http://pauldotcom.com http://a.images.blip.tv/Pauldotom-300x300_show_image699.jpg http://pauldotcom.com http://a.images.blip.tv/Pauldotom-picture972.jpg pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6587499 6570810 file no 0.0 2013-05-15T14:37:26Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 637 hr4jg5KJTwI http://blip.tv/play/hr4jg5KJTwI http://blip.tv/comments/?attached_to=post6587499&skin=rss Pauldotom-ThwartingClientSideAttacksWithSRP379-24.jpg Short Tech Segment on stopping client side attacks with features in a windows domain. No license (All rights reserved) searchonly Short Tech Segment on stopping client side attacks with features in a windows domain. 637 YahooPartnerVideoID Blip post id 6587499 http://blip.tv/file/6570810 Technology Science & Technology srp set security security weekly pauldotcom Wed, 15 May 2013 14:37:26 +0000 srp, set, security, security, weekly, pauldotcom http://a.images.blip.tv/Pauldotom-ThwartingClientSideAttacksWithSRP379-24.jpg srp, set, security, security, weekly, pauldotcom <iframe src="http://blip.tv/play/hr4jg5KJTwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5KJTwI" style="display:none"></embed> Thwarting Client Side Attacks with SRP CC1EB55E-BAB7-11E2-BA93-985DC56D0727 http://blip.tv/pauldotcom/drunken-security-news-episode-331-6585730 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6585730 6569041 file no 0.0 2013-05-12T03:55:34Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1435 hr4jg5H7ZgI http://blip.tv/play/hr4jg5H7ZgI http://blip.tv/comments/?attached_to=post6585730&skin=rss Pauldotom-DrunkenSecurityNewsEpisode331819-989.jpg Being nice to hackers means they won&apos;t hack us? How to prevent the Death Star from blowing up, the Onion got hacked and the National Republican Congressional Committee web site got defaced with Viagra ads. All that and more on this week&apos;s Drunken Security News! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Being nice to hackers means they won&apos;t hack us? How to prevent the Death Star from blowing up, the Onion got hacked and the National Republican Congressional Committee web site got defaced with Viagra ads. All that and more on this week&apos;s Drunken Security News! 1435 YahooPartnerVideoID Blip post id 6585730 http://blip.tv/file/6569041 Technology Science & Technology youtube Being nice to hackers means they won&apos;t hack us? How to prevent the Death Star from blowing up, the Onion got hacked and the National Republican Congressional Committee web site got defaced with Viagra ads. All that and more on this week&apos;s Drunken Security News! Sun, 12 May 2013 03:55:34 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode331819-989.jpg <iframe src="http://blip.tv/play/hr4jg5H7ZgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5H7ZgI" style="display:none"></embed> Drunken Security News - Episode 331 http://creativecommons.org/licenses/by-nc-nd/3.0/ 08A21C3A-B97F-11E2-890B-81F9D12D8594 http://blip.tv/pauldotcom/interview-with-rob-cheyne-episode-331-6585024 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6585024 6568335 file no 0.0 2013-05-10T14:36:43Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3080 hr4jg5H2JAI http://blip.tv/play/hr4jg5H2JAI http://blip.tv/comments/?attached_to=post6585024&skin=rss Pauldotom-InterviewWithRobCheyneEpisode331860-593.jpg Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur. He was the co-founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998. Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur. He was the co-founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998. Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations. 3080 YahooPartnerVideoID Blip post id 6585024 http://blip.tv/file/6568335 Technology Science & Technology youtube Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur.&#13;&#10;He was the co-founder and CEO of Safelight Security, a leading provider of information security education programs. He has taught information security training classes to tens of thousands of developers, architects, and managers for industry-leading organizations. He has over 20 years of experience in the information technology field and has been working in information security since 1998.&#13;&#10;&#13;&#10;Rob regularly speaks at security and training conferences, and frequently presents to the local chapters of various security organizations. Fri, 10 May 2013 14:36:43 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithRobCheyneEpisode331860-593.jpg <iframe src="http://blip.tv/play/hr4jg5H2JAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5H2JAI" style="display:none"></embed> Interview with Rob Cheyne - Episode 331 http://creativecommons.org/licenses/by-nc-nd/3.0/ 2886CC4C-B981-11E2-8294-CF1988024378 http://blip.tv/pauldotcom/interview-with-kurt-baumgartner-episode-331-6585031 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6585031 6568342 file no 0.0 2013-05-10T14:51:55Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2138 hr4jg5H2KwI http://blip.tv/play/hr4jg5H2KwI http://blip.tv/comments/?attached_to=post6585031&skin=rss Pauldotom-InterviewWithKurtBaumgartnerEpisode331925-449.jpg Kurt is a security researcher at Kaspersky Labs and one of the authors of the Red October whitepaper. Kurt tells us about their research, about the paper and what else Kaspersky is up to. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Kurt is a security researcher at Kaspersky Labs and one of the authors of the Red October whitepaper. Kurt tells us about their research, about the paper and what else Kaspersky is up to. 2138 YahooPartnerVideoID Blip post id 6585031 http://blip.tv/file/6568342 Technology Science & Technology youtube Kurt is a security researcher at Kaspersky Labs and one of the authors of the Red October whitepaper. Kurt tells us about their research, about the paper and what else Kaspersky is up to. Fri, 10 May 2013 14:51:55 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithKurtBaumgartnerEpisode331925-449.jpg <iframe src="http://blip.tv/play/hr4jg5H2KwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5H2KwI" style="display:none"></embed> Interview with Kurt Baumgartner - Episode 331 http://creativecommons.org/licenses/by-nc-nd/3.0/ 39959DEE-B68C-11E2-A82E-DC8B7D32638C http://blip.tv/pauldotcom/drunken-security-news-episode-330-6582845 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6582845 6566156 file no 0.0 2013-05-06T20:33:35Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2259 hr4jg5HlIQI http://blip.tv/play/hr4jg5HlIQI http://blip.tv/comments/?attached_to=post6582845&skin=rss Pauldotom-DrunkenSecurityNewsEpisode330168-379.jpg Tracking ships on the ocean, the twitter hacks will continue (against the human), printers on the internet and Larry tells us something about java applets that he was unaware of. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Tracking ships on the ocean, the twitter hacks will continue (against the human), printers on the internet and Larry tells us something about java applets that he was unaware of. 2259 YahooPartnerVideoID Blip post id 6582845 http://blip.tv/file/6566156 Technology Science & Technology youtube Tracking ships on the ocean, the twitter hacks will continue (against the human), printers on the internet and Larry tells us something about java applets that he was unaware of. Mon, 06 May 2013 20:33:35 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode330168-379.jpg <iframe src="http://blip.tv/play/hr4jg5HlIQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5HlIQI" style="display:none"></embed> Drunken Security News - Episode 330 http://creativecommons.org/licenses/by-nc-nd/3.0/ B021ECBC-E5BD-11DF-920F-DA67CFEB5D14 http://blip.tv/pauldotcom/dlink-dcc-exploit-pauldotcom-episode-217-tech-segment-4341090 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 4341090 4322430 file no 0.0 2010-11-01T13:41:11Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 759 hr4jgoj7RgI http://blip.tv/play/hr4jgoj7RgI http://blip.tv/comments/?attached_to=post4341090&skin=rss Pauldotom-DlinkDCCExploitPaulDotComEpisode217TechSegment822-495.jpg Dlink DCC Exploit - PaulDotCom Episode 217 Tech Segment http://a.images.blip.tv/Pauldotom-DlinkDCCExploitPaulDotComEpisode217TechSegment822-495-443.jpg Creative Commons Attribution-ShareAlike 3.0 searchonly Dlink DCC Exploit - PaulDotCom Episode 217 Tech Segment 759 YahooPartnerVideoID Blip post id 4341090 http://blip.tv/file/4322430 Technology pauldotcom hacking security Mon, 01 Nov 2010 13:41:11 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-DlinkDCCExploitPaulDotComEpisode217TechSegment822-495.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgoj7RgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgoj7RgI" style="display:none"></embed> Dlink DCC Exploit - PaulDotCom Episode 217 Tech Segment http://creativecommons.org/licenses/by-sa/3.0/ 1DD7082C-B407-11E2-B734-F8BBDF018936 http://blip.tv/pauldotcom/interview-with-andrew-righter-episode-330-6581305 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6581305 6564616 file no 0.0 2013-05-03T15:35:43Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3164 hr4jg5HZHQI http://blip.tv/play/hr4jg5HZHQI http://blip.tv/comments/?attached_to=post6581305&skin=rss Pauldotom-InterviewWithAndrewRighterEpisode330236-477.jpg After 5 years of diving into the Security world head first, Andrew has finally come up bruised, beaten and a little less stupid. Like most hackers, he has ripped apart, modified and rewritten every electron and every bit possible - and under proper supervision has even gotten to play with a few really expensive toys. He now spends his time bootstrapping his DARPA CFT project (Netoko), hacking automotive networks (GoodThopter), or playing with academics as a Visiting Scholar at the University of Pennsylvania. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly After 5 years of diving into the Security world head first, Andrew has finally come up bruised, beaten and a little less stupid. Like most hackers, he has ripped apart, modified and rewritten every electron and every bit possible - and under proper supervision has even gotten to play with a few really expensive toys. He now spends his time bootstrapping his DARPA CFT project (Netoko), hacking automotive networks (GoodThopter), or playing with academics as a Visiting Scholar at the University of Pennsylvania. 3164 YahooPartnerVideoID Blip post id 6581305 http://blip.tv/file/6564616 Technology Science & Technology youtube After 5 years of diving into the Security world head first, Andrew has finally come up bruised, beaten and a little less stupid. Like most hackers, he has ripped apart, modified and rewritten every electron and every bit possible - and under proper supervision has even gotten to play with a few really expensive toys. He now spends his time bootstrapping his DARPA CFT project (Netoko), hacking automotive networks (GoodThopter), or playing with academics as a Visiting Scholar at the University of Pennsylvania. Fri, 03 May 2013 15:35:43 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithAndrewRighterEpisode330236-477.jpg <iframe src="http://blip.tv/play/hr4jg5HZHQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5HZHQI" style="display:none"></embed> Interview with Andrew Righter - Episode 330 http://creativecommons.org/licenses/by-nc-nd/3.0/ 63D502AA-AE6E-11E2-BB16-92FF601E6A3A http://blip.tv/pauldotcom/hack-naked-tv-episode-55-6577303 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6577303 6560614 file no 0.0 2013-04-26T12:39:51Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 455 hr4jg5G5ewI http://blip.tv/play/hr4jg5G5ewI http://blip.tv/comments/?attached_to=post6577303&skin=rss Pauldotom-HackNakedTVEpisode55983-876.jpg In this episode we talk about Ronald McDonald style beat downs. Virus Total adding pcap analysis and Japan talking about shutting down TOR. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we talk about Ronald McDonald style beat downs. Virus Total adding pcap analysis and Japan talking about shutting down TOR. 455 http://blip.tv/file/6560614 Art Autos & Vehicles youtube In this episode we talk about Ronald McDonald style beat downs. Virus Total adding pcap analysis and Japan talking about shutting down TOR. hacking security beer pauldotcom john strand Fri, 26 Apr 2013 12:39:51 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode55983-876.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg5G5ewI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5G5ewI" style="display:none"></embed> Hack Naked TV Episode 55 http://creativecommons.org/licenses/by-nc-nd/3.0/ FB2E9F3A-414C-11E0-BC6A-883C426E2D6F http://blip.tv/pauldotcom/top-5-tips-for-successful-phishing-attacks-4833238 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 4833238 4815146 file no 0.0 2011-02-26T02:06:10Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2403 hr4jgqeAOgI http://blip.tv/play/hr4jgqeAOgI http://blip.tv/comments/?attached_to=post4833238&skin=rss Pauldotom-Top5TipsForSuccessfulPhishingAttacks448-276.jpg Mike Murray and Mike Murr join us to tell us the BEST ways to get users to click links. http://a.images.blip.tv/Pauldotom-Top5TipsForSuccessfulPhishingAttacks448-276-277.jpg Creative Commons Attribution-NonCommercial-ShareAlike 3.0 searchonly Mike Murray and Mike Murr join us to tell us the BEST ways to get users to click links. 2403 YahooPartnerVideoID Blip post id 4833238 http://blip.tv/file/4815146 Default Category pauldotcom hacking security Sat, 26 Feb 2011 02:06:10 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-Top5TipsForSuccessfulPhishingAttacks448-276.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgqeAOgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgqeAOgI" style="display:none"></embed> Top 5 Tips for Successful Phishing Attacks http://creativecommons.org/licenses/by-nc-sa/3.0/ ABAB3FCC-A513-11E2-BFFD-C7DD03F33F0C http://blip.tv/pauldotcom/drunken-security-news-episode-327-6570099 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6570099 6553409 file no 0.0 2013-04-14T14:57:47Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2563 hr4jg5GBVwI http://blip.tv/play/hr4jg5GBVwI http://blip.tv/comments/?attached_to=post6570099&skin=rss Pauldotom-DrunkenSecurityNewsEpisode327363-441.jpg Discussing CTF competitions, South Korea says it was attacked by North, mining bitcoins and can you have a Drunken Security News without some discussion of porn? Of course not. It&apos;s included too. And lots more! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Discussing CTF competitions, South Korea says it was attacked by North, mining bitcoins and can you have a Drunken Security News without some discussion of porn? Of course not. It&apos;s included too. And lots more! 2563 YahooPartnerVideoID Blip post id 6570099 http://blip.tv/file/6553409 Technology Science & Technology youtube Discussing CTF competitions, South Korea says it was attacked by North, mining bitcoins and can you have a Drunken Security News without some discussion of porn? Of course not. It&apos;s included too. And lots more! Sun, 14 Apr 2013 14:57:47 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode327363-441.jpg <iframe src="http://blip.tv/play/hr4jg5GBVwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5GBVwI" style="display:none"></embed> Drunken Security News - Episode 327 http://creativecommons.org/licenses/by-nc-nd/3.0/ 33EDB64E-A39D-11E2-B897-ACEA95122F3C http://blip.tv/pauldotcom/interview-with-richard-bejtlich-episode-327-6569191 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6569191 6552501 file no 0.0 2013-04-12T18:17:15Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3753 hr4jg5D6SwI http://blip.tv/play/hr4jg5D6SwI http://blip.tv/comments/?attached_to=post6569191&skin=rss Pauldotom-InterviewWithRichardBejtlichEpisode327913-533.jpg Richard Bejtlich is Mandiant&apos;s Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Richard Bejtlich is Mandiant&apos;s Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat. 3753 YahooPartnerVideoID Blip post id 6569191 http://blip.tv/file/6552501 Technology Science & Technology youtube Richard Bejtlich is Mandiant&apos;s Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat. Fri, 12 Apr 2013 18:17:15 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithRichardBejtlichEpisode327913-533.jpg <iframe src="http://blip.tv/play/hr4jg5D6SwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5D6SwI" style="display:none"></embed> Interview with Richard Bejtlich - Episode 327 http://creativecommons.org/licenses/by-nc-nd/3.0/ BF7B8C62-1FA6-11E1-BBE7-C1E89FD69D0B http://blip.tv/pauldotcom/scott-moulton-myharddrivedied-com-5796118 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 5796118 5779072 file no 0.0 2011-12-06T01:08:03Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2783 hr4jguHiegI http://blip.tv/play/hr4jguHiegI http://blip.tv/comments/?attached_to=post5796118&skin=rss Pauldotom-ScottMoultonMyHardDriveDiedcom867.png Creative Commons Attribution-NonCommercial 3.0 searchonly 2783 YahooPartnerVideoID Blip post id 5796118 http://blip.tv/file/5779072 Technology pauldotcom hacking security privacy Tue, 06 Dec 2011 01:08:03 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-ScottMoultonMyHardDriveDiedcom867.png pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jguHiegI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jguHiegI" style="display:none"></embed> Scott Moulton - MyHardDriveDied.com http://creativecommons.org/licenses/by-nc/3.0/ 028D755E-45CE-11E1-9C26-8BD449701C49 http://blip.tv/pauldotcom/hd-moore-metasploit-5905188 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 5905188 5888226 file no 0.0 2012-01-23T14:24:50Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2598 hr4jgui3CAI http://blip.tv/play/hr4jgui3CAI http://blip.tv/comments/?attached_to=post5905188&skin=rss Pauldotom-16809700.png HD Moore comes on the show to talk about all of the latest changes and features in the Metasploit framework. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly HD Moore comes on the show to talk about all of the latest changes and features in the Metasploit framework. 2598 YahooPartnerVideoID Blip post id 5905188 http://blip.tv/file/5888226 Technology pauldotcom hacking security metasploit privacy Mon, 23 Jan 2012 14:24:50 +0000 pauldotcom, hacking, security, metasploit, privacy http://a.images.blip.tv/Pauldotom-16809700.png pauldotcom, hacking, security, metasploit, privacy <iframe src="http://blip.tv/play/hr4jgui3CAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgui3CAI" style="display:none"></embed> HD Moore - Metasploit http://creativecommons.org/licenses/by-nc-nd/3.0/ D92D3C82-36AE-11E0-99BD-9A0B443ECA1B http://blip.tv/pauldotcom/chris-hoff-alex-horan-discussion-pauldotcom-episode-230-4774210 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 4774210 4756043 file no 0.0 2011-02-12T13:49:01Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3685 hr4jgqOzJgI http://blip.tv/play/hr4jgqOzJgI http://blip.tv/comments/?attached_to=post4774210&skin=rss Pauldotom-ChrisHoffAlexHoranDiscussionPaulDotComEpisode230651-791.jpg We talk cloud computing, security, and philosophy with Chris Hoff, 0day exploits with Alex Horan, burn some cigars, and throw down some beers! http://a.images.blip.tv/Pauldotom-ChrisHoffAlexHoranDiscussionPaulDotComEpisode230651-791-475.jpg Creative Commons Attribution-NonCommercial-ShareAlike 3.0 searchonly We talk cloud computing, security, and philosophy with Chris Hoff, 0day exploits with Alex Horan, burn some cigars, and throw down some beers! 3685 YahooPartnerVideoID Blip post id 4774210 http://blip.tv/file/4756043 Technology pauldotcom hacking security Sat, 12 Feb 2011 13:49:01 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-ChrisHoffAlexHoranDiscussionPaulDotComEpisode230651-791.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgqOzJgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgqOzJgI" style="display:none"></embed> Chris Hoff, Alex Horan Discussion - PaulDotCom Episode 230 http://creativecommons.org/licenses/by-nc-sa/3.0/ 96685C6A-9DF9-11E2-8B7D-E48FED90E3C2 http://blip.tv/pauldotcom/drunken-security-news-episode-326-6564585 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6564585 6547895 file no 0.0 2013-04-05T14:03:27Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2232 hr4jg5DWTQI http://blip.tv/play/hr4jg5DWTQI http://blip.tv/comments/?attached_to=post6564585&skin=rss Pauldotom-DrunkenSecurityNewsEpisode326493-313.jpg Dressing like a cyberwarrior, bitcoins, scapy and wireless sniffing, Rackspace going after patent trolls and the lack of network security talent in the government. All that and more this week on PaulDotCom Security Weekly! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Dressing like a cyberwarrior, bitcoins, scapy and wireless sniffing, Rackspace going after patent trolls and the lack of network security talent in the government. All that and more this week on PaulDotCom Security Weekly! 2232 YahooPartnerVideoID Blip post id 6564585 http://blip.tv/file/6547895 Technology Science & Technology youtube Dressing like a cyberwarrior, bitcoins, scapy and wireless sniffing, Rackspace going after patent trolls and the lack of network security talent in the government. All that and more this week on PaulDotCom Security Weekly! Fri, 05 Apr 2013 14:03:27 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode326493-313.jpg <iframe src="http://blip.tv/play/hr4jg5DWTQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5DWTQI" style="display:none"></embed> Drunken Security News - Episode 326 http://creativecommons.org/licenses/by-nc-nd/3.0/ 308EBFAC-9DF3-11E2-A224-94E8DE182880 http://blip.tv/pauldotcom/interview-with-bill-cheswick-episode-326-6564564 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6564564 6547874 file no 0.0 2013-04-05T13:17:39Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3167 hr4jg5DWOAI http://blip.tv/play/hr4jg5DWOAI http://blip.tv/comments/?attached_to=post6564564&skin=rss Pauldotom-InterviewWithBillCheswickEpisode326761.jpg Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for &quot;Firewalls and Internet Security; Repelling the Wily Hacker&quot;, co-authored with Steve Bellovin, which help train the first generation of Internet security experts. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for &quot;Firewalls and Internet Security; Repelling the Wily Hacker&quot;, co-authored with Steve Bellovin, which help train the first generation of Internet security experts. 3167 YahooPartnerVideoID Blip post id 6564564 http://blip.tv/file/6547874 Technology Science & Technology youtube Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Ches has worked on (and against) operating system security for over 35 years. He is probably best known for &quot;Firewalls and Internet Security; Repelling the Wily Hacker&quot;, co-authored with Steve Bellovin, which help train the first generation of Internet security experts. Fri, 05 Apr 2013 13:17:39 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithBillCheswickEpisode326761.jpg <iframe src="http://blip.tv/play/hr4jg5DWOAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5DWOAI" style="display:none"></embed> Interview with Bill Cheswick - Episode 326 http://creativecommons.org/licenses/by-nc-nd/3.0/ AB97627A-9DEF-11E2-808C-A5270BEF75C1 http://blip.tv/pauldotcom/interview-with-mark-baggett-episode-326-6564557 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6564557 6547867 file no 0.0 2013-04-05T12:52:27Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1395 hr4jg5DWMQI http://blip.tv/play/hr4jg5DWMQI http://blip.tv/comments/?attached_to=post6564557&skin=rss Pauldotom-InterviewWithMarkBaggettEpisode326344-724.jpg Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. As part of the Pauldotcom Team, Mark generates blog content for the &quot;pauldotcom.com&quot; podcast . In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. As part of the Pauldotcom Team, Mark generates blog content for the &quot;pauldotcom.com&quot; podcast . In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS. 1395 YahooPartnerVideoID Blip post id 6564557 http://blip.tv/file/6547867 Technology Science & Technology youtube Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark is the author of SANS Python for Penetration testers course (SEC573) and the pyWars gaming environment. As part of the Pauldotcom Team, Mark generates blog content for the &quot;pauldotcom.com&quot; podcast . In January 2011, Mark assumed a new role as the Technical Advisor to the DoD for SANS. Fri, 05 Apr 2013 12:52:27 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithMarkBaggettEpisode326344-724.jpg <iframe src="http://blip.tv/play/hr4jg5DWMQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5DWMQI" style="display:none"></embed> Interview with Mark Baggett - Episode 326 http://creativecommons.org/licenses/by-nc-nd/3.0/ 61909DEE-9D46-11E2-8639-D23ACCCB22D0 http://blip.tv/pauldotcom/hack-naked-tv-episode-54-6564048 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6564048 6547358 file no 0.0 2013-04-04T16:40:38Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1087 hr4jg5DSNAI http://blip.tv/play/hr4jg5DSNAI http://blip.tv/comments/?attached_to=post6564048&skin=rss Pauldotom-HackNakedTVEpisode54891-608.jpg In this episode we talk about recon-ng. Time to upsize your penetration testing recon. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we talk about recon-ng. Time to upsize your penetration testing recon. 1087 YahooPartnerVideoID Blip post id 6564048 http://blip.tv/file/6547358 Technology hacking security beer pauldotcom john strand Thu, 04 Apr 2013 16:40:38 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode54891-608.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg5DSNAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5DSNAI" style="display:none"></embed> Hack Naked TV Episode 54 http://creativecommons.org/licenses/by-nc-nd/3.0/ 7BD950E0-9B8B-11E2-BE19-E768663D9B51 http://blip.tv/pauldotcom/drunken-security-news-episode-325-6562563 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6562563 6545873 file no 0.0 2013-04-02T11:50:15Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3277 hr4jg5DGZwI http://blip.tv/play/hr4jg5DGZwI http://blip.tv/comments/?attached_to=post6562563&skin=rss Pauldotom-DrunkenSecurityNewsEpisode325187-674.jpg This was rant week at PaulDotCom Security Weekly. First Jack and Paul get into it about businesses being too scared to scan and then John lights into a new study where McAfee is allowed to game the results. All that and more this week! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly This was rant week at PaulDotCom Security Weekly. First Jack and Paul get into it about businesses being too scared to scan and then John lights into a new study where McAfee is allowed to game the results. All that and more this week! 3277 YahooPartnerVideoID Blip post id 6562563 http://blip.tv/file/6545873 Technology Science & Technology youtube This was rant week at PaulDotCom Security Weekly. First Jack and Paul get into it about businesses being too scared to scan and then John lights into a new study where McAfee is allowed to game the results. All that and more this week! Tue, 02 Apr 2013 11:50:15 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode325187-674.jpg <iframe src="http://blip.tv/play/hr4jg5DGZwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5DGZwI" style="display:none"></embed> Drunken Security News - Episode 325 http://creativecommons.org/licenses/by-nc-nd/3.0/ 95D7C3A6-9892-11E2-8B28-C38C9373937C http://blip.tv/pauldotcom/interview-with-simon-bennetts-episode-325-6560728 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6560728 6544038 file no 0.0 2013-03-29T17:03:32Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1229 hr4jg5C4PAI http://blip.tv/play/hr4jg5C4PAI http://blip.tv/comments/?attached_to=post6560728&skin=rss Pauldotom-InterviewWithSimonBennettsEpisode325194-698.jpg Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. Simon is on to discuss OWASP&apos;s Zed Attack Proxy v 2.0.0 From the OWASP site: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. Simon is on to discuss OWASP&apos;s Zed Attack Proxy v 2.0.0 From the OWASP site: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. 1229 YahooPartnerVideoID Blip post id 6560728 http://blip.tv/file/6544038 Technology Science & Technology youtube Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project. Simon is on to discuss OWASP&apos;s Zed Attack Proxy v 2.0.0&#13;&#10;From the OWASP site:&#13;&#10;The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Fri, 29 Mar 2013 17:03:32 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithSimonBennettsEpisode325194-698.jpg <iframe src="http://blip.tv/play/hr4jg5C4PAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5C4PAI" style="display:none"></embed> Interview with Simon Bennetts - Episode 325 http://creativecommons.org/licenses/by-nc-nd/3.0/ 0DB8181C-97AD-11E2-B67B-F0F66FDD85FC http://blip.tv/pauldotcom/hack-naked-tv-episode-53-or-so-6560066 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6560066 6543376 file no 0.0 2013-03-28T13:40:28Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 627 hr4jg5CzJgI http://blip.tv/play/hr4jg5CzJgI http://blip.tv/comments/?attached_to=post6560066&skin=rss Pauldotom-HackNakedTVEpisode53OrSo432-454.jpg In this episode I rant against McAfee and NSS labs. A lot. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode I rant against McAfee and NSS labs. A lot. 627 YahooPartnerVideoID Blip post id 6560066 http://blip.tv/file/6543376 Technology Science & Technology youtube In this episode I rant against McAfee and NSS labs.&#13;&#10;&#13;&#10;A lot. hacking security beer pauldotcom john strand Thu, 28 Mar 2013 13:40:28 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode53OrSo432-454.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg5CzJgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5CzJgI" style="display:none"></embed> Hack naked TV Episode 53 or so.. http://creativecommons.org/licenses/by-nc-nd/3.0/ 5E9E1348-950B-11E2-B2BD-B456A7CA9A9E http://blip.tv/pauldotcom/drunken-security-news-episode-324-6557728 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6557728 6541038 file no 0.0 2013-03-25T05:18:03Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3537 hr4jg5ChBAI http://blip.tv/play/hr4jg5ChBAI http://blip.tv/comments/?attached_to=post6557728&skin=rss Pauldotom-DrunkenSecurityNewsEpisode324842-760.jpg Talkin&apos; Weev, the underground economy of botnets, guns made from a 3D printer, humans are dumb and more about Krebs chasing down the people who DoS and SWATed him. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Talkin&apos; Weev, the underground economy of botnets, guns made from a 3D printer, humans are dumb and more about Krebs chasing down the people who DoS and SWATed him. 3537 YahooPartnerVideoID Blip post id 6557728 http://blip.tv/file/6541038 Technology Science & Technology youtube Talkin&apos; Weev, the underground economy of botnets, guns made from a 3D printer, humans are dumb and more about Krebs chasing down the people who DoS and SWATed him. Mon, 25 Mar 2013 05:18:03 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode324842-760.jpg <iframe src="http://blip.tv/play/hr4jg5ChBAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5ChBAI" style="display:none"></embed> Drunken Security News - Episode 324 http://creativecommons.org/licenses/by-nc-nd/3.0/ D2C3EAFA-930C-11E2-9298-8EB8A56CB4F2 http://blip.tv/pauldotcom/interview-with-jason-fossen-episode-325-6556239 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6556239 6539549 file no 0.0 2013-03-22T16:23:25Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2705 hr4jg5CVMwI http://blip.tv/play/hr4jg5CVMwI http://blip.tv/comments/?attached_to=post6556239&skin=rss Pauldotom-InterviewWithJasonFossenEpisode325945-900.jpg Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute&apos;s week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute&apos;s week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. 2705 YahooPartnerVideoID Blip post id 6556239 http://blip.tv/file/6539549 Technology Science & Technology youtube Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute&apos;s week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. Fri, 22 Mar 2013 16:23:25 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithJasonFossenEpisode325945-900.jpg <iframe src="http://blip.tv/play/hr4jg5CVMwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5CVMwI" style="display:none"></embed> Interview with Jason Fossen - Episode 324 http://creativecommons.org/licenses/by-nc-nd/3.0/ E57554F0-91A3-11E2-8110-913F391B7945 http://blip.tv/pauldotcom/drunken-security-news-episode-323-6555069 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6555069 6538379 file no 0.0 2013-03-20T21:19:49Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2372 hr4jg5CMIQI http://blip.tv/play/hr4jg5CMIQI http://blip.tv/comments/?attached_to=post6555069&skin=rss Pauldotom-DrunkenSecurityNewsEpisode323478-435.jpg Apparently the &apos;80s was the ancient times, what do you do with your developers who don&apos;t care about security and complain about attending security training? Great tips on how to avoid drone strikes and uses for old microwaves! Is diversification important in your security pros, TSA changes rules allowing knives but not a bottle of water, and a very special salute to &quot;pig vomit&quot;! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Apparently the &apos;80s was the ancient times, what do you do with your developers who don&apos;t care about security and complain about attending security training? Great tips on how to avoid drone strikes and uses for old microwaves! Is diversification important in your security pros, TSA changes rules allowing knives but not a bottle of water, and a very special salute to &quot;pig vomit&quot;! 2372 YahooPartnerVideoID Blip post id 6555069 http://blip.tv/file/6538379 Technology Science & Technology youtube Apparently the 80s was the ancient times, what do you do with your developers who don&apos;t care about security and complain about attending security training? Great tips on how to avoid drone strikes and uses for old microwaves! Is diversification important in your security pros, TSA changes rules allowing knives but not a bottle of water, and a very special salute to &quot;pig vomit&quot;! Wed, 20 Mar 2013 21:19:49 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode323478-435.jpg <iframe src="http://blip.tv/play/hr4jg5CMIQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg5CMIQI" style="display:none"></embed> Drunken Security News - Episode 323 http://creativecommons.org/licenses/by-nc-nd/3.0/ D3125292-8A85-11E2-A6C4-B7B3C8137A0E http://blip.tv/pauldotcom/interview-with-michael-farnum-6549047 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6549047 6532357 file no 0.0 2013-03-11T19:56:55Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1610 hr4jg4_dGwI http://blip.tv/play/hr4jg4_dGwI http://blip.tv/comments/?attached_to=post6549047&skin=rss Pauldotom-InterviewWithMichaelFarnum681-172.jpg Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his &quot;m1a1vet&quot; handle). Michael has worked at Accuvant as a solutions manager and is the founder of HouSecCon, THE Houston Security Conference, which will hold its 4th annual event in October. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his &quot;m1a1vet&quot; handle). Michael has worked at Accuvant as a solutions manager and is the founder of HouSecCon, THE Houston Security Conference, which will hold its 4th annual event in October. 1610 YahooPartnerVideoID Blip post id 6549047 http://blip.tv/file/6532357 Technology Science & Technology youtube Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his &quot;m1a1vet&quot; handle). Michael has worked at Accuvant as a solutions manager and is the founder of HouSecCon, THE Houston Security Conference, which will hold its 4th annual event in October. Mon, 11 Mar 2013 19:56:55 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithMichaelFarnum681-172.jpg <iframe src="http://blip.tv/play/hr4jg4_dGwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4_dGwI" style="display:none"></embed> Interview with Michael Farnum - Episode 323 http://creativecommons.org/licenses/by-nc-nd/3.0/ 13C01598-8A83-11E2-92C1-D8D24DD78C42 http://blip.tv/pauldotcom/interview-with-jonathan-ness-episode-323-6549029 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6549029 6532339 file no 0.0 2013-03-11T19:37:15Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1985 hr4jg4_dCQI http://blip.tv/play/hr4jg4_dCQI http://blip.tv/comments/?attached_to=post6549029&skin=rss Pauldotom-InterviewWithJonathanNessEpisode323306-721.jpg Jonathan leads the Microsoft Security Response Center Engineering team in investigating externally-reported security vulnerabilities and ensuring they are addressed appropriately via Microsoft&#8217;s monthly security update process. Jonathan also acts as one of the engineering technical leads for the Microsoft company-wide Software Security Incident Response Process. The most important aspect of his work is helping customers find ways to reduce attack surface and protect themselves. Outside Microsoft work, Jonathan participates as a member of a reserve military unit helping to protect DoD networks and has written three-part &#8220;Gray Hat Hacking&#8221; book series. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Jonathan leads the Microsoft Security Response Center Engineering team in investigating externally-reported security vulnerabilities and ensuring they are addressed appropriately via Microsoft&#8217;s monthly security update process. Jonathan also acts as one of the engineering technical leads for the Microsoft company-wide Software Security Incident Response Process. The most important aspect of his work is helping customers find ways to reduce attack surface and protect themselves. Outside Microsoft work, Jonathan participates as a member of a reserve military unit helping to protect DoD networks and has written three-part &#8220;Gray Hat Hacking&#8221; book series. 1985 YahooPartnerVideoID Blip post id 6549029 http://blip.tv/file/6532339 Art Science & Technology youtube Jonathan leads the Microsoft Security Response Center Engineering team in investigating externally-reported security vulnerabilities and ensuring they are addressed appropriately via Microsoft&#8217;s monthly security update process. Jonathan also acts as one of the engineering technical leads for the Microsoft company-wide Software Security Incident Response Process. The most important aspect of his work is helping customers find ways to reduce attack surface and protect themselves. Outside Microsoft work, Jonathan participates as a member of a reserve military unit helping to protect DoD networks and has written three-part &#8220;Gray Hat Hacking&#8221; book series. Mon, 11 Mar 2013 19:37:15 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithJonathanNessEpisode323306-721.jpg <iframe src="http://blip.tv/play/hr4jg4_dCQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4_dCQI" style="display:none"></embed> Interview with Jonathan Ness - Episode 323 http://creativecommons.org/licenses/by-nc-nd/3.0/ 217A67AC-8762-11E2-9E92-C8E0CE2EB6F0 http://blip.tv/pauldotcom/interview-with-joe-mccray-episode-322-6546642 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6546642 6529952 file no 0.0 2013-03-07T20:03:51Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2289 hr4jg4_KNgI http://blip.tv/play/hr4jg4_KNgI http://blip.tv/comments/?attached_to=post6546642&skin=rss Pauldotom-InterviewWithJoeMcCrayEpisode322837-173.jpg We apologize for a technical issue with the audio that required us to cut out about six minutes of the podcast at about the 2:30 mark. It is abrupt, but we get you right back with Joe McCray talking about what&apos;s going on in his life, his history, upcoming classes that he&apos;ll be teaching and of course, &quot;Five Questions with PaulDotCom!&quot; Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly We apologize for a technical issue with the audio that required us to cut out about six minutes of the podcast at about the 2:30 mark. It is abrupt, but we get you right back with Joe McCray talking about what&apos;s going on in his life, his history, upcoming classes that he&apos;ll be teaching and of course, &quot;Five Questions with PaulDotCom!&quot; 2289 YahooPartnerVideoID Blip post id 6546642 http://blip.tv/file/6529952 Technology Science & Technology youtube We apologize for a technical issue with the audio that required us to cut out about six minutes of the podcast at about the 2:30 mark. It is abrupt, but we get you right back with Joe McCray talking about what&apos;s going on in his life, his history, upcoming classes that he&apos;ll be teaching and of course, &quot;Five Questions with PaulDotCom!&quot; Thu, 07 Mar 2013 20:03:51 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithJoeMcCrayEpisode322837-173.jpg <iframe src="http://blip.tv/play/hr4jg4_KNgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4_KNgI" style="display:none"></embed> Interview with Joe McCray - Episode 322 http://creativecommons.org/licenses/by-nc-nd/3.0/ 68E75030-8494-11E2-ADBB-D4CC69AB7C22 http://blip.tv/pauldotcom/drunken-security-news-episode-322-6544075 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6544075 6527385 file no 0.0 2013-03-04T06:26:12Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2091 hr4jg4+2LwI http://blip.tv/play/hr4jg4+2LwI http://blip.tv/comments/?attached_to=post6544075&skin=rss Pauldotom-DrunkenSecurityNewsEpisode322933-905.jpg Jack&apos;s in the Hall of Fame, PaulDotCom Security Weekly won the best podcast, legally writing your own 0-day, working with authorities when shutting down attackers, Chinese responses to Mandiant, and why patching your software actually matters. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Jack&apos;s in the Hall of Fame, PaulDotCom Security Weekly won the best podcast, legally writing your own 0-day, working with authorities when shutting down attackers, Chinese responses to Mandiant, and why patching your software actually matters. 2091 YahooPartnerVideoID Blip post id 6544075 http://blip.tv/file/6527385 Technology Science & Technology youtube Jack&apos;s in the Hall of Fame, PaulDotCom Security Weekly won the best podcast, legally writing your own 0-day, working with authorities when shutting down attackers, Chinese responses to Mandiant, and why patching your software actually matters. Mon, 04 Mar 2013 06:26:12 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode322933-905.jpg <iframe src="http://blip.tv/play/hr4jg4%2B2LwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4+2LwI" style="display:none"></embed> Drunken Security News - Episode 322 http://creativecommons.org/licenses/by-nc-nd/3.0/ 9D1D3DB4-840E-11E2-A2EB-D5B0C3796602 http://blip.tv/pauldotcom/building-a-security-lab-on-the-cheap-6543666 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6543666 6526976 file no 0.0 2013-03-03T14:28:27Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1678 hr4jg4+zFgI http://blip.tv/play/hr4jg4+zFgI http://blip.tv/comments/?attached_to=post6543666&skin=rss Pauldotom-BuildingASecurityLabOnTheCheap495-45.jpg Having a home lab is really key in our field. There always seems to be projects you want to work on that require a specific OS or software. You just need hardware at home, whether you are pen testing or doing security research. I grew tired of using laptops, and especially my own laptop. Having some low-cost servers will open up the possibilities. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Having a home lab is really key in our field. There always seems to be projects you want to work on that require a specific OS or software. You just need hardware at home, whether you are pen testing or doing security research. I grew tired of using laptops, and especially my own laptop. Having some low-cost servers will open up the possibilities. 1678 YahooPartnerVideoID Blip post id 6543666 http://blip.tv/file/6526976 Technology Science & Technology youtube Having a home lab is really key in our field. There always seems to be projects you want to work on that require a specific OS or software. You just need hardware at home, whether you are pen testing or doing security research. I grew tired of using laptops, and especially my own laptop. Having some low-cost servers will open up the possibilities. Sun, 03 Mar 2013 14:28:27 +0000 http://a.images.blip.tv/Pauldotom-BuildingASecurityLabOnTheCheap495-45.jpg <iframe src="http://blip.tv/play/hr4jg4%2BzFgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4+zFgI" style="display:none"></embed> Building a Security Lab on the Cheap http://creativecommons.org/licenses/by-nc-nd/3.0/ ED976BB4-8104-11E2-95EE-A095B63980FB http://blip.tv/pauldotcom/joey-peloquin-and-drunken-security-news-episode-321-6541197 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6541197 6524507 file no 0.0 2013-02-27T17:41:34Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3071 hr4jg4+fcQI http://blip.tv/play/hr4jg4+fcQI http://blip.tv/comments/?attached_to=post6541197&skin=rss Pauldotom-JoeyPeloquinAndDrunkenSecurityNewsEpisode321606-314.jpg Joey Peloquin came on to talk about his recent findings with mobile security testing, and the platform he prefers, among iOS, Android and the new MS Surface. Plus, Paul and Larry are in studio to talk about the stories of the week. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Joey Peloquin came on to talk about his recent findings with mobile security testing, and the platform he prefers, among iOS, Android and the new MS Surface. Plus, Paul and Larry are in studio to talk about the stories of the week. 3071 YahooPartnerVideoID Blip post id 6541197 http://blip.tv/file/6524507 Technology Science & Technology youtube Joey Peloquin came on to talk about his recent findings with mobile security testing, and the platform he prefers, among iOS, Android and the new MS Surface. Plus, Paul and Larry are in studio to talk about the stories of the week. Wed, 27 Feb 2013 17:41:34 +0000 http://a.images.blip.tv/Pauldotom-JoeyPeloquinAndDrunkenSecurityNewsEpisode321606-314.jpg <iframe src="http://blip.tv/play/hr4jg4%2BfcQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4+fcQI" style="display:none"></embed> Joey Peloquin and Drunken Security News - Episode 321 http://creativecommons.org/licenses/by-nc-nd/3.0/ C453BC56-7F58-11E2-9873-E8DA92133C72 http://blip.tv/pauldotcom/interview-with-adrian-irongeek-crenshaw-episode-321-6539327 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6539327 6522637 file no 0.0 2013-02-25T14:36:40Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1891 hr4jg4+RIwI http://blip.tv/play/hr4jg4+RIwI http://blip.tv/comments/?attached_to=post6539327&skin=rss Pauldotom-InterviewWithAdrianIrongeekCrenshawEpisode321242-734.jpg Adrian joins the show to talk about his history in security, his co-creation of Derbycon, a primer into how he gets conference videos online so quickly and other tales of fun at conferences. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Adrian joins the show to talk about his history in security, his co-creation of Derbycon, a primer into how he gets conference videos online so quickly and other tales of fun at conferences. 1891 YahooPartnerVideoID Blip post id 6539327 http://blip.tv/file/6522637 Technology Science & Technology youtube Adrian joins the show to talk about his history in security, his co-creation of Derbycon, a primer into how he gets conference videos online so quickly and other tales of fun at conferences. Mon, 25 Feb 2013 14:36:40 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithAdrianIrongeekCrenshawEpisode321242-734.jpg <iframe src="http://blip.tv/play/hr4jg4%2BRIwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4+RIwI" style="display:none"></embed> Interview with Adrian "Irongeek" Crenshaw - Episode 321 http://creativecommons.org/licenses/by-nc-nd/3.0/ 5FF2FF14-7612-11E2-8453-A077E38682A0 http://blip.tv/pauldotcom/josh-wright-and-drunken-security-news-episode-320-6530040 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6530040 6513350 file no 0.0 2013-02-13T19:20:06Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2887 hr4jg47IXAI http://blip.tv/play/hr4jg47IXAI http://blip.tv/comments/?attached_to=post6530040&skin=rss Pauldotom-JoshWrightAndDrunkenSecurityNewsEpisode320881-999.jpg Listening to the fun that Josh Wright has just makes you frequently shake your head and mutter, &quot;No you didn&apos;t. Oh no, you actually did.&quot; Just a word of warning, if you live near Josh, stay on your own damn WiFi connection. And, it might not be a good idea to try to get a table at a restaurant when Josh is waiting. You&apos;ll see why. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Listening to the fun that Josh Wright has just makes you frequently shake your head and mutter, &quot;No you didn&apos;t. Oh no, you actually did.&quot; Just a word of warning, if you live near Josh, stay on your own damn WiFi connection. And, it might not be a good idea to try to get a table at a restaurant when Josh is waiting. You&apos;ll see why. 2887 YahooPartnerVideoID Blip post id 6530040 http://blip.tv/file/6513350 Technology Science & Technology youtube Listening to the fun that Josh Wright has just makes you frequently shake your head and mutter, &quot;No you didn&apos;t. Oh no, you actually did.&quot; Just a word of warning, if you live near Josh, stay on your own damn WiFi connection. And, it might not be a good idea to try to get a table at a restaurant when Josh is waiting. You&apos;ll see why. Wed, 13 Feb 2013 19:20:06 +0000 http://a.images.blip.tv/Pauldotom-JoshWrightAndDrunkenSecurityNewsEpisode320881-999.jpg <iframe src="http://blip.tv/play/hr4jg47IXAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg47IXAI" style="display:none"></embed> Josh Wright and Drunken Security News - Episode 320 http://creativecommons.org/licenses/by-nc-nd/3.0/ 855EA87E-760E-11E2-AFD6-CBAFFEB4DA26 http://blip.tv/pauldotcom/interview-with-craig-heffner-6530013 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6530013 6513323 file no 0.0 2013-02-13T18:52:31Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2192 hr4jg47IQQI http://blip.tv/play/hr4jg47IQQI http://blip.tv/comments/?attached_to=post6530013&skin=rss Pauldotom-InterviewWithCraigHeffner414-515.jpg Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has six years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has six years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses. 2192 YahooPartnerVideoID Blip post id 6530013 http://blip.tv/file/6513323 Technology Science & Technology youtube Craig Heffner is a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD. He has 6 years experience analyzing wireless and embedded systems and operates the devttys0 blog which is dedicated to embedded hacking topics. He has presented at events such as Blackhat and DEF CON and teaches embedded device exploitation courses. Wed, 13 Feb 2013 18:52:31 +0000 http://a.images.blip.tv/Pauldotom-InterviewWithCraigHeffner414-515.jpg <iframe src="http://blip.tv/play/hr4jg47IQQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg47IQQI" style="display:none"></embed> Interview with Craig Heffner http://creativecommons.org/licenses/by-nc-nd/3.0/ 44289EAC-7602-11E2-8D65-F4F8FC7CC771 http://blip.tv/pauldotcom/hack-naked-tv-episode-52-6529917 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6529917 6513227 file no 0.0 2013-02-13T17:24:48Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 274 hr4jg47HYQI http://blip.tv/play/hr4jg47HYQI http://blip.tv/comments/?attached_to=post6529917&skin=rss Pauldotom-HackNakedTVEpisode52771-117.jpg In this episode we talk about the Bit9 debacle. The team at PaulDotCom has also released the Active Defense Harbinger Distribution. Links for this episode: http://tinyurl.com/HNTV-Bit9 http://sourceforge.net/projects/adhd/ http://tinyurl.com/HNTV-OCM-SANS-Orlando No license (All rights reserved) searchonly In this episode we talk about the Bit9 debacle. The team at PaulDotCom has also released the Active Defense Harbinger Distribution. Links for this episode: http://tinyurl.com/HNTV-Bit9 http://sourceforge.net/projects/adhd/ http://tinyurl.com/HNTV-OCM-SANS-Orlando 274 YahooPartnerVideoID Blip post id 6529917 http://blip.tv/file/6513227 Art Autos & Vehicles youtube In this episode we talk about the Bit9 debacle. The team at PaulDotCom has also released the Active Defense Harbinger Distribution. &#13;&#10;&#13;&#10;Links for this episode:&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-Bit9&#13;&#10;&#13;&#10;http://sourceforge.net/projects/adhd/&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-OCM-SANS-Orlando&#13;&#10;&#13;&#10;- John Strand hacking security beer pauldotcom john strand Wed, 13 Feb 2013 17:24:48 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode52771-117.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg47HYQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg47HYQI" style="display:none"></embed> Hack Naked TV Episode 52 75FE5D30-725C-11E2-B6A5-EECC34E6F6A1 http://blip.tv/pauldotcom/drunken-security-news-episode-319-6526165 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6526165 6509475 file no 0.0 2013-02-09T02:00:21Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1759 hr4jg46qOQI http://blip.tv/play/hr4jg46qOQI http://blip.tv/comments/?attached_to=post6526165&skin=rss Pauldotom-DrunkenSecurityNewsEpisode319954-403.jpg Six seconds of porn, big indivisible numbers, no money in the Federal Reserve hack, Allison is a Gold GCIA, SSL/TLS hacks, vulnerability management and hacking OSX. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Six seconds of porn, big indivisible numbers, no money in the Federal Reserve hack, Allison is a Gold GCIA, SSL/TLS hacks, vulnerability management and hacking OSX. 1759 YahooPartnerVideoID Blip post id 6526165 http://blip.tv/file/6509475 Technology Science & Technology youtube Six seconds of porn, big indivisible numbers, no money in the Federal Reserve hack, Allison is a Gold GCIA, SSL/TLS hacks, vulnerability management and hacking OSX. Sat, 09 Feb 2013 02:00:21 +0000 http://a.images.blip.tv/Pauldotom-DrunkenSecurityNewsEpisode319954-403.jpg <iframe src="http://blip.tv/play/hr4jg46qOQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg46qOQI" style="display:none"></embed> Drunken Security News - Episode 319 http://creativecommons.org/licenses/by-nc-nd/3.0/ FD8557B8-7243-11E2-A477-F2E4AA38D040 http://blip.tv/pauldotcom/adhd-with-ethan-robish-episode-319-6526056 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6526056 6509366 file no 0.0 2013-02-08T23:05:11Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1444 hr4jg46pTAI http://blip.tv/play/hr4jg46pTAI http://blip.tv/comments/?attached_to=post6526056&skin=rss Pauldotom-ADHDWithEthanRobishEpisode319632-225.jpg Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to &quot;strike back&quot; at the bad guys. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution. The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to &quot;strike back&quot; at the bad guys. 1444 YahooPartnerVideoID Blip post id 6526056 http://blip.tv/file/6509366 Technology Science & Technology youtube Ethan Robish is a researcher with Black Hills Information Security and is here to give us some of the background on a suite of tools for the Offensive Countermeasures class - Active Defense Harbinger Distribution.&#13;&#10;The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to &quot;strike back&quot; at the bad guys. Fri, 08 Feb 2013 23:05:11 +0000 http://a.images.blip.tv/Pauldotom-ADHDWithEthanRobishEpisode319632-225.jpg <iframe src="http://blip.tv/play/hr4jg46pTAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg46pTAI" style="display:none"></embed> ADHD with Ethan Robish - Episode 319 http://creativecommons.org/licenses/by-nc-nd/3.0/ 722C075E-7237-11E2-ACCD-CB3FF248FD31 http://blip.tv/pauldotcom/wendy-nather-episode-319-6525982 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6525982 6509292 file no 0.0 2013-02-08T21:35:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2820 hr4jg46pAgI http://blip.tv/play/hr4jg46pAgI http://blip.tv/comments/?attached_to=post6525982&skin=rss Pauldotom-WendyNatherEpisode319465-516.jpg Wendy Nather is Research Director of the 451 Research Enterprise Security Practice. With over 20 years of IT experience, she built and managed the IT security program at the Texas Education Agency, where she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She has also provided security guidance for the datacenter consolidation of 27 Texas state agencies. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Wendy Nather is Research Director of the 451 Research Enterprise Security Practice. With over 20 years of IT experience, she built and managed the IT security program at the Texas Education Agency, where she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She has also provided security guidance for the datacenter consolidation of 27 Texas state agencies. 2820 YahooPartnerVideoID Blip post id 6525982 http://blip.tv/file/6509292 Technology Science & Technology youtube Wendy Nather is Research Director of the 451 Research Enterprise Security Practice. With over 20 years of IT experience, she built and managed the IT security program at the Texas Education Agency, where she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She has also provided security guidance for the datacenter consolidation of 27 Texas state agencies. Fri, 08 Feb 2013 21:35:23 +0000 http://a.images.blip.tv/Pauldotom-WendyNatherEpisode319465-516.jpg <iframe src="http://blip.tv/play/hr4jg46pAgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg46pAgI" style="display:none"></embed> Wendy Nather - Episode 319 http://creativecommons.org/licenses/by-nc-nd/3.0/ C97F96AC-6CB9-11E2-ACC4-99D2B4EEAEDE http://blip.tv/pauldotcom/episode-318-drunken-security-news-6519866 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6519866 6503176 file no 0.0 2013-02-01T21:53:17Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2581 hr4jg435HgI http://blip.tv/play/hr4jg435HgI http://blip.tv/comments/?attached_to=post6519866&skin=rss Pauldotom-Episode318DrunkenSecurityNews911-251.jpg Porn, smut and sextortion (hey, we are rated TV-14). Now Oracle claims to be serious about java security? Hacking CCTV, trailer to the new version of Backtrack, a little more about the expelled Canadian student and the NY Times was hacked by China. Or was it? Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Porn, smut and sextortion (hey, we are rated TV-14). Now Oracle claims to be serious about java security? Hacking CCTV, trailer to the new version of Backtrack, a little more about the expelled Canadian student and the NY Times was hacked by China. Or was it? 2581 YahooPartnerVideoID Blip post id 6519866 http://blip.tv/file/6503176 Technology Science & Technology youtube Porn, smut and sextortion (hey, we are rated TV-14). Now Oracle claims to be serious about java security? Hacking CCTV, trailer to the new version of Backtrack, a little more about the expelled Canadian student and the NY Times was hacked by China. Or was it? Fri, 01 Feb 2013 21:53:17 +0000 http://a.images.blip.tv/Pauldotom-Episode318DrunkenSecurityNews911-251.jpg <iframe src="http://blip.tv/play/hr4jg435HgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg435HgI" style="display:none"></embed> Episode 318 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ 0A429A66-6C7B-11E2-B4C2-9F3B6BB62946 http://blip.tv/pauldotcom/episode-318-interview-with-dr-gene-spafford-6519372 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6519372 6502682 file no 0.0 2013-02-01T14:24:08Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3459 hr4jg431MAI http://blip.tv/play/hr4jg431MAI http://blip.tv/comments/?attached_to=post6519372&skin=rss Pauldotom-Episode318InterviewWithDrGeneSpafford232-898.jpg Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. 3459 YahooPartnerVideoID Blip post id 6519372 http://blip.tv/file/6502682 Technology Science & Technology youtube Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. Fri, 01 Feb 2013 14:24:08 +0000 http://a.images.blip.tv/Pauldotom-Episode318InterviewWithDrGeneSpafford232-898.jpg <iframe src="http://blip.tv/play/hr4jg431MAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg431MAI" style="display:none"></embed> Episode 318 - Interview with Dr. Gene Spafford http://creativecommons.org/licenses/by-nc-nd/3.0/ C7296130-6C6E-11E2-BDC2-ED0E64ED3177 http://blip.tv/pauldotcom/episode-318-tech-segment-thug-with-ben-jackson-6519317 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6519317 6502627 file no 0.0 2013-02-01T12:56:21Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1596 hr4jg430eQI http://blip.tv/play/hr4jg430eQI http://blip.tv/comments/?attached_to=post6519317&skin=rss Pauldotom-Episode318TechSegmentThugWithBenJackson241-43.jpg Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware. 1596 YahooPartnerVideoID Blip post id 6519317 http://blip.tv/file/6502627 Technology Science & Technology youtube Thug is a Python low-interaction honeyclient. All too often in Incident Response you have logs that indicate a client was exploited by an exploit kit and compromised, but retrieving a copy of the the applicable piece of malware is difficult. Thug is designed to mimic a vulnerable web browser and follow the exploit kit back to its malware. Fri, 01 Feb 2013 12:56:21 +0000 http://a.images.blip.tv/Pauldotom-Episode318TechSegmentThugWithBenJackson241-43.jpg <iframe src="http://blip.tv/play/hr4jg430eQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg430eQI" style="display:none"></embed> Episode 318 - Tech Segment: Thug with Ben Jackson http://creativecommons.org/licenses/by-nc-nd/3.0/ 41D13032-6906-11E2-B7B2-983D11BA4F6B http://blip.tv/pauldotcom/tech-segment-from-1-to-pwned-6515041 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6515041 6498351 file no 0.0 2013-01-28T04:50:36Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 988 hr4jg43TRQI http://blip.tv/play/hr4jg43TRQI http://blip.tv/comments/?attached_to=post6515041&skin=rss Pauldotom-TechSegmentFrom1ToPwned280-210.jpg Our intern Patrick shows what he has learned about SQL injection and how to use PHP and MySQL to write a couple different php web shells to a server&apos;s file system. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Our intern Patrick shows what he has learned about SQL injection and how to use PHP and MySQL to write a couple different php web shells to a server&apos;s file system. 988 YahooPartnerVideoID Blip post id 6515041 http://blip.tv/file/6498351 Technology Science & Technology youtube Our intern Patrick shows what he has learned about SQL injection and how to use PHP and MySQL to write a couple different php web shells to a server&apos;s file system. Mon, 28 Jan 2013 04:50:36 +0000 http://a.images.blip.tv/Pauldotom-TechSegmentFrom1ToPwned280-210.jpg <iframe src="http://blip.tv/play/hr4jg43TRQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg43TRQI" style="display:none"></embed> Tech Segment: From '1' to Pwned http://creativecommons.org/licenses/by-nc-nd/3.0/ 14B091CA-67D9-11E2-827D-DF065BE6A805 http://blip.tv/pauldotcom/hack-naked-tv-episode-50-6513993 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6513993 6497303 file no 0.0 2013-01-26T16:54:42Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 465 hr4jg43LLQI http://blip.tv/play/hr4jg43LLQI http://blip.tv/comments/?attached_to=post6513993&skin=rss Pauldotom-HackNakedTVEpisode50130-90.jpg In this episode we talk about the Java exploit and Spiders!! Oh God! Spiders! Links for this episode: Java Panic: http://tinyurl.com/HNTV-Java-Exploit22 Fake Java: http://tinyurl.com/HNTV-Java-Fake Cloud API holes: http://tinyurl.com/HNTV-Holes-CloudAPI Offensive Countermeasures at SANS Orlando: http://tinyurl.com/HNTV-OCM-SANS-Orlando Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we talk about the Java exploit and Spiders!! Oh God! Spiders! Links for this episode: Java Panic: http://tinyurl.com/HNTV-Java-Exploit22 Fake Java: http://tinyurl.com/HNTV-Java-Fake Cloud API holes: http://tinyurl.com/HNTV-Holes-CloudAPI Offensive Countermeasures at SANS Orlando: http://tinyurl.com/HNTV-OCM-SANS-Orlando 465 YahooPartnerVideoID Blip post id 6513993 http://blip.tv/file/6497303 Art Science & Technology youtube In this episode we talk about the Java exploit and Spiders!! Oh God! Spiders!&#13;&#10;&#13;&#10;Links for this episode:&#13;&#10;&#13;&#10;Java Panic: http://tinyurl.com/HNTV-Java-Exploit22&#13;&#10;&#13;&#10;Fake Java: http://tinyurl.com/HNTV-Java-Fake&#13;&#10;&#13;&#10;Cloud API holes: http://tinyurl.com/HNTV-Holes-CloudAPI&#13;&#10;&#13;&#10;Offensive Countermeasures at SANS Orlando: http://tinyurl.com/HNTV-OCM-SANS-Orlando hacking security beer pauldotcom john strand Sat, 26 Jan 2013 16:54:42 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode50130-90.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg43LLQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg43LLQI" style="display:none"></embed> Hack Naked TV Episode 50 http://creativecommons.org/licenses/by-nc-nd/3.0/ 87FAD9A4-66FA-11E2-BFB8-E6D804FF7942 http://blip.tv/pauldotcom/episode-317-drunken-security-news-6513079 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6513079 6496389 file no 0.0 2013-01-25T14:21:38Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2289 hr4jg43EGwI http://blip.tv/play/hr4jg43EGwI http://blip.tv/comments/?attached_to=post6513079&skin=rss Pauldotom-Episode317DrunkenSecurityNews487-493.jpg The wisdom of Dr. Dan Geer, backdoors in Barracuda, the expelled student hacker, there are sharks on Google, Twitter oops, DevOps, the 50plus political party hacker, and Tetris-ifying LinkedIn. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly The wisdom of Dr. Dan Geer, backdoors in Barracuda, the expelled student hacker, there are sharks on Google, Twitter oops, DevOps, the 50plus political party hacker, and Tetris-ifying LinkedIn. 2289 YahooPartnerVideoID Blip post id 6513079 http://blip.tv/file/6496389 Technology Science & Technology youtube The wisdom of Dr. Dan Geer, backdoors in Barracuda, the expelled student hacker, there are sharks on Google, Twitter oops, DevOps, the 50plus political party hacker, and Tetris-ifying LinkedIn. Fri, 25 Jan 2013 14:21:38 +0000 http://a.images.blip.tv/Pauldotom-Episode317DrunkenSecurityNews487-493.jpg <iframe src="http://blip.tv/play/hr4jg43EGwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg43EGwI" style="display:none"></embed> Episode 317 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ D9FEAE5E-66F2-11E2-800B-CDA8C5DB180B http://blip.tv/pauldotcom/episode-317-alissa-torres-6513048 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6513048 6496358 file no 0.0 2013-01-25T13:26:40Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1604 hr4jg43DfAI http://blip.tv/play/hr4jg43DfAI http://blip.tv/comments/?attached_to=post6513048&skin=rss Pauldotom-Episode317AlissaTorres830-761.jpg Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She&apos;s on tonight to talk to us about Bulk Extractor. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She&apos;s on tonight to talk to us about Bulk Extractor. 1604 YahooPartnerVideoID Blip post id 6513048 http://blip.tv/file/6496358 Technology Science & Technology youtube Alissa Torres is a certified SANS Instructor and Incident Handler at Mandiant, finding evil on a daily basis. Alissa began her career in information security as a Communications Officer in the United States Marine Corps and is a graduate of University of Virginia and University of Maryland. She&apos;s on tonight to talk to us about Bulk Extractor. Fri, 25 Jan 2013 13:26:40 +0000 http://a.images.blip.tv/Pauldotom-Episode317AlissaTorres830-761.jpg <iframe src="http://blip.tv/play/hr4jg43DfAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg43DfAI" style="display:none"></embed> Episode 317 - Alissa Torres http://creativecommons.org/licenses/by-nc-nd/3.0/ EF6792F0-618A-11E2-8E1B-CEE161BE7082 http://blip.tv/pauldotcom/episode-316-gene-kim-and-josh-corman-6506315 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6506315 6489624 file no 0.0 2013-01-18T16:20:12Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3785 hr4jg42PLwI http://blip.tv/play/hr4jg42PLwI http://blip.tv/comments/?attached_to=post6506315&skin=rss Pauldotom-Episode316GeneKimAndJoshCorman861-860.jpg Gene and Josh talk about burnout in the infosec industry and what&apos;s being done about it. Plus Gene has a new book released that&apos;s getting rave reviews: &quot;The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win&quot; Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Gene and Josh talk about burnout in the infosec industry and what&apos;s being done about it. Plus Gene has a new book released that&apos;s getting rave reviews: &quot;The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win&quot; 3785 YahooPartnerVideoID Blip post id 6506315 http://blip.tv/file/6489624 Technology Autos & Vehicles youtube Gene and Josh talk about burnout in the infosec industry and what&apos;s being done about it. Plus Gene has a new book released that&apos;s getting rave reviews: &quot;The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win&quot; Fri, 18 Jan 2013 16:20:12 +0000 http://a.images.blip.tv/Pauldotom-Episode316GeneKimAndJoshCorman861-860.jpg <iframe src="http://blip.tv/play/hr4jg42PLwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg42PLwI" style="display:none"></embed> Episode 316 - Gene Kim and Josh Corman http://creativecommons.org/licenses/by-nc-nd/3.0/ 66B1E3D4-618A-11E2-BE84-CE3E48DDF2B5 http://blip.tv/pauldotcom/episode-316-drunken-security-news-6506311 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6506311 6489620 file no 0.0 2013-01-18T16:16:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2786 hr4jg42PKwI http://blip.tv/play/hr4jg42PKwI http://blip.tv/comments/?attached_to=post6506311&skin=rss Pauldotom-Episode316DrunkenSecurityNews472-55.jpg Hacking x-ray machines, comparing vulnerabilities to gun violence, unplugging java from a browser (in Paul&apos;s experience), making good money on bug bounties from IE and Adobe, condoms, castles, blaming PSY for additional Korean hacks and the best innovation story that we&apos;ve heard in a while. Meow. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Hacking x-ray machines, comparing vulnerabilities to gun violence, unplugging java from a browser (in Paul&apos;s experience), making good money on bug bounties from IE and Adobe, condoms, castles, blaming PSY for additional Korean hacks and the best innovation story that we&apos;ve heard in a while. Meow. 2786 YahooPartnerVideoID Blip post id 6506311 http://blip.tv/file/6489620 Technology Science & Technology youtube Hacking x-ray machines, comparing vulnerabilities to gun violence, unplugging java from a browser (in Paul&apos;s experience), making good money on bug bounties from IE and Adobe, condoms, castles, blaming PSY for additional Korean hacks and the best innovation story that we&apos;ve heard in a while. Meow. Fri, 18 Jan 2013 16:16:23 +0000 http://a.images.blip.tv/Pauldotom-Episode316DrunkenSecurityNews472-55.jpg <iframe src="http://blip.tv/play/hr4jg42PKwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg42PKwI" style="display:none"></embed> Episode 316 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ 555E5E12-5C69-11E2-8CDF-B39D4E419FDE http://blip.tv/pauldotcom/episode-315-csrf-primer-6499896 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6499896 6483205 file no 0.0 2013-01-12T03:37:04Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 741 hr4jg4zdHAI http://blip.tv/play/hr4jg4zdHAI http://blip.tv/comments/?attached_to=post6499896&skin=rss Pauldotom-Episode315CSRFPrimer606-907.jpg We apologize, the audio cuts out when the video cuts to the computer screen. But there is the text explanation on the show notes page: http://pauldotcom.com/wiki/index.php/Episode315 Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly We apologize, the audio cuts out when the video cuts to the computer screen. But there is the text explanation on the show notes page: http://pauldotcom.com/wiki/index.php/Episode315 741 YahooPartnerVideoID Blip post id 6499896 http://blip.tv/file/6483205 Technology Sat, 12 Jan 2013 03:37:04 +0000 http://a.images.blip.tv/Pauldotom-Episode315CSRFPrimer606-907.jpg <iframe src="http://blip.tv/play/hr4jg4zdHAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4zdHAI" style="display:none"></embed> Episode 315 - CSRF Primer http://creativecommons.org/licenses/by-nc-nd/3.0/ 4A1C3644-5C61-11E2-942F-E3F01C43484E http://blip.tv/pauldotcom/episode-315-drunken-security-news-6499852 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6499852 6483161 file no 0.0 2013-01-12T02:39:29Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2588 hr4jg4zccAI http://blip.tv/play/hr4jg4zccAI http://blip.tv/comments/?attached_to=post6499852&skin=rss Pauldotom-Episode315DrunkenSecurityNews951-46.jpg Java 0day (Yay!), new metasploit modules, CISO gets to say &quot;I told you so!&quot;, new evolutions in wireless hacking, a $17,000 precision guided firearm (aka a big freaking gun), Men in Black, NTLM broken, McAfee writing malicious code, Mastercard defaced, Moxie Marlinspike&apos;s career advice and stray cats carrying computer viruses. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Java 0day (Yay!), new metasploit modules, CISO gets to say &quot;I told you so!&quot;, new evolutions in wireless hacking, a $17,000 precision guided firearm (aka a big freaking gun), Men in Black, NTLM broken, McAfee writing malicious code, Mastercard defaced, Moxie Marlinspike&apos;s career advice and stray cats carrying computer viruses. 2588 YahooPartnerVideoID Blip post id 6499852 http://blip.tv/file/6483161 Technology Science & Technology youtube Java 0day (Yay!), new metasploit modules, CISO gets to say &quot;I told you so!&quot;, new evolutions in wireless hacking, a $17,000 precision guided firearm (aka a big freaking gun), Men in Black, NTLM broken, McAfee writing malicious code, Mastercard defaced, Moxie Marlinspike&apos;s career advice and stray cats carrying computer viruses. Sat, 12 Jan 2013 02:39:29 +0000 http://a.images.blip.tv/Pauldotom-Episode315DrunkenSecurityNews951-46.jpg <iframe src="http://blip.tv/play/hr4jg4zccAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4zccAI" style="display:none"></embed> Episode 315 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ 3CFF6BFC-5C4D-11E2-800B-F806B76F1D85 http://blip.tv/pauldotcom/episode-315-kati-rodzon-and-mike-murray-6499724 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6499724 6483033 file no 0.0 2013-01-12T00:15:58Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2798 hr4jg4zbcAI http://blip.tv/play/hr4jg4zbcAI http://blip.tv/comments/?attached_to=post6499724&skin=rss Pauldotom-Episode315KatiRodzonAndMikeMurray480-893.jpg Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last 9 years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in reinforcement can drastically change individual behavior, Kati has spent the better part of a decade learning how humans work and now applies that to security awareness. Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last 9 years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in reinforcement can drastically change individual behavior, Kati has spent the better part of a decade learning how humans work and now applies that to security awareness. Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization. 2798 YahooPartnerVideoID Blip post id 6499724 http://blip.tv/file/6483033 Technology Science & Technology youtube Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last 9 years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in reinforcement can drastically change individual behavior, Kati has spent the better part of a decade learning how humans work and now applies that to security awareness.&#13;&#10;Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. Mike co-founded MAD Security, where he leads engagements to help corporate and government customers understand and protect their security organization. Sat, 12 Jan 2013 00:15:58 +0000 http://a.images.blip.tv/Pauldotom-Episode315KatiRodzonAndMikeMurray480-893.jpg <iframe src="http://blip.tv/play/hr4jg4zbcAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4zbcAI" style="display:none"></embed> Episode 315 - Kati Rodzon and Mike Murray http://creativecommons.org/licenses/by-nc-nd/3.0/ DC744F9E-5AD7-11E2-97DA-AB9751C54871 http://blip.tv/pauldotcom/episode-314-drunken-security-news-6497804 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6497804 6481113 file no 0.0 2013-01-10T03:43:13Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3444 hr4jg4zMcAI http://blip.tv/play/hr4jg4zMcAI http://blip.tv/comments/?attached_to=post6497804&skin=rss Pauldotom-Episode314DrunkenSecurityNews100-47.jpg Safe sexting, Facebook password disclosure ban, Apple causes increased crime in NYC, the Defcon documentary preview, IE 0day, Turktrust, 94% of healthcare breached, RoR vulnerable to SQLi, finding source code in version control Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Safe sexting, Facebook password disclosure ban, Apple causes increased crime in NYC, the Defcon documentary preview, IE 0day, Turktrust, 94% of healthcare breached, RoR vulnerable to SQLi, finding source code in version control 3444 http://blip.tv/file/6481113 Technology Science & Technology youtube Safe sexting, Facebook password disclosure ban, Apple causes increased crime in NYC, the Defcon documentary preview, IE 0day, Turktrust, 94% of healthcare breached, RoR vulnerable to SQLi, finding source code in version control Thu, 10 Jan 2013 03:43:13 +0000 http://a.images.blip.tv/Pauldotom-Episode314DrunkenSecurityNews100-47.jpg <iframe src="http://blip.tv/play/hr4jg4zMcAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4zMcAI" style="display:none"></embed> Episode 314 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ 88C4976C-56B5-11E2-93FF-E86747A1F862 http://blip.tv/pauldotcom/hack-naked-tv-episode-49-6493341 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6493341 6476650 file no 0.0 2013-01-04T21:27:25Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 477 hr4jg4yqAQI http://blip.tv/play/hr4jg4yqAQI http://blip.tv/comments/?attached_to=post6493341&skin=rss Pauldotom-HackNakedTVEpisode49916-142.jpg In this episode we discuss Facebook and IE vulnerabilities. We talk about cool Active Defense tricks and I get all up in the grill of infosec pros who recommend not using software like Java and IE to their customers. For all of the links for this episode and others check out www.pauldotcom.com Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we discuss Facebook and IE vulnerabilities. We talk about cool Active Defense tricks and I get all up in the grill of infosec pros who recommend not using software like Java and IE to their customers. For all of the links for this episode and others check out www.pauldotcom.com 477 YahooPartnerVideoID Blip post id 6493341 http://blip.tv/file/6476650 Art Science & Technology youtube In this episode we discuss Facebook and IE vulnerabilities. We talk about cool Active Defense tricks and I get all up in the grill of infosec pros who recommend not using software like Java and IE to their customers.&#13;&#10;&#13;&#10;For all of the links for this episode and others check out www.pauldotcom.com &#13;&#10;&#13;&#10;Thanks&#13;&#10;&#13;&#10;John Strand Fri, 04 Jan 2013 21:27:25 +0000 http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode49916-142.jpg <iframe src="http://blip.tv/play/hr4jg4yqAQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4yqAQI" style="display:none"></embed> Hack Naked TV Episode 49 http://creativecommons.org/licenses/by-nc-nd/3.0/ A839E60A-567A-11E2-BA7C-A5794C627865 http://blip.tv/pauldotcom/episode-314-interview-with-dr-eric-cole-6492978 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6492978 6476287 file no 0.0 2013-01-04T14:25:58Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1942 hr4jg4ynFgI http://blip.tv/play/hr4jg4ynFgI http://blip.tv/comments/?attached_to=post6492978&skin=rss Pauldotom-Episode314InterviewWithDrEricCole463-64.jpg Dr. Cole is a SANS instructor and author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. Plus he recently released Advanced Persistent Threat (drink!). Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Dr. Cole is a SANS instructor and author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. Plus he recently released Advanced Persistent Threat (drink!). 1942 http://blip.tv/file/6476287 Technology Science & Technology youtube Dr. Cole is a SANS instructor and author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. Plus he recently released Advanced Persistent Threat (drink!). Fri, 04 Jan 2013 14:25:58 +0000 http://a.images.blip.tv/Pauldotom-Episode314InterviewWithDrEricCole463-64.jpg <iframe src="http://blip.tv/play/hr4jg4ynFgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4ynFgI" style="display:none"></embed> Episode 314 - Interview with Dr. Eric Cole http://creativecommons.org/licenses/by-nc-nd/3.0/ 03BBB082-4FE9-11E2-A0D2-9707D993FB79 http://blip.tv/pauldotcom/episode-313-drunken-security-news-6486857 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6486857 6470166 file no 0.0 2012-12-27T05:48:18Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2423 hr4jg4v3LQI http://blip.tv/play/hr4jg4v3LQI http://blip.tv/comments/?attached_to=post6486857&skin=rss Pauldotom-Episode313DrunkenSecurityNews180-546.jpg The Holiday Edition! Paul&apos;s talking about a naked Scarlett Johannson and getting Grandma to HTTPS Everywhere. The guys take Adobe to task for still not fixing a two year old vulnerability, they look at the top gadgets of 2012, as well as the top stories of the year. Paul wants you to support your DBAs and encourage database security, and he asks &quot;Should we exploit every vulnerability to prove it exists?&quot; Larry has updates on the Onity hotel lock situation and the going rate for hacked credit card terminals. Finally, Santa Jack talks about fixing a potential vulnerability by uploading a vulnerability. Oh, and don&apos;t forget about Security BSides Rhode Island on June 15. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly The Holiday Edition! Paul&apos;s talking about a naked Scarlett Johannson and getting Grandma to HTTPS Everywhere. The guys take Adobe to task for still not fixing a two year old vulnerability, they look at the top gadgets of 2012, as well as the top stories of the year. Paul wants you to support your DBAs and encourage database security, and he asks &quot;Should we exploit every vulnerability to prove it exists?&quot; Larry has updates on the Onity hotel lock situation and the going rate for hacked credit card terminals. Finally, Santa Jack talks about fixing a potential vulnerability by uploading a vulnerability. Oh, and don&apos;t forget about Security BSides Rhode Island on June 15. 2423 YahooPartnerVideoID Blip post id 6486857 http://blip.tv/file/6470166 Technology Science & Technology youtube The Holiday Edition! Paul&apos;s talking about a naked Scarlett Johannson and getting Grandma to HTTPS Everywhere. The guys take Adobe to task for still not fixing a two year old vulnerability, they look at the top gadgets of 2012, as well as the top stories of the year. Paul wants you to support your DBAs and encourage database security, and he asks &quot;Should we exploit every vulnerability to prove it exists?&quot; Larry has updates on the Onity hotel lock situation and the going rate for hacked credit card terminals. Finally, Santa Jack talks about fixing a potential vulnerability by uploading a vulnerability. Oh, and don&apos;t forget about Security BSides Rhode Island on June 15. Thu, 27 Dec 2012 05:48:18 +0000 http://a.images.blip.tv/Pauldotom-Episode313DrunkenSecurityNews180-546.jpg <iframe src="http://blip.tv/play/hr4jg4v3LQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4v3LQI" style="display:none"></embed> Episode 313 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ D3C918C4-4FD9-11E2-8ABC-A94ACA72B38E http://blip.tv/pauldotcom/episode-313-tim-medin-and-the-sans-hacking-challenge-6486806 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6486806 6470115 file no 0.0 2012-12-27T03:59:35Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1246 hr4jg4v2egI http://blip.tv/play/hr4jg4v2egI http://blip.tv/comments/?attached_to=post6486806&skin=rss Pauldotom-Episode313TimMedinAndTheSANSHackingChallenge618-535.jpg Tim Medin from Counter Hack Challenges joins the show to tell about the Miser brothers and the Year Without a Santa Claus and explain the SANS Holiday Challenge 2012. Hack your way through five levels to warm up Snow Miser and cool down Heat Miser and get Santa back to work. Plus, Paul gets a pretty creepy phone call from someone special. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Tim Medin from Counter Hack Challenges joins the show to tell about the Miser brothers and the Year Without a Santa Claus and explain the SANS Holiday Challenge 2012. Hack your way through five levels to warm up Snow Miser and cool down Heat Miser and get Santa back to work. Plus, Paul gets a pretty creepy phone call from someone special. 1246 YahooPartnerVideoID Blip post id 6486806 http://blip.tv/file/6470115 Technology Science & Technology youtube Tim Medin from Counter Hack Challenges joins the show to tell about the Miser brothers and the Year Without a Santa Claus and explain the SANS Holiday Challenge 2012. Hack your way through five levels to warm up Snow Miser and cool down Heat Miser and get Santa back to work. Plus, Paul gets a pretty creepy phone call from someone special. Thu, 27 Dec 2012 03:59:35 +0000 http://a.images.blip.tv/Pauldotom-Episode313TimMedinAndTheSANSHackingChallenge618-535.jpg <iframe src="http://blip.tv/play/hr4jg4v2egI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4v2egI" style="display:none"></embed> Episode 313 - Tim Medin and the SANS Hacking Challenge http://creativecommons.org/licenses/by-nc-nd/3.0/ C17D1524-488D-11E2-8830-E7E5E8A26240 http://blip.tv/pauldotcom/episode-312-drunken-security-news-6478918 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6478918 6462227 file no 0.0 2012-12-17T21:07:24Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3801 hr4jg4u5KgI http://blip.tv/play/hr4jg4u5KgI http://blip.tv/comments/?attached_to=post6478918&skin=rss Pauldotom-Episode312DrunkenSecurityNews540-91.jpg Bug bounties on PayPal, offensive security tips and reminders, Onity lock fixes, hiding botnets, escalating admin privileges, hacking Samsung TVs, and Paul&apos;s &quot;Big Announcement&quot;! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Bug bounties on PayPal, offensive security tips and reminders, Onity lock fixes, hiding botnets, escalating admin privileges, hacking Samsung TVs, and Paul&apos;s &quot;Big Announcement&quot;! 3801 YahooPartnerVideoID Blip post id 6478918 http://blip.tv/file/6462227 Technology Science & Technology youtube Bug bounties on PayPal, offensive security tips and reminders, Onity lock fixes, hiding botnets, escalating admin privileges, hacking Samsung TVs, and Paul&apos;s &quot;Big Announcement&quot;! Mon, 17 Dec 2012 21:07:24 +0000 http://a.images.blip.tv/Pauldotom-Episode312DrunkenSecurityNews540-91.jpg <iframe src="http://blip.tv/play/hr4jg4u5KgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4u5KgI" style="display:none"></embed> Episode 312 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ 2976F670-4566-11E2-984C-AD098160D7AF http://blip.tv/pauldotcom/episode-311-tech-segment-giskismet-with-larry-6475393 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6475393 6458702 file no 0.0 2012-12-13T20:46:25Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1271 hr4jg4udZQI http://blip.tv/play/hr4jg4udZQI http://blip.tv/comments/?attached_to=post6475393&skin=rss Pauldotom-Episode311TechSegmentGISKismetWithLarry394-846.jpg I&apos;ll say up front, I love GISkismet for interpreting kismet .netxml output for sending to Google Earth. However, I find that sending the .nextml output to Sqlite3 also gives me plenty of options for reporting on issues as well! In many cases when I do assessments, I won&apos;t have GPS location available; I&apos;m walking around inside of the assessment environment without a clear view of the sky. In this case, this gives me the ability to see the environment just like the clients see it, often times revealing some risk that is oft forgotten about. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly I&apos;ll say up front, I love GISkismet for interpreting kismet .netxml output for sending to Google Earth. However, I find that sending the .nextml output to Sqlite3 also gives me plenty of options for reporting on issues as well! In many cases when I do assessments, I won&apos;t have GPS location available; I&apos;m walking around inside of the assessment environment without a clear view of the sky. In this case, this gives me the ability to see the environment just like the clients see it, often times revealing some risk that is oft forgotten about. 1271 YahooPartnerVideoID Blip post id 6475393 http://blip.tv/file/6458702 Technology Science & Technology youtube I&apos;ll say up front, I love GISkismet for interpreting kismet .netxml output for sending to Google Earth. However, I find that sending the .nextml output to Sqlite3 also gives me plenty of options for reporting on issues as well!&#13;&#10;&#13;&#10;In many cases when I do assessments, I won&apos;t have GPS location available; I&apos;m walking around inside of the assessment environment without a clear view of the sky. In this case, this gives me the ability to see the environment just like the clients see it, often times revealing some risk that is oft forgotten about. Thu, 13 Dec 2012 20:46:25 +0000 http://a.images.blip.tv/Pauldotom-Episode311TechSegmentGISKismetWithLarry394-846.jpg <iframe src="http://blip.tv/play/hr4jg4udZQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4udZQI" style="display:none"></embed> Episode 311 - Tech Segment GISKismet with Larry http://creativecommons.org/licenses/by-nc-nd/3.0/ 71361E92-455B-11E2-ABF5-9D99796C75CC http://blip.tv/pauldotcom/episode-310-drunken-security-news-6475317 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6475317 6458626 file no 0.0 2012-12-13T19:29:41Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2597 hr4jg4udGQI http://blip.tv/play/hr4jg4udGQI http://blip.tv/comments/?attached_to=post6475317&skin=rss Pauldotom-Episode310DrunkenSecurityNews921-540.jpg US-CERT: Samsung Printer Firmware Contains Backdoor - Oh, and here is the MIB This is one giagantic flaming pile of crap. The entire thing, from firmware to vulnerability disclosure, it all sucks. So, once upon a time a developer decided it would be a good idea (likely sometime in 2004), to add in an SNMP backdoor. This means the device will listen on UDP port 1118 for SNMP traps. The same password of &quot;s!a@m#n$p%c&quot; will get you in and allow you to read (and write?) via SNMP. Samsung came out and said there was a vulnerability, and it affected Dell printers too. Samsung said they would produce a fix before the end of the year. They did not release the models that are vulnerable. Then they said they would have a fix for us tomorrow. In the mean time, they&apos;ve pulled all the firmware downloads from their site. What are you hiding Samsung? What, you don&apos;t want us to know just how deep and wide your problems with firmware go? Now you&apos;ve caught my attention, and the attention of lots of other firmware reverse engineering curious type people. I&apos;m still on a mission to improve the security of embedded systems, and this is one reason why. I agree with some of thecomments on Twitter, we are all to blame. Developers are to blame, users, and security folks for not working together and fixing the problem. NEOHAPSIS - Security Advisory - TP-LINK TL-WR841N LFI - Just an FYI, this does not require a password to execute, its sorta like an LFI with a splash of authentication bypass. Not only that, but the web user can read the freaking /etc/shadow file according to the advisory. Holy face palm batman! Belkin wireless routers weak key - Who thinks its a good idea to base the default key on the MAC address? Really? Just stop, don&apos;t put a default WPA/WPA2 key on the device. Let the user enter it, make a wizard or something. If the user can&apos;t figure out how to enter a password, they shouldn&apos;t use wirless. If they really want to use wireless, they should call the geek squad or something. The Hackback Debate | Steptoe Cyberblog - This was way too long to read, but I will read it at some point. There are a few articles a month on hacking back. There needs to be more. Prince William photos accidentally reveal RAF password | Naked Security - So, you work for the military. Doesn&apos;t even matter which military, and somehow you thinks its a good idea to print out the username and password for a system, stick it on the wall, then let press take pictures? Super Fail, super fail, you&apos;re a super fail super fail!!! Backdoor found in Piwik analytics software - Update - The H Security: News and Features - Guess how the backdoor got there? If you guessed a vulnerable Wordpress plugin you won the lottery! (Not really, someone from the midwest and Arizona won, congrats to you, lets see how long before you go broke, crazy, or dead, and not in that order). I wonder if it was the Wordfence plugin, thats a security plugin that contains an XSS vulnerability. Think they could be more like Yahoo! and not have stupid XSS vulnerabilities, oh wait, nevermind. Yahoo XSS exploits going for $700 - Yep, Yahoo! has XSS, could be fun to exploit this one, steal cookies, etc... Turns out is so much fun that people are selling them for $700, which I think is low... ENISA promotes digital hacker traps - honeypots are powerful tools that CERTs (Computer Emergency Response Teams) can use to have &quot;threat intelligence collected without any impact on production infrastructure&quot;. Amen to that, if you have your ducks in a row, deploy a honeypot today! Mobile browser vulnerability lets hackers steal cloud computing time - I think its interesting that people used to steal computer time when the first computers were invented, now we&apos;ve gone back to that. Top 5 Security Predictions for 2013 from ISF - This is the best advice ever: Organizations must prepare for the unpredictable so they have the resilience to withstand unforeseen, high impact events. Gee, thanks for that. Geek Researcher Spends Three Years Living With Hackers - Funny, after staring atpeople sitting in front of a computer who don&apos;t shower, she came to the conclusion that hackers are actually pretty boring and smelly people! US software firm hacked for years after suing China - The Empire Strikes Back should have been the title of this article... Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly US-CERT: Samsung Printer Firmware Contains Backdoor - Oh, and here is the MIB This is one giagantic flaming pile of crap. The entire thing, from firmware to vulnerability disclosure, it all sucks. So, once upon a time a developer decided it would be a good idea (likely sometime in 2004), to add in an SNMP backdoor. This means the device will listen on UDP port 1118 for SNMP traps. The same password of &quot;s!a@m#n$p%c&quot; will get you in and allow you to read (and write?) via SNMP. Samsung came out and said there was a vulnerability, and it affected Dell printers too. Samsung said they would produce a fix before the end of the year. They did not release the models that are vulnerable. Then they said they would have a fix for us tomorrow. In the mean time, they&apos;ve pulled all the firmware downloads from their site. What are you hiding Samsung? What, you don&apos;t want us to know just how deep and wide your problems with firmware go? Now you&apos;ve caught my attention, and the attention of lots of other firmware reverse engineering curious type people. I&apos;m still on a mission to improve the security of embedded systems, and this is one reason why. I agree with some of thecomments on Twitter, we are all to blame. Developers are to blame, users, and security folks for not working together and fixing the problem. NEOHAPSIS - Security Advisory - TP-LINK TL-WR841N LFI - Just an FYI, this does not require a password to execute, its sorta like an LFI with a splash of authentication bypass. Not only that, but the web user can read the freaking /etc/shadow file according to the advisory. Holy face palm batman! Belkin wireless routers weak key - Who thinks its a good idea to base the default key on the MAC address? Really? Just stop, don&apos;t put a default WPA/WPA2 key on the device. Let the user enter it, make a wizard or something. If the user can&apos;t figure out how to enter a password, they shouldn&apos;t use wirless. If they really want to use wireless, they should call the geek squad or something. The Hackback Debate | Steptoe Cyberblog - This was way too long to read, but I will read it at some point. There are a few articles a month on hacking back. There needs to be more. Prince William photos accidentally reveal RAF password | Naked Security - So, you work for the military. Doesn&apos;t even matter which military, and somehow you thinks its a good idea to print out the username and password for a system, stick it on the wall, then let press take pictures? Super Fail, super fail, you&apos;re a super fail super fail!!! Backdoor found in Piwik analytics software - Update - The H Security: News and Features - Guess how the backdoor got there? If you guessed a vulnerable Wordpress plugin you won the lottery! (Not really, someone from the midwest and Arizona won, congrats to you, lets see how long before you go broke, crazy, or dead, and not in that order). I wonder if it was the Wordfence plugin, thats a security plugin that contains an XSS vulnerability. Think they could be more like Yahoo! and not have stupid XSS vulnerabilities, oh wait, nevermind. Yahoo XSS exploits going for $700 - Yep, Yahoo! has XSS, could be fun to exploit this one, steal cookies, etc... Turns out is so much fun that people are selling them for $700, which I think is low... ENISA promotes digital hacker traps - honeypots are powerful tools that CERTs (Computer Emergency Response Teams) can use to have &quot;threat intelligence collected without any impact on production infrastructure&quot;. Amen to that, if you have your ducks in a row, deploy a honeypot today! Mobile browser vulnerability lets hackers steal cloud computing time - I think its interesting that people used to steal computer time when the first computers were invented, now we&apos;ve gone back to that. Top 5 Security Predictions for 2013 from ISF - This is the best advice ever: Organizations must prepare for the unpredictable so they have the resilience to withstand unforeseen, high impact events. Gee, thanks for that. Geek Researcher Spends Three Years Living With Hackers - Funny, after staring atpeople sitting in front of a computer who don&apos;t shower, she came to the conclusion that hackers are actually pretty boring and smelly people! US software firm hacked for years after suing China - The Empire Strikes Back should have been the title of this article... 2597 YahooPartnerVideoID Blip post id 6475317 http://blip.tv/file/6458626 Technology Science & Technology youtube US-CERT: Samsung Printer Firmware Contains Backdoor - Oh, and here is the MIB This is one giagantic flaming pile of crap. The entire thing, from firmware to vulnerability disclosure, it all sucks. So, once upon a time a developer decided it would be a good idea (likely sometime in 2004), to add in an SNMP backdoor. This means the device will listen on UDP port 1118 for SNMP traps. The same password of &quot;s!a@m#n$p%c&quot; will get you in and allow you to read (and write?) via SNMP. Samsung came out and said there was a vulnerability, and it affected Dell printers too. Samsung said they would produce a fix before the end of the year. They did not release the models that are vulnerable. Then they said they would have a fix for us tomorrow. In the mean time, they&apos;ve pulled all the firmware downloads from their site. What are you hiding Samsung? What, you don&apos;t want us to know just how deep and wide your problems with firmware go? Now you&apos;ve caught my attention, and the attention of lots of other firmware reverse engineering curious type people. I&apos;m still on a mission to improve the security of embedded systems, and this is one reason why. I agree with some of thecomments on Twitter, we are all to blame. Developers are to blame, users, and security folks for not working together and fixing the problem.&#13;&#10;NEOHAPSIS - Security Advisory - TP-LINK TL-WR841N LFI - Just an FYI, this does not require a password to execute, its sorta like an LFI with a splash of authentication bypass. Not only that, but the web user can read the freaking /etc/shadow file according to the advisory. Holy face palm batman!&#13;&#10;Belkin wireless routers weak key - Who thinks its a good idea to base the default key on the MAC address? Really? Just stop, don&apos;t put a default WPA/WPA2 key on the device. Let the user enter it, make a wizard or something. If the user can&apos;t figure out how to enter a password, they shouldn&apos;t use wirless. If they really want to use wireless, they should call the geek squad or something.&#13;&#10;The Hackback Debate | Steptoe Cyberblog - This was way too long to read, but I will read it at some point. There are a few articles a month on hacking back. There needs to be more.&#13;&#10;Prince William photos accidentally reveal RAF password | Naked Security - So, you work for the military. Doesn&apos;t even matter which military, and somehow you thinks its a good idea to print out the username and password for a system, stick it on the wall, then let press take pictures? Super Fail, super fail, you&apos;re a super fail super fail!!!&#13;&#10;Backdoor found in Piwik analytics software - Update - The H Security: News and Features - Guess how the backdoor got there? If you guessed a vulnerable Wordpress plugin you won the lottery! (Not really, someone from the midwest and Arizona won, congrats to you, lets see how long before you go broke, crazy, or dead, and not in that order). I wonder if it was the Wordfence plugin, thats a security plugin that contains an XSS vulnerability. Think they could be more like Yahoo! and not have stupid XSS vulnerabilities, oh wait, nevermind.&#13;&#10;Yahoo XSS exploits going for $700 - Yep, Yahoo! has XSS, could be fun to exploit this one, steal cookies, etc... Turns out is so much fun that people are selling them for $700, which I think is low...&#13;&#10;ENISA promotes digital hacker traps - honeypots are powerful tools that CERTs (Computer Emergency Response Teams) can use to have &quot;threat intelligence collected without any impact on production infrastructure&quot;. Amen to that, if you have your ducks in a row, deploy a honeypot today!&#13;&#10;Mobile browser vulnerability lets hackers steal cloud computing time - I think its interesting that people used to steal computer time when the first computers were invented, now we&apos;ve gone back to that.&#13;&#10;Top 5 Security Predictions for 2013 from ISF - This is the best advice ever: Organizations must prepare for the unpredictable so they have the resilience to withstand unforeseen, high impact events. Gee, thanks for that.&#13;&#10;Geek Researcher Spends Three Years Living With Hackers - Funny, after staring atpeople sitting in front of a computer who don&apos;t shower, she came to the conclusion that hackers are actually pretty boring and smelly people!&#13;&#10;US software firm hacked for years after suing China - The Empire Strikes Back should have been the title of this article... Thu, 13 Dec 2012 19:29:41 +0000 http://a.images.blip.tv/Pauldotom-Episode310DrunkenSecurityNews921-540.jpg <iframe src="http://blip.tv/play/hr4jg4udGQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4udGQI" style="display:none"></embed> Episode 310 - Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ CAE6E4EE-454C-11E2-92B2-915F59740495 http://blip.tv/pauldotcom/tech-segment-minipwner-tp-link-tl-wr703n-pen-testing-drop-box-6475197 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6475197 6458506 file no 0.0 2012-12-13T17:44:49Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1681 hr4jg4ucIQI http://blip.tv/play/hr4jg4ucIQI http://blip.tv/comments/?attached_to=post6475197&skin=rss Pauldotom-TechSegmentMiniPwnerTPLinkTLWR703nPenTestingDropBox910-403.jpg The MiniPwner is a pen-testing drop box. Prior to the MiniPwner we were using a Pwnie Express or an Apple travel router as drop boxes during physical penetration tests. But these solutions depended on a known IP addressing scheme or DHCP, a power outlet near an open network port, and unfiltered Internet access. My wish list for a home-built drop box was a router that was small, inexpensive, OpenWRT supported, had wired and wireless interfaces, had space for a USB drive, and could be battery powered, all without soldering or custom firmware. The WR703N router had recently become available and OpenWRT supported and seemed to be a perfect fit. What Makes it Cool TL-WR703N is cheap (under $25) Small but powerful - Wired, Wireless, USB, battery power No need to compile firmware or do any soldering to build a MiniPwner Flexibility - add whatever packages you desire [edit] MiniPwner Build Overview What you&apos;ll need: TPLink TL-WR703N (or the slightly larger TL-MR3020) USB flash drive (I like the low profile Cruzer Fit drives) Battery Pack (I get the Sharper Image charger kit) Ethernet cable, velcro High Level Build Steps 1) Download the current OpenWrt firmware from downloads.openwrt.org or the 5/14/2012 &quot;Derbycon&quot; build off minipwner.com. 2) Use the web interface of the factory firmware to flash the router 3) Configure the Network 4) Mount the USB Drive 5) Download and install security packages Some of the packages in the build script include: Nmap, Tcpdump, Aircrack-ng, Kismet, Openvpn, Airpwn, Dsniff, SSLsniff, Parasite, Reaver, Nbtscan, Snort The &quot;DerbyCon&quot; build uses the nightly snapshot from 5/14/2012 with a couple mods. A custom build script can be found in /user/share after the firmware is applied, and Reaver has been added to the packages repository. It is the only build I know of with Dsniff, Kismet and Reaver all working. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly The MiniPwner is a pen-testing drop box. Prior to the MiniPwner we were using a Pwnie Express or an Apple travel router as drop boxes during physical penetration tests. But these solutions depended on a known IP addressing scheme or DHCP, a power outlet near an open network port, and unfiltered Internet access. My wish list for a home-built drop box was a router that was small, inexpensive, OpenWRT supported, had wired and wireless interfaces, had space for a USB drive, and could be battery powered, all without soldering or custom firmware. The WR703N router had recently become available and OpenWRT supported and seemed to be a perfect fit. What Makes it Cool TL-WR703N is cheap (under $25) Small but powerful - Wired, Wireless, USB, battery power No need to compile firmware or do any soldering to build a MiniPwner Flexibility - add whatever packages you desire [edit] MiniPwner Build Overview What you&apos;ll need: TPLink TL-WR703N (or the slightly larger TL-MR3020) USB flash drive (I like the low profile Cruzer Fit drives) Battery Pack (I get the Sharper Image charger kit) Ethernet cable, velcro High Level Build Steps 1) Download the current OpenWrt firmware from downloads.openwrt.org or the 5/14/2012 &quot;Derbycon&quot; build off minipwner.com. 2) Use the web interface of the factory firmware to flash the router 3) Configure the Network 4) Mount the USB Drive 5) Download and install security packages Some of the packages in the build script include: Nmap, Tcpdump, Aircrack-ng, Kismet, Openvpn, Airpwn, Dsniff, SSLsniff, Parasite, Reaver, Nbtscan, Snort The &quot;DerbyCon&quot; build uses the nightly snapshot from 5/14/2012 with a couple mods. A custom build script can be found in /user/share after the firmware is applied, and Reaver has been added to the packages repository. It is the only build I know of with Dsniff, Kismet and Reaver all working. 1681 YahooPartnerVideoID Blip post id 6475197 http://blip.tv/file/6458506 Technology Science & Technology youtube The MiniPwner is a pen-testing drop box. Prior to the MiniPwner we were using a Pwnie Express or an Apple travel router as drop boxes during physical penetration tests. But these solutions depended on a known IP addressing scheme or DHCP, a power outlet near an open network port, and unfiltered Internet access. My wish list for a home-built drop box was a router that was small, inexpensive, OpenWRT supported, had wired and wireless interfaces, had space for a USB drive, and could be battery powered, all without soldering or custom firmware. The WR703N router had recently become available and OpenWRT supported and seemed to be a perfect fit.&#13;&#10;What Makes it Cool&#13;&#10;&#13;&#10;TL-WR703N is cheap (under $25)&#13;&#10;Small but powerful - Wired, Wireless, USB, battery power&#13;&#10;No need to compile firmware or do any soldering to build a MiniPwner&#13;&#10;Flexibility - add whatever packages you desire&#13;&#10;[edit] MiniPwner Build Overview&#13;&#10;&#13;&#10;What you&apos;ll need:&#13;&#10;TPLink TL-WR703N (or the slightly larger TL-MR3020)&#13;&#10;USB flash drive (I like the low profile Cruzer Fit drives)&#13;&#10;Battery Pack (I get the Sharper Image charger kit)&#13;&#10;Ethernet cable, velcro&#13;&#10;High Level Build Steps 1) Download the current OpenWrt firmware from downloads.openwrt.org or the 5/14/2012 &quot;Derbycon&quot; build off minipwner.com. 2) Use the web interface of the factory firmware to flash the router 3) Configure the Network 4) Mount the USB Drive 5) Download and install security packages&#13;&#10;Some of the packages in the build script include: Nmap, Tcpdump, Aircrack-ng, Kismet, Openvpn, Airpwn, Dsniff, SSLsniff, Parasite, Reaver, Nbtscan, Snort&#13;&#10;The &quot;DerbyCon&quot; build uses the nightly snapshot from 5/14/2012 with a couple mods. A custom build script can be found in /user/share after the firmware is applied, and Reaver has been added to the packages repository. It is the only build I know of with Dsniff, Kismet and Reaver all working. pauldotcom hacking minipwner kevin bong Thu, 13 Dec 2012 17:44:49 +0000 pauldotcom, hacking, minipwner, kevin bong http://a.images.blip.tv/Pauldotom-TechSegmentMiniPwnerTPLinkTLWR703nPenTestingDropBox910-403.jpg pauldotcom, hacking, minipwner, kevin bong <iframe src="http://blip.tv/play/hr4jg4ucIQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4ucIQI" style="display:none"></embed> Tech Segment: MiniPwner (TP-Link TL-WR703n Pen Testing Drop Box) http://creativecommons.org/licenses/by-nc-nd/3.0/ EFF23196-4536-11E2-B8BE-E86DE49BBA11 http://blip.tv/pauldotcom/drunken-security-news-311-6474995 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6474995 6458304 file no 0.0 2012-12-13T15:08:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2879 hr4jg4uaVwI http://blip.tv/play/hr4jg4uaVwI http://blip.tv/comments/?attached_to=post6474995&skin=rss Pauldotom-DrunkenSecurityNews311169-409.jpg Email hacks router - The H Security: News and Features - This type of attack crops up from time to time. As always, I warn people about the details. CSRF attacks that rely on default passwords are not just CSRF attacks. Two condition need to be in place, the first being you need to have a default password set. The second the web application has to suffer from poor session management that triggers CSRF. So, the problems are still lying within the embedded device manufacturers. They need to apply security to their web applications. They need to allow the user to enter a default password, or even generate one and put a sticker on the device. Look, its messed up. The default password makes it easy. But, most users never even log into their routers, so why bother with a default password? Users that are not sophisticated enough to configure a router are not going to benefit from a default password. Users advanced enough to log into the router will be able to set an initial password. Stick that in your router and smoke it. US woman arrested for bank robbery brags on YouTube about robbing a bank - Bank robbers almost always get caught, its easier to create or rent a botnet. They are especially prone to getting caught when you brag about it on YouTube. Forget Disclosure ? Hackers Should Keep Security Holes to Themselves | Wired Opinion | Wired.com - Sensationalism. You publish an article from someone shady, tisk tisk. The only reason you do that is to benefit from the press. Even better when the shady hacker is &quot;weev&quot;, who is likely going to federal prison for the AT&amp;T &quot;hack&quot;. As for the disclosure debate, its still a debate, any takers? DARPA Looks For Backdoors - I get it, backdoors put their by malicous insiders, or outsiders, are bad. It compromises the integrity of the device. However, a deeper problem is that embedded devices have vulnerabilities that are widely known, and so many unknown, that are put their not-on-purpose by the freaking developers! I think a better project would be to create standards and educate software developers for embedded systems. Then worry about the other &quot;stuff&quot;. Rumble in the Tumblr: Troll-worm infected thousands of blogs - Love it when this happens, the Internet is truly a crappy place. Funny how it happened, CSRF: &quot;It appears that the worm took advantage of Tumblr&apos;s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,&quot; wrote Graham Cluley, senior technology consultant at Sophos. &quot;It shouldn&apos;t have been possible for someone to post such malicious JavaScript into a Tumblr post - our assumption is that the attackers managed to skirt around Tumblr&apos;s defences by disguising their code through Base 64 encoding and embedding it in a data URI&quot; FreeSSHD Remote Authentication Bypass - This is really funny: &quot;ssh.exe -l &quot; I mean really, you write software that allows people to securely communicate with systems. Yet, you don&apos;t take the proper precautions to make sure there are no easy authentication bypass vulnerabilities? Doesn&apos;t that defeat the entire purpose of making this software in the first place? I say give up and write a Telnet server, for Solaris. Simple Nomad Locates John McAfee Through Smartphone Photo - Metadata strikes again! Buffalo Linkstation Privilege Escalation - Wow, more embedded device fail! So, using the guest credentials, and some readily available session data, you can make the guest user an admin user. Also, directory traversal gives you access to htpasswd and the certificate public AND private key. Firmware also supposed to be riddled with other issues, like file permission problems. Who is making this firmware? Why don&apos;t they apply any security? Have they never even read a book on Linux security like ever? Do they just not care? Are they in a race to see who can make the most insecure firmware? cPanel Unspecified Flaws Have Unspecified Impact - SecurityTracker - This is the best vulnerability write-up ever. We don&apos;t know what the flaws are and we don&apos;t know the impact. So, they are unspecified. I hope this attitude never gets into the medical field, &quot;Yes sir, you have some unspecified problems with your penis. The problems they would cause are also unspecified.&quot; Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Email hacks router - The H Security: News and Features - This type of attack crops up from time to time. As always, I warn people about the details. CSRF attacks that rely on default passwords are not just CSRF attacks. Two condition need to be in place, the first being you need to have a default password set. The second the web application has to suffer from poor session management that triggers CSRF. So, the problems are still lying within the embedded device manufacturers. They need to apply security to their web applications. They need to allow the user to enter a default password, or even generate one and put a sticker on the device. Look, its messed up. The default password makes it easy. But, most users never even log into their routers, so why bother with a default password? Users that are not sophisticated enough to configure a router are not going to benefit from a default password. Users advanced enough to log into the router will be able to set an initial password. Stick that in your router and smoke it. US woman arrested for bank robbery brags on YouTube about robbing a bank - Bank robbers almost always get caught, its easier to create or rent a botnet. They are especially prone to getting caught when you brag about it on YouTube. Forget Disclosure ? Hackers Should Keep Security Holes to Themselves | Wired Opinion | Wired.com - Sensationalism. You publish an article from someone shady, tisk tisk. The only reason you do that is to benefit from the press. Even better when the shady hacker is &quot;weev&quot;, who is likely going to federal prison for the AT&amp;T &quot;hack&quot;. As for the disclosure debate, its still a debate, any takers? DARPA Looks For Backdoors - I get it, backdoors put their by malicous insiders, or outsiders, are bad. It compromises the integrity of the device. However, a deeper problem is that embedded devices have vulnerabilities that are widely known, and so many unknown, that are put their not-on-purpose by the freaking developers! I think a better project would be to create standards and educate software developers for embedded systems. Then worry about the other &quot;stuff&quot;. Rumble in the Tumblr: Troll-worm infected thousands of blogs - Love it when this happens, the Internet is truly a crappy place. Funny how it happened, CSRF: &quot;It appears that the worm took advantage of Tumblr&apos;s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,&quot; wrote Graham Cluley, senior technology consultant at Sophos. &quot;It shouldn&apos;t have been possible for someone to post such malicious JavaScript into a Tumblr post - our assumption is that the attackers managed to skirt around Tumblr&apos;s defences by disguising their code through Base 64 encoding and embedding it in a data URI&quot; FreeSSHD Remote Authentication Bypass - This is really funny: &quot;ssh.exe -l &quot; I mean really, you write software that allows people to securely communicate with systems. Yet, you don&apos;t take the proper precautions to make sure there are no easy authentication bypass vulnerabilities? Doesn&apos;t that defeat the entire purpose of making this software in the first place? I say give up and write a Telnet server, for Solaris. Simple Nomad Locates John McAfee Through Smartphone Photo - Metadata strikes again! Buffalo Linkstation Privilege Escalation - Wow, more embedded device fail! So, using the guest credentials, and some readily available session data, you can make the guest user an admin user. Also, directory traversal gives you access to htpasswd and the certificate public AND private key. Firmware also supposed to be riddled with other issues, like file permission problems. Who is making this firmware? Why don&apos;t they apply any security? Have they never even read a book on Linux security like ever? Do they just not care? Are they in a race to see who can make the most insecure firmware? cPanel Unspecified Flaws Have Unspecified Impact - SecurityTracker - This is the best vulnerability write-up ever. We don&apos;t know what the flaws are and we don&apos;t know the impact. So, they are unspecified. I hope this attitude never gets into the medical field, &quot;Yes sir, you have some unspecified problems with your penis. The problems they would cause are also unspecified.&quot; 2879 YahooPartnerVideoID Blip post id 6474995 http://blip.tv/file/6458304 Technology Autos & Vehicles pauldotcom hacking security privacy Thu, 13 Dec 2012 15:08:23 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-DrunkenSecurityNews311169-409.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jg4uaVwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4uaVwI" style="display:none"></embed> Drunken Security News #311 http://creativecommons.org/licenses/by-nc-nd/3.0/ 50794DB4-3002-11E2-8F51-AD69FD3480B6 http://blip.tv/pauldotcom/hack-naked-tv-episode-48-6441123 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6441123 6424431 file no 0.0 2012-11-16T15:28:47Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 557 hr4jg4mSBwI http://blip.tv/play/hr4jg4mSBwI http://blip.tv/comments/?attached_to=post6441123&skin=rss Pauldotom-HackNakedTVEpisode48611-200.jpg In this episode we talk about AV, Skype and getting access to systems without really trying. Links for this episode: http://tinyurl.com/HNTV-BITDefender http://tinyurl.com/HNTV-CorpCheap http://tinyurl.com/HNTV-OCM-SANS-CDI http://tinyurl.com/HNTV-SkypeWTF Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we talk about AV, Skype and getting access to systems without really trying. Links for this episode: http://tinyurl.com/HNTV-BITDefender http://tinyurl.com/HNTV-CorpCheap http://tinyurl.com/HNTV-OCM-SANS-CDI http://tinyurl.com/HNTV-SkypeWTF 557 YahooPartnerVideoID Blip post id 6441123 http://blip.tv/file/6424431 Technology Science & Technology youtube In this episode we talk about AV, Skype and getting access to systems without really trying.&#13;&#10;&#13;&#10;Links for this episode:&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-BITDefender&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-CorpCheap&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-OCM-SANS-CDI&#13;&#10;&#13;&#10;http://tinyurl.com/HNTV-SkypeWTF hacking security beer pauldotcom john strand Fri, 16 Nov 2012 15:28:47 +0000 hacking, security, beer, pauldotcom, john, strand http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode48611-200.jpg hacking, security, beer, pauldotcom, john, strand <iframe src="http://blip.tv/play/hr4jg4mSBwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4mSBwI" style="display:none"></embed> Hack Naked TV Episode 48 http://creativecommons.org/licenses/by-nc-nd/3.0/ 0757759E-2F89-11E2-A93C-8D94F5C81511 http://blip.tv/pauldotcom/episode-308-firmware-reverse-engineering-drunken-security-news-6439223 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6439223 6422531 file no 0.0 2012-11-16T01:00:35Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3957 hr4jg4mDGwI http://blip.tv/play/hr4jg4mDGwI http://blip.tv/comments/?attached_to=post6439223&skin=rss Pauldotom-StreamRecording_136838-801.jpg Firmware Reverse Engineering, Drunken Security News Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Firmware Reverse Engineering, Drunken Security News 3957 YahooPartnerVideoID Blip post id 6439223 http://blip.tv/file/6422531 Technology Science & Technology youtube Firmware Reverse Engineering, Drunken Security News pauldotcom hacking security Fri, 16 Nov 2012 01:00:35 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-StreamRecording_136838-801.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4mDGwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4mDGwI" style="display:none"></embed> Episode 308 - Firmware Reverse Engineering, Drunken Security News http://creativecommons.org/licenses/by-nc-nd/3.0/ A2217442-2F72-11E2-A760-AEA604A1F6B5 http://blip.tv/pauldotcom/hacking-mobile-devices-with-web-proxies-6439029 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6439029 6422337 file no 0.0 2012-11-15T22:20:16Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1475 hr4jg4mBWQI http://blip.tv/play/hr4jg4mBWQI http://blip.tv/comments/?attached_to=post6439029&skin=rss Pauldotom-pdc_ep307_p1_1515-227.jpg In recent episodes, the subject of mobile security has come up. Mobile security is something that&apos;s fairly new, and is ripe with security and privacy concerns if you go looking for them, as a result of how new the platform is, and how much of a gold rush it has been to develop this sort of software. This provides you with a platform which is easily snooped and attack on. As it happens, most mobile traffic is plain HTTP(S), which makes the barrier to entry very low for doing sniffing of traffic and such. One tool for doing so, which provides a lot of great features, is Burp Suite. We&apos;ll take a look at how you can set up your iOS devices to work with Burp and have a bit of fun. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In recent episodes, the subject of mobile security has come up. Mobile security is something that&apos;s fairly new, and is ripe with security and privacy concerns if you go looking for them, as a result of how new the platform is, and how much of a gold rush it has been to develop this sort of software. This provides you with a platform which is easily snooped and attack on. As it happens, most mobile traffic is plain HTTP(S), which makes the barrier to entry very low for doing sniffing of traffic and such. One tool for doing so, which provides a lot of great features, is Burp Suite. We&apos;ll take a look at how you can set up your iOS devices to work with Burp and have a bit of fun. 1475 YahooPartnerVideoID Blip post id 6439029 http://blip.tv/file/6422337 Technology Science & Technology youtube In recent episodes, the subject of mobile security has come up. Mobile security is something that&apos;s fairly new, and is ripe with security and privacy concerns if you go looking for them, as a result of how new the platform is, and how much of a gold rush it has been to develop this sort of software. This provides you with a platform which is easily snooped and attack on. As it happens, most mobile traffic is plain HTTP(S), which makes the barrier to entry very low for doing sniffing of traffic and such. One tool for doing so, which provides a lot of great features, is Burp Suite. We&apos;ll take a look at how you can set up your iOS devices to work with Burp and have a bit of fun. pauldotcom hacking security privacy mobile Thu, 15 Nov 2012 22:20:16 +0000 pauldotcom, hacking, security, privacy, mobile http://a.images.blip.tv/Pauldotom-pdc_ep307_p1_1515-227.jpg pauldotcom, hacking, security, privacy, mobile <iframe src="http://blip.tv/play/hr4jg4mBWQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4mBWQI" style="display:none"></embed> Hacking Mobile Devices with Web Proxies http://creativecommons.org/licenses/by-nc-nd/3.0/ B0171234-1D23-11E2-8D35-C6F336943F80 http://blip.tv/pauldotcom/hack-naked-tv-episode-47-6410880 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6410880 6394188 file no 0.0 2012-10-23T15:09:49Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 565 hr4jg4elZAI http://blip.tv/play/hr4jg4elZAI http://blip.tv/comments/?attached_to=post6410880&skin=rss Pauldotom-HackNakedTVEpisode47508-234.jpg In this episode we discuss how Russian cyber criminals have 0 fear. We also discuss the new USB privilege escalation attack. Links for this episode: http://tinyurl.com/HNTV-Dr-Evil http://tinyurl.com/HNTV-USB-priv-attack http://tinyurl.com/HNTV-OCM-SANS-CDI Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we discuss how Russian cyber criminals have 0 fear. We also discuss the new USB privilege escalation attack. Links for this episode: http://tinyurl.com/HNTV-Dr-Evil http://tinyurl.com/HNTV-USB-priv-attack http://tinyurl.com/HNTV-OCM-SANS-CDI 565 YahooPartnerVideoID Blip post id 6410880 http://blip.tv/file/6394188 Art hacking security beer pauldotcom Tue, 23 Oct 2012 15:09:49 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode47508-234.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4elZAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4elZAI" style="display:none"></embed> Hack Naked TV Episode 47 http://creativecommons.org/licenses/by-nc-nd/3.0/ C2B6C186-1BDF-11E2-BDF6-DFE28434528D http://blip.tv/pauldotcom/pdc_ep304_p1_1-6408637 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6408637 6391945 file no 0.0 2012-10-22T00:31:03Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3310 hr4jg4eUIQI http://blip.tv/play/hr4jg4eUIQI http://blip.tv/comments/?attached_to=post6408637&skin=rss Pauldotom-pdc_ep304_p1_1590-322.jpg Author of Daemon, Freedom TM and the recently released Kill Decision. We talk about drones and the automation of war. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Author of Daemon, Freedom TM and the recently released Kill Decision. We talk about drones and the automation of war. 3310 YahooPartnerVideoID Blip post id 6408637 http://blip.tv/file/6391945 Technology Science & Technology youtube Author of Daemon, Freedom TM and the recently released Kill Decision. We talk about drones and the automation of war. pauldotcom hacking books security Mon, 22 Oct 2012 00:31:03 +0000 pauldotcom, hacking, books, security http://a.images.blip.tv/Pauldotom-pdc_ep304_p1_1590-322.jpg pauldotcom, hacking, books, security <iframe src="http://blip.tv/play/hr4jg4eUIQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4eUIQI" style="display:none"></embed> Daniel Suarez Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ A95ED7D6-1BF4-11E2-896E-8136B1F94D39 http://blip.tv/pauldotcom/mark-russinovich-interview-6408805 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6408805 6392113 file no 0.0 2012-10-22T03:00:40Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2448 hr4jg4eVSQI http://blip.tv/play/hr4jg4eVSQI http://blip.tv/comments/?attached_to=post6408805&skin=rss Pauldotom-MarkRussinovich765-90.jpg Author of Trojan Horse, a new awesome book! Mark is also the author of Zero Day, and the Microsoft Sysinternals tools. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Author of Trojan Horse, a new awesome book! Mark is also the author of Zero Day, and the Microsoft Sysinternals tools. 2448 YahooPartnerVideoID Blip post id 6408805 http://blip.tv/file/6392113 Technology Science & Technology youtube Author of Trojan Horse, a new awesome book! Mark is also the author of Zero Day, and the Microsoft Sysinternals tools. pauldotcom hacking security Mon, 22 Oct 2012 03:00:40 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-MarkRussinovich765-90.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4eVSQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4eVSQI" style="display:none"></embed> Mark Russinovich Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ 15924282-116C-11E2-8368-8238B7EC3EDA http://blip.tv/pauldotcom/hack-naked-tv-episode-46-6390129 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6390129 6373437 file no 0.0 2012-10-08T17:17:49Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 493 hr4jg4aDVQI http://blip.tv/play/hr4jg4aDVQI http://blip.tv/comments/?attached_to=post6390129&skin=rss Pauldotom-HackNakedTVEpisode46275-602.jpg In this episode I give up. The cloud has won. Links for this episode: http://tinyurl.com/HNTV-GOOGLE-CLOUD http://tinyurl.com/HNTV-TheEndofWOW http://tinyurl.com/HNTV-phonefactor Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode I give up. The cloud has won. Links for this episode: http://tinyurl.com/HNTV-GOOGLE-CLOUD http://tinyurl.com/HNTV-TheEndofWOW http://tinyurl.com/HNTV-phonefactor 493 YahooPartnerVideoID Blip post id 6390129 http://blip.tv/file/6373437 Technology Science & Technology hacking security beer pauldotcom Mon, 08 Oct 2012 17:17:49 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode46275-602.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4aDVQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4aDVQI" style="display:none"></embed> Hack Naked TV Episode 46 http://creativecommons.org/licenses/by-nc-nd/3.0/ 7FA83CC8-0972-11E2-86B6-B669C8C341AF http://blip.tv/pauldotcom/hack-naked-tv-episode-45-6374899 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6374899 6358193 file no 0.0 2012-09-28T13:43:34Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 364 hr4jg4WMVwI http://blip.tv/play/hr4jg4WMVwI http://blip.tv/comments/?attached_to=post6374899&skin=rss Pauldotom-HackNakedTVEpisode45471-291.jpg In this Episode we discuss mental disorders which involve installing Linux, The new Java Exploit and PHPMyAdmin being backdoored. Also, it is live from NYC and there the water is not working at my hotel. WTH? Links for this episode: http://tinyurl.com/HNTV-LINUX-ROCKS http://tinyurl.com/HNTV-SOURCEFORGE-BACKDOOR http://tinyurl.com/HNTV-JAVA-PART3 http://tinyurl.com/HNTV-OCM-SANS-CDI Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this Episode we discuss mental disorders which involve installing Linux, The new Java Exploit and PHPMyAdmin being backdoored. Also, it is live from NYC and there the water is not working at my hotel. WTH? Links for this episode: http://tinyurl.com/HNTV-LINUX-ROCKS http://tinyurl.com/HNTV-SOURCEFORGE-BACKDOOR http://tinyurl.com/HNTV-JAVA-PART3 http://tinyurl.com/HNTV-OCM-SANS-CDI 364 YahooPartnerVideoID Blip post id 6374899 http://blip.tv/file/6358193 Art hacking security beer pauldotcom Fri, 28 Sep 2012 13:43:34 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode45471-291.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4WMVwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4WMVwI" style="display:none"></embed> Hack Naked TV Episode 45 http://creativecommons.org/licenses/by-nc-nd/3.0/ A08C7F50-0187-11E2-AB68-ED5237A9C76E http://blip.tv/pauldotcom/hack-naked-tv-episode-44-6358738 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6358738 6342021 file no 0.0 2012-09-18T11:54:40Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 405 hr4jg4SONgI http://blip.tv/play/hr4jg4SONgI http://blip.tv/comments/?attached_to=post6358738&skin=rss Pauldotom-HackNakedTVEpisode44681-491.jpg In this episode we get all gushy about mobile device security. We also talk about target attacks. And we discuss why one should never use stock photos of pirates using computers. Links for this episode: http://tinyurl.com/HNTV-Snoopy http://tinyurl.com/HNTV-MOBILE-VULN-SCANNER http://tinyurl.com/HTNT-TARGETED-ATTACKS http://tinyurl.com/HNTV-OCM-SANS-CDI Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we get all gushy about mobile device security. We also talk about target attacks. And we discuss why one should never use stock photos of pirates using computers. Links for this episode: http://tinyurl.com/HNTV-Snoopy http://tinyurl.com/HNTV-MOBILE-VULN-SCANNER http://tinyurl.com/HTNT-TARGETED-ATTACKS http://tinyurl.com/HNTV-OCM-SANS-CDI 405 YahooPartnerVideoID Blip post id 6358738 http://blip.tv/file/6342021 Technology Science & Technology youtube In this episode we get all gushy about mobile device security. We also talk about target attacks. And we discuss why one should never use stock photos of pirates using computers. Links for this episode: http://tinyurl.com/HNTV-Snoopy http://tinyurl.com/HNTV-MOBILE-VULN-SCANNER http://tinyurl.com/HTNT-TARGETED-ATTACKS http://tinyurl.com/HNTV-OCM-SANS-CDI hacking security beer pauldotcom Tue, 18 Sep 2012 11:54:40 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode44681-491.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4SONgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4SONgI" style="display:none"></embed> Hack Naked TV Episode 44 http://creativecommons.org/licenses/by-nc-nd/3.0/ A069487A-FFAA-11E1-AD7E-8681738AEE24 http://blip.tv/pauldotcom/drunken-security-news-302-6355153 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6355153 6338435 file no 0.0 2012-09-16T03:00:09Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3208 hr4jg4PyNQI http://blip.tv/play/hr4jg4PyNQI http://blip.tv/comments/?attached_to=post6355153&skin=rss Pauldotom-DrunkenSecurityNews302750-904.jpg A Guide To Network Vulnerability Management - Dark Reading - If you want the &quot;training wheels&quot; approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn&apos;t even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment? Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn&apos;t have a patch. You can implement some security, but it doesn&apos;t really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help. Microsoft Disrupts &#8216;Nitol&#8217; Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception. Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can&apos;t just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly A Guide To Network Vulnerability Management - Dark Reading - If you want the &quot;training wheels&quot; approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn&apos;t even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment? Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn&apos;t have a patch. You can implement some security, but it doesn&apos;t really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help. Microsoft Disrupts &#8216;Nitol&#8217; Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception. Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can&apos;t just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless. 3208 YahooPartnerVideoID Blip post id 6355153 http://blip.tv/file/6338435 Technology Science & Technology youtube A Guide To Network Vulnerability Management - Dark Reading - If you want the &quot;training wheels&quot; approach to vulnerability management, then you should read this article. However, the problem goes so much deeper, and this article doesn&apos;t even know what tool to use in order to scratch the surface. Sure, you gotta know what services are running on your systems, but it goes so much deeper than that. Environments, threats, systems and people all change, so howdo you keep up? How do you really find, and more importantly fix, the vulnerabilities in your environment?&#13;&#10;Old Operating Systems Die Harder - Dark Reading - Okay, here is where you could make a lot of money. Create a company that can actually provide some real security to legacy operating systems. So many of our defenses fail if there is a vulnerability that doesn&apos;t have a patch. You can implement some security, but it doesn&apos;t really solve the true problem. Once an attacker is able to access the system, its game over. Unless, there is something that can really solve the problem, even thwart the exploit and/or shellcode. Technologies exist, but back-porting to legacy systems is not often done. And this is where we need the help.&#13;&#10;Microsoft Disrupts &#8216;Nitol&#8217; Botnet in Piracy Sweep - Microsoft takes down another botnet. Why is this news? Not-so-sure, as this should be the rule rather than the exception.&#13;&#10;Blackhole Exploit Kit updates to 2.0 - Check this out, attackers are implementing security! Check this out, this exploit kit now sports: Dynamic URL generation, so there is no longer a standard URL pattern that could be used to identify the kit.IP blocking at the executable URL, so that AV companies can&apos;t just download your binary. This is meant to slow down AV detection. Use of Captcha in the admin panel login page, to prevent brute forcing unauthorized access. If legit defendersonly did all that, well, except for the CAPTCHA, which is useless. pauldotcom hacking security Sun, 16 Sep 2012 03:00:09 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-DrunkenSecurityNews302750-904.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4PyNQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4PyNQI" style="display:none"></embed> Drunken Security News #302 http://creativecommons.org/licenses/by-nc-nd/3.0/ 7E1C621E-FFA7-11E1-9389-BC62CA657CA6 http://blip.tv/pauldotcom/jason-lam-interview-6355135 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6355135 6338417 file no 0.0 2012-09-16T02:37:43Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2689 hr4jg4PyIwI http://blip.tv/play/hr4jg4PyIwI http://blip.tv/comments/?attached_to=post6355135&skin=rss Pauldotom-JasonLamInterview585-410.jpg Jason is the head of global threat management at a major financial institution based in Canada. Jason specializes in Web application security, and shares his research findings and experiences by teaching at the SANS Institute. His recent SANS courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Jason is the head of global threat management at a major financial institution based in Canada. Jason specializes in Web application security, and shares his research findings and experiences by teaching at the SANS Institute. His recent SANS courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. 2689 YahooPartnerVideoID Blip post id 6355135 http://blip.tv/file/6338417 Technology Science & Technology youtube Jason is the head of global threat management at a major financial institution based in Canada. Jason specializes in Web application security, and shares his research findings and experiences by teaching at the SANS Institute. His recent SANS courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. pauldotcom hacking security Sun, 16 Sep 2012 02:37:43 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-JasonLamInterview585-410.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4PyIwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4PyIwI" style="display:none"></embed> Jason Lam Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ 645A928E-FDB2-11E1-98E0-A775E0E4B897 http://blip.tv/pauldotcom/drunken-security-news-301-6351100 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6351100 6334382 file no 0.0 2012-09-13T14:50:42Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2820 hr4jg4PSYAI http://blip.tv/play/hr4jg4PSYAI http://blip.tv/comments/?attached_to=post6351100&skin=rss Pauldotom-pdc_ep301_p3380-422.jpg 100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a &quot;shit ton&quot; of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters. Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don&apos;t store it in the cloud. Similarly, if you care about the security of anything, don&apos;t just obscure it, secure it. Wow, that sounds even cheesier than I thought. Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I&apos;m baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn&apos;t cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world... The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. &#171; - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying &quot;Disable Java&quot; or &quot;Disable Flash&quot;. There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep &quot;security&quot; needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage. Creative Commons Attribution-NonCommercial-ShareAlike 3.0 searchonly 100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a &quot;shit ton&quot; of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters. Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don&apos;t store it in the cloud. Similarly, if you care about the security of anything, don&apos;t just obscure it, secure it. Wow, that sounds even cheesier than I thought. Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I&apos;m baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn&apos;t cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world... The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. &#171; - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying &quot;Disable Java&quot; or &quot;Disable Flash&quot;. There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep &quot;security&quot; needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage. 2820 YahooPartnerVideoID Blip post id 6351100 http://blip.tv/file/6334382 Technology Science & Technology youtube 100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a &quot;shit ton&quot; of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters.&#13;&#10;Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don&apos;t store it in the cloud. Similarly, if you care about the security of anything, don&apos;t just obscure it, secure it. Wow, that sounds even cheesier than I thought.&#13;&#10;Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I&apos;m baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn&apos;t cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world...&#13;&#10;The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. &#171; - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying &quot;Disable Java&quot; or &quot;Disable Flash&quot;. There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep &quot;security&quot; needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage. pauldotcom hacking security Thu, 13 Sep 2012 14:50:42 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_ep301_p3380-422.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4PSYAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4PSYAI" style="display:none"></embed> Drunken Security News #301 http://creativecommons.org/licenses/by-nc-sa/3.0/ 9B90B1BA-FD9A-11E1-84CE-8AFBFB85991B http://blip.tv/pauldotcom/marc-maiffrett-interview-6350877 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6350877 6334159 file no 0.0 2012-09-13T12:00:27Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2492 hr4jg4PRAQI http://blip.tv/play/hr4jg4PRAQI http://blip.tv/comments/?attached_to=post6350877&skin=rss Pauldotom-pdc_episode301_p1_2837-408.jpg Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security. 2492 YahooPartnerVideoID Blip post id 6350877 http://blip.tv/file/6334159 Technology Science & Technology youtube Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security. pauldotcom hacking security Thu, 13 Sep 2012 12:00:27 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode301_p1_2837-408.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4PRAQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4PRAQI" style="display:none"></embed> Marc Maiffrett Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ 9497A008-FD9A-11E1-A20E-CFB2423C2131 http://blip.tv/pauldotcom/episode-300-puzzle-contest-answers-6350876 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6350876 6334158 file no 0.0 2012-09-13T12:00:15Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1319 hr4jg4PRAAI http://blip.tv/play/hr4jg4PRAAI http://blip.tv/comments/?attached_to=post6350876&skin=rss Pauldotom-pdc_ep301_p2229-94.jpg Answers to Allison&apos;s puzzle! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Answers to Allison&apos;s puzzle! 1319 YahooPartnerVideoID Blip post id 6350876 http://blip.tv/file/6334158 Technology Autos & Vehicles youtube Allison&apos;s puzzle answers! pauldotcom hacking security Thu, 13 Sep 2012 12:00:15 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_ep301_p2229-94.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4PRAAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4PRAAI" style="display:none"></embed> Episode 300 Puzzle Contest Answers http://creativecommons.org/licenses/by-nc-nd/3.0/ 686E00A2-FBBB-11E1-8925-807D5F217B8E http://blip.tv/pauldotcom/hacking-your-car-using-canbus-6346313 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346313 6329593 file no 0.0 2012-09-11T02:50:12Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1070 hr4jg4OtLQI http://blip.tv/play/hr4jg4OtLQI http://blip.tv/comments/?attached_to=post6346313&skin=rss Pauldotom-pdc_episode300_p13_1887-791.jpg CANBUS hacking&#8230; A little into in a few minutes. yes, as implied, it is a BUS and you can gain access to it from the ODB-II port. Think a hub. All messages on a segment go to all devices on the segment. Messages can be filtered with a gateway (think firewall) between various busses, which may or may not be exposed at the ODB-II port. Ok, about the messages. A little bit different from networks that we are familliar with. First off, the message do not have source field, but do have a destination in the form of a one byte arbitration ID, these arbitration IDs also indicate priority - the lower the Arbitration ID destination, the higher priority the message. So the ArbID 0 would be processed prior to 73febeef. Now, each message is sent to the bus with an ArbID, and each device LISTENS for specific ArbIDs that is concerned about. With that, Gateways can pass specific messages, and each Device can look for multiple messages. Oh, those messages? Either 11 or 29 bytes, so fairly easy to fuzz. No license (All rights reserved) searchonly CANBUS hacking&#8230; A little into in a few minutes. yes, as implied, it is a BUS and you can gain access to it from the ODB-II port. Think a hub. All messages on a segment go to all devices on the segment. Messages can be filtered with a gateway (think firewall) between various busses, which may or may not be exposed at the ODB-II port. Ok, about the messages. A little bit different from networks that we are familliar with. First off, the message do not have source field, but do have a destination in the form of a one byte arbitration ID, these arbitration IDs also indicate priority - the lower the Arbitration ID destination, the higher priority the message. So the ArbID 0 would be processed prior to 73febeef. Now, each message is sent to the bus with an ArbID, and each device LISTENS for specific ArbIDs that is concerned about. With that, Gateways can pass specific messages, and each Device can look for multiple messages. Oh, those messages? Either 11 or 29 bytes, so fairly easy to fuzz. 1070 YahooPartnerVideoID Blip post id 6346313 http://blip.tv/file/6329593 Technology Science & Technology youtube CANBUS hacking&#8230;&#13;&#10;&#13;&#10;A little into in a few minutes. yes, as implied, it is a BUS and you can gain access to it from the ODB-II port. Think a hub. All messages on a segment go to all devices on the segment. Messages can be filtered with a gateway (think firewall) between various busses, which may or may not be exposed at the ODB-II port.&#13;&#10;&#13;&#10;Ok, about the messages. A little bit different from networks that we are familliar with. First off, the message do not have source field, but do have a destination in the form of a one byte arbitration ID, these arbitration IDs also indicate priority - the lower the Arbitration ID destination, the higher priority the message. So the ArbID 0 would be processed prior to 73febeef. Now, each message is sent to the bus with an ArbID, and each device LISTENS for specific ArbIDs that is concerned about. With that, Gateways can pass specific messages, and each Device can look for multiple messages. Oh, those messages? Either 11 or 29 bytes, so fairly easy to fuzz. pauldotcom hacking security Tue, 11 Sep 2012 02:50:12 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p13_1887-791.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OtLQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtLQI" style="display:none"></embed> Hacking Your Car Using CANBUS 64CDCF54-FBBB-11E1-8979-D04848863871 http://blip.tv/pauldotcom/using-windows-remote-manangement-for-fun-and-profit-6346312 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346312 6329592 file no 0.0 2012-09-11T02:50:06Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 765 hr4jg4OtLAI http://blip.tv/play/hr4jg4OtLAI http://blip.tv/comments/?attached_to=post6346312&skin=rss Pauldotom-pdc_episode300_p12609-783.jpg Many times I have heard system Admins talk about setting up OpenSSH on their Windows Machines and in the Times of Windows NT, 2000 and 2003 I did understood the need. Now a days with Windows 2008, Windows 2008 R2 and Windows 2012 Microsoft provides a way for us to administer the boxes remotely using what is called Windows Remote Management of WinRM which is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Many times I have heard system Admins talk about setting up OpenSSH on their Windows Machines and in the Times of Windows NT, 2000 and 2003 I did understood the need. Now a days with Windows 2008, Windows 2008 R2 and Windows 2012 Microsoft provides a way for us to administer the boxes remotely using what is called Windows Remote Management of WinRM which is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. 765 YahooPartnerVideoID Blip post id 6346312 http://blip.tv/file/6329592 Technology Science & Technology youtube Many times I have heard system Admins talk about setting up OpenSSH on their Windows Machines and in the Times of Windows NT, 2000 and 2003 I did understood the need. Now a days with Windows 2008, Windows 2008 R2 and Windows 2012 Microsoft provides a way for us to administer the boxes remotely using what is called Windows Remote Management of WinRM which is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. pauldotcom hacking security Tue, 11 Sep 2012 02:50:06 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p12609-783.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OtLAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtLAI" style="display:none"></embed> Using Windows Remote Manangement for Fun and Profit http://creativecommons.org/licenses/by-nc-nd/3.0/ 0D616470-FBBA-11E1-A189-CC155B41FD10 http://blip.tv/pauldotcom/is-pentesting-worth-it-panel-discussion-6346303 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346303 6329583 file no 0.0 2012-09-11T02:40:30Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2214 hr4jg4OtIwI http://blip.tv/play/hr4jg4OtIwI http://blip.tv/comments/?attached_to=post6346303&skin=rss Pauldotom-pdc_episode300_p11_1350-760.jpg Special Guests: Ed Skoudis, Jason Stallard, Alex Horan, Ron Gula, Weasel Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he&#8230;). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice. (strange sci-fi sound) In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP. First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not? What benefits to you receive from a &quot;good&quot; penetration test and what are the qualities of a &quot;good&quot; penetration test? If someone were to give you a &quot;penetration test&quot;, then run a couple of automated tools and provide the stock report, is this a bad thing in all cases? If we don&apos;t test our defenses in a controlled experiment, how do we really know they work? Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point? Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Special Guests: Ed Skoudis, Jason Stallard, Alex Horan, Ron Gula, Weasel Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he&#8230;). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice. (strange sci-fi sound) In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP. First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not? What benefits to you receive from a &quot;good&quot; penetration test and what are the qualities of a &quot;good&quot; penetration test? If someone were to give you a &quot;penetration test&quot;, then run a couple of automated tools and provide the stock report, is this a bad thing in all cases? If we don&apos;t test our defenses in a controlled experiment, how do we really know they work? Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point? 2214 YahooPartnerVideoID Blip post id 6346303 http://blip.tv/file/6329583 Technology Science & Technology youtube Guests&#13;&#10;&#13;&#10;Ed Skoudis, Dave Kennedy, Ron Gula, Weasel&#13;&#10;Questions/Topics&#13;&#10;&#13;&#10;Once upon a time a big bad pen tester gets a contract with 3 little pigs, Inc. On the first test, he huffs, and he puffs and blows down the network made of straw. On the next test, you build it out of sticks, and you get the same result (everyone now, he huffs and he puffs and he&#8230;). On the next test, you build your network out of bricks, and the big bad pen tester shows up with a wrecking ball, knocks down the house and presents you with an invoice.&#13;&#10;&#13;&#10;(strange sci-fi sound)&#13;&#10;&#13;&#10;In a parallel universe, the big bad pen tester contracts with 3 little pigs inc. The first test the straw house gets knocked down rather fast. But 3 little pigs Inc. gets a report outlining the weaknesses in construction along with recommendations for improvement. The knocking down of the house was a mere simulation, and they are given an opportunity to add a layer to the network, of sticks. The next test the big pad pen tester has to huff and puff, and huff and puff again, simulating another network destruction. No harm is really done, so the process repeats, until a wall of bricks is built. Now the only big bad person able to get through has to really work at it, too much huffing and puffing, and decides to go rob the three little bears instead, using their APT, and eating their IP.&#13;&#10;&#13;&#10;First question for the group, 3-5 minutes each, is penetration testing worth it, why or why not?&#13;&#10;What benefits to you receive from a &quot;good&quot; penetration test and what are the qualities of a &quot;good&quot; penetration test?&#13;&#10;If someone were to give you a &quot;penetration test&quot;, then run a couple of automated tools and provide the stock report, is this a bad thing in all cases?&#13;&#10;If we don&apos;t test our defenses in a controlled experiment, how do we really know they work?&#13;&#10;Lets say a penetration tester is conducting an internal penetration test, and finds out quickly that more than 50 servers have missing patches for vulnerabilities that lead to a reliable shell. What is the benefit of the penetration test from this point? pauldotcom hacking security Tue, 11 Sep 2012 02:40:30 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p11_1350-760.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OtIwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtIwI" style="display:none"></embed> “Is Pentesting Worth It?” Panel Discussion http://creativecommons.org/licenses/by-nc-nd/3.0/ 9A91A424-FBB8-11E1-80A4-9226692AE054 http://blip.tv/pauldotcom/automating-wifi-attacks-with-easy-creds-6346288 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346288 6329568 file no 0.0 2012-09-11T02:30:08Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 525 hr4jg4OtFAI http://blip.tv/play/hr4jg4OtFAI http://blip.tv/comments/?attached_to=post6346288&skin=rss Pauldotom-pdc_episode300_p9234-455.jpg In this Tech Segment we will talk about one of the easiest ways to create an evil access point to steal credentials. We will be using the very cool utility called easy-creds. Which can be found at the link below: http://code.google.com/p/easy-creds/ There are a number of reasons to use this script. Sure, you can set the whole thing up by hand, but the major goal of any tester should be to automate as much as possible, to make your job as easy as possible. The example we are going to walk through requires you to download the script above and copy it to the /pentest/wireless directory on your backtrack system. We also recommend you get a good wireless card for the task. May we recommend the Alfa AWUS051NH? Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this Tech Segment we will talk about one of the easiest ways to create an evil access point to steal credentials. We will be using the very cool utility called easy-creds. Which can be found at the link below: http://code.google.com/p/easy-creds/ There are a number of reasons to use this script. Sure, you can set the whole thing up by hand, but the major goal of any tester should be to automate as much as possible, to make your job as easy as possible. The example we are going to walk through requires you to download the script above and copy it to the /pentest/wireless directory on your backtrack system. We also recommend you get a good wireless card for the task. May we recommend the Alfa AWUS051NH? 525 YahooPartnerVideoID Blip post id 6346288 http://blip.tv/file/6329568 Technology Science & Technology youtube In this Tech Segment we will talk about one of the easiest ways to create an evil access point to steal credentials. We will be using the very cool utility called easy-creds. Which can be found at the link below:&#13;&#10;&#13;&#10;http://code.google.com/p/easy-creds/&#13;&#10;&#13;&#10;There are a number of reasons to use this script. Sure, you can set the whole thing up by hand, but the major goal of any tester should be to automate as much as possible, to make your job as easy as possible. The example we are going to walk through requires you to download the script above and copy it to the /pentest/wireless directory on your backtrack system. We also recommend you get a good wireless card for the task. May we recommend the Alfa AWUS051NH? pauldotcom hacking security Tue, 11 Sep 2012 02:30:08 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p9234-455.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OtFAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtFAI" style="display:none"></embed> Automating Wifi Attacks with Easy Creds http://creativecommons.org/licenses/by-nc-nd/3.0/ 9A5B9B86-FBB8-11E1-AD44-FBE1A6A20E3C http://blip.tv/pauldotcom/pfsense-for-penetration-testers-6346287 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346287 6329567 file no 0.0 2012-09-11T02:30:08Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1016 hr4jg4OtEwI http://blip.tv/play/hr4jg4OtEwI http://blip.tv/comments/?attached_to=post6346287&skin=rss Pauldotom-pdc_episode300_p10470-943.jpg So, we use PFSense every day and love it. I also love the nice red soekris box that we built. After using it day to day, we&apos;ve found that it is great, and has a few things that drive us nuts. Specifically, when you put two guys behind that doing two pentests or vuln scans, the box just cant stand up unless properly configured. So, we&apos;re gonna to install it on a real PC. This PC we happened to pull from the trash, and is some 64bit AMD system with 2 gig of ram. Total cost? Free. It is probably way more horses than we need for this situation, but is is what we got. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly So, we use PFSense every day and love it. I also love the nice red soekris box that we built. After using it day to day, we&apos;ve found that it is great, and has a few things that drive us nuts. Specifically, when you put two guys behind that doing two pentests or vuln scans, the box just cant stand up unless properly configured. So, we&apos;re gonna to install it on a real PC. This PC we happened to pull from the trash, and is some 64bit AMD system with 2 gig of ram. Total cost? Free. It is probably way more horses than we need for this situation, but is is what we got. 1016 YahooPartnerVideoID Blip post id 6346287 http://blip.tv/file/6329567 Technology Autos & Vehicles youtube So, we use PFSense every day and love it. I also love the nice red soekris box that we built. After using it day to day, we&apos;ve found that it is great, and has a few things that drive us nuts. Specifically, when you put two guys behind that doing two pentests or vuln scans, the box just cant stand up unless properly configured.&#13;&#10;&#13;&#10;So, we&apos;re gonna to install it on a real PC. This PC we happened to pull from the trash, and is some 64bit AMD system with 2 gig of ram. Total cost? Free. It is probably way more horses than we need for this situation, but is is what we got. pauldotcom hacking security pfsense Tue, 11 Sep 2012 02:30:08 +0000 pauldotcom, hacking, security, pfsense http://a.images.blip.tv/Pauldotom-pdc_episode300_p10470-943.jpg pauldotcom, hacking, security, pfsense <iframe src="http://blip.tv/play/hr4jg4OtEwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtEwI" style="display:none"></embed> pfSense for Penetration Testers http://creativecommons.org/licenses/by-nc-nd/3.0/ D71D830C-FBB5-11E1-B088-8EE06BE5E82E http://blip.tv/pauldotcom/defending-your-network-what-really-works-episode-300-panel-6346271 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346271 6329551 file no 0.0 2012-09-11T02:10:21Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2711 hr4jg4OtAwI http://blip.tv/play/hr4jg4OtAwI http://blip.tv/comments/?attached_to=post6346271&skin=rss Pauldotom-pdc_episode300_p7_1536-404.jpg Special Guests: Wendy Nather, Iftach Amit, David Mortman, Dan Crowley, RSnake &quot;We have a firewall&quot;. &quot;All of our systems use Anti-Virus software&quot; &quot;We&apos;ve implemented the latest web application firewalls and intrusion prevent systems&quot; &quot;We have a patching cycle, weekly maintenance windows and a 30-day patch turn-around&quot; These are things we&apos;ve all heard before. These are things I often hear right before we are about to start a penetration testing. Depending on how you define success, these things do little to stop attackers. What are we doing wrong when it comes to defense? What is the number one thing that organizations miss when it comes to defense? Should we even bother, and just know that a certain percentage of attackers will be successful? Can&apos;t we just do the easy and cheap security &quot;things&quot; and get by as long as we don&apos;t get owned as badly as our competition? Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Special Guests: Wendy Nather, Iftach Amit, David Mortman, Dan Crowley, RSnake &quot;We have a firewall&quot;. &quot;All of our systems use Anti-Virus software&quot; &quot;We&apos;ve implemented the latest web application firewalls and intrusion prevent systems&quot; &quot;We have a patching cycle, weekly maintenance windows and a 30-day patch turn-around&quot; These are things we&apos;ve all heard before. These are things I often hear right before we are about to start a penetration testing. Depending on how you define success, these things do little to stop attackers. What are we doing wrong when it comes to defense? What is the number one thing that organizations miss when it comes to defense? Should we even bother, and just know that a certain percentage of attackers will be successful? Can&apos;t we just do the easy and cheap security &quot;things&quot; and get by as long as we don&apos;t get owned as badly as our competition? 2711 YahooPartnerVideoID Blip post id 6346271 http://blip.tv/file/6329551 Technology Science & Technology youtube Special Guests: Wendy Nather, Iftach Amit, David Mortman, Dan Crowley, RSnake&#13;&#10;&#13;&#10;&quot;We have a firewall&quot;. &quot;All of our systems use Anti-Virus software&quot; &quot;We&apos;ve implemented the latest web application firewalls and intrusion prevent systems&quot; &quot;We have a patching cycle, weekly maintenance windows and a 30-day patch turn-around&quot; These are things we&apos;ve all heard before. These are things I often hear right before we are about to start a penetration testing. Depending on how you define success, these things do little to stop attackers.&#13;&#10;What are we doing wrong when it comes to defense?&#13;&#10;What is the number one thing that organizations miss when it comes to defense?&#13;&#10;Should we even bother, and just know that a certain percentage of attackers will be successful?&#13;&#10;Can&apos;t we just do the easy and cheap security &quot;things&quot; and get by as long as we don&apos;t get owned as badly as our competition? pauldotcom hacking security defense Tue, 11 Sep 2012 02:10:21 +0000 pauldotcom, hacking, security, defense http://a.images.blip.tv/Pauldotom-pdc_episode300_p7_1536-404.jpg pauldotcom, hacking, security, defense <iframe src="http://blip.tv/play/hr4jg4OtAwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OtAwI" style="display:none"></embed> Defending Your Network: What really works? - Episode 300 Panel http://creativecommons.org/licenses/by-nc-nd/3.0/ 72E082D2-FBB4-11E1-A209-F818239CEEC2 http://blip.tv/pauldotcom/dual-core-music-interview-6346260 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346260 6329540 file no 0.0 2012-09-11T02:00:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1425 hr4jg4OseAI http://blip.tv/play/hr4jg4OseAI http://blip.tv/comments/?attached_to=post6346260&skin=rss Pauldotom-pdc_episode300_p6_1205-650.jpg Dual Core Music Interview Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Dual Core Music Interview 1425 YahooPartnerVideoID Blip post id 6346260 http://blip.tv/file/6329540 Technology Science & Technology youtube Dual Core Music Interview pauldotcom hacking security Tue, 11 Sep 2012 02:00:23 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p6_1205-650.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OseAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OseAI" style="display:none"></embed> Dual Core Music Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ 6DE6726E-FBB4-11E1-B1BC-8866B1B7E6B1 http://blip.tv/pauldotcom/pdc_episode300_p8-6346259 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346259 6329539 file no 0.0 2012-09-11T02:00:15Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1144 hr4jg4OsdwI http://blip.tv/play/hr4jg4OsdwI http://blip.tv/comments/?attached_to=post6346259&skin=rss Pauldotom-pdc_episode300_p8666-68.jpg After years of making security databases, I realized that Security Information doesn&apos;t match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it&apos;s called AWESIEM. Here&apos;s my intro on how to use ontologies for infosec knowledge. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly After years of making security databases, I realized that Security Information doesn&apos;t match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it&apos;s called AWESIEM. Here&apos;s my intro on how to use ontologies for infosec knowledge. 1144 YahooPartnerVideoID Blip post id 6346259 http://blip.tv/file/6329539 Technology Science & Technology youtube After years of making security databases, I realized that Security Information doesn&apos;t match up to the way databases have to be normalized - I started looking at Ontology languages and triple stores instead to store security info, and am now working on an app framework to write security apps using an ontology storage backend, it&apos;s called AWESIEM. Here&apos;s my intro on how to use ontologies for infosec knowledge. pauldotcom hacking security Tue, 11 Sep 2012 02:00:15 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p8666-68.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OsdwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OsdwI" style="display:none"></embed> Making Sense of Security Data Using AWESIEM http://creativecommons.org/licenses/by-nc-nd/3.0/ 416BF226-FBB0-11E1-A7C2-80F98668E899 http://blip.tv/pauldotcom/end-user-security-awareness-training-hot-or-not-episode-300-panel-6346225 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346225 6329505 file no 0.0 2012-09-11T01:30:22Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2957 hr4jg4OsVQI http://blip.tv/play/hr4jg4OsVQI http://blip.tv/comments/?attached_to=post6346225&skin=rss Pauldotom-pdc_episode300_p3602-188.jpg Guests: Dave Aitel, Lance Spitzner, Javvad Malik, Dameon Welch-Abernathy (aka &quot;Phoneboy&quot;), SpaceRogue Of all the topics we discussed for this episode none sparked more passionate debate than the effectiveness of end user security awareness training. On one side, its something that we must do in order to help our organization&apos;s be resilient to attack. Users must be trained not to &quot;click shit&quot;, succumb to social engineering and ignore malicious behavior. On the other side of the fence, its a waste of time. Not all users will &quot;Get it&quot;, and the attackers may only need one user to be a victim. The threats are constantly changing, so users will need constant training, and security will just &quot;get in the way&quot;. Somewhere in the middle perhaps is a happy medium. Can we do effective user awareness training? What are the things we must have in our security awareness training? Is it bad if we do nothing with respects to user awareness? Should we implement a system of rewards (be malware free and get a free iPad!) or punishment (if malware is on your system you have to watch a 90 minute HR video)? Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Guests: Dave Aitel, Lance Spitzner, Javvad Malik, Dameon Welch-Abernathy (aka &quot;Phoneboy&quot;), SpaceRogue Of all the topics we discussed for this episode none sparked more passionate debate than the effectiveness of end user security awareness training. On one side, its something that we must do in order to help our organization&apos;s be resilient to attack. Users must be trained not to &quot;click shit&quot;, succumb to social engineering and ignore malicious behavior. On the other side of the fence, its a waste of time. Not all users will &quot;Get it&quot;, and the attackers may only need one user to be a victim. The threats are constantly changing, so users will need constant training, and security will just &quot;get in the way&quot;. Somewhere in the middle perhaps is a happy medium. Can we do effective user awareness training? What are the things we must have in our security awareness training? Is it bad if we do nothing with respects to user awareness? Should we implement a system of rewards (be malware free and get a free iPad!) or punishment (if malware is on your system you have to watch a 90 minute HR video)? 2957 YahooPartnerVideoID Blip post id 6346225 http://blip.tv/file/6329505 Technology Science & Technology youtube Guests: Dave Aitel, Lance Spitzner, Javvad Malik, Dameon Welch-Abernathy (aka &quot;Phoneboy&quot;), SpaceRogue&#13;&#10;&#13;&#10;Of all the topics we discussed for this episode none sparked more passionate debate than the effectiveness of end user security awareness training. On one side, its something that we must do in order to help our organization&apos;s be resilient to attack. Users must be trained not to &quot;click shit&quot;, succumb to social engineering and ignore malicious behavior. On the other side of the fence, its a waste of time. Not all users will &quot;Get it&quot;, and the attackers may only need one user to be a victim. The threats are constantly changing, so users will need constant training, and security will just &quot;get in the way&quot;. Somewhere in the middle perhaps is a happy medium.&#13;&#10;Can we do effective user awareness training?&#13;&#10;What are the things we must have in our security awareness training?&#13;&#10;Is it bad if we do nothing with respects to user awareness?&#13;&#10;Should we implement a system of rewards (be malware free and get a free iPad!) or punishment (if malware is on your system you have to watch a 90 minute HR video)? pauldotcom hacking security Tue, 11 Sep 2012 01:30:22 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_episode300_p3602-188.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jg4OsVQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OsVQI" style="display:none"></embed> End User Security Awareness Training Hot or Not? - Episode 300 Panel http://creativecommons.org/licenses/by-nc-nd/3.0/ 48DE838E-FBB0-11E1-BDC6-D29FB5860D0E http://blip.tv/pauldotcom/pdc_episode300_p2-6346226 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346226 6329506 file no 0.0 2012-09-11T01:30:35Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2687 hr4jg4OsVgI http://blip.tv/play/hr4jg4OsVgI http://blip.tv/comments/?attached_to=post6346226&skin=rss Pauldotom-pdc_episode300_p2394-257.jpg Guests: Charlie Miller, Collin Mulliner, Zach Lanier, Josh Wright Without question the security of mobile devices, both old and new, has suffered its share of problems. Since the first phones came on the market sporting the shiny new Bluetooth protocol, attackers moved to take advantage of the mobile device platform (The Cabir worm may be one of the first examples almost 7 years ago to the day). Since then, mobile devices have gained so much more functionality, including Wifi, NFC, SMS (which saw early adoption long before Bluetooth), more robust operating systems, more storage, smaller form factors, and lower cost. Then of course Apple had to get in the mix, then Google, and now, everyone has a smartphone. The really scary part is that we rely on it for communications so heavily, I mean where would we be without a phone that could TXT, email, Tweet and read your Facebook updates? All this functionality has made it essential to have a phone, and even given birth to new buzzwords such as BYOD. With all of this user adoption, functionality, and accessibility comes security FAIL for sure. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Guests: Charlie Miller, Collin Mulliner, Zach Lanier, Josh Wright Without question the security of mobile devices, both old and new, has suffered its share of problems. Since the first phones came on the market sporting the shiny new Bluetooth protocol, attackers moved to take advantage of the mobile device platform (The Cabir worm may be one of the first examples almost 7 years ago to the day). Since then, mobile devices have gained so much more functionality, including Wifi, NFC, SMS (which saw early adoption long before Bluetooth), more robust operating systems, more storage, smaller form factors, and lower cost. Then of course Apple had to get in the mix, then Google, and now, everyone has a smartphone. The really scary part is that we rely on it for communications so heavily, I mean where would we be without a phone that could TXT, email, Tweet and read your Facebook updates? All this functionality has made it essential to have a phone, and even given birth to new buzzwords such as BYOD. With all of this user adoption, functionality, and accessibility comes security FAIL for sure. 2687 YahooPartnerVideoID Blip post id 6346226 http://blip.tv/file/6329506 Technology Science & Technology youtube Guests: Charlie Miller, Collin Mulliner, Zach Lanier, Josh Wright&#13;&#10;&#13;&#10;Without question the security of mobile devices, both old and new, has suffered its share of problems. Since the first phones came on the market sporting the shiny new Bluetooth protocol, attackers moved to take advantage of the mobile device platform (The Cabir worm may be one of the first examples almost 7 years ago to the day). Since then, mobile devices have gained so much more functionality, including Wifi, NFC, SMS (which saw early adoption long before Bluetooth), more robust operating systems, more storage, smaller form factors, and lower cost. Then of course Apple had to get in the mix, then Google, and now, everyone has a smartphone. The really scary part is that we rely on it for communications so heavily, I mean where would we be without a phone that could TXT, email, Tweet and read your Facebook updates? All this functionality has made it essential to have a phone, and even given birth to new buzzwords such as BYOD. With all of this user adoption, functionality, and accessibility comes security FAIL for sure. pauldotcom hacking security privacy mobile smartphones Tue, 11 Sep 2012 01:30:35 +0000 pauldotcom, hacking, security, privacy, mobile, smartphones http://a.images.blip.tv/Pauldotom-pdc_episode300_p2394-257.jpg pauldotcom, hacking, security, privacy, mobile, smartphones <iframe src="http://blip.tv/play/hr4jg4OsVgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OsVgI" style="display:none"></embed> Mobile Security Panel - How Bad Does it Suck and How Do We Fix it? http://creativecommons.org/licenses/by-nc-nd/3.0/ D506F29E-FBAE-11E1-A8B7-B57ADA6C63C1 http://blip.tv/pauldotcom/data-mining-event-tracing-for-windows-etw-6346214 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346214 6329494 file no 0.0 2012-09-11T01:20:11Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 945 hr4jg4OsSgI http://blip.tv/play/hr4jg4OsSgI http://blip.tv/comments/?attached_to=post6346214&skin=rss Pauldotom-pdc_episode300_p5_1996-98.jpg In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information. 945 YahooPartnerVideoID Blip post id 6346214 http://blip.tv/file/6329494 Technology Science & Technology youtube In this technical segment we will look at how to tap into the vast amounts of data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW). ETW Provider will sometimes log information excesive amounts of information giving an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information. pauldotcom hacking security privacy Tue, 11 Sep 2012 01:20:11 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-pdc_episode300_p5_1996-98.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jg4OsSgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OsSgI" style="display:none"></embed> Data Mining Event Tracing for Windows (ETW) http://creativecommons.org/licenses/by-nc-nd/3.0/ 6DF62080-FBAD-11E1-85C9-E5E24BBA1180 http://blip.tv/pauldotcom/mobile-security-panel-how-bad-does-it-suck-and-how-do-we-fix-it-6346208 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6346208 6329488 file no 0.0 2012-09-11T01:10:09Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 920 hr4jg4OsRAI http://blip.tv/play/hr4jg4OsRAI http://blip.tv/comments/?attached_to=post6346208&skin=rss Pauldotom-pdc_episode300_p1962-803.jpg http://pauldotcom.com/300 for more information. Its not to late to donate to breast cancer research! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly http://pauldotcom.com/300 for more information. Its not to late to donate to breast cancer research! 920 YahooPartnerVideoID Blip post id 6346208 http://blip.tv/file/6329488 Technology Science & Technology youtube Guests: Charlie Miller, Collin Mulliner, Zach Lanier, Josh Wright&#13;&#10;&#13;&#10;Without question the security of mobile devices, both old and new, has suffered its share of problems. Since the first phones came on the market sporting the shiny new Bluetooth protocol, attackers moved to take advantage of the mobile device platform (The Cabir worm may be one of the first examples almost 7 years ago to the day). Since then, mobile devices have gained so much more functionality, including Wifi, NFC, SMS (which saw early adoption long before Bluetooth), more robust operating systems, more storage, smaller form factors, and lower cost. Then of course Apple had to get in the mix, then Google, and now, everyone has a smartphone. The really scary part is that we rely on it for communications so heavily, I mean where would we be without a phone that could TXT, email, Tweet and read your Facebook updates? All this functionality has made it essential to have a phone, and even given birth to new buzzwords such as BYOD. With all of this user adoption, functionality, and accessibility comes security FAIL for sure. pauldotcom hacking security privacy Tue, 11 Sep 2012 01:10:09 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-pdc_episode300_p1962-803.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jg4OsRAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4OsRAI" style="display:none"></embed> Episode 300 - Introduction & Allison's Puzzle Challenge http://creativecommons.org/licenses/by-nc-nd/3.0/ 09545CD6-DF70-11E1-908F-824B8EC7EFB9 http://blip.tv/pauldotcom/pdc_ep298_p2-6290866 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6290866 6274109 file no 0.0 2012-08-06T02:40:08Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2209 hr4jgv_8FgI http://blip.tv/play/hr4jgv_8FgI http://blip.tv/comments/?attached_to=post6290866&skin=rss Pauldotom-pdc_ep298_p2658-297.jpg We talk to Kevin about vulnerability research, UAVs and more! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly We talk to Kevin about vulnerability research, UAVs and more! 2209 YahooPartnerVideoID Blip post id 6290866 http://blip.tv/file/6274109 Technology Science & Technology youtube We interview Kevin about vulnerability hunting, exploits, UAVs, Bluetooth and more! pauldotcom hacking security privacy Mon, 06 Aug 2012 02:40:08 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-pdc_ep298_p2658-297.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jgv_8FgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv_8FgI" style="display:none"></embed> Kevin Finisterre Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ 7A8BB72E-E537-11E1-9BC4-B36A701803BF http://blip.tv/pauldotcom/pdc_ep299_p1-6302740 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6302740 6285983 file no 0.0 2012-08-13T11:10:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2770 hr4jg4DYeAI http://blip.tv/play/hr4jg4DYeAI http://blip.tv/comments/?attached_to=post6302740&skin=rss Pauldotom-pdc_ep299_p1820-970.jpg We love the BEEF (Browser Exploitation Framework)! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly We love the BEEF (Browser Exploitation Framework)! 2770 YahooPartnerVideoID Blip post id 6302740 http://blip.tv/file/6285983 Technology Science & Technology youtube Wade Alcorn Interview, author of BEEF The browser exploitation framework. pauldotcom hacking security privacy Mon, 13 Aug 2012 11:10:23 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-pdc_ep299_p1820-970.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jg4DYeAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4DYeAI" style="display:none"></embed> Wade Alcorn Interview http://creativecommons.org/licenses/by-nc-nd/3.0/ EBD1C314-E538-11E1-AA8E-D0C53EC2717C http://blip.tv/pauldotcom/drunken-security-news-299-6302748 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6302748 6285991 file no 0.0 2012-08-13T11:20:43Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3839 hr4jg4DZAAI http://blip.tv/play/hr4jg4DZAAI http://blip.tv/comments/?attached_to=post6302748&skin=rss Pauldotom-pdc_ep299_p2147-752.jpg Stories for the week, Martin Mckeay, and more! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Stories for the week, Martin Mckeay, and more! 3839 YahooPartnerVideoID Blip post id 6302748 http://blip.tv/file/6285991 Technology Science & Technology youtube Security news, drunken style. pauldotcom hacking security privacy Mon, 13 Aug 2012 11:20:43 +0000 pauldotcom, hacking, security, privacy http://a.images.blip.tv/Pauldotom-pdc_ep299_p2147-752.jpg pauldotcom, hacking, security, privacy <iframe src="http://blip.tv/play/hr4jg4DZAAI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4DZAAI" style="display:none"></embed> Drunken Security News #299 http://creativecommons.org/licenses/by-nc-nd/3.0/ F87AFB4E-E7BD-11E1-99CE-D54B38BAE49E http://blip.tv/pauldotcom/hack-naked-tv-episode-43-6308233 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6308233 6291477 file no 0.0 2012-08-16T16:18:10Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 390 hr4jg4GDbQI http://blip.tv/play/hr4jg4GDbQI http://blip.tv/comments/?attached_to=post6308233&skin=rss Pauldotom-HackNakedTVEpisode43765-877.jpg In this episode we mix together Chuck Norris and Tesla. We get... Awesome. Links for this episode: http://tinyurl.com/HNTV-WOW-Hack http://tinyurl.com/HNTV-Airport-hack http://tinyurl.com/HNTV-Tesla https://www.sans.org/network-security-20&#11;12/ Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we mix together Chuck Norris and Tesla. We get... Awesome. Links for this episode: http://tinyurl.com/HNTV-WOW-Hack http://tinyurl.com/HNTV-Airport-hack http://tinyurl.com/HNTV-Tesla https://www.sans.org/network-security-20&#11;12/ 390 YahooPartnerVideoID Blip post id 6308233 http://blip.tv/file/6291477 Technology hacking security beer pauldotcom Thu, 16 Aug 2012 16:18:10 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode43765-877.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4GDbQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4GDbQI" style="display:none"></embed> Hack Naked TV Episode 43 http://creativecommons.org/licenses/by-nc-nd/3.0/ 527FE0D0-DFE1-11E1-BDCF-EF9346302231 http://blip.tv/pauldotcom/hack-naked-tv-episode-42-6291702 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6291702 6274945 file no 0.0 2012-08-06T16:11:04Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 413 hr4jg4CCWgI http://blip.tv/play/hr4jg4CCWgI http://blip.tv/comments/?attached_to=post6291702&skin=rss Pauldotom-HackNakedTVEpisode42125-295.jpg In this episode we delve into the subtle issues of Bronies, being a god on Linux and DropBox fail. Links for this episode: http://tinyurl.com/HNTV-DB-HACK http://tinyurl.com/HNTV-Linux-Priv-Nvida http://tinyurl.com/HNTV-Win-Sec-test-tool Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we delve into the subtle issues of Bronies, being a god on Linux and DropBox fail. Links for this episode: http://tinyurl.com/HNTV-DB-HACK http://tinyurl.com/HNTV-Linux-Priv-Nvida http://tinyurl.com/HNTV-Win-Sec-test-tool 413 YahooPartnerVideoID Blip post id 6291702 http://blip.tv/file/6274945 Technology hacking security beer pauldotcom Mon, 06 Aug 2012 16:11:04 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode42125-295.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jg4CCWgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jg4CCWgI" style="display:none"></embed> Hack Naked TV Episode 42 http://creativecommons.org/licenses/by-nc-nd/3.0/ B69C3FBE-DF6E-11E1-8F34-B125CBE36E63 http://blip.tv/pauldotcom/blackhat-bsides-defcon-round-up-6290857 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6290857 6274100 file no 0.0 2012-08-06T02:30:40Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 3552 hr4jgv_8DQI http://blip.tv/play/hr4jgv_8DQI http://blip.tv/comments/?attached_to=post6290857&skin=rss Pauldotom-pdc_ep297_p2244-410.jpg http://pauldotcom.com/wiki/index.php/Episode297#Stories Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly http://pauldotcom.com/wiki/index.php/Episode297#Stories 3552 YahooPartnerVideoID Blip post id 6290857 http://blip.tv/file/6274100 Technology Science & Technology youtube Blackhat, Bsides &amp; Defcon Round-up&#13;&#10;&#13;&#10;http://pauldotcom.com/wiki/index.php/Episode297#Stories pauldotcom hacking security blackhat bsides defcon Mon, 06 Aug 2012 02:30:40 +0000 pauldotcom, hacking, security, blackhat, bsides, defcon http://a.images.blip.tv/Pauldotom-pdc_ep297_p2244-410.jpg pauldotcom, hacking, security, blackhat, bsides, defcon <iframe src="http://blip.tv/play/hr4jgv_8DQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv_8DQI" style="display:none"></embed> Blackhat, BSides & Defcon Round-up http://creativecommons.org/licenses/by-nc-nd/3.0/ A414B66E-DF6E-11E1-9769-AF51E547FF07 http://blip.tv/pauldotcom/pdc_ep297_p1_1-6290855 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6290855 6274098 file no 0.0 2012-08-06T02:30:09Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 862 hr4jgv_8CwI http://blip.tv/play/hr4jgv_8CwI http://blip.tv/comments/?attached_to=post6290855&skin=rss Pauldotom-pdc_ep297_p1_1878-145.jpg http://pauldotcom.com/wiki/index.php/Episode297#Tech_Segment Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly http://pauldotcom.com/wiki/index.php/Episode297#Tech_Segment 862 YahooPartnerVideoID Blip post id 6290855 http://blip.tv/file/6274098 Technology Science & Technology youtube Pivot with Metasploit!&#13;&#10;&#13;&#10;http://pauldotcom.com/wiki/index.php/Episode297#Tech_Segment pauldotcom hacking security metasploit Mon, 06 Aug 2012 02:30:09 +0000 pauldotcom, hacking, security, metasploit http://a.images.blip.tv/Pauldotom-pdc_ep297_p1_1878-145.jpg pauldotcom, hacking, security, metasploit <iframe src="http://blip.tv/play/hr4jgv_8CwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv_8CwI" style="display:none"></embed> Pivot with Metasploit http://creativecommons.org/licenses/by-nc-nd/3.0/ 3E91A110-DB56-11E1-8790-F33BE5A7733C http://blip.tv/pauldotcom/hack-naked-tv-episode-41-6282931 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6282931 6266174 file no 0.0 2012-07-31T21:25:26Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 284 hr4jgv++FwI http://blip.tv/play/hr4jgv++FwI http://blip.tv/comments/?attached_to=post6282931&skin=rss Pauldotom-HackNakedTVEpisode41722-822.jpg In this episode we figure out why John is in the middle of Alaska. Links for this episode: http://tinyurl.com/AUZ-ISP-LEAK http://tinyurl.com/HNTV-SEC-TESTING-TOOL http://tinyurl.com/HNTV-40-NO-PATCH Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly In this episode we figure out why John is in the middle of Alaska. Links for this episode: http://tinyurl.com/AUZ-ISP-LEAK http://tinyurl.com/HNTV-SEC-TESTING-TOOL http://tinyurl.com/HNTV-40-NO-PATCH 284 YahooPartnerVideoID Blip post id 6282931 http://blip.tv/file/6266174 Technology hacking security beer pauldotcom Tue, 31 Jul 2012 21:25:26 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakedTVEpisode41722-822.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jgv%2B%2BFwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv++FwI" style="display:none"></embed> Hack Naked TV Episode 41 http://creativecommons.org/licenses/by-nc-nd/3.0/ C80F21C0-CF52-11E1-938D-BC9CD0AB2AE7 http://blip.tv/pauldotcom/episode-6256638 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6256638 6239862 file no 0.0 2012-07-16T14:30:24Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2213 hr4jgv3wYgI http://blip.tv/play/hr4jgv3wYgI http://blip.tv/comments/?attached_to=post6256638&skin=rss Pauldotom-ep_296_p3_1930-368.jpg So says Santa, 10 things that are not tricks or ingenious and more! http://pauldotcom.com/wiki/index.php/Episode296#Stories Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly So says Santa, 10 things that are not tricks or ingenious and more! http://pauldotcom.com/wiki/index.php/Episode296#Stories 2213 YahooPartnerVideoID Blip post id 6256638 http://blip.tv/file/6239862 Technology Autos & Vehicles youtube So says Santa, 10 things that are not tricks or ingenious and more!&#13;&#10;&#13;&#10;http://pauldotcom.com/wiki/index.php/Episode296#Stories pauldotcom hacking security Mon, 16 Jul 2012 14:30:24 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-ep_296_p3_1930-368.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgv3wYgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv3wYgI" style="display:none"></embed> Drunken Security News #296 http://creativecommons.org/licenses/by-nc-nd/3.0/ 74445F9A-CF40-11E1-8283-CA66D50DAE6A http://blip.tv/pauldotcom/hack-naketv-episode-40-this-time-for-real-6256478 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6256478 6239702 file no 0.0 2012-07-16T12:19:13Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 280 hr4jgv3vQgI http://blip.tv/play/hr4jgv3vQgI http://blip.tv/comments/?attached_to=post6256478&skin=rss Pauldotom-HackNakeTVEpisode40ThisTimeForReal312-746.jpg This is a repost of episode 40. Sorry about the audio glitch. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly This is a repost of episode 40. Sorry about the audio glitch. 280 YahooPartnerVideoID Blip post id 6256478 http://blip.tv/file/6239702 Art hacking security beer pauldotcom Mon, 16 Jul 2012 12:19:13 +0000 hacking, security, beer, pauldotcom http://a.images.blip.tv/Pauldotom-HackNakeTVEpisode40ThisTimeForReal312-746.jpg hacking, security, beer, pauldotcom <iframe src="http://blip.tv/play/hr4jgv3vQgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv3vQgI" style="display:none"></embed> Hack NakeTV Episode 40.. This time for real. http://creativecommons.org/licenses/by-nc-nd/3.0/ 3C163C04-CF38-11E1-9BB6-AA4C4445169E http://blip.tv/pauldotcom/pdc_ep296_p1_1-6256431 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6256431 6239655 file no 0.0 2012-07-16T11:20:23Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2062 hr4jgv3vEwI http://blip.tv/play/hr4jgv3vEwI http://blip.tv/comments/?attached_to=post6256431&skin=rss Pauldotom-pdc_ep296_p1_1514-36.jpg Ben and Lawrance joins us to talk shop, tell us what its like to be pen testers in the UK, tips, tricks and more! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Ben and Lawrance joins us to talk shop, tell us what its like to be pen testers in the UK, tips, tricks and more! 2062 YahooPartnerVideoID Blip post id 6256431 http://blip.tv/file/6239655 Technology Science & Technology youtube Ben and Lawrance joins us to talk shop, tell us what its like to be pen testers in the UK, tips, tricks and more! pauldotcom hacking security Mon, 16 Jul 2012 11:20:23 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_ep296_p1_1514-36.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgv3vEwI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv3vEwI" style="display:none"></embed> Pentesticles - Penetration Testing with Balls http://creativecommons.org/licenses/by-nc-nd/3.0/ 39494890-CF38-11E1-BD18-B3E2FACD50BC http://blip.tv/pauldotcom/pdc_ep296_p2v2-6256430 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6256430 6239654 file no 0.0 2012-07-16T11:20:18Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 1334 hr4jgv3vEgI http://blip.tv/play/hr4jgv3vEgI http://blip.tv/comments/?attached_to=post6256430&skin=rss Pauldotom-pdc_ep296_p2v2233-670.jpg Ben Jackson wrote some awesome Python scripts to setup a wireless honeypot. He comes on the show to give us a technical tutorial. http://pauldotcom.com/wiki/index.php/Episode296#Tech_Segment:_Ben_Jackson Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Ben Jackson wrote some awesome Python scripts to setup a wireless honeypot. He comes on the show to give us a technical tutorial. http://pauldotcom.com/wiki/index.php/Episode296#Tech_Segment:_Ben_Jackson 1334 YahooPartnerVideoID Blip post id 6256430 http://blip.tv/file/6239654 Technology Science & Technology youtube Ben Jackson wrote some awesome Python scripts to setup a wireless honeypot. He comes on the show to give us a technical tutorial.&#13;&#10;&#13;&#10;http://pauldotcom.com/wiki/index.php/Episode296#Tech_Segment:_Ben_Jackson pauldotcom hacking security wireless wifi Mon, 16 Jul 2012 11:20:18 +0000 pauldotcom, hacking, security, wireless, wifi http://a.images.blip.tv/Pauldotom-pdc_ep296_p2v2233-670.jpg pauldotcom, hacking, security, wireless, wifi <iframe src="http://blip.tv/play/hr4jgv3vEgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv3vEgI" style="display:none"></embed> Wireless Honeypots Using Claymore http://creativecommons.org/licenses/by-nc-nd/3.0/ 74534FD4-C9B2-11E1-9C73-EBFDE2A27AA9 http://blip.tv/pauldotcom/pdc_ep295_p2-6244857 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6244857 6228080 file no 0.0 2012-07-09T10:40:09Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 694 hr4jgv2UXQI http://blip.tv/play/hr4jgv2UXQI http://blip.tv/comments/?attached_to=post6244857&skin=rss Pauldotom-pdc_ep295_p2754-277.jpg This segment talks about how to use custom Nmap NSE scripts to discover web services and take a screenshot of the resulting web page. Based on a script made available by Trustwave Spiderlabs, more information and full how-to can be found here: http://pauldotcom.com/wiki/index.php/Episode295#Tech_Segment:_Using_Nmap_To_Screenshot_Web_Services Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly This segment talks about how to use custom Nmap NSE scripts to discover web services and take a screenshot of the resulting web page. Based on a script made available by Trustwave Spiderlabs, more information and full how-to can be found here: http://pauldotcom.com/wiki/index.php/Episode295#Tech_Segment:_Using_Nmap_To_Screenshot_Web_Services 694 YahooPartnerVideoID Blip post id 6244857 http://blip.tv/file/6228080 Technology pauldotcom hacking security privacy nmap Mon, 09 Jul 2012 10:40:09 +0000 pauldotcom, hacking, security, privacy, nmap http://a.images.blip.tv/Pauldotom-pdc_ep295_p2754-277.jpg pauldotcom, hacking, security, privacy, nmap <iframe src="http://blip.tv/play/hr4jgv2UXQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv2UXQI" style="display:none"></embed> Using Nmap To Screenshot Web Services http://creativecommons.org/licenses/by-nc-nd/3.0/ 5632AC68-C9B5-11E1-9CFF-A2AADE8B1C1D http://blip.tv/pauldotcom/pdc_ep295_p1_1-6244865 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6244865 6228088 file no 0.0 2012-07-09T11:00:47Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2929 hr4jgv2UZQI http://blip.tv/play/hr4jgv2UZQI http://blip.tv/comments/?attached_to=post6244865&skin=rss Pauldotom-pdc_ep295_p1_1446-249.jpg Randy is the CISO for Virginia Tech and a co-author of the original FBI/SANS Institute &quot;Top 10/20 Internet Security Vulnerabilities&quot; document that has become a standard for most computer security and auditing software. He is the co-author of the SANS Institute&apos;s &quot;Responding to DDOS Attacks&quot; document that was prepared at the request of the White House in response to the attacks of 2000. He is also acknowledged as one of the North American masters of the hammer dulcimer. Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Randy is the CISO for Virginia Tech and a co-author of the original FBI/SANS Institute &quot;Top 10/20 Internet Security Vulnerabilities&quot; document that has become a standard for most computer security and auditing software. He is the co-author of the SANS Institute&apos;s &quot;Responding to DDOS Attacks&quot; document that was prepared at the request of the White House in response to the attacks of 2000. He is also acknowledged as one of the North American masters of the hammer dulcimer. 2929 YahooPartnerVideoID Blip post id 6244865 http://blip.tv/file/6228088 Technology pauldotcom hacking security ipv6 Mon, 09 Jul 2012 11:00:47 +0000 pauldotcom, hacking, security, ipv6 http://a.images.blip.tv/Pauldotom-pdc_ep295_p1_1446-249.jpg pauldotcom, hacking, security, ipv6 <iframe src="http://blip.tv/play/hr4jgv2UZQI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv2UZQI" style="display:none"></embed> Randy Marchany Interview - University Security, IPv6, BYOD http://creativecommons.org/licenses/by-nc-nd/3.0/ 585BFF08-C9B5-11E1-90CD-F7EF3245BC49 http://blip.tv/pauldotcom/pdc_ep295_p3-6244866 pauldotom 690458 pauldotcom pauldotcom PaulDotCom Security Weekly TV http://blip.tv/pauldotcom http://a.images.blip.tv/Pauldotom-picture972.jpg 6244866 6228089 file no 0.0 2012-07-09T11:00:50Z English Tech 0 0 0 5 Tech & Gadgets Tech & Gadgets 2 2718 hr4jgv2UZgI http://blip.tv/play/hr4jgv2UZgI http://blip.tv/comments/?attached_to=post6244866&skin=rss Pauldotom-pdc_ep295_p3908-882.jpg Malware modifying .htaccess files and so much more! Creative Commons Attribution-NonCommercial-NoDerivs 3.0 searchonly Malware modifying .htaccess files and so much more! 2718 YahooPartnerVideoID Blip post id 6244866 http://blip.tv/file/6228089 Technology pauldotcom hacking security Mon, 09 Jul 2012 11:00:50 +0000 pauldotcom, hacking, security http://a.images.blip.tv/Pauldotom-pdc_ep295_p3908-882.jpg pauldotcom, hacking, security <iframe src="http://blip.tv/play/hr4jgv2UZgI.x?p=1" width="720" height="433" frameborder="0" allowfullscreen></iframe><embed type="application/x-shockwave-flash" src="http://a.blip.tv/api.swf#hr4jgv2UZgI" style="display:none"></embed> Drunken Security News #295 http://creativecommons.org/licenses/by-nc-nd/3.0/