PaulDotCom's Web Site

Just wanted to take this opportunity to thank all you listeners out there. All you guys and gals totally rock and we thank you for listening to our show. We've reached new heights thanks to you:

1) We now have 249 members on our frappr map. Keep up the good work! This is also fun for us to see where all of our listeners are from. Next time we travel we may look you up :)

2) We are now technology podcast #89 in the top 100 technology podcasts listed in the iTunes music store! Holy crap Batman, people are listening! All I can say is that is so cool. I also noticed that some other security podcast I had never heard of was ahead of us for a while. Hmmmmmm. So, to move up in the iTunes store we need more listeners, and of course iTunes feedback helps too. So head on over to our iTunes site and let us know what you think!

3) Your feedback lately has been totally awesome. I just received some audio feedback (from out friends at Tech News Radio) that was very insightful, in addition to the awesome questions and often entertaining commentary that comes through our email box daily. The latest one was a parallel between the Bunny Ranch and IT Security. Simply awesome! (Thanks to cutaway, see his blog posting on the subject here)

Everyone also deserves props for putting up with Twitchy, while his technical content is spot on, that comes with well, twitchyness. However, I found the perfect birthday gift for him while reading the latest copy of 2600 and Blacklisted 411 (my two all-time favorite magazines). Send me some email if you want in on it :)

"Hacking is not a crime"

Cheers,

Paul.com

Posted by Paul Asadoorian at 09:16 PM | Permalink | Comments (1)

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
• Please go update our frapper map!
• Help us get a cool logo and slogan! Go to our contest page and read all about how you can win free Snort gear and a one-year subscription to VRT rules. Sponsored by Sourcefire
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - War Driving

Posted by Paul Asadoorian at 10:53 AM | Permalink | Comments (7)

Live from the PaulDotCom Security Weekly Studio....

WARNING: Twitchy did not take his meds for this episode. Listen at your own risk!

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
• Please go update our frapper map!
• Help us get a cool logo and slogan! Go to our contest page and read all about how you can win free Snort gear and a one-year subscription to VRT rules. Sponsored by Sourcefire
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - We put together a very short promotional video this week. We will resume next with with actual technical content.

Posted by Paul Asadoorian at 11:40 AM | Permalink | Comments (7)

It is not too often that we call upon the listeners for much, I mean we ask you to of course keep listening to the show, provide us with some feedback, and put some pins on our frappr map. I would like to say "Thank You!" to everyone for all of those things. We appreciate the time you take to listen to our crazy show, send us email (even if its flame mail), and put pins on the map.

I had really no idea that this would take off like it has. We went to SANS 2005 in LA with the intent of giving this whole podcasting thing a try. We had tried to speak our minds and convey our thoughts through other mediums, and mostly that just got us in trouble :) Such was born PaulDotCom Security Weekly. So when we created the logo and such it was just a quick kind of thing, not too much thought was put into it. We are committed to our listeners and the show and we are here to stay. So, why not have a super cool logo and slogan! And who better to ask than our beloved listeners!

Your mission young grasshoppers is to create a logo and come up with a slogan for PaulDotCom Security Weekly. The winner gets a free subscription to the Snort VRT rules and a $50.00 gift certificate to the snort store.

You can find out about all the contest details HERE.

We are not looking for a super, wizbang, extravagant logo, the winner will be the one who comes up with a logo that best represents our show (please try to keep it PG-13).

(Special thanks to Sourcefire for organizing and sponsoring this contest. You guys rock!)

Thank You!

The PaulDotCom Security Weekly Crew

Posted by Paul Asadoorian at 09:30 AM | Permalink

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
• Please go update our frapper map!
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy", "The Mason"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - There is no video this week. We hope to continue our wireless series next week.

Posted by Paul Asadoorian at 11:51 AM | Permalink | Comments (8)

We are very proud to bring you the exclusive interview with Johnny Long. I would like everyone to go out and buy two copies of his Google hacking book from Johnny's web site because 100% of the proceed go to charity, and everyone should have a copy for work and a copy for home :) Here are the links to purchase:

Purchase the book here - All proceeds benefit the Compassion International Children's Fund.

NOTE: There was some lag on this call, we're sorry, hoping to upgrading bandwith or replace Skype with something better.

• How Johnny set a new world record for employment (well sorta)
• The history of "Google Hacking"
• How johnny.ihackstuff.com came to be the wonderful Google hacking source
• Johnny discuss an assortment of Google hacking tools, such as BiDiHBLAH, bile, Wikto, and AdvancedDork
• Hear the "behind the scenes" of Johnny's "Hacking Hollywood" presentation he gave at Schmoocon
• Johnny discusses some of his other books, including "OS X for the Hackers Heart" and the Stealing the Network Series
• Ethics, religion, and being yourself
• Good advice for life, Kung Fu, and being a penetration tester

Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds:

Posted by Paul Asadoorian at 10:49 AM | Permalink | Comments (1)

A few people have written me to ask for a copy of my wireless presentation that I gave at the ACUTA conference. You can find it here:

http://pauldotcom.com/WirelessNetSec.pdf

I have also added it to the Presentations section of the web site. Check it out, and drop me a note and let me know what you think! Since it went so well, I plan to give it at future speaking engagements. Of course the new versions will be even better :)

.com

Posted by Paul Asadoorian at 12:05 PM | Permalink | Comments (1)

"Microsoft confirmed Thursday that the createTextRange security flaw in Internet Explorer will be among those addressed in its monthly patch rollout April 11. In all, the company said on its TechNet site, customers can expect five updates for Microsoft Windows and Microsoft Office -- at least one of them critical."

The createTextRange vulnerability has been publicly known since March 22, 2006 (See the original advisory here). Exploits have been publicly available since March 23, 2006, such as this one posted to milw0rm shortly after the vulnerability was publicly announced. On March 27, 2006 SANS ISC reported that there were over 200 sites using this vulnerability and associated exploits to install malware and create botnets (See posting here). Seems to me that monthly patching should be more frequent because this doesn't even take into account the people who had an exploit before all this went public.

There is still yet to be a patch released by Microsoft and the only workaround for IE users is to disable active scripting, which by the way breaks some web sites functionality (which is ironic because Active scripting (ActiveX) is why most people are forced to use IE). Here's a tip, use Firefox. Of course then come the arguments such as how to control Firefox with group policy, or what to do with applications that only work with IE. Check out the WetDog project for group policy control over Firefox. If you have applications that require IE consider creating a shortcut that uses IE to access that application and let users do what they do best, click. Most organizations do not do this because they do not believe that IE vulnerabilities are a problem:

But now, she said, borrowing a phrase from the Star Trek universe, "the shields are holding."

How is this measured? It is not like the days when worms were running loose destroying your networks. Times are different, malware (including spyware) and botnets are sneaky. They don't want to be caught, its bad for business. They want to go undetected to fill your screen with pop-ups, turn your PC into a SPAM zombie, or quietly wait for the next command. Let me ask this question to our readers and listeners:

If a Windows box gets rooted with IE exploit on the Internet, will anybody notice?

.com

Full Article

Posted by Paul Asadoorian at 09:47 AM | Permalink

Live from the PaulDotCom Security Weekly Studio....

• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
• Please go update our frapper map!
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - "Using Netstumbler and Ministumbler"

Video Feeds:

Audio Feeds:

Posted by Paul Asadoorian at 12:10 PM | Permalink | Comments (8)

This was a very fun experiment that was a resounding success. I would like to extend a personal thanks to everyone who participated. We had some awesome commentary, and some fantastic guests that called into the show:

• Chuck Tomasi from chuckchat.com
• Jay Beale, from Intelguardians and Bastille Linux
• Ovie and Bret from Cyberspeak
• Martin Mckeay from the Network Security Podcast
• My future brother-in-law and good friend Jon
• Matt DeMatteo from the University Of Rhode Island Digital Forensics Center
• And to all of our listeners who called into the show! Thanks so much for participating!

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download - Part I
Direct Audio Download - Part II

Audio Feeds:

Posted by Paul Asadoorian at 08:29 PM | Permalink | Comments (1)

Live from the PaulDotCom Security Weekly Studio....

• Come join our very first "open show" on March 30, 2006 5:30PM EST you can Skype into our show and participate on our show! The first topic will be "Piggybacking Wireless Networks: Is it legal? Moral? Ethical? Cool? Not Cool?". Come join us and let us know what you think!
• Sponsored by Core Security, listen for the discount code at the end of the show
• Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
• Please go update our frapper map!
• If you are in the Providence, RI area the week of April 1st you can come to ACUTA to hear Twitchy and I give presentations (separate ones)
• Please leave us feedback in the iTunes Store!
• Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download - "WRT54G Secure Wireless Setups"

Video Feeds:

Audio Feeds:

Posted by Paul Asadoorian at 01:20 PM | Permalink | Comments (3)