Security Weekly – Episode 8 – Dec 22, 2005

December 23, 2005
'- Paul & Larry drink spiked egg nog - Our Friends in Tech have put out their own "Geek Christmas Carol" - New format of the show for the new year, keep the main show short, add-in special features- Listener feedback: John writes in and asks us to share some of our training and real life experiences, as far as training how it helped us in our jobs and sharing some more stories. We do, and we will :-) - Check out the SANS Policy Resources - Question of the week from Jeff - "Is there a tool you can run to catch insiders tunneling ssh over outbound 443/tcp to their home *nix box and then tunneling X back so they can surf and/or download software?" Check out the Bleeding Snort sigs for monitoring SSH on a non-std port, try a Packeteer or Netenforcer, Proxy all outbound connections (Squid perhaps), Monitor the desktop (CSA maybe?) - Paul's conspiracy theory on Internet Week, Firefox "flaws" - Never use IE on a Mac, Support Ending - Guidance Software, makers on the forensic tool Encase, got hacked - Nikon Coolpix P2 is pretty cool, supports Wi-Fi and WPA - Oracle has partnered with Fortify Software, makers of Source Code Analysis software - If you want to hack your Linksys, don't buy a Series 5 WRT54G- Bypassing VLANs for Fun and Profit with Yersinia - A little history about Security Weekly- Single packet authentication with fwknop, and a new version of SSH Hosts: Larry Pesce, Paul Asadoorian Email: [email protected] Short Video Clip Direct Download Link (iPod Video) Audio Direct Download Link (Bandwidth provided by OSHEAN, powerful they are, like egg nog)
prestitial ad