Howdie guys,

I’ve had the thumbs up for an idea i had for HPR (hackerpublicradio.org). Basically i’m taking over for a week, well sort of.

I’m doing 4 shows, Monday to Thursday then i’m gonna do a live Phone-in/feedback show.

The shows i’m doing are;

SSLSniff & SSLStrip.

The why’s, the what’s and the how’s. A show about why you would want to use these tools, how to install them and how you can deploy them on your test network.

TorTunnel

The why’s, the what’s and the how’s. Tortunnel is a tool used for making tor a one hop proxy, this doesn’t do much for annonymity but it does allow you to jump out of network segments, with out the three hop over head standard tor gives you. The show will look at how to install and get it up and running.

Kismet

Forget what finux has said in the past, they’ve changed Kismet. Kismet is in the process of a massive overhaul and everything from the UI to how it is configured is changed. The show will look at what kismet is, why you would use kismet and get it up and running.

Social Engineers Toolkit (SET)

The social engineers toolkit isn’t a fake telco’s engineers uniform and a doddgy fake mustache, it is however a collection of tools that can make social engineering a breeze, very good for testing companies readiness for these sort of attacks. The show will look at what SET is and what tools you can find in there, and of course how to get it up and running.

Friday Night HPR Live

So you’ve played with the tools from the past four episodes, they all worked no problems great. What happens if they didn’t, does it go on the back burner list until you find the time to make it work? No join us live to Friday night of the week for the phone-in/feedback show. Get some support, ask some questions, get them tools working. Got a good story about one of the tools then join us and share it.

Now the dates for the week long HPR series is penciled in form the 27th September till the 1st October (The 1st would be the Live show)

For the live show we’ll be using a mix of things i would imagine, TalkShoe.com, Skype and the likes, and of course IRC chat for the geekness.

I’d love to get people ideas, thoughts and feedback on the above.  It should be a real blast and if we can get the message out i’m sure the live show will be awesome.

Soon as its official i’ll let everyone know

Thought that I would write a very quick and dirty write up of an issue that I had when I upgraded Kubuntu 9.10 to 10.04. Normally my upgrades within the Ubuntu family fall into two categories, dead laptops and working desktops.

This fall into the dead laptops group, for most parts the upgrade worked fine apart from when it loaded up to KDM (Login Screen), an error was thrown about some theme not being there. Instead of doing something remotely useful it just crashed out and did nothing. I didn’t have any virtual terminals either (due to some pain in the arse Via graphics card hack i’ve had to do). I have also noticed that GRUB is pretty buggered too, but that’s another story when I have time and have got to the bottom of it.

Net result was, boot the system up on a independent media, mount the file-system. Look for the KDM config file, and edit it to point to a theme that was there. Not too much hard work if i’m honest.

Question I was left asking, if your going to remove a theme during an upgrade maybe a warning would have been nice, and why isn’t there a fall back in case something gets corrupted.

All in all nice upgrade, apart from some daft little things. Does seem to boot a lot faster, and a couple of little glitches fixed. As upgrades have gone, I have survived, each upgrade makes me a little wiser.

Hi Guys,

Thought i would post my submission to the he BruCON Security Conference.  As anyone that follows either of the Podcasts i’m involved in you’ll know that i have great affinity with the conference.  Tickets are available, if you book them now you’ll benefit from the early bird prices, their available from here.

Abstract Bellow

Free software and security – Defending on a budget

Talk submission BruCON

Arron “finux” Finnon

Talk is proposed and has not been given to any conference or user group before.  It will be in English.

I have given a number of talks on both security related topics and free and open source software.

http://finux.co.uk ||  http://tracsec.com ||  http://hackerpublicradio.org

From Personal Computers to Corporate infrastructure, times have required an attitude of evolution and change to defend against the many threats and challenges faced by users.  All though no one really likes to admit it, all users have to become defenders.  From “Harry Home Owner” to System Admins, educated informed decisions should always take precedence.

Free Software has the ability to stand at least ’shoulder-to-shoulder’ with its commercial counterparts, yet it faces attacks from groups that have a vested interested in seeing ‘commercial licensing’ prevail over ‘free and open licensing’ model, not all of these groups are in the ’security software’ sphere.

Legions of defenders work relentlessly on writing code that  not only competes in the real world, but enables its users freedom.  Its this very freedom that these relentless developers use to produce code, applications, and software used in defending against many threats, and attacks.

The talks aim is to look at some commonly used software that all users share and how Free Software can fit into that space.  It will cover some aspects of software used in commercial/corporate environment and how free software can liberate those users to evolve their software to fit their needs in defending against constantly changing threats and demands they face.

All though Free Software doesn’t mean that it comes without cost, in most cases it doesn’t have a price tag attached.  Its about freedom.  The talk will look at some of the Free Software that has little or no cost.  Security, defence, protection on a budget with Free Software.

The speaker hopes this talk will act as an ‘Anti-FUD’ (Fear Uncertainty Doubt) talk on free software and security.

Someone listening to talk can expect to leave knowing;

An understanding of what free software is, and how it differs from other types of software.  Some examples of flagship free software used in security, that has little or no cost.  How the ‘Free Software’ ethos can benefit those trying to defend themselves or assets against threats.  How people who wish to help and support free software projects can.  How people can promote and encourage free software within their organisations, and what ‘to do’ and ‘not to do’ when it comes to selling the concept of free software in the workplace.

Speakers Bio

Arron M Finnon (aka finux), has been involved in Free and Open Source software for over four years.  Whilst studying a hacking degree in Scotland’s technology hub Dundee, he was one of the founding officers of ‘The University of Abertay Dundee Linux Society’ and president for over three years, later  receiving the SCISA (Scottish Informatics and Computer Science Alliance) Open Source Award for exemplary Advocacy for his activities in promoting Free and Open Source Software.

Working with Local User Groups and communities members throughout United Kingdom to promote, encourage, and facilitate ‘Free and Open Source Software’ at a grass roots level has given Arron a unique and passionate view of ‘how’ and ‘where’ Free Software fits in the demanding real world.

As the ‘Team Leader’ and main organiser for the successful ‘Software Freedom Day Dundee’ events, in 2009 and 2010 he was able to engage with a large number of people who may never have experienced or engaged with Free Software ideals, and promote debate, discussion, and adoption with these people.

Gaining experience at public speaking about free software has enabled Arron to talk to people about many threats faced by users in the computing world, and he has spoken at a number of User Groups in the UK, as well as guest lecturing back at his old university on security related topics.

Arron has always managed to blend his love for ‘Free and Open Source software’ and ‘Computer Security’, and this has been expressed in many formats such has podcasting and public speaking.

A sample of some of Arron’s recorded talks can be found at http://www.hackerpublicradio.org/correspondents.php?hostid=85

Arron is also co-host on http://www.tracsec.com –A monthly security podcast

Arron now is an independent security researcher, consultant, and blogger.  You can find him at www.finux.co.uk and www.twitter.com/f1nux

END of ABSTRACT SUBMISSION

Remember you can get a great rate on the tickets if you book early, so be a good sport and get your ticket brought.  They are available from here.

PS all please cross your fingers for my talk to be accepted

finux

Well guys,

I’m very proud to announce good friend of mine and HackerPublicRadio.Org Frank Breedijk has annonuced recently that he project formally known as AutoNessus has changed its name.

“Seccubus is a mythical creature that helps security professionals analyze and report the results of, repeated, vulnerability scans. Like its distant cousins the Succubus (http://en.wikipedia.org/wiki/Succubus) and Incubus (http://en.wikipedia.org/wiki/Incubus) the Seccubus is also a creature of the night. At night, or any other scheduled time, the Seccubus draws its energy from repeatedly performing vulnerability scans  of infrastructures until the vulnerabilities become exhausted or die. The Inseccubus is the male counterpart of the Seccubus. While the Inseccubus draws his life energy from the assessor by repeatedly requiring him to (re-)analyse the same findings, the Seccubus get her energy from pleasing the assessor by reducing the number of findings by means of delta reporting.”

Now that the new name has been announced the “rebranding” will be complete before the end of the year. The website www.seccubus.com is already live but still points to the AutoNessus.com site. Also Frank’s twitter account, @autonessus, will be renamed to @seccubus soon.

Well done to Jason Mansfield, who runs the website http://www.clinicallyawasome.com, who won the contest by sending in the name Seccubus.

Frank has promissed to come on to HackerPublicRadio.Org and annonuce the news personally, i’ll keep you informed when the show comes out

Finux

Well guys, its sort of news.

I’m very glad to announce that as well as my HackerPublicRadio.Org show, i have been in talks with a few people and we have a new podcast in the making.  Its still very early days, and a couple more logistics things to be sorted but TRACsec podcast was born yesterday.

Its a security show which follows a pretty much tried and tested format, however half the crew are currently studying Ethical Hacking at a British university and the the other half of the crew involved in it in a full time basis.

I’m very excited about this show, I think its going to be something a little different as the crew have all varying expertise.  So it should be nice to take ideas and stories and work it from the ground up.

You can bet your arse I’ll let you know more when i do

Finux

Howdie Folks,

Well as promised trying to be proactive with my blogging, but hey I’m here and doing it so enough with the self bitching.

I have some truly awesome news for the HackerPublicRadio.Org show 467, Frank “@AutoNessus” Breedijk came on to a call with me, to discuss his project AutoNessus.

AutoNessus is a program designed to help with regular vulnerabilities scans, and it enables the user the ability to manage the reporting of discoveries.  Its original concept was designed to help Frank, with Nessus scans, and then with all great stories he opened it up and released it to the world (i believe his employers are very supportive of this).  However i think its fair to say that the program has grown beyond its original design, and now is supporting more than just Nessus.

AutoNessus is currently being re-written, and a whole new version change is coming.  With plans to support more and more scanning tools.  It looks like AutoNessus is going to be a rocking ethical hacking tool.  With these changes its time to remove the pegging of the term AutoNessus, implies.  Namely its for Nessus (now AutoNessus is in no way connected with Tenable, the owners of the Nessus program and brand.).

Frank is a true gentleman and i have grown very fond of him and his project, and i always love the chance to shoot the breeze with him, so when he asked if there was anyway that HackerPublicRadio.Org audience could help, the natural answer was lets do a show.  This is the result of it.

So Frank has asked everyone at HackerPublicRadio.Org (and the rest of the Internet world), to please have a think about what AutoNessus should be renamed to and supply him suggestions.  He during his forth coming talk at Confidence Poland in mid November will announce the new name of the project.  The winner of the best suggestion also has a bottle of champagne coming their way.

The name must be free for Frank to use, and the suggestion being made is being made knowing that the name will be used for the project, so all rights to that name will be waived by the person making the suggestion.  That the URL should be available, apart form that he’s open to ideas.

You can contact Frank in numerous ways they are listed below;

www.autonessus.com/contact-us

www.twitter.com/autonessus

or suggestions AT autonessus DOT com

and for the awesome rename movie (a little tongue in cheek) www.tinyurl.com/renamemovie

Catch Frank at www.cupfighter.net

www.autonessus.com

The show can be downloaded here

I think i’ll submit a suggestion of FiMoT (FindMoreTime)