SecuraBit

SecuraBit Episode 43 â The Academy Pro

chris@securabit.com (SecuraBit) — Tue, 27 Oct 2009 14:21:00 GMT

SecuraBit Episode 43 â The Academy Pro

Guest Interview: Peter Giannoulis of The Academy Pro

Metasploit Rising

http://blog.metasploit.com/2009/10/metasploit-rising.html

WordPress 2.8.5: Hardening Release
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

Blubrry PowerPress Podcasting Plugin for WordPress
http://www.blubrry.com/powerpress/

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks http://www.wired.com/threatlevel/2009/10/time-warner-cable/

Google Voice voicemails appearing in public search results
http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/

TweetDeck
http://www.tweetdeck.com/beta/

Porn, CSS History Hacking, User Recon and Blackmail
http://ha.ckers.org/blog/20091021/porn-css-history-hacking-user-recon-and-blackmail/

Windows 7
http://www.microsoft.com/windows/

Magic Mouse
http://www.apple.com/magicmouse/

Quick Shell Script to Extract Contents
http://pinowudi.blogspot.com/2009/10/quick-shell-script-to-extract-contents.html

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner â @anthonygartner
Chris Gerling â @chrisgerling
Christopher Mills â @thechrisam
Andrew Borel â @andrew_secbit

Guest:
Peter Giannoulis

Links:
The Academy Pro - http://www.theacademypro.com/
The Academy Home - http://www.theacademyhome.com/

Don't forget to listen to the end of the show for the guest appearances by both Kermit the Frog and Sean Connery

SecuraBit Episode 42 - Phreaking Sweet Con in TN.

chris@securabit.com (SecuraBit) — Tue, 13 Oct 2009 16:09:00 GMT

SecuraBit Episode 42 â Phreaking Sweet Con in TN.

Phreaknic 13 â October 30 â November 1 2009

Phreaknic Curse

CCTV throughout hotel, great + for attending the con

Ware Chair Toss

Firing a jet engine in the parking lot.

Four Tracks

1 Cumberland (Main ballroom)

2 9th Floor (Vendor Area)

3 Cafe Area (Gaming)

4 Contest Area

Size of conferences

ShmooCon

Running Conferences

#RoachesMustDie from ShmooCon 2009 via Security Justice

http://www.youtube.com/watch?v=6FsuvbGJ6f4

Microsoft Security Essentials - http://www.microsoft.com/security_essentials/

Google Wave - http://wave.google.com/help/wave/about.html

New iTunes Store - http://www.apple.com/itunes/

Hotmail, Yahoo, and Gmail email passwords exposed - http://www.cso.com.au/article/321185/gmail_yahoo_mail_join_hotmail_passwords_exposed

1password - http://agilewebsolutions.com/products/1Password

iKeepass - http://ikeepass.de/

Inside the URLZone Trojan Network - http://www.threatpost.com/blogs/inside-urlzone-trojan-network-105

Metasploit hiring in Austin, TX

Rockstar QA Engineer Needed - http://austin.craigslist.org/sof/1410600092.html

jQuery/Ruby Ninja Needed - http://austin.craigslist.org/sof/1410620402.html

New version of Pocket God for the iPhone

Hacker Consortium - http://hackerconsortium.com/

hack.rva - http://twitter.com/hackRVA - http://hackrva.org/

TechShop - http://techshop.ws/

Join us in IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner â @anthonygartner

Chris Gerling â @chrisgerling

Christopher Mills â @thechrisam

Andrew Borel â @andrew_secbit

Guest:

SkyDog

Links:

Phreaknic 13 - http://www.phreaknic.info/pn13/

SecuraBit Episode 41 - Speaking of Cons, and forensics...

chris@securabit.com (SecuraBit) — Tue, 6 Oct 2009 14:12:00 GMT

SecuraBit Episode 41 - Speaking of Cons, and forensics...

Part 1: Marcus Carey

Dojocon - http://www.dojocon.org/ - @dojocon

November 6 & 7, 2009

Capitol College Maryland

Part 2: Scott Moulton

http://www.microforensics.com/pages/software-mercury.php (link below)

blackberry stuff:

bitpim

Hosts:

Chris Gerling â @chrisgerling

Jason Mueller â @securabit_jay

Andrew Borel â @andrew_secbit

Anthony Gartner â AnthonyGartner.com - @anthonygartner

Guest:

Marcus Carey - http://www.dojocon.org/ - @dojocon

Scott Moulton - http://www.myharddrivedied.com/

Links:

Dojocon - http://www.dojocon.org/ - @dojocon

Mercury - http://www.microforensics.com/pages/software-mercury.php

BitPim - http://www.bitpim.org/

SecuraBit Episode 40 - Paul WHO????

chris@securabit.com (SecuraBit) — Sat, 3 Oct 2009 02:11:00 GMT

SecuraBit Episode 40 - Paul "Pauldotcom" Asadoorian

Microsoft Security Bulletin MS09-048 - http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx

Microsoft Security Bulletin MS07-063 - http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx

Renaud script to go from Nmap to Nessus

Interview with Paul Asadoorian (PaulDotCom/Tenable/Nessus)

Intro Questions:

Who are you, and what are you doing on THIS podcast?

Tell us about the PaulDotCom podcast (Iâve talked to SecuraBit listeners who have never heard of PDC)

How long have you been using Nessus?

When did you start working for Tenable?

What is your role at Tenable?

Nessus Questions:

Whatâs new in this version of Nessus?

Are changes driven primarily by Tenable, or the community?

What does Nessus use for a scanning engine?

How does Nessus interact and work with Nmap?

Explain Nessus licensing and what an individual vs a corp is entitled to.

How much is a license?

Cost of proffesional feed = $1200.00/year

Home feed no longer a delay, no SCADA plugins

How does Nessus differ from OpenVAS?

Can you use the OpenVAS repo with Nessus?

Talk about the extensibility of Nessus. (Scripting, etc)

How does Nessus work with OVAL definitions? How does this help for FDCC compliance?

Does tenable have any dedicated appliances for enterprise scanning and monitoring based on nessus?

Implementation and Operation questions (How Paul Does Things):

Do you place scanning servers on each segment of the network, or do you scan through zone-to-zone firewalls? Why?

Is there a practical limit to the number of deices that can be scanned by one scanning server? Or is it just a time tradeoff?

How often do you scan (and re-scan) a network?

How do you handle the results (and avoid dropping a 300 page Nessus report on the server guys and saying FIX IT)

Are results parse-able and able to be fed into compliance and risk management tools?

SecuraBit Episode 39 - Stealing candy from little kids everywhere!!!

chris@securabit.com (SecuraBit) — Mon, 14 Sep 2009 23:18:00 GMT

SecuraBit Episode 39 â Stealing candy from little kids everywhere!!!

Jay brought up that some government web sites will be switching to an http://openid.org authentication

What Does DHS Know About You? - http://philosecurity.org/2009/09/07/what-does-dhs-know-about-you
How to request your travel records - http://www.hasbrouck.org/blog/archives/001607.html

TwiGUARD - http://twiguard.com/index.html
TweetDeck - http://tweetdeck.com/beta/

MS IIS FTPD DoS ZER0DAY - http://www.milw0rm.com/exploits/9587

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. - http://www.milw0rm.com/exploits/9594

Poison Ivy Remote Administration Tool - http://www.poisonivy-rat.com/

FRHACK: Pentesting Live DVD - http://pentestit.com/2009/09/09/frhack-pentesting-livedvd/

Upcoming Events:
SANSFIRE 2009 - http://www.sans.org/sansfire09/
Baltimore, MD - June 13 - 22, 2009

Phreaknic 13 - http://www.phreaknic.info/pn13/Site_2/Welcome.html
October 30 - November 1 2009

SANS Cyber Defense Initiative - http://www.sans.org/cyber-defense-initiative-2009
Washington, DC - December 11 - 18, 2009

ToorCon - http://www.toorcon.org/
San Diego Convention Center - October 23rd-25th, 2009

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner â http://www.anthonygartner.com â @anthonygartner
Chris Gerling â http://www.chrisgerling.com â @hak5chris
Christopher Mills â http://www.packetsense.net â @thechrisam
Andrew Borel â @andrew_secbit
Jason Mueller â @securabit_jay

SecuraBit Episode 38 â Classic Securabit, Lots of Rambling, Low Content

chris@securabit.com (SecuraBit) — Sun, 30 Aug 2009 19:32:00 GMT

SecuraBit Episode 38 â Classic Securabit, Lots of Rambling, Low Content

Louisville Metro InfoSec Conference in Louisville, KY
October 8, 2009 8am - 5pm
Sponsored by the local ISSA Chapter
Some of speakers at the event include:

John Strand
Lee Kushner
Scott Moulton
Adrian "IronGeek" Crenshaw

http://www.louisvilleinfosec.com/
Presentations are planed to be posted online afterwards.

If you wish to attend the conference you can use the discount code of "geek seat" to get $20 off registration

Round Table Topic: Who should be responsible for patching? Infrastructure or Security?

There is a conversation about the new Snow Leopard for Mac and Macs mail.

A brief discussion about Helix, Security Onion, and Splunk 4.

Join us in IRC at irc.freenode.net #securabit

Guest:
Brian Blankenship - chair ( a ) louisvilleinfosec ( dot ) com

Links:
Louisville Metro InfoSec Conference - http://www.louisvilleinfosec.com/
Security Onion - http://securityonion.blogspot.com/
Splunk 4 - http://www.splunk.com/view/splunk-4-features/SP-CAAAEVR

SecuraBit Episode 37 â Mapping Networks with Fyodor and NMAP

chris@securabit.com (SecuraBit) — Tue, 25 Aug 2009 12:47:00 GMT

SecuraBit Episode 37 â Mapping Networks with Fyodor and NMAP
NMAP 5 with Gordon "Fyodor" Lyon
* How did Nmap start?
* What's new in Nmap 5?
* Whe kind of legal issues have you faced in regards to NMAP?
* Where did the handle Fyodor start?
* Will there be a second edition of Nmap book? (below) no second e yet or planned
* Where is NMAP Going?
* Where do you see Nmap Scripts (NSE) going, possibly doing a community repo?
* Will scans for mobile devices in future releases?
* Why lua vs. python or ruby or something else?
Find the answers to these questions and more by listening to the show.

After our interview we cover DEFCON and the Podcasters meetup.

Join us in IRC at irc.freenode.net #securabit

Guest:
Gordon "Fyodor" Lyon - http://insecure.org/fyodor/

Links:
NMAP 5 - http://nmap.org/5/
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning - http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qid=1250122655&sr=8-1
New 'ping sweep' - http://carnal0wnage.attackresearch.com/node/373
The Programming Language Lua - http://www.lua.org/
WordPress 2.8.4 Security Release - http://wordpress.org/development/2009/08/2-8-4-security-release/

SecuraBit Episode 36 - The f0rb1dd3n Network

chris@securabit.com (SecuraBit) — Fri, 7 Aug 2009 16:29:00 GMT

SecuraBit Episode 36 - The f0rb1dd3n Network

We are joined by Jayson Street to talk about his book, Disecting the Hack: The f0rb1dd3n

Network, that is due out soon. All Black Hat bags will have an excerpt from the book in them.

Additionally we get Jayson's input on the topic of the recent denial of service attacks not

coming from North Korea after all.

DJ Great Scott gives us an update on the social events at this years DEFCON.

Finally we cover media destruction policies. How do you decommission old hard disks? Do you

retain the ones from your copiers and fax machines? What about thumb drives?

Join us in IRC at irc.freenode.net #securabit

Hosts:

Anthony Gartner â http://www.anthonygartner.com â @anthonygartner
Chris Gerling â http://www.chrisgerling.com â @hak5chris
Christopher Mills â http://www.packetsense.net - @thechrisam
Andrew Borel â @andrew_secbit
Jason Mueller â @securabit_jay

Guest:
Jayson E. Street â http://f0rb1dd3n.com/author.php

Links:
http://f0rb1dd3n.com
Computer attack may not have originated in North Korea after all -

http://blogs.usatoday.com/technologylive/2009/07/evidence-has-surfaced-that-the-denial-of-service-attacks-that-crippled-dozens-of-us-and-south-korean-web-sites-last-week-ma.html
UK, not North Korea, source of DDOS attacks, researcher says -

http://www.pcworld.idg.com.au/article/311070/uk_north_korea_source_ddos_attacks_researcher_says
DEFCON 17 - http://www.defcon.org/html/defcon-17/dc-17-index.html
Podcasters Meetup - http://www.podcastersmeetup.com/

SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW!!!

chris@securabit.com (SecuraBit) — Mon, 13 Jul 2009 03:20:00 GMT

SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!
Facebook privacy settings are getting simplified. 
Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails. 
Slowloris DOS the show stream. 
We discuss OSSEC with Andrew Hay.
Join us in IRC at irc.freenode.net #securabit
Next live recording is July 15, 2009 at 8pm EDT.
Hosts:
Andrew Borel - @andrew_secbit 
Anthony Gartner â <a href="http://www.anthonygartner.com">http://www.anthonygartner.com</a> â @anthonygartner 
Chris Gerling - <a href="http://www.chrisgerling.com">http://www.chrisgerling.com</a> - @hak5chris 
Christopher Mills - <a href="http://www.packetsense.net">http://www.packetsense.net -</a> @thechrisam 
Rob Fuller - Mubix - <a href="http://room362.com">http://room362.com</a> - @Mubix
Guest(s):
Wesley McGrew - <a href="http://www.mcgrewsecurity.com/">http://www.mcgrewsecurity.com/</a> - @mcgrewsecurity 
Andrew Hay - <a href="http://www.andrewhay.ca/">http://www.andrewhay.ca/</a> - @andrewsmhay
Links:
<a href="Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.">http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server</a> 
<a href="http://www.ossec.net/">http://www.ossec.net/</a> 
OSSEC - <a href="http://www.ossec.net/">http://www.ossec.net/</a> 
Andrew Hay's Book - <a href="http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X">http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X</a>
SecuraBit Episode 35 - Content, what content? Oh, THAT content!!! NSFW well some anyway!!!
Facebook privacy settings are getting simplified.
Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.
Slowloris DOS the show stream.
We discuss OSSEC with Andrew Hay.
Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.
Next live recording is July 15, 2009 at 8pm EDT.
Hosts:
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Anthony Gartner â http://www.anthonygartner.com â @anthonygartner
Andrew Borel - @andrew_secbit
Rob Fuller - Mubix - http://room362.com - @Mubix 
Guest(s):
Wesley McGrew - http://www.mcgrewsecurity.com/ - @mcgrewsecurity
Andrew Hay - http://www.andrewhay.ca/ - @andrewsmhay
Links:
http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server
http://www.ossec.net/
OSSEC - http://www.ossec.net/
Andrew Hay's Book - http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

SecuraBit Episode 34 RoundTable Well Virtually anyway!!!

chris@securabit.com (SecuraBit) — Wed, 1 Jul 2009 20:34:00 GMT

SecuraBit Episode 34
This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.
News Items: 
StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html
TweetDeck still passes authentication in the clear
Google Apps criticized about their security
iPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/
RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/
Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCamp
DefCon and the Podcasters Meetup 
- In Sky box 207 and 208 8pm or after the last talk on Saturday night. 
- Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.
PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.
Join us in IRC at irc.freenode.net #securabit
Our Next live recording is July 1, 2009 at 8pm EDT.
Hosts: 
Chris Gerling - http://www.chrisgerling.com - @hak5chris 
Jason Mueller - @securabit_jay 
Christopher Mills - http://www.packetsense.net - @thechrisam 
Rob Fuller - Mubix - http://room362.com - @Mubix 
Andrew Borel - @andrew_secbit
Guests: 
Scott Fitzpatrick
Links: 
Symantec - http://www.symantec.com/ 
Mubix - Couch to Career - http://www.room362.com/archives/564-couch-to-career-follow-up.html

SecuraBit Episode 33 - Bursting Clouds with Kostya Kortchinsky

chris@securabit.com (SecuraBit) — Sat, 13 Jun 2009 05:50:00 GMT

In this episode we talk to Kostya about the process that is behind Cloud Burst. He speaks about breaking out of the existing Virtual Machine and into the host. Once you own the host you have the ability to own other Virtual Machines.

Quick Topics:
OS X Security Update
Palm Pre
North Korea Cyberware
Air France Flight 447

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - @securabit_jay

Guests:
Kostya Kortchinsky - http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71
Tim Krabec - http://www.SMBMinute.com - @tkrabec

Links:
Immunity Inc - http://www.immunitysec.com/
CLOUDBURST exploit video - http://www.immunityinc.com/documentation/cloudburst-vista.html
CVE-2009-1244 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244
53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution - http://osvdb.org/53634
Microsoft Security Bulletin MS08-067 - http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
SyScan '09 Singapore July 2-3 - http://www.syscan.org/Sg/program.html
The Cassandra Tool - https://cassandra.cerias.purdue.edu/main/index.html
Apple Security Update 2009-002 / Mac OS X v10.5.7 - http://support.apple.com/kb/HT3549
PalmÂ Preâ - http://www.palm.com/us/products/phones/pre/
North Korea Builds Up Cyber Warfare Unit - http://news.yahoo.com/s/afp/20090505/ts_afp/nkoreaitmilitary
Air France Flight 447 - http://en.wikipedia.org/wiki/Air_France_Flight_447
DEFCONÂ Hacking Conference - http://www.defcon.org/
Immunity CANVAS - http://www.immunitysec.com/products-canvas.shtml

SecuraBit Episode 32 PDF Love!

chris@securabit.com (SecuraBit) — Wed, 27 May 2009 14:32:00 GMT

SecuraBit Episode 32 PDF Love!

Dieter talks about how the ifilter will actually allow you to use a pdf to exploit the system because ifilter uses the windows indexing service. He also discusses some of the various methods of prevention including his tool called PDFiD.

Penetration Document Format
http://www.flickr.com/photos/packetsense/3549486353/

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam

Guests:
Didier Stevens - http://blog.didierstevens.com/

Links:
PDFiD - http://blog.didierstevens.com/2009/03/31/pdfid/
PDF Tools - http://blog.didierstevens.com/programs/pdf-tools/
Security Justice - http://securityjustice.com/
Exotic Liability - http://exoticliability.ning.com/

Securabit Episode 31 Show Notes - The Intertubes need a patch Episode

chris@securabit.com (SecuraBit) — Fri, 22 May 2009 14:46:00 GMT

Episode 31 Show Notes - The Intertubes need a patch Episode

In this episode we are joined by Russell Butturini, he speaks to the guys about the tool he authored at the suggestion of the hak5 crew. He even talks about some of his horror stories about security.

Hosts:

Anthony Gartner - http://www.anthonygartner.com - @anthonygartner

Christopher Mills - http://www.packetsense.net - @thechrisam

Andrew Borel - @Andrew_Secbit

Guests:

Russell Butturini - http://www.linkedin.com/pub/b/960/913

Links:

U3 Incident Response Switch Blade - http://wiki.hak5.org/wiki/U3_Incident_Response_Switchblade

Command Line Kung Fu Blog http://blog.commandlinekungfu.com/

http://packetsense.net/blog

Extending CVSS Beyond Its Base Score - http://www.packetsense.net/blog/2009/05/12/extending-cvss-beyond-its-base-score/

http://www.splunk.com/

http://www.cisco.com/en/US/products/ps6241/index.html

SecuraBit EP30 l0phtcrack 6

chris@securabit.com (SecuraBit) — Sat, 2 May 2009 20:43:00 GMT

This week we interview Christien Rioux and Chris Wysopal about the upcoming release of l0phtcrack 6.

Guests:

Christien Rioux - @dildog

Chris Wysopal - @cwysopal

Links:

l0phtcrack - http://www.l0phtcrack.com/

Adobe Product Security Incident Response Team (PSIRT) - http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

Finjan finds botnet of 1.9m infected computers - http://news.zdnet.co.uk/security/0,1000000189,39643173,00.htm

SecuraBit EP29 Flash in the TV

chris@securabit.com (SecuraBit) — Sun, 26 Apr 2009 19:40:00 GMT

This week ....

Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro.

Flash on the TV. Are TV's the next big botnet?

Oracle's buying Sun. Does this mean the end for MySQL?

We discuss these topics and more on Securabit Episode 29.

Hosts:
Andrew Borel - @Andrew_Secbit
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris
Christopher Mills - http://www.packetsense.net - @thechrisam
Jason Mueller - @securabit_jay

Links:

Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf

Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html

SecuraBit EP28 I am stuck in a VM, and I can't get out!!!

chris@securabit.com (SecuraBit) — Wed, 15 Apr 2009 16:06:00 GMT

SecuraBit EP28 I am stuck in a VM, and I can't get out!!!

Special Guest - Rob Randell

This week we are joined by Rob Randell from VMware. We cover recommendations for using Virtual Machines securely, VM breakouts such as cloudburst, and various other issues revolving around the security of virtual machines.

Hosts:
Andrew Borel - @Andrew_Secbit
Anthony Gartner - http://anthonygartner.com - @anthonygartner
Rob Fuller - Mubix - http://room362.com - @mubix

Guest:
Rob Randell â http://vmware.com @rjrandell
Steve McGrath - http://cutnet.net
Chris Hoff - http://www.rationalsurvivability.com @beaker

Links:
http://vmware.com

SecuraBit EP27 No joke!! We have George Starcher!!

chris@securabit.com (SecuraBit) — Sun, 5 Apr 2009 17:48:00 GMT

SecuraBit EP27 No joke!! We have George Starcher!!

This week we have special guest George Starcher and we recorded the show on April 1st. George is a long time podcaster with older shows such as In The trenches which he did with Kevin Devin and later had some guests fill in including our own Anthony Gartner. George is still very active in the security community with his job and also does spots on the The Typical Mac User Podcast as well as a big contributor to their forums.

Hosts:
Anthony Gartner - http://www.anthonygartner.com - @anthonygartner
Chris Gerling - http://www.chrisgerling.com - @hak5chris

Guest:
George Starcher - http://georgestarcher.com - @GeorgeStarcher

Links:
http://en.wikipedia.org/wiki/Conficker
http://kevindevin.com
http://georgestarcher.com/
http://typicalmacuser.com/
http://en.wikipedia.org/wiki/The_Castles_of_Dr._Creep
http://www.opendns.com/
http://www.govtech.com/events/vatech2009

SecuraBit Episode 26:

chris@securabit.com (SecuraBit) — Mon, 30 Mar 2009 02:30:00 GMT

SecuraBit Episode 26: "@Quine and back to Roots"

This week we interview Zach Lanier aka @Quine, the Security Twits manager. We ask all about Security Twits as well as delve into some security topics in the second half. Listen all the way through to hear us as our normal selves without serious guests, it's a riot!

Security Twits is a listing of security professionals on Twitter. It's a great opportunity to discover other great people in our community. Go to http://www.security-twits.com/ for more details and follow @securitytwits as well as @quine on twitter.

Guest:
Zach Lanier - http://n0where.org/ - @quine

Links:
http://en.wikipedia.org/wiki/Conficker
http://www.adam.com.au/bogaurd/PSYB0T.pdf
http://it.slashdot.org/article.pl?sid=09/03/23/2257252&from=rss
http://ciscofatty.com/

SecuraByte Episode 06: HP SWFScan

chris@securabit.com (SecuraBit) — Mon, 23 Mar 2009 11:31:00 GMT

We're proud to announce a new tool from HP's Application Security Center called SWFScan. Prajakta Jagdale and Matt Wood from the HP Web Security Research Group explain why SWFScan was created, and the hope that it will help developers produce more secure flash applications.

Hosts
Anthony Gartner - http://www.anthonygartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, http://www.chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense

Guest
Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785)
Matt Wood - HP Web Security Research Group

Links
SWF Scan (http://www.hp.com/go/swfscan)
HP (http://www.hp.com/)
Win a Cheeseburger (http://h30423.www3.hp.com/?fr_story=3a98c704f7ef61299c19ef1f648f1acb1a5aeab8&rf=sitemap)

SecuraBit EP25 Jayson E. Street's Talks about his book f0rb1dd3n

chris@securabit.com (SecuraBit) — Sat, 21 Mar 2009 18:57:00 GMT

Securabit Episode 25 Show Notes "Jayson E. Street's f0rb1dd3n"

This week we interview Jayson E. Street about his new novel f0rb1dd3n.

f0rb1dd3n is a fictional story that also provides an overview of the tools, techniques, and culture of hackers. Throughout the story reference to an appendix that will provide the detail information about the item being referenced, and where to find more information. The expected release data is in July 2009 around Black Hat and Defcon.

A beta of Sumo LINUX is targeted for release the first week of April.

Quine will be our next guest interview.

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense

Guest
Jayson E. Street - http://f0rb1dd3n.com/author.php

Links
http://f0rb1dd3n.com
http://osvdb.org
http://datalossdb.org

SecuraBit EP24 A Night with G. Mark Hardy!!!

chris@securabit.com (SecuraBit) — Sun, 15 Mar 2009 22:17:00 GMT

Securabit Episode 24 ÃG, Mark Hardy

In this episode of Securait we are joined by G. Mark Hardy, President of National Security Corporation.

Topics
The history of computer security industry
The Shmoocon Puzzle 2009 Badge Puzzle
The Value of Information
Coffee Wars IX
Developing Public Speaking Skills
Explaining Technical Topics to Nontechnical Audiences
Are bad times good for security professionals?
The Value in Investing in Yourself

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Guest
G. Mark Hardy - http://www.gmarkhardy.com/

Links
Shmoocon 2009 Badge Puzzle (http://shmoocon.info)
CoffeeWars (http://www.coffeewars.org)
Between Silk and Cyanide: A Codemaker's War, 1941-1945 (http://www.amazon.com/Between-Silk-Cyanide-Codemakers-1941-1945/dp/0684864223)
Tight Security for Tough Times (http://events.techtarget.com/secdefense/)

SecuraBit EP 23 The Echo Show!!! with Guest Marcus Carey

chris@securabit.com (SecuraBit) — Fri, 27 Feb 2009 14:03:00 GMT

We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area.

Next we cover the details about SUMO LINUX 2.0 with our guest Marcus Carey.

SUMO LINUX 2.0
- Based on a stable version of Debian so we can update with Debian packages and Unbuntu Packages.
-Windows response tools will be added.
-Build a wiki with detailed documentation of all the tools included to make it easy for a newbie to get started.
-No plans for multi-boot.
-Distributed out via Bit Torrent.
-Memory analysis and RAM dumping. Cheap USB sticks have really helped with this. The analysis is also proving to be a big help in forensics.
-Will be coordinating the project on the Securabit forums (http://forums.securabit.com/index.php?showforum=9)
-User feedback will help us make it better for everyone.
-Post in the forum if you are interested in helping out.

Other News Items
-Homebrew patches for zero days in the enterprise.
-Cell phones and international roaming charges at the border.
-What hardware tools should you have in a forensic toolkit?

Have something you want plugged on Securabit? Send it to Feedback@securabit.com.

If you are interested in helping with the Richmond, VA area hackerspace contact Chris Gerling.

Hosts
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Guest
Marcus Carey Ã SUMO LINUX http://www.sumolinux.com

Links
Hackerspaces http://hackerspaces.org
SUMO LINUX http://www.sumolinux.com
Adobe Zero Day http://isc.sans.org/diary.html?storyid=5902&rss
Excel Zero Day http://isc.sans.org/diary.html?storyid=5923 & http://www.microsoft.com/technet/security/advisory/968272.mspx
Forensic Talon http://www.logicubeforensics.com/products/hd_duplication/talon.asp

SecuraBit Episode 22

chris@securabit.com (SecuraBit) — Fri, 13 Feb 2009 17:54:00 GMT

Episode 22 Schmoocon Recap

We reflect back on Schmoocon 2009, the Podcasters Meetup, and look foward to DEFCON.
Also we cover patch Tuesday, Back|Track 4, and a community replacement for Helix.

Hosts:
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - @Securabit_Jay

Links:
<a href="http://www.shmoocon.org/">Schmoocon</a>
<a href="http://www.podcastersmeetup.com/">Podcasters Meetup</a>
<a href="http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx">Microsoft Security Bulletin MS09-003</a>
<a href="http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx">Microsoft Security Bulletin MS09-004</a>
<a href="http://backtrack4.blogspot.com/">Back|Track 4</a>
<a href="https://www.defcon.org/">DEFCON</a>
<a href="http://www.e-fense.com/products.php">Helix</a>

Shmoocon Podcaster Meetup Live Audio

chris@securabit.com (SecuraBit) — Tue, 10 Feb 2009 23:35:00 GMT

Here is the audio from the meetup on 2/6 if anyone is interested. We're releasing this on our feed for anyone who doesn't follow pauldotcom. It's not edited, just raw audio so if you have any complaints keep them to yourself. ;)

Thanks to all who came!

Episode 20: Time Warp Again!

chris@securabit.com (SecuraBit) — Tue, 10 Feb 2009 23:21:00 GMT

Sorry folks, we will not be releasing episodes out of order anymore.

In this episode we discuss:

Managing IP space inside a company network. Attributing a device on the network to an employee / function.

Standardizing vulnerability management using Security Content Automation Protocol (SCAP) and Open Vulnerability Assessment System (OpenVAS).

And briefly touch on the Obama Administration's Outline for their Cyber Security Strategy.

Use our Forums!

Donât forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Andrew Borel - @Andrew_Secbit

Special Guest:

Tim Krabec (@tkrabec) of the <a href="http://smbminute.com/">SMBMinute.com</a>

Important links for the show and documents used:

<a href="http://www.openvas.org/">Open Vulnerability Assessment System</a>
<a href="http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol">Security Content Automation Protocol</a>
<a href="http://www.diigo.com/annotated/5e5c73ed44f27f40631af447951b4bf8">Obama Administration Outlines Cyber Security Strategy</a>
<a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/12/08/AR2008120801944.html">More Cyber Security Regulations Recommended</a>

SecuraBit EP 21 HP Security reasearchers speak with SecuraBit

chris@securabit.com (SecuraBit) — Sat, 7 Feb 2009 16:02:00 GMT

In this special episode of Securabit we are interviewing Billy Hoffman and Prajakta Jagdale. Billy is the author of the book Ajax Security. Prajakta is a Security Research Engineer with HP and is presenting at this year's ShmooCon.

Hosts:

Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Special Guests:
Billy Hoffman (http://en.wikipedia.org/wiki/Billy_Hoffman)
Prajakta Jagdale (http://www.linkedin.com/pub/4/93a/785)

Important links for the show and documents used:
HP (http://www.hp.com/)
Ajax Security (http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939)
NoScript (http://noscript.net/)
SchmoonCon (http://www.shmoocon.org/presentations-all.html#flash)HP's very own Prajakta Jagdale (She is the security research engineer for
HP's Web Security Research Group) & Matt Wood (HP Web
Security Research Group) join SecuraBit for a very informative discussion.

Questions on Ajax, Flash, and Web Application security.

SecuraBit EP18 Don't say we didn't warn you.

chris@securabit.com (SecuraBit) — Sun, 25 Jan 2009 20:36:00 GMT

This show is out of order and we debated if we would even release it. Well why not, have a listen if you don't like it delete it and remember we told you so ;)

This show was a hostile take over by The guys at SMB Minute. It was all just for fun and happened on Dec 31 2008. Remember we warned you.... Listen at your own risk!!!

Donât forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com @mubix
Anthony Gartner - AnthonyGartner.com @AnthonyGartner
Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris
Chris Mills - ChrisAM @packetsense
Jason Mueller - SecurabitJay

Important links for the show and documents used:

NONE

Securabit EP 19 MS DOS's itself, and more!!!

chris@securabit.com (SecuraBit) — Sat, 24 Jan 2009 16:58:00 GMT

In this episode which is likely to be out of sequence. SecuraBit did a recording on the 31st of the year and we will likely release it but episode 18 was a potential lost episode. Chris Mills talks about how twitter has changed some of it's security measures in the aftermath of the hack on its admin accounts. He even did some testing of a bogus account. We even got into some discussions on which types of phones handle what kind of sites. Please be careful, Jay is going to be getting a twitter account and might actually post. Oh FRAK!!!!

The next part on the agenda was the new Windows 7 Beta. This caused Microsoft to DOS itself. Which really takes a LOT to happen.

After the break we started to go into some tools we actually use or have used and wanted to recommend. Jay spoke of his Retina software they use. We did play a nice practical joke on jay and left him hanging in the wind for a few moments, but he did recover. Spoke about running ISS for the nice pretty reports for the higher up's and Nessus for the technicians. Anthony mentioned Hot Spot Shield which works on windows, mac, iphone and many other platforms. The chat room recommended Open VPN but none of us had used it. Chris Mills also went into one of the tools he used back in the day but recently started to use again called NTop.
Talked about itunes going DRM free. Always a good thing!!! This then drifted in to a conversation about players in general. Jay recommended engadget.com and how they covered CES so well. This then divulged into computers for kids as well as netbooks.
Anthony is getting close to being able to do the Mix MInus. This means there will be the chance to play the music / voice mails / audio feedback on to everyone so that we can comment or answer the questions. This will be a welcome addition to the show.
Jay stated our new goal - to be "Internet Famous"

Donât forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Important links for the show and documents used:

http://www.iss.net/
http://www.nessus.org/nessus
hotspotshield.com
http://openvpn.net
http://www.ntop.org

Check out the end of the cast for Jay's audition for American 1dol!!!

SecuraByte Episode 05 Happiness, Fail Whale beaches Itself!!!

chris@securabit.com (SecuraBit) — Wed, 7 Jan 2009 19:58:00 GMT

News at 11. Well really we started recording about 8 PM on Monday January 5th. In this SecuraByte episode, Securabit had its largest conference call yet. Securabit was joined by the guys from both SecurityJustice.com and SMBMinute.com, as well as Melissa on Twitter AKA @Geekgrrl. We discussed the security vulnerability discovered with twitter.com's tech support. This is a service many of us use and enjoy. Please have a listen in while we discuss amongst ourselves.

Donât forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Special Guests: Melissa (@geekgrrl), Tim Krabec (@tkrabec) of the SMBMinute.com, Tom (@agent0x0) securityjustice.com, and Dave (@Securi-D) securityjustice.com

Important links for the show and documents used:

Britney, Obama Twitter Feeds Hijacked Following Phishing Attack
http://blog.wired.com/27bstroke6/2009/01/twits-get-phish.html
Fire Fox Addon "Long URL Please"
http://www.longurlplease.com/
WIRED just posted this follow up:
http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html

Securabit Episode 17 for xmass Santa gave us an Nmap book to give away!!!

chris@securabit.com (SecuraBit) — Mon, 22 Dec 2008 17:42:00 GMT

This is a unique episode for SecuraBit, we are teaming up with the Security Justice Podcast to do a double header show. SecuraBit recorded their show from 8-9 PST, then handed off the reins to Security Justice to finish out the night. In doing so we had a combine set of prizes. To win the prize required that you listen and get the correct answer to a trivia question given on SecuraBit. You also had to listen to the Security Justice Podcast to and know the answer to their question as well. SecuraBit even manged to start on time as well as hand off on time. It was a very different type of show due to trying to condense everything in to a single hour. (Good thing we didn't have any real content, Just kidding)

SecuraBit opened the show but because Jay needed to switch some things out we actually went to a break faster than normal. When we returned from the break we did indeed have Jay on the line. We started to go into the new Microsoft Zero Day, and Jay informed us that he had been out of the loop for a week but since the patch only came out 73 minute before he found out about it he figured he was right on time.

The next topic was Chris Gerling going to sans and taking the forensics 508 course. Chris then told us that he felt like he should never have picked up a helix disk based on the level of knowledge he has now compared to before the course. We also discussed that many states are requiring a Private Investigators license to do forensics. That none of us on the show agreed that this was a good idea, but yet several lobbyists have been pushing for this very idea. Jay asked the question about what was thought about the BGP security vulnerability. Anthony discussed a new site he went to as a security review.

After the break, we went into the trivia question. The trivia Question was: What are the flags you have to set in order to do an NMAP-style XMAS scan in Unicornscan? We will post the winner soon in conjunction with the Security Justice podcast. After the trivia question we went into thoughts on what to do about prior employees, handling creditials, voice mails, and emails. We referenced the guy in San Francisco who was fired from the job, but yet still was able to hold the network he left hostage.

Don't forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com
Anthony Gartner - AnthonyGartner.com
Chris Gerling - Hak5Chris, Chrisgerling.com
Chris Mills - ChrisAM
Jason Mueller - SecurabitJay

Important links for the show and documents used:

No links this time!

Securabit Episode 16 How many F-Bombs are required for $40

chris@securabit.com (SecuraBit) — Wed, 10 Dec 2008 06:13:00 GMT

In this episode we talk about Chris Gerling attending the SANS Cyber Defense Initiative 2008 in Washing DC. He will be taking the Security 508 Computer Forensics, Investigation, and Response course. If you are at the conference please make sure you look for Chris. He also plans to take the new GPEN test while there. We might be bringing the sock monkey to Shmoocon and have him do some interviews.

We also spoke about how few businesses are actually checking a persons signature or id for credit cards. Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married.

After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room. Went into the issue of dns forwarding being done on CheckFree.com The article was actually from The Washington Post by Brian Krebs. Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of 1password. It was a Great hookup. Then we covered various apps on the IPhone. We touched on what the encryption is on a 3g network. We found a great powerpoint slide show explaining it.

After the last break we went into firewall set ups. Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued. You will just have to listen to it to see what kind of sense it makes. We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit). From there the show just went down hill with strippers and alcohol.

Don't forget to give us a feedback on Itunes so we can bump the old shows off the list.

Thanks again for all the donations for the Tip Jar.

Hosts:

Rob Fuller - Mubix, room362.com
Anthony Gartner - AnthonyGartner.com
Chris Gerling - Hak5Chris, Chrisgerling.com
Chris Mills - ChrisAM
Jason Mueller - SecurabitJay

Special Guest: Joel Esler from sourcefire.com and Joelesler.net

Important links for the show and documents used:

http://www.sans.org/cdi08/
http://www.sans.org/training/description.php?mid=98
http://www.sans.org/press/giac_pentest_cert.php
http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?nav=rss_blog

Securabit EP 15 Will the real Joel Esler please step forward!

chris@securabit.com (SecuraBit) — Mon, 1 Dec 2008 00:54:00 GMT

Sorry for the delay in getting this episode out this time. Anthony got stuck with doing some actual work and then we all got hit by the holidays. We do hope you enjoy the show this week.

Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility. If something happens how and to what extent as security professionals are we responsible and accountable. This is a topic he brought up on twitter as well and got a lot of replies back. Some agreeing and some not, Feel free to weigh in on this one.

Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust.

After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU. You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk . The conversation went into WPA is not Busted. We referenced Steven Gibson's explantion and Joel Eslers blog posts on the subject. During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits

After the Break we were able to bring in the real Joel Esler. Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress. He actually works for sourcefire. This is an organzation that you should take a look at, it is well worth your time. He also is an avid security blogger and has his own blog at Joel Esler.net Joel talks about he IPS's of today are simply not the same as many of the original IPS's.

We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do. Sorry about that! But we kind of ran out of content and time.

SecuraBit would like to make sure everyone has a Happy Holidays and don't forget to leave us feedback on Itunes even if you don't listen via Itunes. We want to get some of these casts out of there that have not posted in years.

Hosts:

Rob Fuller - Mubix, room362.com
Anthony Gartner - AnthonyGartner.com
Chris Gerling - Hak5Chris, Chrisgerling.com
Chris Mills - ChrisAM
Jason Mueller - SecurabitJay

Special Guest: Joel Esler from sourcefire.com and Joelesler.net

Important links for the show and documents used:

http://www.phishtank.com/
http://projecthoneypot.org/
http://www.sourcefire.com/products/3D/?semg=USSFR2&gclid=CISstozXgpcCFQVKtAodijdxXQ
http://www.joelesler.net/finshake/Blog/Blog.html
http://www.wirelessve.org/news_entries
http://en.wikipedia.org/wiki/Dd_(Unix)
http://en.wikipedia.org/wiki/QEMU
http://isc.sans.org/diary.html?rss
http://isc.sans.org/diary.html?storyid=5300
http://www.clamav.net/
http://sandboxie.com/
http://www.castlecops.com/
http://en.wikipedia.org/wiki/Web_of_trust

Securabit Episode 14 We remind you to not get SWACKED!!!

chris@securabit.com (SecuraBit) — Mon, 10 Nov 2008 18:10:00 GMT

In this episode we have a special guest Adrian from Irongeek.com. We conversed about the going's on at phreaknic. Adrian presented down there and this is where he ended up meeting Bruce and Heidi Potter from the Shmoocon Group. The discussion covered a little more on the MS08-067 issues, Sans Training, and CEH. This is the first episode where we experimented and used stickam.com to allow the listeners to see just how messed up we really are.

After the break, Adrian spoke about how one of the guys from binrev.com turned him on to a book for review called Googling Security: How Much Does Google Know About You? written by Greg Conti. Anthony ended up going into some of new virus / trojan infections. These were on the lines of antivirus 2009 and others of the type. Consensus was that a good cleaner tool was called Rougefix (recommendatin from the IRC channel by Tim Krabek). Adrian recommended a song by Tom Smith about Technical Suport for Dad.

We went into a little more information on the New York School district's vulnerability. We also went into a little bit on how to lock down a printer as well. Found a list of the PJL commands for HP.

Securabit wanted to remind everyone that if you have anything to say you are welcome to come on the show and tell us what you think and know. It is an open invitation. We want to thank those individuals who have donated to the podcast as well. Check out a couple of our friends podcasts at http://securityjustice.com and the http://SMBminute.com

Hosts:

Chris Mills - ChrisAM

Chris Gerling - Hak5Chris, Chrisgerling.com

Anthony Gartner - AnthonyGartner.com

Jason Mueller - SecurabitJay

Special Guest: Adrian from Irongeek.com

Important links for the show and documents used:

http://irongeek.com
http://www.phreaknic.info/pn12/
http://shmoocon.org
http://www.binrev.com/
http://www.amazon.com/Googling-Security-Much-Google-About/dp/0321518667
http://www.technibble.com/repair-tool-of-the-week-roguefix/
http://www.tomsmithonline.com/main1.htm
http://timesunion.com/AspStories/story.asp?storyID=732745
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=84028&prodTypeId=18972&prodSeriesId=84028&objectID=bpl01965

Securabit Episode 13 B00 (Happy Ha110w33n)

chris@securabit.com (SecuraBit) — Thu, 30 Oct 2008 19:36:00 GMT

In the Halloween Episode 13 where we neglected to mention Halloween, the guys talk about a wide range of topics on the show. The topics we covered included Australia joining the Great Firewall of China, The FBI's Dark Market Takedown, National Cyber Security Awareness Month, CERT Training, spaghetti sauce, and phreaknic 12 (where Chris was going to go but was not able to at the last minute)

The East Coast is represented up and down with Chris G traveling to New York. We even had a ghostly apparition that sounded a lot like Jason Mueller.

Hosts:

Chris Mills - ChrisAM

Chris Gerling - Hak5Chris

Anthony Gartner - AnthonyGartner.com

Jason Mueller -

Important links for the show and documents used:

http://www.techcrunch.com/2007/12/30/australia-joins-china-in-censoring-the-internet/

http://www.fbi.gov/page2/oct08/darkmarket_102008.html

http://www.sickurity.com/

http://www.us-cert.gov/press_room/cyber_security_awareness_month.html

https://www.vte.cert.org/vteweb/

http://www.acm.org/

http://www.schneier.com/essay-241.html

http://www.phreaknic.info/pn12/

SecuraByte Episode 4

chris@securabit.com (SecuraBit) — Sat, 25 Oct 2008 05:38:00 GMT

This evening we had a podcast about the new Zero Day Exploit. This exploit covers all versions of windows from 2000 and above. Securabit brought in Tim Krabec from the smbminute.com podcast. This covers the article from Microsoft MS08-067.

Hosts:
Chris Mills - ChrisAM

Chris Gerling - Hak5Chris

Anthony Gartner - AnthonyGartner.com

Guests:

Tim Krabec (Cray Beck)

Important links for the show and documents used:

http://docs.google.com/Presentation?id=dghttrwg_26c47c5xcx
http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
http://milw0rm.com/exploits/6824
http://blogs.technet.com/swi/
SecuraByte Episode 4Beer

Tim's beer Optimator Spaten Munich

SecuraBit Episode 12

chris@securabit.com (SecuraBit) — Mon, 13 Oct 2008 14:03:00 GMT

Securabit Episode 12

Anthony Gartner
Chris Mills
Chris Gerling

Chris G rides the Failbus with his FIOS connection

IT Jobs: No "Widespread Worry"?: http://blogs.cioinsight.com/biztech30/content/it_careers/it_jobs_no_widespread_worry_2.html

Air Force Cyber Command: http://blog.wired.com/defense/2008/08/air-force-suspe.html

Cracking one billion passwords per second with NVIDIA video card - http://www.net-security.org/secworld.php?id=6616

BREAK

Chris G talks about running VM's in Vista Ultimate 64 bit

The guys discuss home networking

Soekris Box: http://www.soekris.com/
Netgate m1n1wall firewall 3E 2D3 http://www.netgate.com/product_info.php?products_id=312

AIG Executives Blow $440,000 After Getting Bailout: http://www.foxbusiness.com/story/markets/industries/finance/aig-executives-blow--getting-bailout/

Password Management Systems:

Password Safe - http://passwordsafe.sourceforge.net/
KeePass - http://keepass.info/
Password Gorilla - http://www.fpx.de/fp/Software/Gorilla/ - Works on
Mac OS X
1Password - http://agilewebsolutions.com/products/1Password
Apple Keychain - http://en.wikipedia.org/wiki/Apple_Keychain - Nice,
but not portable
TrueCrypt on JungleDisk - http://www.windmeadow.com/node/35

New Nevada Law Requiring Businesses to Encrypt Emails with Customers - http://www.reuters.com/article/pressRelease/idUS182108+29-Sep-2008+BW20080929

France required to keep record all connections - http://news.zdnet.co.uk/itmanagement/0,1000000308,39217959,00.htm

SecuraBit Episode 11

chris@securabit.com (SecuraBit) — Mon, 29 Sep 2008 15:31:00 GMT

This week Anthony Gartner & Rob Fuller discuss the latest computer security news. Special guests are Vyrus and CP from the dc949.org group.

Episode 11

Discussions covered the following topics:

Skynet, Advanced Dork, Google Site Indexer, These tools work worked on by CP and Vyrus and the dc949 group and are written as open source.

Rob brought up a Firefox add on called Barrier

Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to.

Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours.

A mention of Cisco was brought up and we also spoke of a visualized version for the Cisco Mips processors and the specific virtualized version of the Cisco 7200 Routers.

BlackBerry Encryption keys may be in the hands of the Indian Government as part of the deal with Rim.

SecuraBit Episode 10

chris@securabit.com (SecuraBit) — Fri, 19 Sep 2008 13:43:00 GMT

(Apologies in advance for the short term 'wiki' look of these show notes, the public wiki will be up soon!)

On this Episode of Securabit:

Chris Gerling - Hak5chris

Chris Mills - ChrisAM

Anthony Gartner - AnthonyGartner

Jason Mueller - SecuraBit_Jay

Guest Chris Wilson

Episode 10 - A milestone!

We are all still alive even though the CERN Particle Collider has been started up.

OpenSource Projects, Software, Patches

Obama Sex Video Spam

New SecuraBit VPS! (We have since cancelled and will be moving to something else soon)

Linode with CentOS. However, no SELinux available

For CentOS help go to: #CentOS on irc.freenode.net

Tips for configuring the new server:

Disable root login on ssh Good passwords Lock down ports

The Securabit guys started using the CentOS distribution because of its interconnections with Snort

See this site for details on how to configure Snort on CentOS

In non-security related news:

Steve Jobs Apple Special Event "Let's Rock"
Apple did update QuicktTime and Bonjour: http://voices.washingtonpost.com/securityfix/2008/09/security_updates_for_ipod_touc.html?nav=rss_blog

Netbooks are everywhere: Even Commodore joins Netbook Crowd: http://news.cnet.com/8301-17938_105-10029963-1.html

Google Chrome:

Milworm Chrome Exploit/Vulnerabilities http://www.milw0rm.com/exploits/6353 http://www.milw0rm.com/exploits/6355 http://www.milw0rm.com/exploits/6365 http://www.milw0rm.com/exploits/6367 http://www.milw0rm.com/exploits/6372 http://www.milw0rm.com/exploits/6386 Google Chrome and Germany: http://www.salon.com/wires/ap/scitech/2008/09/09/D9338OT80_germany_google_chrome/index.html

MS commercial analysis: http://www.purpleslinky.com/Humor/Satire/A-Commercial-About-Nothing-Analysis-of-the-First-Microsoft-Seinfeld-Ad.245991

MS Mouse: http://www.maximumpc.com/tags/bluetrack

BREAK

Schneier and portable device security: http://www.schneier.com/blog/archives/2008/07/open_source_lap.html

        http://www.schneier.com/blog/archives/2005/07/risks_of_losing.html

Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on the Linode VPS

Chris Mills: Employer Security Expo

  Talked about Password Security and showed off Rainbow Tables/Ophcrack (http://ophcrack.sourceforge.net/) and Driftnet (http://ex-parrot.com/~chris/driftnet/)

BREAK

Chris Wilson

SecuraNibble: Snort Sensor Tutorial

chris@securabit.com (SecuraBit) — Tue, 16 Sep 2008 14:01:00 GMT

Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS.

I hope this is of use to everyone, it is very very well done!

SecuraByte Episode 3

chris@securabit.com (SecuraBit) — Wed, 10 Sep 2008 16:05:00 GMT

Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group.

Hosts:
Rob Fuller - Mubix
Chris Mills - ChrisAM

Chris Gerling - Hak5Chris

Guests:
Nick Farr - Treasurer HacDC
Mitch Altman - http://en.wikipedia.org/wiki/Mitch_Altman - NoiseBridge San Francisco
Bryce

HacDC and Hackerspaces.

What is a Hackerspace?: Physical space where hackers make things, in
person place to do things rather in addition to online. People can
work on their own projects and collaborate with others.

Mitch has been working on Brain machines.

Tips on how to start a hackerspace:

- Visit a hackerspace

- Document on Hackerspace design patterns (PDF).

- Go to Visit: Hackerspaces.org and email questions about getting started to info@hacdc.org

- Last Hope Talk: Building Hacker Spaces Everywhere: Your Excuses are Invalid - Nick Farr and Friends (MP3).

If I am not a member, can I go: Yes!

Some hackerspaces mentioned:

NY Resistor
C-base (Berlin Germany)
The Hacktory (Philadelphia)

Mitch working on SF Space, NoiseBridge
NoiseBridge email list

Intersting Hackerspace projects:

Blinkenlights -

Project Blinkenlights was a light installation in the Haus des Lehrers
building at the Alexanderplatz in Berlin that transformed the building
front into a giant low-resolution monochrome computer screen.

tmplab -

Paris France

http://www.tmplab.org/ (French)

Columbia heights Wireless -

The Columbia Heights Wireless Project aims to provide wireless access to
the Internet to HacDC's neighbors in Columbia Heights. This project, in
three phases, will help test different technologies and methods for
providing this access as well as building local neighborhood IT
infrastructure.

SecuraBit Episode 9

chris@securabit.com (SecuraBit) — Thu, 4 Sep 2008 12:59:00 GMT

On this episode of SecuraBit:

Multiboot Security DVD

Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to choose which common security distros, all on one medium!

OS Choices:

Backtrack 3

Damn Small Linux 4.2.5

GeeXBoX 1.1 (not geekbox )

Damn Vulnerable Linux (Strychnine) 1.4

Knoppix 5.1.1

MPentoo 2006.1

Ophcrack 1.2.2 (with 720 mb tables)

Puppy Linux 3.01

Byzantine OS i586-20040404

Make a bootable FAT32 USB stick using Unetbootin

Some distros the Securabit guys would like to see added:

Helix Intelguardians Samurai

RedHat/Fedora OpenSSH Compromises

As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.

The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised

-Stolen SSH keys are used to gain access to the system

-After that, rootkit "phalanx2" is installed and steals more SSH keys

-Obviously this could be used to install any malware at all

The RHEL offshoot CentOS was not affected by the compromise.

Joomla Vulnerability

US CERT Joomla! Password Reset Vulnerability

Joomla Core Exploit Announcement - Password Remind Functionality

Joomla user password reset vulnerability being actively exploited

BREAK

After Break Banter

Italy tries to ban PirateBay

Awesome Quote: "Fear makes the wolf look bigger"

Best Western Pwned

Originally Discovered by The Sunday Herald. As many as 8 million accounts compromised

Best Western Response

Vulnerbilty of BGP

This exploit of Border Gateway Protocol allows the attacker to monitor internet traffic and forward it to anywhere in the world. Five hours of traffic was forwarded to New York during Defcon 16. This vulnerability is going to be bigger than the Kaminsky DNS Vuln. Speaking of Dan, he loves Securabit!

Defcon presentation from Anton Kapela and Alex Pilosov

Border Gateway Protocol

Wired - Revealed: The Internet's Biggest Security Hole

Wired - More on BGP Attacks -- Updated

The Middler

Jay Beale - Middler - Release it already! DefCon Talk

Audio Steganography

Hiding information by slightly altering the binary sequence of a sound file

From simple algorithms that insert info in the form of signal noise, to more powerful methods that exploit sophisticated signal processing techniques to hide information.

LSB coding (least significant bit):Ââ substitute with a binary msg

Parity coding

Phase coding:Ââ #Ââ The original sound signal is broken up into smaller segments whose lengths equal the size of the message to be encoded.

A Discrete Fourier Transform (DFT) is applied to each segment to create a matrix of the phases and Fourier transform magnitudes.

Phase differences between adjacent segments are calculated.

Phase shifts between consecutive segments are easily detected. In other words, the absolute phases of the segments can be changed but the relative phase differences between adjacent segments must be preserved. Therefore the secret message is only inserted in the phase vector of the first signal segment as follows:

Spread spectrum

Two versions of SS can be used in audio steganography: the direct-sequence and frequency-hopping schemes. In direct-sequence SS, the secret message is spread out by a constant called the chip rate and then modulated with a pseudorandom signal. It is then interleaved with the cover-signal. In frequency-hopping SS, the audio file's frequency spectrum is altered so that it hops rapidly between frequencies.

Least Significant Bit

BREAK

Security Justice stops by

Tom and Dave from Security Justice

-Search for pics of Mubix gets you this

-Shmoocon will have another Podcasters Meetup and Hak5 will be there.

-List of Hacker/Security Con's

Forensic recovery on SSD

SSD Forensics:

- no physical security hooks that prevent them from being removed from enclosures

- ultraviolet laser to wipe out lock bits (encryption) from fuses on chips that secure SSDs

- overall easier to erase data on SSD (with encryption)

vs HDD Forensics:

- Harder to fully erase data 9have to overwrite or physically damage)

- easier to fully encrypt

Jim handy: hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer, then reassembled using data recovery software.

SSDs are hot, but not without security risks

Scott A. Moulton presentations on data recovery and forensics.

Contact Securabit

Securabit Website and Forums

IRC: #securabit on irc.feenode.net

Join us on LinkedIn

Skype Number: (469) 277-2248

Delicious Tag: securabit

SecuraBit Episode 8

chris@securabit.com (SecuraBit) — Fri, 15 Aug 2008 10:49:00 GMT

On this Episode of SecuraBit

Jason Mueller
Chris Gerling
Anthony Gartner

Back from three week hiatus.

Defcon and BlackHat

    Defcon Parties:

        Core Impact Party
        EthicalHacker.net party
        Cisco Party
        Isight Party
        I-hacked Party
        StillSecure Freakshow Party

    ChicagoCon: Boot Camps: Oct 27 - 31 Conference: Oct 31 - Nov 1: http://www.chicagocon.com/

    Defcon Badges

        Ran out of Badges on first day: http://search.twitter.com/search?q=Defcon+badges+out
        TV-B-Gone built into the badges: http://www.hackaday.com/2008/08/05/defcon-16-badge-details-released/
        Servo hacks the badges - LINK?

    Podcasters Meetup - http://www.podcastersmeetup.com/ and http://securabit.com/2008/08/13/dc16-recap/

    Documentary: Hackers are People Too: http://www.hackersarepeopletoo.com/

BREAK

More from Podcasters meetup:

    Maltego - Maltego is an open source intelligence and forensics application - http://www.paterva.com/maltego/
    Iphone Metasploit: http://secmaniac.blogspot.com/2008/07/metasploit-3-on-iphone.html

Hak5 plug: Show every Monday - http://www.hak5.org/

Drinks:
Absolut Mandarin: http://www.absolut.com/us
Rain Vodka: http://www.rainvodka.com/

Current news:

    Georgia and Russia: Cyber Warfare: http://it.slashdot.org/article.pl?sid=08/08/10/0126232&from=rss
    Estonia to help Georgia: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112399&
    Watch out for tanks in Atlanta: http://is.gd/1qNy

    MIT Subway Card Hacking Pulled from Defcon: http://news.cnet.com/8301-1009_3-10012612-83.html
        Talk Posted Here: http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

    Naval PostGraduate School wins capture the flag: http://swampie.wordpress.com/2008/08/11/naval-postgraduate-school-wins-defcon-capture-the-flag-competition/

    Wall of Sheep: http://www.blackhat.com/html/bh-usa-08/wallofsheep.html
        Lesson: Don't take your production (or perhaps any) computer to hacker conferences

    Driftnet to catch Jpegs at Defcon: http://ex-parrot.com/~chris/driftnet/


Anthony will be working on Iphone Security
    Apple sells 95 Iphones/day/store: http://is.gd/1qND

Tshirts and Stickers gone, but more on there way?

Martin McKeay at Defcon: http://www.cwes01.com/1083/7776/psw/separated.png

Direct Download

On this episode of SecuraBit:

Jason Mueller
Chris Gerling
Anthony Gartner

Back from three week hiatus.

Defcon and BlackHat

    Defcon Parties:

        Core Impact Party
        EthicalHacker.net party
        Cisco Party
        Isight Party
        I-hacked Party
        StillSecure Freakshow Party

    ChicagoCon: Boot Camps: Oct 27 - 31 Conference: Oct 31 - Nov 1: http://www.chicagocon.com/

    Defcon Badges

        Ran out of Badges on first day: http://search.twitter.com/search?q=Defcon+badges+out
        TV-B-Gone built into the badges: http://www.hackaday.com/2008/08/05/defcon-16-badge-details-released/
        Servo hacks the badges - http://edge.i-hacked.com/new-defcon16-details

    Podcasters Meetup - http://www.podcastersmeetup.com/ and http://securabit.com/2008/08/13/dc16-recap/

    Documentary: Hackers are People Too: http://www.hackersarepeopletoo.com/

BREAK

More from Podcasters meetup:

    Maltego - Maltego is an open source intelligence and forensics application - http://www.paterva.com/maltego/
    Iphone Metasploit: http://secmaniac.blogspot.com/2008/07/metasploit-3-on-iphone.html

Hak5 plug: Show every Monday - http://www.hak5.org/

Drinks:
Absolut Mandarin: http://www.absolut.com/us
Rain Vodka: http://www.rainvodka.com/

Current news:

    Georgia and Russia: Cyber Warfare: http://it.slashdot.org/article.pl?sid=08/08/10/0126232&from=rss
    Estonia to help Georgia: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112399&
    Watch out for tanks in Atlanta: http://is.gd/1qNy

    MIT Subway Card Hacking Pulled from Defcon: http://news.cnet.com/8301-1009_3-10012612-83.html
        Talk Posted Here: http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

    Naval PostGraduate School wins capture the flag: http://swampie.wordpress.com/2008/08/11/naval-postgraduate-school-wins-defcon-capture-the-flag-competition/

    Wall of Sheep: http://www.blackhat.com/html/bh-usa-08/wallofsheep.html
        Lesson: Don't take your production (or perhaps any) computer to hacker conferences

    Driftnet to catch Jpegs at Defcon: http://ex-parrot.com/~chris/driftnet/


Anthony will be working on Iphone Security
    Apple sells 95 Iphones/day/store: http://is.gd/1qND

Tshirts and Stickers gone, but more on there way?

Martin McKeay at Defcon: http://www.cwes01.com/1083/7776/psw/separated.png

Direct DL.

SecuraBit Episode 7

chris@securabit.com (SecuraBit) — Sun, 27 Jul 2008 22:33:00 GMT

On this episode of SecuraBit, we talk to Chris Eng and Chris Wysopal from Veracode about SOURCE Boston, as well as Jennifer Leggio about Twitter and more:

I'm going to be installing wiki software and recruiting some folks to help us do proper full show notes for each episode. We're also looking for people to help out with the forums, IRC, and research for technical segments. If you can contribute in any way we'll make sure you get recognized.

Direct link to show here.

Remember to hit up the T-Shirt and Sticker page. Soon I will remove the T-Shirt donate link as I will be shipping the box of T-Shirts to Jay to take with him to Defcon. Hit us up on the forums, or at irc.freenode.net #securabit. Thanks for listening!

SecuraByte Episode 2

chris@securabit.com (SecuraBit) — Sat, 26 Jul 2008 00:57:00 GMT

Last night we decided to discuss a little more on the DNS vulnerability issue that's been the hot topic everywhere in terms of detection and defense. Thanks to guest Chris Wilson for his invaluable insight into the snort signature we were provided by alexkirk in #snort on irc.freenode.net.

We also discussed detection of encrypted traffic on a network, and some of the implications of it.

Direct link to the mp3 is here.

Apologies for Chris Wilson's audio, his speakers were on unbeknown-st to us, and I cleaned it up as best I could. :)

Also, the stickers are finally in! Get your T-Shirts and stickers here!

SecuraByte Episode 1: DNS Haiku

chris@securabit.com (SecuraBit) — Tue, 22 Jul 2008 16:59:00 GMT

Today we introduce a new portion of the show: Securabytes. Securabytes are unannounced episodes, they could be last minute interviews or just more beer induced security speak. So, without further ado, here is the first Securabyte from the Securabit Podcast.

"Introducing haiku-DNS: [laughing corruption collapsing kittens gallop nectars forgiving] = usa.gov" - Chris

Wesley McGrew of McGrew Security, Martin McKeay of the Network Security Blog / Podcast, and some guy name Joel joined me (Rob Fuller) last night to discuss the DNS vulnerability leakage that happened about quitting time yesterday (7/21). We discuss the leak, how the vulnerability works, mitigating, and the potential it has on mass scales. Every one of the gentlemen that joined us, and we here at Securabit urge you to patch as soon as possible. If you need further information, please check the following links:

Direct link to this episode:

http://media.libsyn.com/media/securabit/securabytep01.mp3

Check to see if you are vulnerable: http://www.doxpara.com/

In depth explanation of the vulnerability: http://www.mcgrewsecurity.com/?p=151

SecuraBit Episode 6

chris@securabit.com (SecuraBit) — Thu, 17 Jul 2008 01:38:00 GMT

On this episode of SecuraBit Chris, Jay, and the crew discuss:

Major DNS vulnerability patched!
Check your DNS vulnerability status here!
BackTrack 3: Hard Drive?
More BT3 goodness! (Courtesy of pure_hate)
Andy's Trip to Spain!
Various other things, and if you haven't noticed by now.. bloopers!

We also want to announce that our T-Shirts have arrived, which you can get here! Stickers will be available very soon! As always, hit up the forums and start talking security with other professionals, pop into our irc at irc.freenode.net #securabit (cloaks coming soon!), and send any feedback to feedback@securabit.com or through the contact page on the site here!

Thanks for listening!

SecuraBit Episode 5

chris@securabit.com (SecuraBit) — Sun, 29 Jun 2008 21:03:00 GMT

On this episode of SecuraBit:

Anthony, Chris, Christopher, Jay, and special guest Rob (mubix) discuss:

Signature based anti-virus dead?
Rubbermaid Botmaster Sentenced
BackTrack3 Final released!
Using Google Earth to crash neighboring pools
Crazed Bovine Traversal
Distributed Honeypot Project

The iTunes link on the front page here works again!!! Check out the forums, and our IRC at irc.freenode.net #securabit. Any feedback is welcomed either through the contact form, or at feedback@securabit.com, or on the forums. Thanks for listening!!

SecuraBit Episode 4

chris@securabit.com (SecuraBit) — Tue, 17 Jun 2008 22:24:00 GMT

On this episode of SecuraBit, Chris, Jay, Anthony, Andy, and Chris Mills discuss:

    * Integrity of Fax Signatures.
    * Metasploit hacked? Layer 2 VLAN fun.
    * Clever Museum Theft.
    * Ironkey-like USB Flash Drive: DiskGO GUARDIAN.
    * Virus that encrypts your data.
    * Safari Carpet Bombing, and more!

Make sure to hit up our forums, and IRC at irc.freenode.net channel #securabit

Send all feedback to feedback@securabit.com or use the contact page on the site. We apologize for the delay! Thanks for listening!