Sign up to save your podcasts
Or
Share SecuraBit Episode 80: Our 8080 Episode
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SecuraBit Episode 80: Our 8080 Episode
SecuraBit Episode 80: Our 8080 Episode April 20, 2011
Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell
Guests: int80 - @dualcoremusic DualcoreMusic
General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y
NEWS:
Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11
Oracle Critical Patch Update Advisory - April 2011 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Verizon 2011 Data Breach Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf
Barracuda http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29 http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/ http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter http://www.flyingpenguin.com/?p=11513 “Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”
Texas http://www.txsafeguard.org/ http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html “Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”
Michigan Police taking your phones http://www.thenewspaper.com/news/34/3458.asp http://www.geekosystem.com/cellebrite-cellphone-hacker/ “The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”
Wordpress http://en.blog.wordpress.com/2011/04/13/security/ http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311
Georgian woman cuts off web access to whole of Armenia http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access
Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice http://www.f-secure.com/weblog/archives/00002134.html “Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”
Quick Mentions: FBI take down botnet http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411 Facebook adds 2 factor http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911 Flash 0 day: http://www.adobe.com/software/flash/about/ Anything below version 10.2.153.1 is vulnerable
Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events CEIC Orlando (15 – 18 May 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) #BSidesStJohns St. John's, NL (10 Jun 2011) #BSidesCT Meriden, CT (11 Jun 2011) FIRST Austria (12 - 17 June 2011) #BSidesVienna(18 June 2011) Toorcon (18 - 19 June 2011) #BSidesLasVegas (3-4 August 2011) BlackHat Vegas (3 - 4 August 2011) DEFCON 19 (4 - 7 August 2011) #BSidesLA Los Angeles, CA (18 - 19 August 2011) #BSidesMO(21 Oct 2011) #BSidesNewDelhi (22 - 23 October 2011) VB Barcelona October 2011
Links: http://www.securabit.com http://dualcoremusic.com/nerdcore/
Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
View all episodes
By SecuraBitSecuraBit Episode 80: Our 8080 Episode April 20, 2011
Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell
Guests: int80 - @dualcoremusic DualcoreMusic
General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y
NEWS:
Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11
Oracle Critical Patch Update Advisory - April 2011 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Verizon 2011 Data Breach Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf
Barracuda http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29 http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/ http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter http://www.flyingpenguin.com/?p=11513 “Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”
Texas http://www.txsafeguard.org/ http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html “Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”
Michigan Police taking your phones http://www.thenewspaper.com/news/34/3458.asp http://www.geekosystem.com/cellebrite-cellphone-hacker/ “The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”
Wordpress http://en.blog.wordpress.com/2011/04/13/security/ http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311
Georgian woman cuts off web access to whole of Armenia http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access
Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice http://www.f-secure.com/weblog/archives/00002134.html “Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”
Quick Mentions: FBI take down botnet http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411 Facebook adds 2 factor http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911 Flash 0 day: http://www.adobe.com/software/flash/about/ Anything below version 10.2.153.1 is vulnerable
Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events CEIC Orlando (15 – 18 May 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) #BSidesStJohns St. John's, NL (10 Jun 2011) #BSidesCT Meriden, CT (11 Jun 2011) FIRST Austria (12 - 17 June 2011) #BSidesVienna(18 June 2011) Toorcon (18 - 19 June 2011) #BSidesLasVegas (3-4 August 2011) BlackHat Vegas (3 - 4 August 2011) DEFCON 19 (4 - 7 August 2011) #BSidesLA Los Angeles, CA (18 - 19 August 2011) #BSidesMO(21 Oct 2011) #BSidesNewDelhi (22 - 23 October 2011) VB Barcelona October 2011
Links: http://www.securabit.com http://dualcoremusic.com/nerdcore/
Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8