Your daily source of Pwnage, Policy and Politics.

[display_podcast]

Episode 562 – Weekend Wrap-up with Dr. b0n3z

Episode 562 - Weekend Wrap-up with Dr. b0n3z [ 36:07 | 16.53 MB ] Play Now | Play in Popup | Download (271)

 

Episode 562 – Weekend Wrap-up with Dr. b0n3z
InfoSec Daily Podcast Episode 562 for January 7, 2012.  Tonight's podcast is hosted by Dr bonez.

Guests: Hackett, brew_ninja, oncee, and spridel.

Announcements:

Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email ashimmy@hotmail.com with your name, email address and ISD Podcast as your write-in nominee.  Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster.  Vote for your favorite blogs as well on www.ashimmy.com.

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

NOVA Hackers Open House
When: January 9th, 2012 at 6:00PM
Where: ICF International, 9300 Lee Highway, Fairfax, VA
http://maps.google.com/maps/ms?hl=en&gl=us&ptab=2&ie=UTF8&oe=UTF8&msa=0&msid=104405866946229741710.00048046ec622944cab00&ll=38.871786,-77.265805&spn=0.003968,0.006614&t=h&z=18

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

New England InfoSec Tweetup
When: January 21, 2012
Where: Ledgewood Hills Clubhouse – Nashua, NH
http://neistu3.eventbrite.com/

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
https://msfucincy.wordpress.com/
$20 donation for #HFC

Social Engineering Training
When: March 5-9

Where: Seattle, Washington
When: April 9-13

Where: Bristol, UK
http://www.social-engineer.com/social-engineer-training

InfoSec Southwest
When: March 31-April 1
CFP Closes: Feb 1st
Where: Austin, Texas
http://infosecsouthwest.com/
Peiter “Mudge” Zatko is the Keynote

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: Marshall University Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source:  What are the InfoSec Daily Podcast members New Years Resolutions?


Source: http://www.cyberwarnews.info/2012/01/06/one-of-the-sony-hackers-s3rver_exe-has-been-hacked/


Source: http://arstechnica.com/business/news/2012/01/new-slow-motion-dos-attack-just-a-few-pcs-little-fear-of-detection.ars


Pentest Lessons:
Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account:https://twitter.com/pentestlessons.
Lesson 1: Know not only how to use the tool, but what the tool can/cannot do.
Lesson 2: ALWAYS read the Statement of Work (SOW) before you show-up on-site.  
Lesson 3: Write down what you've found, include the how and when*
Lesson 4: When you run an exploit, don’t do it blindly. Always, always, know what the exploit does, and how it will affect the machine you’re attacking. (deploying an “agent” means you`ve exploited the machine)
* Very Important

Source: http://blog.trendmicro.com/mcdonalds-gift-card-spam-on-twitter


Source: http://www.infosecurity-magazine.com/view/23046/pastebin-shut-down-twice-in-a-week-by-ddos-attacks/

All works represented here are compiled from various sources (email, IRC, forums, and original author/websites). If the original work is copyrighted it is presented under the fair use of a copyrighted work, Copyright Act of 1976, 17 U.S.C. ยง 107, for purposes of criticism, comment, news reporting, teaching, and research. No use is directly intended as an infringement of copyright. Attribution is always given to the original source, if known. To have any copyrighted material removed, please contact isdpodcast[at]isdpodcast[dot]com.