ISD Podcast Episode 129 for May 13, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements:
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- San Francisco – June 14th -18th
- Atlanta – July – 12th-16th
- Dallas, TX – October – 11th – 15th
- Washington DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: [email protected] or go to http://www.myharddrivedied.com. Use the Discount Code: isdpodcast for a $300 discount.
SANS Community Atlanta:
- SANS Security 566: Implementing and Auditing the Twenty Critical Security Controls – In Depth May 17 – 21, 2010 (http://www.sans.org/atlanta-critical-controls-2010-cs)
SANS Mentoring Program:
- Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
Atlanta ISSA:
- ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: [email protected].
- ISSA International Conference – September 16, 2010 (http://www.issa.org/page/?p=105)
North Alabama ISSA:
- Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
- For more information please visit the North Alabama ISSA’s web site at: http://northalabama.issa.org/
Friends of the Podcast:
Webhosting services:WebSpeedway
Stories of Interest:
News item 1: http://threatpost.com/en_us/blogs/software-insecurity-our-biggest-weakness-051210
Marcus Ranum, CSO of Tenable Network Security, if the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code.
Speaking at the Secure360 Conference, Ranum said that the country’s reliance on commercial off-the-shelf software has made us more susceptible to attack, not to mention less innovative and creative. While dismissing the current fascination with cyberwar as hype, Ranum said the reality is that foreign governments and intelligence agencies are doing their best to penetrate our government and commercial networks every day, just as the U.S. government is working to compromise foreign networks.
Technical Segment:
A few notes,
1. Nicely printed box. Mentions BT3/BT4 on the front.
2. The link on the box, freewifilink.com, does not seem to exist, but the name is registered to “zhaolei”
http://whois.domaintools.com/freewifilink.com
3. Manual is in Chinese.
4. Detachable antenna.
5. Windows 7 64 bit found it, and installed the drivers without needing the CD.
6. Monitor mode seems to work no problem in BT4 final, got it up in Kismet.
7. RealTek 8187L chip set.
8. Using the -9 test, aireplay seems to support injection with it.
9. DVD comes with drivers, and it looks like some version of Backtrack.
10. To get full power in BT4:
iwconfig wlan0 txpower 1000mW
or
iwconfig wlan0 txpower 30
then do your
/etc/init.d/networking start
11. No idea in Windows.