carnal0wnage [Shared Reader]

Wednesday, May 21, 2008

podcast comments

Caught a couple more podcasts.

Old one from sploitcast from shmoocon. Most interesting part was the SCADA stuff. After seeing Jason Larson's talk on SCADA Security at BH D.C. it seems that even though the impact of SCADA can be pretty high, you aren't going to get into a SCADA system and start issuing arbitrary commands. There is a pretty big element of needing to know what protocols the system is speaking and figuring out what it can do. I'm oversimplifying, but its not like taking out the gas company is as easy popping it with dcom and hitting the blow up button (or issuing the blowup command on the commandline).

*edit* someone emailed me and said it was pretty much that easy as far as getting into those types of systems because they cant be patches. making them do bad things is a bit harder.


Of other interest was the talk about ZigBee (wikipedia definition).

ZigBee just may be the next new thing to break and to claim that the sky is falling about. The whole public safety wifi, 2nd link, 3rd link, 4th link net is more fun but probably wont win you any friends in LE. I can't find the link but I did read somewhere that encryption was optional in the standard...whoo hooo.

Network Security Podcast 103, best part was them talking about how Rich, Martin and Paul of pauldotcom got into the security business and the discussion on the CISSP certification. On the same topic, EthicalHacker.net has a really good interview with Ed Skoudis and big topic of the interview is getting into the security business.

Risky Business #61 & 62. I don't have anything to say about 62, but 61 was with HD Moore. I'm a self confessed metasploit fan, so pretty much anything related to that fires me up and HD's "evil EeePC" sounds awesome. Cool little laptops, karma and metasploit, owning people on the plane, too much fun. As soon as I can find someone selling the new Eee PC 900 in "hacker" galaxy black I'm all over that bad boy.

also caught pauldotcom #107. got nothing for you on that one. oops scratch that. Free wifi at starbucks by changing your user agent to "mobile safari" is the bomb.

Lastly, someone asked if I was actually getting anything out of the podcasts and the answer is yes. By the time I get to work I've got my mind right and I'm not totally focused on wishing I had a missile launcher in my car to blow up the asshat driving 55 in the fast lane.

No comments: