Hi guys,
Well just to give you all the heads up, one of the talks from our successful Software Freedom Day Dundee 2009 even http://hackerpublicradio.org/eps.php?id=0471t
The talk was by Andrej Hajto, and he discuss VoIP and h323. He also discuss some security issues with the protocol. It was a very interesting talk, and i hope you all enjoy it.
Direct Download
Howdie Folks,
Well as promised trying to be proactive with my blogging, but hey I’m here and doing it so enough with the self bitching.
I have some truly awesome news for the HackerPublicRadio.Org show 467, Frank “@AutoNessus” Breedijk came on to a call with me, to discuss his project AutoNessus.
AutoNessus is a program designed to help with regular vulnerabilities scans, and it enables the user the ability to manage the reporting of discoveries. Its original concept was designed to help Frank, with Nessus scans, and then with all great stories he opened it up and released it to the world (i believe his employers are very supportive of this). However i think its fair to say that the program has grown beyond its original design, and now is supporting more than just Nessus.
AutoNessus is currently being re-written, and a whole new version change is coming. With plans to support more and more scanning tools. It looks like AutoNessus is going to be a rocking ethical hacking tool. With these changes its time to remove the pegging of the term AutoNessus, implies. Namely its for Nessus (now AutoNessus is in no way connected with Tenable, the owners of the Nessus program and brand.).
Frank is a true gentleman and i have grown very fond of him and his project, and i always love the chance to shoot the breeze with him, so when he asked if there was anyway that HackerPublicRadio.Org audience could help, the natural answer was lets do a show. This is the result of it.
So Frank has asked everyone at HackerPublicRadio.Org (and the rest of the Internet world), to please have a think about what AutoNessus should be renamed to and supply him suggestions. He during his forth coming talk at Confidence Poland in mid November will announce the new name of the project. The winner of the best suggestion also has a bottle of champagne coming their way.
The name must be free for Frank to use, and the suggestion being made is being made knowing that the name will be used for the project, so all rights to that name will be waived by the person making the suggestion. That the URL should be available, apart form that he’s open to ideas.
You can contact Frank in numerous ways they are listed below;
or suggestions AT autonessus DOT com
and for the awesome rename movie (a little tongue in cheek) www.tinyurl.com/renamemovie
Catch Frank at www.cupfighter.net
The show can be downloaded here
I think i’ll submit a suggestion of FiMoT (FindMoreTime)
Hi Guys,
Sure most people have heard but the Moxie Marlinspike interview was released yesterday, he’s had a pretty strange week or so. As you guys also know he had his PayPal account suspended, more on that story can be found here.
I’m also pretty glad to say that the CryptoAPI was patched this week, 10 weeks or so after the disclosure of the the Null Prefix Attack. I’ve heard a few argue that this is probably a lot to do with some wild-card certs being out in the wild (all though not from Moxie).
The mp3 version of the show can be downloaded from here
The ogg version of the show can be downloaded from here
My previous blog post on the interview can be found here
#
<– me too! me too! – me2 2 #
#Well guys in keeping with my promise to be more proactive with my blogging and not to put it off, I had the great pleasure of interviewing Moxie Merlinspike last night for my HackerPublicRadio.Org podcast show. Some of you will be familiar with that name, and some of you won’t.
Moxie is the author of a couple of well known tools, some of which can be used against SSL (Secure Sockets Layer), and https. Namely SSLStrip and SSLSniff, his recent exploits with SSL will shock even the most non-technical of readers. He managed to break SSL, at an implementation level, which is to say how SSL cert are actually issued by Certification Authorities, and then how these certs are checked by application such as web browsers or chat messengers. His exploit (if it can be called that), is known as a Null Prefix Attack, and is surprisingly simple to understand, a copy of the white paper can be found on his site. I’d recommend anyone to go over to his site, its there that you find that Moxie’s not your ordinary security geek but a man with lots of interesting distractions, such as his USCG Master Mariner’s license, which allows him to deliver yacht world wide.
I have been impressed by his work, since I was turned on to it by my friends at ChrisJohnRiley & AutoNessus when I interviewed them from their return from Blackhat/Defcon 17. Since then I have done my damndest to pass the information about the Null Prefix Attack to everyone that would listen.
During the interview he remarked how surprised he was that the Window’s Operating System community was not up in arms, as their system is still vulnerable to the Null Prefix Attack, due to CryptoAPI not being patched yet. When you think that this also means that browsers that are safe on other platforms are not on Window’s such as Google’s Chrome, it really is a shocking state of affairs.
It wasn’t till about an hour before I interviewed Moxie did a relies the extent to the tools that he has developed and released, and it was nice to ask him some questions about them. It was nice to hear about his port knocking implementation KnockKnock, and Tortunnel too
During the interview we talked about;
SSLStrip, SSLSniff, Null Prefix Attack, Defeating OCSP, KnockKnock, Tortunnel, Hitchhiking, DeepSec
Of course I’ll let you guys know when the interview is out, and if you want to learn more about Moxie then here is some stuff to keep you going
http://www.thoughtcrime.org/software/sslsniff/video/null-prefix-attack.mov Null Prefix Attack Talk
http://securitytube.net/Defeating-SSL-using-SSLStrip-(Marlinspike-Blackhat)-video.aspx Defeating SSL using SSLStrip Talk
http://www.youtube.com/watch?v=Rvp0oPluuLE Blackhat DC interview
http://pauldotcom.com/2009/09/pauldotcom-security-weekly—e-25.html PaulDotCom.com Interview with Moxie
Finux Singing Off
Well just to get this out of the way, i have listed all the podcast shows that i have done on HackerPublicRadio.Org, with a very short write up about each.
If you don’t know what HackerPublicRadio.Org, well basically its a daily podcast show. It has a number of correspondents that produce shows on a number of different things. I have been doing a regular show for them for a little while, generally speaking my shows tend to be focused on Ethical Hacking, or Linux.
Sure it will be of no interest to people but here goes;
This was my first venture into podcasting, and it was originally recorded for Linux Basement as segment in their security season.
I did some rootkit research as part of some university course work, and its just a very basic run down of what are rootkits.
This was my second, and all though the title suggests its about Kismet, its actually about how to set up a war driving rig using Linux and Google Maps.
This was also originally recorded for Linux Basement
If your wondering what war driving is, its basically looking for wireless access points, and plotting their geographical location on a map.
0161 – Hacking WEP | 2008-08-12
This was my first proper episode for HackerPublicRadio.Org and is how you can crack WEP encryption using Linux. Its a very rough episode and really its proving a point that really anyone can break WEP, with a little research. Like now at the time ISP’s where sending out Wireless Routers with this very weak encryption on as default. It offers NO PROTECTION
0170 – Resetting Windows Passwords | 2008-08-25
This was just a short episode on how you can use Linux to reset a lost Windows XP admin password.
Not very exciting but it may of been of some use to someone.
0193 – What is Free Software | 2008-09-25
This was recorded at Dundee’s first Software Freedom Day. Really its just about what is, and why is free software important.
As many know i’m very passionate about free software, and how it can help to empower people.
0215 – Guide to using linux Rainbow tables | 2008-10-27
This was a guide to Rainbow tables, which is a set of lookup tables we can use to discover password hashes. The tool could be used in connection with a hack to steal the sam password file on some Window systems.
If i remember correctly i also talk about some countermeasures that you can use so you are not victim to it.
0315 – Interview with ChrisJohnRiley | 2009-03-16
Probably a turning moment for my HackerPublicRadio.Org show, its is a beginning of a mini-series i had in mind. The idea was to speak to people from the Ethical Hacking world, about what it is we do, how to get involved, and their experiences. I had four scheduled.
It sorted of grew from there, and really since then my shows have been more a list of interviews than technical guides
ChrisJohnRiley is a penetration tester who i interviewed, i have done a few shows with him since. All round good guy
0333 – BruCON Interview | 2009-04-09
I was very lucky to get to interview Benny from BruCON a couple of months before the event. He’s an awesome dude, and BruCON was a super success.
0353 – Pete Wood Interview | 2009-05-07
Awesome, awesome, awesome. I was very happy to get The Famous Pete Wood from First Base Technologies. The man is a UK hacking legend, and like me a media whore to boot.
0420 – Defcon 17 Interview | 2009-08-12
I was really lucky to get ChrisJohnRiley and Frank Breedjik about their trip to Defcon 17 in Vegas. Was nice to get their views and impressions from the event. I’m a jealous, hell yeah
0445 – HAR Update with Chris n’ Frank | 2009-09-15
Awesome got Frank and Chris on the line again, after their trip to Hacking At Random.
0451 – Podcasting: From Mic to Audience | 2009-09-23
This was one of my talks at this years (2009) Software Freedom Day Dundee. It was an awesome event, and i enjoyed doing my talks.
The talks about how anyone can get into podcasting and it how you can even get into it for free.
0454 – BruCon Interview | 2009-09-29
I was over the moon to get this interview, i managed to get Benny from BruCON but this time after the event. ChrisJohnRiley also joined us on the call too. It was nice to get him after the high of BruCON, and it was nice to get Chris’s impressions from the event too.
0456 – What is Free Software | 2009-10-01
This was me again at Software Freedom Day Dundee doing a talk about free software again. It was loosely based on the one i did the year before. As you can tell i like free software
Well in a break from the norm i’m doing a non-hacker/podcaster post, which is a bit cheeky of me to say as i haven’t posted anything. Hey it was damn interesting day, and if your in Dundee then its well worth it.
My friend does historical tours, and he has one about Dundee. I’ve been meaning to go for sometime however as the story of my life goes i have been ‘putting it off’. However for the first time in a while i was left with some free time on a Saturday, and rather than spend the day sat in front of a screen i decided to go out, and as an organic an idea as it was i ended up on his tour.
Now i have to be honest, i’m no historian, but i have heard my friend talk about history a few times but only in the pub. I’ve lived in Dundee for quite a few years, in fact most of my twenty’s have been in the ‘city of discovery’ and i’m pretty ashamed to say i know very little about the place. I have the sneaky feeling that i’m not alone in this, however it really rocked my world to actually see the immense history Dundee has.
I’m used to seeing the brutal face of industrialization, and the even uglier face of when industry up sticks and leaves. In the face of gray and black, with ‘Desperate Dan‘ watching the shoppers go by its hard to think of Dundee’s medieval past, but peeling the layers away like a proverbial onion its history is revealed.
The tour starts at Discovery Point, which is the home of the RRS Discovery the vassal used by Scott to go to Antarctica, however the tour focus on even further back in time than that. Even at this point in the tour i’m pleasantly surprised and shocked that where i’m standing is actually where the ‘River Tay‘ flowed, and we are all standing on reclaimed land. Throughout his tour, i was truly impressed by it all and never a moment past with out me learning something new.
Dundee has a history the spans the world, sometimes its forgotten, but the jute trade put Dundee’s industrial finger prints in far reached places of the world. Those far reached place also left their impressions on Dundee itself, and if you dig a little deeper through the streets and ‘wynd’s‘ of Dundee its that history that is revealed.
The tour was excellent, and i learned a great deal in a couple of hours. If your in Dundee, or visiting then you really should make the time and go on the tour. For those of us that live in Dundee or near it, there is no excuse.
A chance to see real life history in the streets we walk in everyday, and for those visiting Dundee getting everything out the city they can.
Monday’s & Saturday’s 2pm
I thought the prices where incredibly fair, £6 and Students get it for £4.
More info can be found here http://www.taysidehistoricaltours.com
Finux signing off
Well I’ve been threating myself with writing a blog for quite sometime, and its just one of those things that always gets put to the side. However its time for me to stop the excuses and get my arse into gear.
So the plan is to start writing this blog regularly, i’d like to be one of those hardcore bloggers that blogs everyday, but hey lets be honest here its not likely to happen, but i reckon two to three times a week shouldn’t be too hard. I’m going to blog about my exploits in life, who i’m speaking to as part of my podcasting adventures and which ever projects i’m on the i’m allowed to talk about.
I’m also planning on blogging my previous HackerPublicRadio.Org shows, just so they are located in one easy place
So that aside i shall write a proper post, very soon
finux
