessment System</a> <a href="http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol">Security Content Automation Protocol</a> <a href="http://www.diigo.com/annotated/5e5c73ed44f27f40631af447951b4bf8">Obama Administration Outlines Cyber Security Strategy</a> <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/12/08/AR2008120801944.html">More Cyber Security Regulations Recommended</a> PaulDotCom Security Weekly - Episode 139 - February 7, 2009 Paul and Larry talk coming at you live from Shmoocon 2009! Special guests include Marcus Carey, Johnny Long, Listener Karl, Mubix, and Matthew Carpenter! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Episode 13 Munkaphobia This episode recaps the digital forensic related news from the last couple of weeks. SecuraBit EP 21 HP Security reasearchers speak with SecuraBit In this special episode of Securabit we are interviewing BillyHoffman and Prajakta Jagdale. Billy is the author of the book AjaxSecurity. Prajakta is a Security Research Engineer with HP and ispresenting at this year's ShmooCon. Hosts: Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Special Guests: Billy Hoffman (http://en.wikipedia.org/wiki/Billy_Hoffman) Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785) Important links for the show and documents used: HP (http://www.hp.com/) Ajax Security (http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939) NoScript (http://noscript.net/) SchmoonCon (http://www.shmoocon.org/presentations-all.html#flash)HP's very own Prajakta Jagdale (She is the security research engineer for HP's Web Security Research Group) & Matt Wood (HP Web Security Research Group) join SecuraBit for a very informative discussion. Questions on Ajax, Flash, and Web Application security. PaulDotCom Security Weekly - Episode 138 - January 30, 2009 Paul and Larry talk security! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand PaulDotCom Security Weekly - Episode 137 Part 2 - January 22, 2008 Paul, Larry, and John talk security! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Security Justice Episode 9 This is the ninth episode of the Security Justice podcast recorded January 21st 2009 live at Mavis Winkles Irish Pub! This episode was hosted by Tom, Matt, Dave and Chris with special guests dotzero, Mark and mystery girl (we don’t know who she is either…). Music provided by dualCORE! Thanks to everyone listening to the [...] Security Justice @ ShmooCon! Tom, Dave and Matt will be at ShmooCon February 6-8th.First, the big news….Our very own co-host Dave Lauer is speaking at ShmooCon with Larry Pesce from PaulDotCom on Building the 2008 and 2009 ShmooBall Launchers at 4:30pm on Friday, February 6th! There are more details about this talk in the soon to be released Episode [...] SecuraBit EP18 Don't say we didn't warn you. This show is out of order and we debated if we would even releaseit. Well why not, have a listen if you don't like it delete it andremember we told you so ;) This show was a hostile take over by The guys at SMB Minute. It wasall just for fun and happened on Dec 31 2008. Remember we warnedyou.... Listen at your own risk!!! Dont forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Important links for the show and documents used: NONE Securabit EP 19 MS DOS's itself, and more!!! In this episode which is likely to be out of sequence. SecuraBit dida recording on the 31st of the year and we will likely release it butepisode 18 was a potential lost episode. Chris Mills talks about howtwitter has changed some of it's security measures in the aftermath ofthe hack on its admin accounts. He even did some testing of a bogusaccount. We even got into some discussions on which types of phoneshandle what kind of sites. Please be careful, Jay is going to begetting a twitter account and might actually post. Oh FRAK!!!! The next part on the agenda was the new Windows 7 Beta. This causedMicrosoft to DOS itself. Which really takes a LOT to happen. After the break we started to go into some tools we actually use orhave used and wanted to recommend. Jay spoke of his Retina softwarethey use. We did play a nice practical joke on jay and left him hangingin the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up's and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPNbut none of us had used it. Chris Mills also went into one of the toolshe used back in the day but recently started to use again called NTop. Talked about itunes going DRM free. Always a good thing!!! This thendrifted in to a conversation about players in general. Jay recommendedengadget.com and how they covered CES so well. This then divulged intocomputers for kids as well as netbooks. Anthony is getting close to being able to do the Mix MInus. This meansthere will be the chance to play the music / voice mails / audiofeedback on to everyone so that we can comment or answer the questions.This will be a welcome addition to the show. Jay stated our new goal - to be "Internet Famous" Dont forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Important links for the show and documents used: http://www.iss.net/ http://www.nessus.org/nessus hotspotshield.com http://openvpn.net http://www.ntop.org Check out the end of the cast for Jay's audition for American 1dol!!! PaulDotCom Security Weekly - Episode 137 Part 1 - January 22, 2008 Paul, Larry, and John talk security with Dave Shackleford! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Email: psw@pauldotcom.com Direct Audio Download Audio Feeds: Episode 12 Erm We're back! Live Recording Notice Episode 9 We will be recording Security Justice Episode 9 live at Mavis Winkles Irish Pub (Independence location) this Wednesday, January 21st beginning around 9pm EST right after the Northeast Ohio Information Security Forum meeting.Listen to the podcast live on Hak5radio.com (note the new link) and chat with us on IRC at irc.freenode.net #securityjustice or follow us [...] PaulDotCom Security Weekly - Episode 136 Part 2 - January 15, 2008 Paul, Larry, and John talk security! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand PaulDotCom Security Weekly - Episode 136 Part 1 - January 15, 2008 Paul, Larry, and John talk security with Eric Cole! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand PaulDotCom Security Weekly - Episode 135 Part 2 - January 9, 2008 Paul, Larry, and John talk security! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand PaulDotCom Security Weekly - Episode 135 Part 1 - January 9, 2008 Paul, Larry, and John talk security with special guests from Microsoft! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul "PaulDotCom" Asadoorian, John Strand Security Justice on SecuraByte Episode 5 Twitter FAIL Tom and Dave joined Mubix, Anthony Gartner, Chris Gerling, Chris Mills, Andrew B (from the SecuraBit show) with special guests Melissa (geekgrrl) from Twitter and Tim Krabec from the SMBMinute for a quick SecuraByte podcast. We talked about the recent Twitter phishing, this weeks Twitter hack and the challenges with securing social media.You can [...] SecuraByte Episode 05 Happiness, Fail Whale beaches Itself!!! News at 11. Well really we started recording about 8 PM on MondayJanuary 5th.  In this SecuraByte episode, Securabit had its largestconference call yet.  Securabit was joined by the guys from bothSecurityJustice.com and SMBMinute.com, as well as Melissa on TwitterAKA @Geekgrrl. We discussed the security vulnerability discovered withtwitter.com's tech support.  This is a service many of us use andenjoy.  Please have a listen in while we discuss amongst ourselves. Dont forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com @mubix Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - SecurabitJay Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of theSMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave(@Securi-D) securityjustice.com Important links for the show and documents used: Britney, Obama Twitter Feeds Hijacked Following Phishing Attack http://blog.wired.com/27bstroke6/2009/01/twits-get-phish.html Fire Fox Addon "Long URL Please" http://www.longurlplease.com/ WIRED just posted this follow up: http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html PaulDotCom Security Weekly - Hack Naked TV - Episode 2 - Office 2007 Metadata Learn some command line kung fu tricks on how to extract useful metadata from Office 2007 XML documents. Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce (Voice), Paul Asadoorian (Editing & Command Line) PaulDotCom Security Weekly - Hack Naked TV - Episode 1 - Sim Card Larry shows you how to build a Sim Card reader and use software to read the contents of Sim cards. Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce

These are my current pull feeds:
http://pauldotcom.com/podcast/psw.xml
http://feeds.feedburner.com/SecurityJustice?format=xml
http://feeds.feedburner.com/Securabit?format=xml
http://exoticliability.libsyn.com/rss
http://feeds.feedburner.com/Cyberspeak
http://4cast.whitfields.org/?feed=podcast
http://www.isdpodcast.com/feed/
http://social-engineer.solidcasts.com/xml/podcast/1997