• Chris Gerling – @secbitchris
• Christopher Mills -@thechrisam

Guests

• Robert Stratton III - @MACH37

Topics

• Cybersecurity Startups and Accelerators featuring MACH37
  
  • Northern Virginia based startup accelerator
  • 17 cohorts thus far
• How tough it can be to start your own product company
• Pitfalls and lessons learned through assisting cohorts through their founding stages

Use Our Discount Codes

• Use code SANS_SecuraBit150 to get 150 off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANS Security East 2015 course and receive $150 off using coupon code “SANS_SecuraBit150”. The training event takes place in New Orleans, LA –Jan 16 – 21, 2015.

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.
  • Volunteers sought to help maintain and build challenges. Local to RVA a plus!

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

• Chris Gerling – @secbitchris
• Christopher Mills -@thechrisam

Guests

• Patrick Thomas - @coffeetocode
• Krystal Thomas-White - @KrystalMicrobio

Topics

• Bioinformatics
  • Relation of information security tools and methodologies to biology, research into immune systems, bacteria, as well as how those relate to infosec, polymorphpic malware, and reverse engineering.
    • BsidesChicago2014 Talk: https://www.youtube.com/watch?v=gsZWKj2aAgk
  • Signatures akin to antivirus/whitelisting:
    • http://www.wolfgreenfield.com/newsstand/700-crispr-cas--exciting-addition-genomic-editing
    • https://www.youtube.com/watch?v=ZJ-ChS9roQ0
  • Reverse Engineering/Debugging:
    • http://en.wikipedia.org/wiki/Gene_knockout
    • http://en.wikipedia.org/wiki/Fluorescent_tag

Use Our Discount Codes

• Use code SANS_SecuraBit150 to get 150 off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANS Network Security 2014 course and receive $150 off using coupon code SANS_SecuraBit150. The training event takes place in Las Vegas, NV – Oct 19-27, 2014.

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.
  • Volunteers sought to help maintain and build challenges. Local to RVA a plus!

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

• Chris Gerling – @secbitchris
• Rafal Los – @Wh1t3Rabbit
• Andrew Kalat @Lerg
• Jerry Bell -@Maliciouslink

Topics

• Chicago ATC Fire
• Scorpion
• Shellshock

Use Our Discount Codes

• Use code SANS_SecuraBit150 to get 150 off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANS Network Security 2014 course and receive $150 off using coupon code SANS_SecuraBit150. The training event takes place in Las Vegas, NV – Oct 19-27, 2014.

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.
• Volunteers sought to help maintain and build challenges. Local to RVA a plus!

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

Hosts

• Chris Gerling –@secbitchris

Guests

• Graham Speake - SANS
  • Affiliation - NexDefense

Topics

• ICS systems and their criticality
• Security in ICS
• Examples of malicious campaigns

Use Our Discount Codes

• Use code SANS_SecuraBit150 to get 150 off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANS Network Security 2014 course and receive $150 off using coupon code SANS_SecuraBit150. The training event takes place in Las Vegas, NV – Oct 19-27, 2014.

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Register for any SANS Network Security 2014 course and receive $150 off using coupon code “SANS_SecuraBit150”. The training event takes place in Las Vegas, NV – Oct 19-27, 2014.

Hosts

• Chris Gerling –@secbitchris

• Christopher Mills –@TheChrisAM

Guests

• Women's Society of Cyberjutsu - http://womenscyberjutsu.org/
• Facebook: https://www.facebook.com/WomensCyberjutsu
• Twitter & Instagram: @womencyberjutsu
• Meetup: http://womenscyberjutsu.org/www.womenscyberjutsu.org/meetups
• Cyberjutsu Girls Academy
• http://www.cyberjutsugirls.org/
• Facebook: https://www.facebook.com/cyberjutsugirls
• Twitter & Instagram: @cyberjutsugirls

Topics

• Lack of women in Cyber/IT fields. 11% of the cyber workforce consists of women.
• Addressing the pipeline issues with getting more girls excited about STEM
• Impostor Syndrome
• Differences in perception between men and women from an interpersonal standpoint

Use Our Discount Codes

• Use code SecuraBit5_SANS to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANSFIRE 2014 course and receive 5% off using coupon code SecuraBit5_SANS. The training event takes place in Baltimore, MD – June 21 - 30, 2014.

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling –@secbitchris

• Christopher Mills –@TheChrisAM

Guests

• Jeremy Lynch and Tyler Bennett of ArchAssault Linux!
  
  

Topics

• Drones and ARM fun!
• ArchAssault Linux
  • Kali-like environment with the ability for heavy niche customization and swapping of environments.
  • Modular. Can overlay any part of the distro onto your own Arch Linux installation
  • Bleeding edge packages
  • Great for setting up remote dropboxes via ARM devices
• IE Exploit
• Heartbleed wrap-up
• RVAsec CTF prizes! (Thanks Hak5!)
• BsidesChicago Post-mortem
• Upcoming guests!
  
  

Use Our Discount Codes

• Use code SecuraBit5_SANS to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANSFIRE 2014 course and receive 5% off using coupon code SecuraBit5_SANS. The training event takes place in Baltimore, MD – June 21 - 30, 2014.
  
  

Upcoming events

• http://www.secore.info

Links

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.
  
  

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris

• Christopher Mills – @TheChrisAM

Guests

• Rob Andersen -- @nola_con
  

Topics

• NolaCon

• June 19-22, 2014 in New Orleans, LA

• Use coupon code “securabit” to get $50 off registration!

• RVAsec CTF

• Banter

Use Our Discount Codes

• Use code SecuraBit5_SANS to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS 2014 course and receive 5% off using coupon code SecuraBit5_SANS. The training event takes place in Orlando, FL – April 5 - 14, 2014.

Upcoming events

• http://www.secore.info

Links

• NolaCon - NolaCon 2014 Website

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405

Hosts

• Chris Gerling – @secbitchris

• Christopher Mills – @TheChrisAM
  
  

Guests

• Josh Corman- @joshcorman - I Am the Cavalry

• Joe Klein - @joeklein Joe Klein
  
  

Topics

• I am the Cavalry

  • Public Health & Safety

  • RSA presence - go visit and say hi!

  • Twitter

  • Discuss on Google Groups!

• Your USB is my Network!

  • No firewalls on networks created via USB/Firewire/Bluetooth/etc ports.

• NTP can be very dangerous and evil!

  • Everything relies on timing.

Use Our Discount Codes

• Use code SecuraBit_SANS5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS 2014 course and receive 5% off using coupon code SecuraBit_SANS5. The training event takes place in Orlando, FL – April 5 - 14, 2014.

Upcoming events

• http://www.secore.info

Links

• Swimming with Sharks (TEDx Talk) - Josh Corman’s TEDx talk.

• www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts

• Chris Gerling – @secbitchris

• Christopher Mills – @TheChrisAM

Guests

• Jack Nichelson - @Jack0Lope

Topics

• Reducing your attack surface

  • The Java the Challenge – See how many weeks you can go without Java installed

• Get Focused!

  • Identify: Find the root cause of your top problem

  • Align: Build a project plan and get sponsorship

  • Communicate: Build consensus through awareness

  • Report: Build a scorecard to show results

• Transition from ineffective processes and philosophies, make technology an enablement tool, not just another tool to misappropriate and be frustrated by.

Use Our Discount Codes

• Use code SecuraBit_SANS5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS 2014 course and receive 5% off using coupon code SecuraBit_SANS5. The training event takes place in Orlando, FL – April 5 - 14, 2014.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net - Gh0st Pentesting Lab

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

December 11th, 2013

Hosts

• Chris Gerling – @secbitchris

• Mike Bailey – @mpbailey1911

Guests

• Jake Kouns - @jkouns - Risk Based Security

Topics

• Risk

  • How are organizations addressing risk?

  • Does tossing money at a problem really help?

• Bitcoins

  • Mining and security of wallets

  • How it works

• Liability

  • Who is liable when a car gets hacked and kills someone?

  • Are software vendors liable for their vulnerabilities?

Use Our Discount Codes

• Use code SecuraBit_SANS5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS Security East course and receive 5% off using coupon code SecuraBit_SANS5. The training event takes place in New Orleans, LA – January 20 - 25, 2014.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris

• Chris Mills - @thechrisam

Guests

• SecureDrop (00:00 - 28:45)

  • Trevor Timm - @trevortimm

  • William Budington - @legind

• Bro/Broala (29:00 - Fin)

  • Liam Randall - @hetcaman

Topics

• SecureDrop - https://pressfreedomfoundation.org/securedrop

• EFF - https://www.eff.org/

• Bro - http://www.bro.org/ and http://www.broala.com/

Use Our Discount Codes

• Use code SecuraBit_SANS5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS CDI 2013 course and receive 5% off using coupon code “SecuraBit_SANS5”. The training event takes place in Washington, DC – December 12 – 19, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

• Chris Gerling – @secbitchris

• Chris Mills - @thechrisam

• Mike Bailey –@mpbailey1911

Guests

• Oliver Day - @securingchange - https://securingchange.org

• Johnathan Cran -@jcran - https://bugcrowd.com/

Topics

• Securing Change

  • Volunteer time and money to secure nonprofits

• Bugcrowd

  • Get paid to find vulnerabilities

  • Start a bounty for your own product

News Items

• Adobe hacked

• Govt Shutdown

Use Our Discount Codes

• Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_05 The training event takes place in Washington, DC – June 15-22, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

• Chris Gerling – @secbitchris

• Chris Mills - @thechrisam

• Mike Bailey – @mpbailey1911

Guests

• Ariany Mizrahi - @codemunkii

  • BlackArch Linux http://www.blackarch.org/

• Dave Kennedy - @dave_rel1k

  • Derbycon https://www.derbycon.com/

  • TrustedSec https://www.trustedsec.com/

Topics

• BlackArch Linux

• A complementary expansion to Arch Linux for penetration testers.

• Derbycon

• It's like Shmoocon without being in crazy DC!

• What do you use to encrypt your email/IM?

  • The GNU Privacy Guard

    • http://www.gnupg.org/

  • Thunderbird + Enigmail

    • www.mozilla.org/thunderbird/‎

    • https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/

  • Gibberbot

    • https://guardianproject.info/apps/gibber/

  • surespot

    • https://www.surespot.me/

  • zixmail

    • http://www.zixcorp.com/email-encryption/zixmail/

  • MIT PGP Public Key Server

    • http://pgp.mit.edu/

  • Bitmessage

    • https://bitmessage.org/wiki/Main_Page

• PenLab

• Do not pull an AT&T: http://hardocp.com/news/2013/09/11/att_apologizes_for_lame_911_tweet

Use Our Discount Codes

• Use code SecuraBit_05 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANS CDI 2013 course and receive 5% off using coupon code “SecuraBit_05”. The training event takes place in Washington, DC – December 12 – 19, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris

• Andrew Borel – @andrew_secbit

• Mike Bailey –@mpbailey1911

Guests

• Banasidhe - @banasidhe

Topics

• THOTCON

  • http://www.thotcon.org/

• BSides Las Vegas

  • http://www.securitybsides.com/w/page/57632393/BSidesLV2013

  • Shout out to Tenable, Trustwave, and Risk I/O for sponsoring it!

• U.S. Army Corps of Engineers’ Dam database breached

  • http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/

• U.S. Department of Labor hack

  • http://labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/

• BitCoin

• RVASec

  • http://rvasec.com/

  • CTF

• Hackers in Uganda: A Documentary

  • http://www.kickstarter.com/projects/1456247168/hackers-in-uganda-a-documentary

• SECore.info

  • https://secore.info/

Use Our Discount Codes

• Use code SecuraBit_05 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_05 The training event takes place in Washington, DC – June 15-22, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

March 27th, 2013

Hosts

• Chris Gerling – @secbitchris

• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit

• Mike Bailey –@mpbailey1911

Guests

• Jamie Duncan - @jamieeduncan  Hack.RVA (pre-recorded)

Topics

• Hack.RVA events, news, and RVAsec badges!

• CTF is being put together for offline.  Register at http://securabit.com/ctf/

• Security Awareness training

  • Who should provide more than just basic training?

  • Security Vendors

  • Security focused organizations?

News Items

• SPamhaus and Cloud flare’s stupid super DDoS - peaked at 300Gb/sec

• Missouri court rules against $440,000 cyberheist victim

  • 2009 case.  Reason: Bank did not have 2 people sign off on transfer.

Use Our Discount Codes

• Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.

• Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_5 The training event takes place in Washington, DC – June 15-22, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Mike Bailey –@mpbailey1911

Guests

• Michael D. Angelo - @mfa0007
• Brad Bowers - @warezjoe

Topics

• NetIQ
• Internet History
• Privacy and Social Media
• Egypt’s revolution
• Data management and risk in the cloud
• Building Automation
• BacNET protocol dissection
• Shmoocon, RSA, and upcoming cons!
• The PenLab is back up!
• CTF Pre-registration for RVAsec 2013 will be coming soon!

News Items

• Brian Krebs gets SWATed
• More 0-days
• CarolinaCon!

Use Our Discount Codes

• Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats.
• Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_5 The training event takes place in Washington, DC – June 15-22, 2013.

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911
• Jason Mueller - @SecuraBit_Jay

Topics

• Shmoocon
• https://github.com/aol/moloch
• Link to the video chris gates linked: http://www.youtube.com/watch?v=6bvS0U3YtVY
• APT1
• https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+(Security+Bloggers+Network)
• Thrown Off a United Airlines Flight for Taking Pictures!
• http://upgrd.com/matthew/thrown-off-a-united-airlines-flight-for-taking-pictures.html
• http://www.tableau.com/index.php?pageid=firmware&releaseID=0&view=overview

Use Our Discount Codes

• Use code SecuraBit_5 to get 5% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Host:

• Chris Gerling – @secbitchris

Guest:

• Jake Kouns - @jkouns- http://www.rvasec.com/

What you need to know:

• RVASec Call for Papers ends February 4th @ 11:59PM.  Get your submissions in now!
• We expand on some more details regarding the Capture the Flag event that will be at the conference.
• Forensics training announced today!  Only 12 seats so register now!
• 2 day conference this year.  Parking and nourishment are included.
• Registration is open!  If you register by the end of today using coupon code "early" you will save $25!

Links:

• RVAsec
• richSEC

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Topics

• News
• The Lab

News Items (no particular favoritism of non source links)

• Red October
• Multiple writeups at:
• http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Identifies_Operation_Red_October_an_Advanced_Cyber_Espionage_Campaign_Targeting_Diplomatic_and_Government_Institutions_Worldwide
• http://malware.lu/page/articles.html
• http://www.informationweek.com/security/attacks/operation-red-october-attackers-wielded/240146621
• Java 0-day
• Writeups at:
• https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
• http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
• Developer outsources his job.  Review your logs!
• Writeup at:
• http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/

The Lab

• CTF at RVASec
• Lab upgrades and changes.

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• Also check out the RSS feed on the right hand side of the main site!

Links

• http://www.gh0st.net
• http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam
• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Guests

• Christopher Burgess - @burgessct - http://www.burgessct.com/

Topics

• The state of security in Medical.
• Social movements.
• Lab Stuff

News Items

• Project Mayhem' Hacks Accounting Software
• http://www.darkreading.com/database-security/167901020/security/application-security/240144003/project-mayhem-hacks-accounting-software.html
• Yes, Google Was Down, Don’t Panic, Google is Cleaning
• http://www.stateofsearch.com/google-down-cleaning/
• Boffin: Android's on-board malware scanner utterly FAILS
• http://www.theregister.co.uk/2012/12/10/android_malware_scanner_fails/
• Apple Maps flaw could be deadly, warn Australian police
• http://www.cnn.com/2012/12/10/tech/apple-maps-australia-flaw/index.html?hpt=hp_c3

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• http://www.sans.org/info/119125
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Guests

• Brad Luyster - Louisville LVL1 Hackerspace

Topics

• Encrypting your stuff
• Files
• http://www.truecrypt.org/ and https://www.dropbox.com/
• https://www.jungledisk.com/
• https://spideroak.com/
• Passwords
• http://keepass.info/
• https://lastpass.com/
• https://agilebits.com/onepassword
• Web Browsing
• https://www.eff.org/https-everywhere
• http://www.tunnelbear.com/

News Items

• DARPA-Funded Radio HackRF Aims To Be A $300 Wireless Swiss Army Knife For Hackers
• http://www.forbes.com/sites/andygreenberg/2012/10/19/darpa-funded-radio-hackrf-aims-to-be-a-300-wireless-swiss-army-knife-for-hackers/
• Real-Time Cyber-Attack Map
• http://map.honeynet.org/ via http://it.slashdot.org/story/12/10/19/2344253/real-time-cyber-attack-map
• Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet
• http://www.wired.com/threatlevel/2012/10/kaspersky-operating-system/
• SMARTPHONE USERS SHOULD BE AWARE OF MALWARE TARGETING MOBILE DEVICES AND SAFETY MEASURES TO HELP AVOID COMPROMISE
• http://www.ic3.gov/media/2012/121012.aspx
• State-Sponsored Malware ‘Flame’ Has Smaller, More Devious Cousin
• http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/
• DOING INFOSEC RIGHT
• http://www.doinginfosecright.com/

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling –@secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey –@mpbailey1911

Guests

• Ronin - @r0wnin

Topics

• The Glitch
• Derp

News Items
LastPass Sentry Warns You When Your Online Accounts Have Been Breached
http://lifehacker.com/5944301/lastpass-sentry-warns-you-when-your-online-accounts-have-been-breached

Android Hack: Cracking WiFi passwords with your phone
http://hackaday.com/2012/09/18/android-hack-cracking-wifi-passwords-with-your-phone/

Judge correctly rules WiFi sniffing legal
http://erratasec.blogspot.com/2012/09/judge-correctly-rules-wifi-sniffing.html
http://arstechnica.com/tech-policy/2012/09/sniffing-open-wifi-networks-is-not-wiretapping-judge-says/

Google Acquires Online Malware Scanner VirusTotal
http://lifehacker.com/5941392/google-acquires-online-malware-scanner-virustotal

Chase joins Bank of America in possible Islamic attack outage
http://www.theregister.co.uk/2012/09/19/chase_website_outage/

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.gh0st.net
• http://www.kickstarter.com/projects/1186217328/the-glitch

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911
• Nichoals Berthaume - @nberthaume

Guests

• AP Delchi - http://bsideslv.com/sciencefair/ - Submit your idea through your local hackerspace and represent! This is an excellent opportunity to start new hackerspaces or make existing ones even better!

Topics

• Science Fair!
• Bitcoin Hack
• GovDeals

News Items
Dropbox’s Two-Step Authentication Out of Beta, Enable It Now to Further Secure Your Data
http://lifehacker.com/5938341/dropboxs-two+step-authentication-out-of-beta-enable-it-now-to-further-secure-your-data

Here’s Everywhere You Should Enable Two-Factor Authentication Right Now
http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now

How Secure Are You Online: The Checklist
http://lifehacker.com/5938980/how-secure-are-you-online-the-checklist

‘Degrade, Disrupt, Deceive’: U.S. Talks Openly About Hacking Foes
http://www.wired.com/dangerroom/2012/08/degrade-disrupt-deceive/

Toyota Contractor Accused of Sabotaging Company Network, Stealing Data
http://www.wired.com/threatlevel/2012/08/toyota-alleges-sabotage/

Hackers Release 1 Million Apple Device IDs Allegedly Stolen From FBI Laptop
http://www.wired.com/threatlevel/2012/09/hackers-release-1-million-apple-device-ids-allegedly-stolen-from-fbi-laptop/

Another reason to not use floating unregulated currencies
http://nakedsecurity.sophos.com/2012/09/06/bitcoin-exchange-floored-in-virtual-bank-robbery-250000-stolen-in-security-lapse/

http://www.wired.com/images_blogs/dangerroom/2012/09/torturebox.png
Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam

• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Guests

• Phil Young - @mainframed767 - http://mainframed767.tumblr.com/

Topic

• Crisis Malware
• Z800 For Sale

• Citrix
• AV Talk - Primary vs Secondary Technology
• Mainframes and TSO Brute

News Items

• Blizzard Hacked
  • http://us.blizzard.com/en-us/securityupdate.html
• backtrack 5 r3 released
  • http://thehackernews.com/2012/08/backtrack-5-r3-released-download-now.html

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.richsec.com
• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris

• Chris Mills - @thechrisam
• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Guests

• Angus Blitter of Day-Con VI - Day-Con VI

Topics

• NEW Ultra Rare DEF-CON XX 20 Artist Badge
  • http://www.ebay.com/itm/110932582602?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1558.l2649
• DEFCON 20 Badge Contest
  • http://elegin.com/
• http://gravitasrecordings.bandcamp.com/album/def-con-xx-compilation
• Events and Contests at DEF CON
• DerbyCon 2.0 – “The Reunion”
  • http://www.derbycon.com/
• DAY-CON VI
  • http://www.day-con.org/127.0.0.1.html
• Skydog Con
  • http://www.skydogcon.com/

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info
• https://secore.info/upcoming_conferences_feed.rss

Links

• http://www.richsec.com
• http://www.gh0st.net
• http://www.day-con.org

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Mills – @thechrisam
• Andrew Borel – @andrew_secbit

Guests

• Jonathan Cran - @jcran
  • http://www.pwnieexpress.com
• Nicholas B. - @nberthaume
• connection
  • http://blog.hacktalk.net

Topics

• DEF CON 20 and BSidesLV Calendar
  • http://securabit.com/2012/07/15/defcon-20-and-bsideslv-google-calendar/
• Chris Mills’s picks
  • http://securabit.com/2012/07/18/chrisams-picks-for-bsideslv-and-defcon-talks-2012/
  • http://xkcd.com/1068/
• Nicholas B’s Picks
  • BSidesLV
    • http://pastebin.com/Jfa0ih7T
• http://blog.hacktalk.net/
  • With Connection and Nicholas B.
• pwnieexpress interview with Jonathan Cran
  • http://www.pwnieexpress.com

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info

Links

• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @thechrisam
• Andrew Borel – @andrew_secbit

Guests

• Deviant Ollam - @deviantollam
  • http://deviating.net/

Topics

• TOOOL - The Open Organisation Of Lockpickers http://toool.us/
• Physical Security and the Three R's
• New edition of Practical Lockpicking coming soon!

News Items
Coders' Rights At Risk in the European Parliament
https://www.eff.org/deeplinks/2012/06/eff-european-parliament-directive-attack-information-systems

Department of Homeland Security and U.S Navy hacked
http://thehackernews.com/2012/06/department-of-homeland-security-and-us.html

US-CERT discloses security flaw in Intel chips
http://m.csoonline.com/article/708568/us-cert-discloses-security-flaw-in-intel-chips  

FEMA pushes cyber attack game for businesses
http://www.v3.co.uk/v3-uk/the-frontline-blog/2184608/fema-pushes-cyber-attack-game-businesses

United States Department of Defense data leaked by Anonymous hackers
http://thehackernews.com/2012/06/united-states-department-of-defense.html

KeepTheWebOpen.com
http://keepthewebopen.com/digital-bill-of-rights

Attacks Targeting US Defense Contractors and Universities Tied to China
http://threatpost.com/en_us/blogs/attacks-targeting-us-defense-contractors-and-universities-tied-china-061312

10000 Twitter User oauth token hacked and Exposed by Anonymous
http://thehackernews.com/2012/06/10000-twitter-user-oauth-token-hacked.html

Password flaw leaves MySQL, MariaDB open to brute force attack
http://go.theregister.com/feed/www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/


Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE exam attempt with corresponding qualifying course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC (Expires July 6th!)
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info

Links

• http://www.richsec.com
• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Chris Mills - @chrisam
• Andrew Borel – @andrew_secbit
• Mike Bailey – @mpbailey1911

Guests

• Jason Andress - @jason_andress
• Ronin - @r0wnin

Topics

• APT and Penetration Testing
• Bluetooth Hacking and Reconnaissance

News Items
Google Warning Users About State-Sponsored Attacks | threatpost
http://m.threatpost.com/en_us/blogs/google-warning-users-about-state-sponsored-attacks-060512

Apple Releases Guide To iOS Security - TechCrunch
http://m.techcrunch.com/2012/06/04/apple-releases-guide-to-ios-security/

Flame
A Massive Web of Fake Identities and Websites Controlled Flame Malware
http://www.wired.com/threatlevel/2012/06/flame-command-and-control/

Spy malware infecting Iranian networks is engineering marvel to behold
http://arstechnica.com/security/2012/05/spy-malware-infecting-iranian-networks-is-engineering-marvel-to-behold/

Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers
http://www.wired.com/threatlevel/2012/05/flame/

Stuxnet
Report: Obama Ordered Stuxnet to Continue After Bug Caused It to Spread Wildly
http://www.wired.com/threatlevel/2012/06/obama-ordered-stuxnet-continued/

Confirmed: US and Israel created Stuxnet, lost control of it
http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/


Words to Avoid Online If You Don't Want to Join the Government's Watch List http://lifehacker.com/5913945/words-to-avoid-online-if-you-dont-want-to-join-the-governments-watch-list


Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info

Links

• http://www.rvasec.com
• http://www.richsec.com
• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling – @secbitchris
• Mike Bailey - @mpbailey1911
• Andrew Borel – @andrew_secbit

Guests

• Dr. Tran
• Emwave
• Professor Farnsworth

News Items

• ANONYMOUS CLAIM: ‘WE HAVE ACCESS TO EVERY CLASSIFIED DATABASE IN THE U.S. GOVERNMENT’
• http://www.theblaze.com/stories/anonymous-claim-we-have-access-to-every-classified-database-in-the-u-s-government/
• Pentagon boosts contractor cybersecurity program
• http://thehackernews.com/2012/05/pentagon-boosts-contractor.html
• "The effort, known as the Defense Industrial Base ("DIB") program, is a voluntary information-sharing program in which the Department of Defense shares "unclassified indicators and related, classified contextual information" about cyber-attacks and threats with defense contractors.”
• “In exchange, defense contractors report known intrusions and can receive forensics analysis and damage assessments from the government after those attacks. In an optional part of the program, the DIB Enhanced Cybersecurity Services, the government shares additional classified threat and technical data with defense contractors and Internet service providers. "
• 17 year old Teenager arrested over TeamPoison hacking attacks
• http://thehackernews.com/2012/05/17-year-old-teenager-arrested-over.html
• "A teenage boy has been arrested on suspicion of being a member of "TeamPoison", a computer hacking group that has claimed responsibility for 1,400 offences including an attack on the phone system of Scotland Yard's counter-terrorism unit last month. These include attacks on the United Nations, the UK Anti-Terrorist Hotline, MI6 and RIM, as well as politicians including Nicolas Sarkozy and Tony Blair.”
• “The boy, who police suspect used the hacker nickname 'MLT' and was a spokesman for TeamPoison, was interviewed at a local police station on offences under the Computer Misuse Act on Wednesday. The arrest is part of an ongoing investigation by the Police Central e-Crime Unit (PCeU) division of the Metropolitan Police into various hacking gangs who have made headlines in the last year or so.”
• “TeamPoison’s highest-profile attack was mounted against Scotland Yard’s counter-terror hotline last month, has also claimed responsibility Distributed Denial of Service attacks against banks in collaboration with Anonymous, another “hacktivist” group with similar anti-corporate and anti-authority politics.”
• 55,000+ Twitter Accounts Hacked, How To Tell If Yours Was Among Them
• http://www.technobuffalo.com/internet/social-networking/55000-of-twitter-accounts-hacked-how-to-tell-if-yours-was-among-them/
• How to Securely Share a Password with Someone Using LastPass
• http://lifehacker.com/5909321/how-to-securely-share-a-password-with-someone-using-lastpass
• Not a bad way to avoid "hey, what's the password to $server" and yelling the answer over the cubicle walls for all to hear.
• Other ways to securely share or transfer passwords/acess
• FBI Wants Backdoors in Facebook, Skype and Instant Messaging
• http://www.wired.com/threatlevel/2012/05/fbi-seeks-internet-backdoors/

• Everyone Has Been Hacked. Now What?

• http://www.wired.com/threatlevel/2012/05/everyone-hacked/

• ‘Unknowns’ Hacking Group Hits NASA, Air Force, Harvard and Others in ‘Hacking for Good’ Effort

• http://www.theblaze.com/stories/unknowns-hacking-group-hits-nasa-air-force-harvard-and-others-in-hacking-for-good-effort/

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info

Links

• http://www.carolinacon.org
• http://www.rvasec.com
• http://www.richsec.com
• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

• Chris Gerling –@secbitchris
• Chris Mills - @chrisam
• Andrew Borel – @andrew_secbit

Guests

• Tom Eston - @agent0x0
• Mobile App/Device Security and Security Justice.

Topics

• Lab
• Contests
• Banter

News Items

• Skype User IP Address Disclosure
• http://pastebin.com/rBu4jDm8
• Google knew street cars were slurping wifi (Marius Milner was the engineer, of NetStumbler fame)
• http://www.theregister.co.uk/2012/04/30/google_slurp_ok/
• http://www.theregister.co.uk/2012/05/01/slurp_engineer_doe_named/
• Mozilla is first major tech company to denounce CISPA
• http://news.cnet.com/8301-1009_3-57425719-83/mozilla-is-first-major-tech-company-to-denounce-cispa/?tag=txt;title
• Mac Flashback trojan still making $10,000 a day
• http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/232901268/apple-mac-flashback-trojan-gang-still-making-money.html
• Indictment Returned for Jeremy Hammond in Chicago Anonymous case
• http://abcnews.go.com/Technology/wireStory/indictment-returned-nyc-computer-hacking-case-16264667#.T6HRSqtSTlw

Use Our Discount Codes

• Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
• FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
• Use code 36449 for 20% off your Syngress order!

Upcoming events

• http://www.secore.info

Links

• http://www.rvasec.com
• http://www.richsec.com
• http://www.gh0st.net

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Our show notes can be found here:  http://wiki.securabit.com/ShowNotes/EP100

Please refer to our wiki for full show notes.

http://wiki.securabit.com/ShowNotes/EP87

Join us as we interview Lance Spitzner, Technical Director for the SANS Securing the Human Program.

Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP86

myne-us @myne_us

Jacob hammack @hammackj

Guest Host

Dave Kennedy @dave_rel1k

Guest

Dr. Tyler Bletsch (Tyler.Bletsch {at} gmail.com)

Tyler's former security group at NC State University under Xuxian Jiang - http://www.csc.ncsu.edu/faculty/jiang/

Topics

JOP programming

Turing complete exploit development (http://en.wikipedia.org/wiki/Turing_completeness)

links

JOP

JOP technical report

ftp://ftp.ncsu.edu/pub/tech/2010/TR-2010-8.pdf

JOP academic paper

http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf

Tyler's dissertation (JOP in x86 and MIPS, and a few other techniques)

http://repository.lib.ncsu.edu/ir/bitstream/1840.16/6698/1/etd.pdf

ROP

http://cseweb.ucsd.edu/~hovav/dist/rop.pdf

http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/

http://sandsprite.com/CodeStuff/Understanding_imports.html

http://j00ru.vexillium.org/?p=893

http://www.braid-game.com/

http://qubes-os.org/Architecture.html

If you like the intro music and the closing music check out http://dualcoremusic.com/nerdcore/

break music http://www.audiomicro.com/saxophone-piano-drums-short-jazz-introduction-royalty-free-stock-music-94

Hosts
myne-us @myne_us
Jabob hammack @jhammack

Guest
Dave Kennedy @dave_rel1k
http://www.derbycon.com/
http://www.secmaniac.com/
http://seorg.org/

Topics
is BOF dead
what got you started
what are some of things that helped you get started
Heap
osx exploitation
and more....

links
http://advancedwindowsdebugging.com/
https://net-ninja.net/blog/?p=293
http://www.exploit-db.com/
http://www.offensive-security.com/live-information-security-training/

Intro by http://dualcoremusic.com/nerdcore/

May 18, 2011

Hosts:

Anthony Gartner – @anthonygartner http://anthonygartner.com

Chris Gerling  – @chrisgerling

Christopher Mills – @thechrisam

Jason Mueller – @securabit_jay

Andrew Borel –  @andrew_secbit

Tony Huffman – @myne_us

Guests:

Carl Herberger from http://www.radware.com/ 

General topics:

 DDOS: Recent attacks from groups like anonymous , attack vectors, technique information and how it can effect you.

Signatures: Signature based detection and the effects it had on todays security

General security: Some general discussion on security 

Securibit exploit development group (SEG)  starting up blog post coming soon.

NEWS:

PSN hacked again! : 

 Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackersduring the initial PSN attack.

http://arstechnica.com/gaming/news/2011/05/report-playstation-network-passwords-exploited-accounts-compromised.ars

international_strategy_for_cyberspace.pdf

http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf

Backtrack 5 is out

http://www.backtrack-linux.org/

Facebook privacy demo gets guy arrested in austrelia

http://www.net-security.org/secworld.php?id=11045

Microsoft patch tuesday

http://www.microsoft.com/technet/security/bulletin/ms11-may.mspx

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events

#BSidesDetroit (3 - 4 Jun 2011)

#BSidesStJohns St. John's, NL (10 Jun 2011)

#BSidesCT Meriden, CT (11 Jun 2011)

FIRST Austria (12 - 17 June 2011)

#BSidesVienna(18 June 2011)

Toorcon (18 - 19 June 2011)

#BSidesLasVegas (3-4 August 2011)

BlackHat Vegas (3 - 4 August 2011)

DEFCON 19 (4 - 7 August 2011)

#BSidesLA Los Angeles, CA (18 - 19 August 2011)

#BSidesMO(21 Oct 2011)

#BSidesNewDelhi (22 - 23 October 2011)

VB Barcelona October 2011

Links:

http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Dan Mitchell - @danmitchell

Guests:
int80 - @dualcoremusic
DualcoreMusic

General topics:
http://dualcoremusic.com/nerdcore/
http://www.youtube.com/watch?v=CMNry4PE93Y

NEWS:

Patch Tuesday April 2011 64 patched:
http://www.microsoft.com/technet/security/current.aspx
http://isc.sans.edu/diary.html?date=2011-04-11

Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Verizon 2011 Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Barracuda
http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/
http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter
http://www.flyingpenguin.com/?p=11513
“Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters.  After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market.  As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees.  The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later.  We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”

Texas
http://www.txsafeguard.org/
http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html
“Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”

Michigan Police taking your phones
http://www.thenewspaper.com/news/34/3458.asp
http://www.geekosystem.com/cellebrite-cellphone-hacker/
“The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”

Wordpress
http://en.blog.wordpress.com/2011/04/13/security/
http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter
http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311

Georgian woman cuts off web access to whole of Armenia
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access

Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice
http://www.f-secure.com/weblog/archives/00002134.html
“Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”

Quick Mentions:
FBI take down botnet
http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411
Facebook adds 2 factor
http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Flash 0 day:
http://www.adobe.com/software/flash/about/
Anything below version 10.2.153.1 is vulnerable

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
http://dualcoremusic.com/nerdcore/

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 79:  Back to the basics with Marcus Carey!
April 6, 2011

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman – @myne_us

Guests:
Marcus J Carey- @iFail
http://hackersforcharity.org/

General topics:

NEWS:
Epsilon:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411
http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3

"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said.

LizaMoon:
http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511
In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports.

https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111
“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code”

Pandora.com data leak:
http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3
“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “

RSA attack:
http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111
“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html

¾ Energy Firms Had Data Breach over last year:
http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511
Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said.

Comodo what really happened:
https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311
http://pastebin.com/uSdKNDN5
“ I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “

FBI asks for help on cracking code:
http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html

Other Stories:
http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml
http://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
ThotCon (15 Apr 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony Huffman (myne-us)  – @myne_us

Guests:
Dave Kennedy - @dave_rel1k
Carlos “Darkoperator” Perez - @Carlos_Perez

General topics:

Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html

PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/
Social Enginer Toolkit
http://www.social-engineer.org/podcast/
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)
BackTrack http://www.backtrack-linux.org/
DerbyCon http://www.derbycon.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
SANS Orlando March 2011
CEIC Orlando April 2011
FIRST Austria June 2011
BlackHat Vegas August 2011
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure.  Thanks for understanding!

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony – @myne_us
Dan Mitchell - @danmitchell
Andrew Borel –  @andrew_secbit

Guests:
Bill Swearingen - @hevnsnt

Trent Lo - @surbo

General topics:

History of i-hacked

[HackerRun] - @HackerRun
http://hackerrun.com/doku.php

Messing with evites

http://www.i-hacked.com/content/view/293/2/

http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony  (myne-us)  – @myne_us

Guests:
Mike Dahn
twitter:  @mikd

Joe Gottlieb
Twitter: joe_gottlieb

General topics:
Mike:Bsides origins and other.  http://chaordicmind.com/blog/
Joe: Open Security Intelligence http://www.opensecurityintelligence.com/

On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss:
- Current challenges with today’s SIEM tools, which are a decade old
- Why security analytics needs to be ‘open’
- Why integrating business intelligence tools (i.e. Pentaho, Microsoft Exchange, Cognos, etc.) with SIEM tools can create useful dashboards that help security analysts mine huge data stores for the ‘needle in the haystack’ information they need
- Why ‘security quants’ (analysts that can look deep into the data and develop complex yet useful SQL queries) will become the next role in the SOC
- The benefits of joining the community and sharing best practices

The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides  SF on 2/14 at 3pm PT on this very topic.

--HBGary Federal
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/

--Nasdaq
attack does not yet have reports of how they where attacked. The comment on the website was for the 1999 attack where someone defaced the nasdaq website.

Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267

The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.

"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.

--Bsides
http://www.securitybsides.com/w/page/12194156/FrontPage
to contact: info (at) securitybsides dot org -or- call 415-742-1739

--Exploit developers corner
Looking for exploit developers!

If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery.

List of common questions.
-How did you find the vulnerability?
-What is your goal in vulnerability research?
-How did you go about disclosing the vulnerability and how did the vendor respond?
-And more...

!!Caution!!:  No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE.

Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Brian Krebs - @briankrebs - http://krebsonsecurity.com/

General topics:

• I recall reading about various greeting card based attacks over the years.  Do you think they've all been originated by the same folks who did this one?  Or at least, with the same goals in mind?
• How prevalent do you think ATM skimmers are?  What are some ways the common person can look out for them?
• Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E?
• Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses?
• Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller financials to merge? How can they balance the need to offer more convenient services (such as mobile banking) with the need to improve security at the same time?
• What do you think the top 3 stories for 2010 were? Why do you think they were the top stories?

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
We discuss Kneber and other fun security topics with Alex Cox of NetWitness
@perpetualsec http://www.networkforensics.com/

General topics:
Kneber Botnet
Mariposa
Responsible disclosure
Evil Virustotal
http://socialmediasecurity.com/downloads/Facebook_Privacy_and_Security_Guide.pdf

PROGRAMMABLE HID USB KEYSTROKE DONGLE: USING THE TEENSY AS A PEN TESTING DEVICE https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Crenshaw

http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos


Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
ShmooCon (28 - 31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://www.securabit.com

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
Jack Jones discusses Risk Assessment and the FAIR method http://riskmanagementinsight.com/

General topics:

Risk Management, Small biz vs Enterprise
Monte Carlo?
How to Measure Anything: Finding the Value of Intangibles in Business by Douglas W. Hubbard
http://www.amazon.com/How-Measure-Anything-Intangibles-Business/dp/0470539399/ref=tmm_hrd_title_0

OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (11-12 March 2011) http://www.keepsecurityweird.org/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Anthony Gartner – @anthonygartner http://anthonygartner.com
Jason Mueller – @securabit_jay
Rob Fuller – @mubix
Tim Krabec – @tkrabec http://www.SMBMinute.com

Guests:
Deviant Ollum - http://deviating.net/ - Author of Syngress Practical Lock Picking
General topics:
Practical Lock Picking By Deviant Ollam http://www.syngress.com/hacking-and-penetration-testing/Practical-Lock-Picking/

Review submitted by a coworker:
Practical Lock Picking by Deviant Ollum was an enjoyable read. The author does a good job of covering the art and science of picking locks. He chose two of the most common types of locks for the bulk of his material which helps keep the focus of the book tight. He leads the reader from the basic operational principles of the locks, to flaws in the design & manufacture and finally how to pick the locks. The coverage of pick types and other tools of the trade round out the readers knowledge of the subject. His down to earth style and simple language help the reader understand the material and develop the skills to pick these types of locks. His logical progression of starting with one pin and working your way up to all the pins in the lock will help the reader build confidence in their skills. The final sections on bypassing the door reminds the reader that locks are part of a system and sometimes the way to defeat a system is not the direct approach. Overall I would give this book 4 out of 4 stars.

Shmoocon Tickets??

The Open Organization Of Lockpickers http://toool.us/
Lock Picking Videos - http://www.youtube.com/deviantollam
General Information http://deviating.net/lockpicking/

IE Zero Day
Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2458511.mspx

Enhanced Mitigation Experience Toolkit v2.0
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04

SpyEye v. ZeuS Rivalry Ends in Quiet Merger
http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is0 good for all SANS courses in all formats.

Upcoming events
#BSidesDFW November 6, 2010
#BSidesDE November 6, 2010
AppSec DC 2010 November 8-12, 2010
#BSidesOttawa November 12-13, 2010
RUXCON 2010 December 4-5, 2010
DojoCon December 11-12, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2010

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Anthony Gartner – @anthonygartner http://anthonygartner.com
Jason Mueller – @securabit_jay

Guests:
Kevin Johnson discusses SANS SEC 542 Web App Pen Testing, Base, etc

General topics:
New Apple Macbook Air.

Recent Security
Zynga collecting data about Facebook users.
Social engineering at a capture the flag event.
Pros and cons to using social networks.
Attacking your web applications for a more secure application.
Samurai WTF (Web Testing Framework) http://samurai.inguardians.com/
Laudanum: Injectable Functionality http://laudanum.inguardians.com/
Basic Analysis and Security Engine (BASE) project http://base.secureideas.net/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesDFW November 6, 2010
#BSidesDE November 6, 2010
AppSec DC 2010 November 8-12, 2010
#BSidesOttawa November 12-13, 2010
#BSidesBerlin December 28-30, 2010
ShmooCon January 28-31, 2010

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Andrew Borel –  @andrew_secbit

Guests:
Bryan Sartin - Director of Investigative Response at Verizon Business

General topics:
Verizon RISK Team - http://www.verizonbusiness.com/products/security/risk/

Bryan Sartin, the Director of Investigative Response at Verizon Business, discusses the 2010 Verizon Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

VERIS Framework - https://verisframework.wiki.zoho.com/

MalCon: A Call for ‘Ethical Malcoding’ http://krebsonsecurity.com/2010/08/malcon-a-call-for-ethical-malcoding/

SecTor 2010 - http://www.sector.ca/
Security Training October 25.
Conference Sessions October 26 & 27, 2010.

The real iTunes fraud vulnerability: Gullible users - http://news.cnet.com/8301-13579_3-20014481-37.html

Upcoming events
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/
Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta
HacKid - http://www.hackid.org/ 10/9-10/10
Phreaknic 10/15. http://www.phreaknic.info/pn14/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8