Content

Ramblings, Rants and a Few Stories – Episode 347

This week's show notes are actually packed with stories from Paul, Larry, Allison and Jack. However, the show's discussion? Yeah, not so much. Instead the team went off on various tangents, rants and discussions with a few security stories mixed in. It's a nice change up once in a while. Check it out! Please tell us that you've heard of The Crystal Method. Apparently some of Paul's buddies haven't. The group rocked DerbyCon and even spent a while chatting up Larry about Star Wars! Have you tried a Bud Light Clamato yet? Next time you see Allison, she'd love for you to buy her one! Or not, I can't remember which way that one was. If you're not familiar with Adrian "Irongeek" Crenshaw, and the conference video recording that he does on the side, the man is the best in the business. He gets dozens of high quality conference videos up incredibly fast. If you want to see talks from DerbyCon, go check out Adrian's web site at http://www.irongeek.com.
Some people want to order Hack Naked t-shirts and its been a while since Paul has offered them online, but it's coming! Soon you'll be able to buy Hack Naked shirts online for a very reasonable price. After about 15 minutes of just rambling, Larry, Jack, Allison, John and Paul finally get to the stories of the week and start with the Silk Road bust. The real point here is that if you're going to deal drugs, hire people for murder, deal in guns, then you might want to be real careful with your opsec. Don't post on StackOverflow with your real name and some code that you actually have on your hacking software. Be careful about linking your real email account on the sites. And how many times have we warned you about using open wireless at a local coffee shop?!? Maybe read up a little more about sock puppets, and keep them straight! Speaking of T-shirts...there's the Yahoo bug bounty program. If you find a bug in Yahoo, they gave you $12.50. Woohoo! Well, it gets even better. It's not just $12.50 but it's not even cash. It's only a *credit* at the Yahoo company store where for your $12.50, you can get a Yahoo T-shirt. Then again, selling a Yahoo 0-day on the open market might be worth about the same as one found for Friendster, Pets.com or Geocities. Allison has the story about some of the personal data repository giants getting hacked. These are the businesses that store our social security numbers, date of birth, etc. These are the sources that are used to conduct basic background checks. Some of these include LexisNexus, Kroll Background America and Dun & Bradstreet. However, LexisNexus was kind enough to reassure all of us that after their own internal investigation, they see no evidence of any personal data being viewed or accessed. Uh huh... Allison also made reference to Adobe getting hacked to where the source code for Acrobat and ColdFusion getting stolen and then mentions how the NW3C got pwned because they were running an outdated version of ColdFusion. Honestly, I thought that was the only kind of ColdFusion that still existed, "outdated". Anyway, Larry and John mention that with ColdFusion being a little old, and PHP has been just taking a beating lately with regard to security, and umm, do we even need to bring up Java? It's making the .NET platform look a whole lot better, especially if you use the tools and framework given. If functions in the framework exist, use them! Don't write your own. If input sanitization functionality exists, use it! Lastly, in case you haven't heard, the United States government is in a bit of a shutdown mode. Hundreds of thousands of government employees have been furloughed, sent home from work. Larry mentioned that he was looking to do some research this week that involved the FCC. He went to the FCC web site, entered his search terms and got a message that the search functionality is down. However, he was able to find a document that detailed what the FCC's staffing plans were during the shutdown. It told of exactly who was being furloughed and exactly when the online and physical security would be in place. Additionally, it mentions that only three of the normal twenty-three employees are still in place. It just might not be the best of ideas to tell the whole world exactly how understaffed you are and where your soft, unprotected underbelly is. Just a hunch. Anyway, there was a bunch of rambling this week with a couple stories mixed in. As Jack mentioned, there actually were a bunch of great stories this week on the show notes. The team actually does a good job of writing up a little synopsis on each to help give you an idea of what the story is about, and to help them remember what to talk about on the show. So that's if for this week, catch us again every Thursday night at 6 pm Eastern time.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.