PaulDotCom's Blog

After pulling my hair out (Yes, I have hair now :) for the past week or so I've finally got my new site operational. I am very excited to have complete control of my site, blog, and RSS feeds.

You can now access my blog, podcasting, and all content by going directly to:

http://pauldotcom.com

I will be updating my blog frequently with the latest security news, research, geek stuff, and of course PaulDotCom Security Weekly.

I am also going to move over my entries from livejournal to the new site as time permits. You can still access the content through the following links:

http://pauldotcom.com/podcast/ - PaulDotCom Security Weekly
http://pauldotcom.com/blog/ - My security/geek stuff blog

Enjoy!

Please send me your feedback/comments/suggestions:

Paul Asadoorian

(This will be the last post to this blog)

.com

I will be teaching the SANS Stay Sharp course titled Home Computer and Network Security

This course will cover:

In this class, you will learn about many different threats, antivirus programs, firewalls, anti-spyware, identity theft, Phishing, how to create strong passwords and more. This course will give you the basic skills you need to protect yourself from various threats on the Internet whether you are at home, on the road or at work.

It will be held on January 18, 2006 from 6:00PM-9:00PM at OSHEAN in N. Kingstown, RI.

The cost of the course if $50.00 per student and you can REGISTER HERE

Tell all your friends :)

.com

Ed Skoudis & Mike Poor if Intelguardians tested 5 Intrusion Prevention Systems, including how well they handled evasion techniques. You may be surprised at the results...

http://informationsecurity.techtarget.com/

.com

Our second episode has been released! We've got a whole new audio setup and sounding pretty better than ever (although that's not saying much). Here are this weeks show notes/topics:

- We beat the Sony DRM drum a few times because, well, we were the only ones who hadn't yet
- You can get a list of CD's that have the rootkit HERE
- We covered the MS05-053 exploit
- Botnets that use HTTP/HTTPS, presentation HERE
- Tracking MIT Students
- Sniffing passwords and clear text protocols, from the excellent blog by Bruce Schneier
- The overrated Linux Worm
- Fun (and profit) with Rainbow Tables

Hosts: Larry Pesce, Paul Asadoorian
Sound: Andrew Veitch

Direct Mp3 Download Link

Special thanks to OSHEAN for providing the bandwidth.




.com

We are proud to announce that PaulDotCom Security Weekly is now available via the iTunes music store:



You can get Episode 1 and the Marty Roesch interview. We are planning to record Episode 2 this Friday and release it sometime this weekend.

If you've got comments/suggestions/topics please send them to us:

Paul Asadoorian
Larry Pesce

Stay tuned...

.com

"In response to criticism published by two researchers last week that the protection mechanism for Oracle database user passwords is weak, Oracle is reminding users to apply good password protection policies..."


http://news.com.com/2061-10789_3-5924051.html?part=rss&tag=feed&subj=news

First off, even a strong password by most people's standards could be cracked within hours with the proper setup (and you wouldn't necessarily need a fast machine). Second, table permissions only solve part of the problem as the password hash can be sniffed off the network. Oracle needs to wake up...

.com

What could their motivation be? How about help me I'm being DoS'd:

"...180Solutions contacted the FBI after the botnet controllers launched a distributed denial-of-service (DDoS) attack against the company for terminating its distribution contract."

Read the full article here

.com

We finally have an RSS feed for our podcast, the direct link is here:

http://pauldotcom.com/podcast/psw.xml

We are also registered in iTunes (pending approval), and ODEO.

.com

"The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall."


Here's a tip, when making a law you should at least know what a firewall is and how it works. This is a pretty ridiculous law, especially considering that most of the risks on wireless networks relate to unprotected clients and insecure wireless protocols, both of which have nothing to do with a "network gateway server".

http://news.zdnet.com/2100-1035_22-5934194.html

We are proud to bring you our second podcast, an exclusive interview from SANS 2005 in LA with Marty Roesch, creator of Snort, an open-source intrusion detection system, and co-founder/CTO of Sourcefire:

Download It Here

Marty talks about:

- The history of Snort
- Recent Back Orifice buffer overflow
- New and exciting technologies at Sourcefire
- His love for Mac (which we share)

(We apologize in advance for the poor audio quality, new equipment is on the way. If you have suggestions or comments feel free to drop me a note, paul /at/ pauldotcom.com).

Again, thanks to our sponsor OSHEAN for providing the bandwidth.

"Snort saved my bacon"

.com

"mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring and bots are still what mwcollect is mostly used for collecting."

http://www.securiteam.com/tools/6S0050AEKI.html

This is definitely a tool I want to try out...

.com

" "This is the first case to charge someone for using bots for generating profits," said James Aquilina, Assistant U.S. Attorney for the Central District of California and the prosecutor on the case. "

http://www.securityfocus.com/news/11353

I believe this is a trend we are going to see continue as botnets become yet even more popular and evil.

.com

Pics from PaulDotCom Security Weekly - Episode 1 (Which was sponsored by the wonderful folks at Core Security):

http://pauldotcom.com/PSW-Episode1/

General pics from the trip:

http://pauldotcom.com/SANSLA2/

.com

"mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring..."

Sounds like a tool I need to play around with...

http://www.mwcollect.org/

.com

Well the conference is over and I am back home now filled with all sorts of good information. We spent the last day talking about PKI (try to contain your excitement). My brain is fried, so I will post the rest of the pictures and video from the conference at a later date.

One interesting note is that PEAPv2 is in the works and allows for different inner authentication types.

.com
-

This looks like a neat tool, however I can think of no legitimate purpose. Although the sample conversation in the comments of the code is pretty funny.

http://www.securiteam.com/tools/6Y00O1PEAE.html

.com

Josh's class was pretty cool yesterday. We got to the section on how to get around VPN protected wireless networks, here are a couple of the tools:

- Superscan 4 - This updated free tool from Foundstone will let you enumerate registry entries over NULL Sessions.
- nstx - Makes it possible to tunnel IP traffic in DNS queries using recursive lookups and the TXT record type.

Also:

- We also learned that Asleap can crack PPTP passwords too.

We got a chance to get to Little Tokyo last night. Had some good sushi and other Japanese dishes. We also found that Little Tokyo was in a a not-so-good part of town and were approached by panhandlers and other shady people (not before I got a ninja t-shirt though!).

More pictures coming soon...

.com

I cannot even begin to describe just how much good stuff they have packed into this conference. We've been non-stop since we got here, here are the highlights from the past two days:

- We did some mapping of the LA area and generated some maps. You can find them here and here. The second one is interesting, green represents WEP, red represents default configuration with no WEP, and blue is open.

- We also took some pictures. I like this one the best, you can correlate it with some of our maps if you look close.

- Our homework from class yesterday was to find three rogue access points that were hidden inside the hotel. This is challenge considering we find it difficult to find our rooms (even when we haven't been drinking). We found one, then decided to eat.

- Ed Skoudis of Intelguardians gave a fantastic talk on hacking for fun and profit. It seems that hacking is a big business now (you can get $500 per hour, per 100 thousands nodes rent for your botnet). Scary stuff, heck why buy or build yourself when you can just rent.

Stay tuned....

.com

We recorded the first episode of "PaulDotCom Security Weekly", our new podcast. It was recorded last night at SANS LA and we talked about:

- Oracle Password vulnerabilities
- Nokia smartphone worms
- Botnets
- FBI Romanian hacking case
- Terrorism and improvised explosives
- And much more!

This episode was sponsored by Core Security - an outstanding penetration testing tool.

Download it here

I promise future episodes will have show notes and be available via iTunes and other podcast sources. Bear with us as we put it all together :)

(Thanks to our other sponsor, OSHEAN, for providing the bandwidth)

.com

This paper discussing several weaknesses in Oracle's password hashing algorithm as presented by Joshua Wright. Reminds me of LANMAN....

Download the paper here | digg story