|
|
EpisodesFrom EuroTrashSecurity
Find The Podcast->>> http://www.eurotrashsecurity.eu/episodes/eurotrash.xml <<<- ->>> Also available through iTunes <<<- Microtrash 15Sharon Conheady will be giving a training on Social Engineering at Brucon and joins us to talk about that and Social Engineering in general. Find more about the training here : http://2010.brucon.org/index.php/Training#Training_.233:_Social_engineering Find more about Sharon's services here : http://www.firstdefenceis.com/ Episode 13Ivan Ristic recently talked at BlackHat in Las Vegas about the awesome research he did on SSL. On this episode he discusses that research, his work on modsecurity, why WAFs are far from dead and his view on information security in general. Saying we were honoured to have Ivan as our guest would be an understatement. Go listen for yourself.
Microcast 9We don't tend to post shownotes for Microcasts but since Microcast 9, featuring Source Conference organizer Stacy Thayer as our guest, includes a prize question, we make a difference here. the competition has ended and the winner has been contacted, thanks all for playing ! To win the free ticket to the Source Conference, provide us with the details about the first ever Keynote speaker at Source and send your answer to feedback@eurotrashsecurity.eu. We will draw a random name from the submissions on Friday August 30th and announce it our twitter account http://www.twitter.com/eurotrashsec . Episode 11We are joined by Pete Herzog from ISECOM to talk OSSTMM, The Bad People Project and Möbius Defense. Our GuestInterview with Pete Herzog (ISECOM) As Managing Director, Pete is the co-founder of ISECOM and is directly involved in all ISECOM projects. His main objective is for ISECOM to assure truth in security application and deployment. Pete focuses on scientific, methodical testing for controlling the quality of security, countermeasures, access controls, and business integrity. News Stories
http://news.cnet.com/8301-30684_3-20005055-265.html
http://news.bbc.co.uk/2/hi/technology/8684110.stm http://www.theregister.co.uk/2010/05/21/google_halts_wifi_payload_data_deletion/
http://attrition.org/errata/charlatan/gregory_evans/ligatt03/
BERLIN - Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data. Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict. "Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said. See http://news.yahoo.com/s/ap/20100512/ap_on_hi_te/eu_germany_wireless_passwords
http://www.theregister.co.uk/2010/05/19/share_scam_sucker_list_warning/
http://krebsonsecurity.com/2010/05/fraud-bazaar-carders-cc-hacked/
http://en.wikipedia.org/wiki/The_Real_Hustle http://www.bbc.co.uk/realhustle/
http://conference.auscert.org.au/conf2010/presenter.php?presenter_id=F_S
http://rpaulwilson.blogspot.com/
http://layer8.itsecuritygeek.com/layer8/comments/audit-instructions/ Call for papers
http://2010.hack.lu/cfp-hacklu2010.txt
http://2010.brucon.org/index.php/Lightning_Talks
https://blogs.apache.org/foundation/entry/call_for_participation_technical_talks FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 10We are joined by Philip M. Gollucci from the Apache Infrastructure team to talk about the recent Apache hack and how the industry has responded to the information released on the Apache blog. Our GuestInterview with Philip M. Gollucci (VP Apache Infrastructure)
http://blogs.apache.org/infra/entry/apache_org_04_09_2010 http://blogs.apache.org/infra/entry/apache_org_downtime_report News Stories
http://mashable.com/2010/04/23/blippy-credit-card-numbers/ http://mashable.com/2010/04/23/blippy-statement/
http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/
http://www.zdnet.co.uk/news/jobs/2010/04/28/uk-wide-cyber-security-challenge-kicks-off-40088794/
http://www.information-security-training.com/news/how-strong-is-your-fu-registration-and-rules/ Call for papers
http://plumbercon.org/ (14th May)
http://brucon.org (30th April) FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 9Andres Riancho from Bonsai Sec joins us to talk about the upcoming 1.0 release Our GuestAndres Riancho is the lead developer of W3AF the awesome Web Application Attack and Audit Framework. Andres is also the founder of Bonsai Sec, an information security company based in Argentina. You can find out more about Andres through http://www.bonsai-sec.com or on Twitter at http://www.twitter.com/w3af The W3AF project can be found on Sourceforge --> http://sourceforge.net/projects/w3af/ News Stories
http://www.sophos.com/blogs/gc/g/2010/04/06/uk-firms-face-500000-fine-losing-data/
http://www.trapkit.de/index.html
http://tacticalwebappsec.blogspot.com/2010/04/german-government-pays-hacker-for.html
http://journal.paul.querna.org/articles/2010/04/11/internet-security-is-a-failure/
http://www.guardian.co.uk/technology/2010/apr/08/digital-economy-bill-passes-third-reading
FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 8.5 (Exclusocast)In this exclusive interview we talk to Didier Stevens about his recent PDF discoveries and how his latest Proof of Concept really works. Our GuestDidier Stevens is a multiple time guest on the show and one of the coolest guys in Infosec. Didier is a security researcher from Belgium with a special interest in Adobe's PDF file format. He has discovered several flaws in the format and has some interesting views on information security in general. http://www.twitter.com/didierstevens FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 8Taking it to the Street.... Jayson E Street that is! Our GuestJayson E Street is the world renowned author of Dissecting the Hack, Conference organizer (exCon) and all round great guy. You can find out more about Jayson through http://www.dissectingthehack.com or on Twitter at http://www.twitter.com/jaysonstreet News Stories
http://www.theregister.co.uk/2010/03/08/cash_machine/
http://www.microsoft.com/technet/security/advisory/981374.mspx Exploit now in Metasploit (Video) http://blog.c22.cc/2010/03/11/internet-explorer-iepeers-dll-use-after-free/
http://www.theregister.co.uk/2010/03/12/password_cracking_on_crack/
http://www.theregister.co.uk/2010/03/10/uk_plastic_fraud/
http://www.theregister.co.uk/2010/03/12/ford_in_car_secure_wifi/
http://www.h-online.com/security/news/item/SecurityFocus-to-partially-shut-down-952967.html FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 7Getting our VoIP on with Sandro Gauci Our GuestSandro Gauci is an authority on VoIP (in)security from Malta. Didn't we already tell you we have awesome security people in Europe? He recently attended Hackcon as a speaker in Norway and he will most likely follow up his awesome VoIP workshop from last year at Brucon with a 2-day VoIP security course. You can follow Sandro on Twitter at http://www.twitter.com/sandrogauci You can find out more about Sandro and VOIPPACK for Canvas at http://enablesecurity.com/
News Stories
http://news.zdnet.co.uk/security/0,1000000189,40022674,00.htm
http://www.wired.co.uk/news/archive/2010-02/10/future-police-meet-the-uk%27s-armed-robot-drones.aspx
http://www.theregister.co.uk/2010/02/11/ms_bsod_update_glitch
http://www.theregister.co.uk/2010/02/10/nhs_doctor_site_security_takedown
http://www.suspekt.org/2010/02/19/sneak-preview-month-of-php-security-2010/ Courses going on in EuropeSANS Forensics 508: Computer Forensic Investigations and Incident Response Mentor: Florian Eichelberger Dates: Thursday, September 9, 2010 - Thursday, November 11, 2010 http://www.sans.org/mentor/details.php?nid=21388 SANS Security 560: Network Penetration Testing and Ethical Hacking Mentor: Erik Van Buggenhout Dates: Tuesday, April 20, 2010 - Tuesday, June 22, 2010 http://www.sans.org/mentor/details.php?nid=21434 FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 6Burping into your webapps ! Our GuestWe are once again honoured to have one of the smart European infosec peeps as our guest. This time Portswigger, the brain behind the awesome Burp Suite joins us to discuss the state of web applications and new features in the tool that every (webapp) pentester should be familiar with. He recently released version 1.3 ! You can follow Portwigger at http://www.twitter.com/portswigger More information on The Burp Suite can be found on http://www.portswigger.net News Stories
FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 5Injecting nonsense in your GRC tables ! Our GuestOn this episode we are joined by Justin Clarke, information security rockstar and well-known for his entertaining talks on SQL injection and his 2009 book "SQL injection: Attack and Defense" (published by Syngress). We discuss the in and outs of SQL injection and search for the reason why it is still the number one threat to web applications. You can follow Justin at http://www.twitter.com/connectjunkie His book is available at http://bit.ly/86TvzX (Amazon) or http://bit.ly/92ZGab (Syngress) Prize QuestionJustin was so nice to offer us one copy of his book that we can give away to the first person who sends the correct answer to the following question to feedback@eurotrashsecurity.eu : In blind SQL injection, if you replace a string blah with blah' || 'blah and it still works, which database (or databases) would that suggest are present? Ok, so we failed to announce the winner in Episode 7 due some logistical issues but we're proud to announce the winner here. (drumroll ...) The winner is Jonathan James from Sweden !!! Enjoy the book Jonathan ! Now, since multiple answers could've been correct we selected the first person to submit at least 2 possible answers. The answer we started from, as provided by Justin was : "Oracle, Postgres or Ingres (and possibly others)" There are no specific rules for this giveaway other than that only residents of the EU are eligible. The most complete answer will be selected. If we have multiple correct answers the e-mail that arrives in our mailbox first will be the winner. Please include your full name and, if you have one, your twitter name. The winner will be announced on Episode 7, to be released in the week of February 22nd. News Stories
Chris was there and had an awesome time. the Chaos Computer Club conference is one of (if not the) oldest hacker conferences in the world and is getting better every year. If you weren't able to attend or watch the live streams, you can still get your geek on by watching the recorded presentations : http://events.ccc.de/congress/2009/wiki/Welcome
We discuss the impact of the 2010 bug on several technologies : http://www.h-online.com/security/news/item/EC-card-problem-persists-896549.html http://www.theregister.co.uk/2010/01/06/year_2010_payment_card_bug/ http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/ http://www.theregister.co.uk/2010/01/09/symantec_endpoint_manager_bug/
http://www.theregister.co.uk/2010/01/05/spanish_coup/
http://www.out-law.com/page-10652 FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 4The Crimbo edition ! A very special Xmas episode recorded together with the Exotic Liability crew. Chris, Craig, Dale and Wim are joined by Chris and Ryan to discuss what moved the infosec community on both sides of the big pond in 2009 and are looking forward to 2010. One certainty being you will receive more and better Exotic Trash / EuroLiability. Have a very merry Christmas and may your information not be compromized in 2010. Episode 3File:Http://www.eurotrashsecurity.eu/images/cookies.jpg Upcoming consUpcoming Events/Important Deadlines: Caro2010 in Helsinki, Finland Call for Papers deadline 31st January (Craig) (26th and 27th of May !) Note, speakers must pay their own way. Submit a half-page abstract of your talk via email to: cfp@caro2010.org http://caro2010.org/ BlackHat Europe (Barcelona, Spain) Call for Papers is out (Craig) http://www.blackhat.com/html/eu2010/registration/eu2010-cfp.html 26C3 end of December - Berlin http://events.ccc.de/congress/2009/wiki/index.php/Welcome Source Barcelona = September 21st and 22nd 2010. (CFP not open yet) Brucon, mark down 24th and 25th of September 2010 in your calendar. (CFP not open yet) Our guestEwout Meij (http://mokumvonamsterdam.blogspot.com). Ewout is an Amsterdam based security professional. Twitter handle: @mokum. He recently wrote a post on fudsec and we thought we'd bring him in for a chat about all things infosec... News Stories
http://www.dw-world.de/dw/article/0,,4952263,00.html
http://droit-finances.commentcamarche.net/legifrance/37-code-penal/89982/article-323-3-1 (In French) http://lists.immunitysec.com/pipermail/dailydave/2009-November/005964.html
http://forskningsavd.se/2009/11/29/i-can-haz-moar-bout-teh-reid/
http://g-laurent.blogspot.com/2009/11/releasing-icmpv4ip-fuzzer-prototype.html FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Episode 2News Stories
http://www.theregister.co.uk/2009/11/24/ripa_jfl/
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
http://cloudsecurity.org/2009/11/20/enisa-cloud-security-risk-assessment/
http://news.bbc.co.uk/1/hi/uk/8364421.stm
http://www.infosecurity-magazine.com/view/4800/uk-cios-reported-356-data-loss-incidents-last-year/ Special GuestWim ruined our first try to do an interview with Didier Stevens and luckily Didier agreed to free up some of his time to give it a second try. With redundant audio recordings, we managed to nail this one down. Didier is a security researcher from Belgium with a special interest in Adobe's PDF file format. He has discovered several flaws in the format and has some interesting views on information security in general. http://www.twitter.com/didierstevens FeedbackAs always, you can follow us on twitter (http://www.twitter.com/eurotrashsec) and we welcome your feedback via e-mail on feedback@eurotrashsecurity.eu . Thanks for listening and until the next time ! Episode 1This is Episode 1. Our tag line: [si-kyoor-i-tee] Security with funny accents The team:
Our thanks to
British Government to use talent competition to find the best young hackers (wim) apparently we are looking for the next Susan Boyle in information security ?
SANS London 09 (wim) Staying up-to-date comes with a hefty price tag :-( (chris) PaulDotCom's John Strand will be teaching and running a CTF event --> Friday Dec 4th
EU: Microsoft to test browser 'ballot screen' Dale helped to organize. We recap with him and Craig who was also attending and talk about future editions. |
