Security Justice – Episode 8
December 23rd, 2008 Tom Posted in Podcast Episodes | 2 Comments »
This is the 8th episode of the Security Justice podcast recorded December 17th 2008 live at Mavis Winkle’s Irish Pub! This episode was hosted by Tom, Dave, Chris and Tyler. Matt was out of town. Special guest appearances by dotzero and Greg. Music provided by dualCORE and a special music shout out to Jim Tews & Mike Polk that sang Ode to Great Lakes Brewing Company’s Christmas Ale! (NSFW for drunken language). Thanks to everyone listening to the live stream and for participating in the chat via IRC.
Trivia Contest Details
For this episode we did a special holiday “dual” live podcast with SecuraBit to win a copy of the new Nmap Network Scanning book and a $25 gift card to Chili’s/Macaroni Grill/Maggiano’s Restaurants. There were two trivia questions you needed to answer. One was given on SecuraBit Episode 17 and the other on Security Justice Episode 8 (and during the live podcasts on December 17th). Listen for the first trivia question on SecuraBit Episode 17 and the second trivia question on Security Justice Episode 8. Send your answers to feedback[aT]securabit.com. The first listener to correctly answer both questions will win both the book and the gift card.
Here are the topics covered and show notes:
- Penetration Testing Dead in 2009? Many don’t think so (including us). There are lots of different opinions.
- Dave’s Shmooball Cannon test fire! See what happened to Bruce Potter at Notacon this year!
- Core Impact Essential and new XSS/Blind SQL Injection modules
- Secure State SQL Injection Tool released at Defcon
- The story of the fired accountant…resetting the domain admin account in a Windows Server 2003 domain. Use the ophcrack livecd to get the local admin account on the domain controller first.
- Did you check out the new VMware vCenter Converter? It’s really cool! Correction..Tom actually converted several Windows boxes to VM’s..converting Linux is not supported *yet*.
- Chris provides details of his experience with the TSA and “security theater”. He observed with pictures.
- Chris and his SANS DC class. Anyone want to be a SANS instructor? Chris tells you how and what SANS requires.
- Dave talks about his new Asus EEE PC. Here is a great guide done by @kriggins to install Backtrack 3 to USB/SD with persistant changes. How to install XP to an SD card.
- Dave got his Fon router…shout out to Hak5 for the idea! Dave is looking for something other then a pineapple…perhaps a lamp?
- New IE 0day. Out of band patch released! Awesome article on how the vulnerability works and is exploited. Thanks to @geekgrrl for the link!
- Greg on the impact of malware
- Check out this blog post if you want to know what all the hype is about Christmas Ale here in Cleveland!
Stay tuned after the podcast for some special holiday tunes and outtakes. Leave feedback by commenting below or via Twitter. Happy Holiday’s from Security Justice!
December 23rd, 2008 at 5:52 pm
Thanks for the shout-out guys. Glad the how-to helped.
-Kevin
December 31st, 2008 at 1:56 pm
Regarding pen testing, I certainly think there will always be a need to perform some level of this as we’re talking about software written by humans. It’s never going to be perfect, and there will be flaws. However, I strongly feel that we still put *way* too much attention on after the fact testing and not enough in training developers. How many college CS programs teach or even bring up the proper and secure way to write code? It’s more about functional programming and less to do with proper validation,sanity checking, memory management, etc. This stuff needs to be ingrained so that devs can’t just fall back to the easy way out when the deadline/manager is breathing down their neck. This is definitely a larger discussion than a comment box though so I’ll stop here.