--------------------------------------------------------------------------------
TracSEC -  Episode One – Hackerspaces, War Robots, and (Ab)using Facebook API's
--------------------------------------------------------------------------------

Tom Mackenzie, Ryan Dewhurst, Arron Finnon, Chris John Riley

Show length 1.37:28
--------------------------------------------------------------------------------

In the first episode of the tracSEC podcast, the boys talk to Esther
Schneeweisz (aka Astera) about hackerspaces and her forth coming talk at
26C3, entitled 'A Discourse On Robotic Warfare'.

The interview starts off with speaking to Astera about the global
hackerspace scene and what a hackerspace is.  Full of information about
the dynamics and logistics of hackerspaces, and how people can get
involved and how they may go about setting their own spaces.  The
interview finishes with Astera discussing her Robotic Warefare talk.

- http://twitter.com/astera
- http://astera.soup.io/
- http://hackerspaces.org
- http://events.ccc.de/congress/2009/wiki/Welcome

In the shows technical segment, the boys look at how Facebook can be
used as a valuable resource of data when attacking an organisation.
Focusing on using Facebook's own API to retrieve data on people who are
connected to a Facebook group.

Notes can be found here http://www.finux.co.uk/blog/?p=78

Other links .:

http://www.lightbluetouchpaper.org/2009/05/20/attack-of-the-zombie-photos/
http://theharmonyguy.com/

--------------------------------------------------------------------------------

To finish off the boys talk about a couple of news stories out on the wire.

http://www.wpacracker.com/

Moxie launches cloud WPA Cracking site.  He's just a fucking legend, but
don't use paypal to pay him in dough (great write up by finux)

BruCON dates annouced:

http://blog.brucon.org/2009/12/brucon-2010-save-date-24-25-sept.html

Mark it in your calendar: BruCON 2010 will be on 24 & 25 September
2010!! Pass the word!!

Children in the UK to be compulsory taught Internet safety within
primary school:

http://news.bbc.co.uk/1/hi/technology/8398763.stm

Lessons in using the internet safely are set to become a compulsory part
of the curriculum for primary schoolchildren in England from 2011. The
lessons are one element of a new government strategy being unveiled
called "Click Clever, Click Safe".  Children will also be encouraged to
follow an online "Green Cross Code" and block and report inappropriate
content.

http://praetorianprefect.com/archives/2009/12/unu-gets-kaspersky-again/

Unu, a Romanian hacker (one who may enjoy the challenge of breaking into
other computers but does no harm) who we've talked about on the site
before has been busy with his fifth demonstrated SQL Injection
vulnerability on the web site of a well known company in the last 30
days. This time he has again targeted Kaspersky Labs, the anti-virus
vendor that he previously demonstrated web site vulnerabilities for back
on February 7th of this year. The sites affected this time around are
the Kaspersky Lab sites in Malaysia http://www.kaspersky.com.my and
Singapore http://www.kaspersky.com.sg. On both sites it is a news
section, news.php, that is vulnerable, leading to the same MySQL
database backend, and exposing customer and employee access credentials
as well as what appear to be activation keys for Kaspersky Internet
Security 2010.

http://www.theregister.co.uk/2009/12/14/microsoft_cofee_vs_decaf/

Hackers have released software they say sabotages a suite of forensics
utilities Microsoft provides for free to hundreds of law enforcement
agencies across the globe.

Decaf is a light-weight application that monitors Windows systems for
the presence of COFEE, a bundle of some 150 point-and-click tools used
by police to collect digital evidence at crime scenes. When a USB stick
containing the Microsoft software is attached to a protected PC, Decaf
automatically executes a variety of countermeasures.

** This episode was recorded prior to the self-destruct mechanism of
DECAF being activated **

Show can be downloaded from here