POPULARITY
The Cider Institute: Training the Next Generation of Cider Makers The Cider Institute, formerly known as the Cider Institute of North America (CINA), is the premier resource for cider education. Founded in 2016 at CiderCon, the Institute focuses on training cider makers of all levels, from beginners to advanced professionals. With a growing global reach, the Institute now offers online and in-person courses, making cider education more accessible than ever. In this episode we speak with the Cider Institute's Executive Director Brighid O'Keane. Executive Director Brighid O'Keane Core Offerings: Cider Education for All Levels The Cider and Perry Production Foundation Course is the flagship program, covering everything from apple selection to fermentation, chemistry, microbiology, and post-production techniques. This 12-week online course includes weekly Zoom sessions with industry experts, ensuring hands-on engagement even in a virtual format. For those just getting started, the upcoming Cider Making 101 will be a self-directed, beginner-friendly course, introducing enthusiasts to the fundamentals of cider without the deep technical dive of the foundation course. For experienced cider makers, advanced courses cover topics like: Safety & Sanitation – Ensuring proper practices in cider production Sensory Analysis – Understanding cider flavor profiles Laboratory Testing – Learning critical quality control techniques Operations-Focused Hands-On Training – A five-day immersive experience A Global Perspective on Cider Training With increasing international interest, the Cider Institute is expanding worldwide. Upcoming in-person classes for 2025 will be offered at Brock University (Canada), Washington State University, and Virginia Tech, with plans for courses in the UK and beyond. The Institute also runs production tours, fostering knowledge exchange between cider makers across regions. (Left to right) Board Members – Christine Walter, Brighid O'Keane E.D., Nick Gunn, Chris Gerling, Steven Trussler, Nicole Leibon, Dave Takush, Kira Bassingthwaighte Contact Info for the Cider Institute Website: https://www.ciderinstitute.com/ Mentions in this Cider Chat Totally Cider Tours Kordick Family Farm – newsletter sign up at https://kordickfamilyfarm.com/ Note the apple pretzels in the tree below Know Your Roots Consulting – newsletter sign up at
Cider is booming. The market for cider has grown nine fold since 2010, and New York state is spearheading this growth, with more than 70 cider producers, more than in any other state. But what does it take to make good cider? As Gregory Peck, assistant professor of horticulture at Cornell University says, more than ever, producers and growers “need science-based recommendations” in order to most effectively produce the best apples for the best cider. In this episode, we talk to Greg Peck, Chris Gerling, an enology extension associate and manager of the Vinification & Brewing Laboratory at the New York State Agricultural Experiment Station in Geneva, NY, and apple breeder Susan Brown, professor of horticulture and plant breeding & genetics at Cornell University. We’ll find out what it takes to make and grow a cider apple, and how the cider industry is growing and changing.
SecuraBit Episode 84: Tech Talk with Scott Moulton June 15, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Guests: Scott Moulton - @scottamoulton - http://www.myharddrivedied.com/ Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events #BSidesLasVegas (3-4 August 2011) BlackHat Vegas (3 - 4 August 2011) DEFCON 19 (4 - 7 August 2011) #BSidesLA Los Angeles, CA (18 - 19 August 2011) #BSidesMO(21 Oct 2011) #BSidesNewDelhi (22 - 23 October 2011) VB Barcelona October 2011 Links: http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 83: Hey look its the Human Hacker!!! June 1, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling - MIA Christopher Mills – @thechrisam - MIA Jason Mueller – @securabit_jay - MIA Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Tim Krabec - @tkrabec Guests: Chris Hadnagy ( @humanhacker on Twitter ) discusses Social Engineering: The Art of Human Hacking General topics: Social Engineering: The Art of Human Hacking http://www.amazon.com/Social-Engineering-Human-Hacking-ebook/dp/B004EEOWH0/ref=tmm_kin_title_0?ie=UTF8&m=AG56TWVU5XWC2 Social-Enginer.org - variety of guests who use social enginering Does Social Engineering Always Involve Deception? Marketing or Social Engineering Stereotypes online help from skype :)
Securabit Episode 78: Comodogate and Social Penetration! March 23, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Tony Huffman (myne-us) – @myne_us Guests: Dave Kennedy - @dave_rel1k Carlos “Darkoperator” Perez - @Carlos_Perez General topics: Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/ Social Enginer Toolkit http://www.social-engineer.org/podcast/ http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET) BackTrack http://www.backtrack-linux.org/ DerbyCon http://www.derbycon.com/ Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events: #BSidesChicago (16 - 17 Apr 2011) #BSides London, (20 Apr 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) SANS Orlando March 2011 CEIC Orlando April 2011 FIRST Austria June 2011 BlackHat Vegas August 2011 VB Barcelona October 2011 Links: http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Securabit Episode 75: Booze over IP February 9, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Tony (myne-us) – @myne_us Guests: Mike Dahn twitter: @mikd Joe Gottlieb Twitter: joe_gottlieb General topics: Mike:Bsides origins and other. http://chaordicmind.com/blog/ Joe: Open Security Intelligence http://www.opensecurityintelligence.com/ On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss: - Current challenges with today’s SIEM tools, which are a decade old - Why security analytics needs to be ‘open’ - Why integrating business intelligence tools (i.e. Pentaho, Microsoft Exchange, Cognos, etc.) with SIEM tools can create useful dashboards that help security analysts mine huge data stores for the ‘needle in the haystack’ information they need - Why ‘security quants’ (analysts that can look deep into the data and develop complex yet useful SQL queries) will become the next role in the SOC - The benefits of joining the community and sharing best practices The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides SF on 2/14 at 3pm PT on this very topic. --HBGary Federal http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/ --Nasdaq attack does not yet have reports of how they where attacked. The comment on the website was for the 1999 attack where someone defaced the nasdaq website. Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267 The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files. "What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog. --Bsides http://www.securitybsides.com/w/page/12194156/FrontPage to contact: info (at) securitybsides dot org -or- call 415-742-1739 --Exploit developers corner Looking for exploit developers! If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery. List of common questions. -How did you find the vulnerability? -What is your goal in vulnerability research? -How did you go about disclosing the vulnerability and how did the vendor respond? -And more... !!Caution!!: No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE. Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events RSA Conference 2011 (14 -18 Feb 2011) #BSidesSanFrancisco (14 - 15 Feb 2011) #BSidesCleveland (18 Feb 2011) #BSidesHalifax (5 Mar 2011) #BSidesGSO Greensboro, NC (9 Mar 2011) CanSecWest2011 (9 - 11 Mar 2011) #BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/ BlackHat Europe 2011 (17 - 18 Mar 2011) #BSidesChicago (16 - 17 Apr 2011) #BSides London, (20 Apr 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Securabit Episode 74: Podcasting in the Dark with Brian Krebs January 26, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guests: Brian Krebs - @briankrebs - http://krebsonsecurity.com/ General topics: I recall reading about various greeting card based attacks over the years. Do you think they've all been originated by the same folks who did this one? Or at least, with the same goals in mind? How prevalent do you think ATM skimmers are? What are some ways the common person can look out for them? Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E? Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses? Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller financials to merge? How can they balance the need to offer more convenient services (such as mobile banking) with the need to improve security at the same time? What do you think the top 3 stories for 2010 were? Why do you think they were the top stories? Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events RSA Conference 2011 (14 -18 Feb 2011) #BSidesSanFrancisco (14 - 15 Feb 2011) #BSidesCleveland (18 Feb 2011) #BSidesHalifax (5 Mar 2011) #BSidesGSO Greensboro, NC (9 Mar 2011) CanSecWest2011 (9 - 11 Mar 2011) #BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/ BlackHat Europe 2011 (17 - 18 Mar 2011) #BSidesChicago (16 - 17 Apr 2011) #BSides London, (20 Apr 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
Securabit Episode 73: Eber Kneber and botnet stuntmen January 12, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: We discuss Kneber and other fun security topics with Alex Cox of NetWitness @perpetualsec http://www.networkforensics.com/ General topics: Kneber Botnet Mariposa Responsible disclosure Evil Virustotal http://socialmediasecurity.com/downloads/Facebook_Privacy_and_Security_Guide.pdf PROGRAMMABLE HID USB KEYSTROKE DONGLE: USING THE TEENSY AS A PEN TESTING DEVICE https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Crenshaw http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events ShmooCon (28 - 31 Jan 2011) RSA Conference 2011 (14 -18 Feb 2011) #BSidesSanFrancisco (14 - 15 Feb 2011) #BSidesCleveland (18 Feb 2011) #BSidesHalifax (5 Mar 2011) #BSidesGSO Greensboro, NC (9 Mar 2011) #BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/ #BSidesChicago (16 - 17 Apr 2011) #BSides London, (20 Apr 2011) #BSidesROC Rochester, NY (21 May 2011) #BSidesDetroit (3 - 4 Jun 2011) Links: http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 72: Take risks, get owned! Recorded on December 29, 2010 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Jack Jones discusses Risk Assessment and the FAIR method http://riskmanagementinsight.com/ General topics: Risk Management, Small biz vs Enterprise Monte Carlo? How to Measure Anything: Finding the Value of Intangibles in Business by Douglas W. Hubbard http://www.amazon.com/How-Measure-Anything-Intangibles-Business/dp/0470539399/ref=tmm_hrd_title_0 OnePassword - http://agilewebsolutions.com/onepassword KeePass - http://keepass.info/ LastPass - http://lastpass.com/ Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events #BSidesMSP (7 Jan 2011) ShmooCon (28-31 Jan 2011) RSA Conference 2011 (14 -18 Feb 2011) #BSidesSanFrancisco (14-15 Feb 2011) #BSidesAustin (11-12 March 2011) http://www.keepsecurityweird.org/ Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 64: A whole lot of organized crime going on! August 25, 2010 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Andrew Borel – @andrew_secbit Guests: Bryan Sartin - Director of Investigative Response at Verizon Business General topics: Verizon RISK Team - http://www.verizonbusiness.com/products/security/risk/ Bryan Sartin, the Director of Investigative Response at Verizon Business, discusses the 2010 Verizon Data Breach Report http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf VERIS Framework - https://verisframework.wiki.zoho.com/ MalCon: A Call for ‘Ethical Malcoding’ http://krebsonsecurity.com/2010/08/malcon-a-call-for-ethical-malcoding/ SecTor 2010 - http://www.sector.ca/ Security Training October 25. Conference Sessions October 26 & 27, 2010. The real iTunes fraud vulnerability: Gullible users - http://news.cnet.com/8301-13579_3-20014481-37.html Upcoming events Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/ Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta HacKid - http://www.hackid.org/ 10/9-10/10 Phreaknic 10/15. http://www.phreaknic.info/pn14/ Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 63: Walking to the Waffle House with Andy Willingham August 11, 2010 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Andy Willingham (Southern Fried Security Podcast) - @andywillingham http://www.andyitguy.com/blog/ General topics: DEFCON/BLACKHAT/BSides Recap --Chris’s experience this year, and a review of the medical facilities in Las Vegas --General entertaining banter Shiny Old VxWorks Vulnerabilities http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html Facebook name extraction based on email/wrong password http://seclists.org/fulldisclosure/2010/Aug/130 Apple Fixes PDF Vunerability that allowed webbased Jail Break. iOS 4.0.2 Software Update http://support.apple.com/kb/DL1061 Interview with Andy Willingham ShmooCon 2011 Dates Announced http://tinyurl.com/29nzc46 Microsoft drops the patch bomb http://www.securabit.com/2010/08/10/microsoft-drops-the-patch-bomb/ Andriod Malware and Unexpected Features http://crave.cnet.co.uk/mobiles/android-gets-its-first-texting-malware-50000303/ Free Android antivirus clocks up 2.5m downloads http://www.theregister.co.uk/2010/08/11/free_android_security_app/ A Review of Verizon and Google's Net Neutrality Proposal http://www.eff.org/deeplinks/2010/08/google-verizon-netneutrality Upcoming events South Florida ISSA’s Hack the flag and chili cook-off Saturday August 14, 2010 from 12:00pm - 5:00pm http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010 Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th Louisivlle Infosec 10/7. http://www.louisvilleinfosec.com/ Atlanta B-Sides 10/8. http://www.securitybsides.com/BSidesAtlanta HacKid - http://www.hackid.org/ 10/9-10/10 Phreaknic 10/15. http://www.phreaknic.info/pn14/ Links: http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
SecuraBit Episode 59: Too many acronyms, my head is going to explode! Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Chris Gerling – @chrisgerling Guests: Dan Philpott discusses NIST, Information Assurance, SCAP, FISMA, etc Contact info: Twitter: @danphilpott General topics: Federal Information Security Management Act (FISMA) Implementation Project http://csrc.nist.gov/groups/SMA/fisma/index.html Special Publications (800 Series) http://csrc.nist.gov/publications/PubsSPs.html Small Business Corner (SBC) http://csrc.nist.gov/groups/SMA/sbc/index.html FISMApedia http://fismapedia.org/index.php?title=Main_Page The Security Content Automation Protocol (SCAP) http://scap.nist.gov/ -Change Management Windows Sysinternals http://technet.microsoft.com/en-us/sysinternals/default.aspx Sysinternals Suite http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx Links: http://csrc.nist.gov/ Chat with us on IRC at irc.freenode.net #securabit
SecuraBit Episode 56: "Try Harder" - Used with permission Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Chris Hadnagy - @humanhacker Operations Manager and involved with www.offensive-security.com www.backtrack-linux.org http://www.social-engineer.org/ General topics: MSFU course Saturday the 8th from 10am to 5pm in Louisville, KY Chris Speaks of a new kernel update released around the day of recording for Backtrack 4 Since you are able to listen to this podcast the DNS Security Update did not affect you SANS Investigative Forensic Toolkit (SIFT) was updated Links: http://www.exploit-db.com/ http://www.offensive-security.com/images/ryu-help-me.png Kid Friendly Podcast http://www.social-engineer.org/framework/Social_Engineering_Framework Free MSFU Course http://www.offensive-security.com/metasploit-unleashed/ SANS SIFT https://computer-forensics2.sans.org/community/siftkit/ Sponsor mention: Sunbelt Software Webinar: Thursday, May 27, 2010, 2PM - 3PM EDT Quarterly Briefing: Turn the tables on Bad Guys: Malware Unmasked The cyber threat landscape is constantly changing, and even with the most sophisticated security you’re never completely protected from attacks. As part of our mission to ‘keep the bad guys out’, SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead. Sunbelt Software’s Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there. During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise. Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization. Sign up now and turn the tables on the bad guys. Chat with us on IRC at irc.freenode.net #securabit
Sponsored by Sunbelt Software! Creators of the Sunbelt CWSandbox, for all your malware analysis needs! Visit their website for more details! Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Andrew Borel – @andrew_secbit Missing Hosts: Jason Mueller – @securabit_jay Guests: Joshua Wright - @joswr1ght http://www.willhackforsushi.com/ - Josh talks about the MiFi hack - Bluetooth Hacking - Barcode scanner hacking including the Bluetooth scanner hacks - SANS SEC617 SEC617 Course - 617BIT Discount Code for $500 off the vLive! Course - Upcoming courses taught by Josh Wright http://www.sans.org/security-training/instructors_upcoming.php?id=97 - Pentest summit - Baltimore, MD - Josh will be speaking there. His talk will be about essential crypto for pentesters. http://www.sans.org/pen-testing-summit-2010/ General topics: Mcafee Released a failed (fubar) virus definition Discussion thread Gmail authentication code stolen Someone we know was owned Links: http://www.willhackforsushi.com/ SEC617 Course http://www.sans.org/security-training/instructors_upcoming.php?id=97 Bruce Schneier's book list Dark Reading - Taking Penetration Testing In-House Chat with us on IRC at irc.freenode.net #securabit
Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Sean-Paul Correll - @lithium -http://malwaredatabase.net/blog/ Threat researcher at Panda Security According to the Panda Annual security report, 66% of all malware are trojans: http://www.pandasecurity.com/img/enc/Annual_Report_Pandalabs_2009.pdf Definition of a Banking Trojan. Mariposa bot net take down: http://pandalabs.pandasecurity.com/mariposa-botnet/ Virus Total Web: http://www.virustotal.com/ Appeared at Security B-side in San Francisco Playing with Fire – Live Demonstration of Today’s Most Dangerous Malware http://www.ustream.tv/recorded/5143692 http://www.securitybsides.com/ Chat with us on IRC at irc.freenode.net #securabit
SecuraBit Episode 53: Thotcon If you think it you will go to Chicago thotcon - http://www.thotcon.org/ Trustwave's Spider Labs - https://www.trustwave.com/spiderLabs.php Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Guests: Nick Percoc - Thotcon & Trustwave's Spider Labs Zach Fasel - Thotcon & Trustwave's Spider Labs Links: http://www.thotcon.org/ https://www.trustwave.com/spiderLabs.php SpiderLabs Radio - http://itunes.apple.com/podcast/spiderlabs-radio/id300567984 https://www.trustwave.com/spiderLabs-tools.php lacking Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay
Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Brian Krebs - @briankrebs - http://www.krebsonsecurity.com/ VRT Blog Post: http://vrt-sourcefire.blogspot.com/2010/03/apt-should-your-panties-be-in-bunch-and.html Eric Chien, Symantec Zeus, King of the Bots: http://www.noryak.net/papers/zeus.pdf Chat with us on IRC at irc.freenode.net #securabit
SecuraBit EP51 - Malware Detection With Sunbelt Software Listen in as we discuss Sunbelt Software's CWSandbox and other products, along with in-depth malware detection and analysis! #BSidesSF - Tuesday/Wednesday, March 2-3, 2010 @ 10am - 5pm #BSidesAustin - Saturday, March 13, 2010 #BSidesBOS - Saturday/Sunday, April 24-25, 2010 Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Brian Jack - Sunbelt Software Chad Loeven - Sunbelt Software Links: http://www.sunbeltsoftware.com/ http://www.sunbeltsoftware.com/Malware-Research-Analysis-Tools/Sunbelt-CWSandbox/ http://www.securitybsides.com/
SecuraBit Episode 50: Interview with Rob Lee! What is SANS vLive? Forensics DOD Cyber Crime How the forensics classes are structured. 508 course and how it's changed. Divided up into essentials and then follow on courses. 6 total courses for all of the info. APT - Advanced Persistant Threat Q & A from the IRC If you haven’t taken the Security 508 course yet we have an excellent opportunity for you! Rob will be teaching the SEC508 (Forensics) course via the SANS vLive! platform beginning 3/23/2010. Classes will occur every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT. Use code SB508 to get a free GCFA certification attempt with the purchase of the full course. Chat with us on IRC at irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Jason Mueller – @securabit_jay Andrew Borel – @andrew_secbit Guests: Rob Lee - @robtlee Links: http://phishme.com/ http://phishtank.com/
SecuraBit Episode 49: ConFoo.ca! Podcasters Meetup - http://www.podcastersmeetup.com/ ShmooCon - Saturday Evening @ 8PM SANS Discount Code SB508 - Free GCFA attempt when using this link. Philippe Gamache: Day job is focused on secure programing, developer training and code audit. About ConFoo.ca: -New conference about web technology -PHP Quebec Conference offshoot -Get all the user groups in the Monteral area together to share information -8 Separate tracks at the time ShmooCon FireTalks Escaping the clutches of The GOOG - http://www.securabit.com/2010/01/21/escaping-the-clutches-of-the-goog/ Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Chris Gerling – @chrisgerling Nicholas Berthaume - @aricon Andrew Borel – @andrew_secbit Guests: Philippe Gamache - ConFoo.ca - @SecureSymfony Chat with us on IRC at irc.freenode.net #securabit Links: ConFoo.ca - http://www.confoo.ca/en
This week .... Chris Gerling's experience at Helix training and his impressions of Helix 3 Pro. Flash on the TV. Are TV's the next big botnet? Oracle's buying Sun. Does this mean the end for MySQL? We discuss these topics and more on Securabit Episode 29. Hosts: Andrew Borel - @Andrew_Secbit Anthony Gartner - http://www.anthonygartner.com - @anthonygartner Chris Gerling - http://www.chrisgerling.com - @hak5chris Christopher Mills - http://www.packetsense.net - @thechrisam Jason Mueller - @securabit_jay Links: Live Forensics & Incident Response Featuring Helix3 - http://www.e-fense.com/Docs/E103.pdf Adobe Flash for Your TV Means Hulu in Your Living Room -http://blog.wired.com/gadgets/2009/04/adobe-flash-for.html
We have a brief discussion hackerspaces. Chris Gerling is looking into starting a hackerspace in the Richmond, VA area. Next we cover the details about SUMO LINUX 2.0 with our guest Marcus Carey. SUMO LINUX 2.0 - Based on a stable version of Debian so we can update with Debian packages and Unbuntu Packages. -Windows response tools will be added. -Build a wiki with detailed documentation of all the tools included to make it easy for a newbie to get started. -No plans for multi-boot. -Distributed out via Bit Torrent. -Memory analysis and RAM dumping. Cheap USB sticks have really helped with this. The analysis is also proving to be a big help in forensics. -Will be coordinating the project on the Securabit forums (http://forums.securabit.com/index.php?showforum=9) -User feedback will help us make it better for everyone. -Post in the forum if you are interested in helping out. Other News Items -Homebrew patches for zero days in the enterprise. -Cell phones and international roaming charges at the border. -What hardware tools should you have in a forensic toolkit? Have something you want plugged on Securabit? Send it to Feedback@securabit.com. If you are interested in helping with the Richmond, VA area hackerspace contact Chris Gerling. Hosts Anthony Gartner - AnthonyGartner.com @AnthonyGartner Chris Gerling - Hak5Chris, Chrisgerling.com @Hak5chris Chris Mills - ChrisAM @packetsense Jason Mueller - @Securabit_Jay Guest Marcus Carey ñ SUMO LINUX http://www.sumolinux.com Links Hackerspaces http://hackerspaces.org SUMO LINUX http://www.sumolinux.com Adobe Zero Day http://isc.sans.org/diary.html?storyid=5902&rss Excel Zero Day http://isc.sans.org/diary.html?storyid=5923 & http://www.microsoft.com/technet/security/advisory/968272.mspx Forensic Talon http://www.logicubeforensics.com/products/hd_duplication/talon.asp
This is a unique episode for SecuraBit, we are teaming up with the Security Justice Podcast to do a double header show. SecuraBit recorded their show from 8-9 PST, then handed off the reins to Security Justice to finish out the night. In doing so we had a combine set of prizes. To win the prize required that you listen and get the correct answer to a trivia question given on SecuraBit. You also had to listen to the Security Justice Podcast to and know the answer to their question as well. SecuraBit even manged to start on time as well as hand off on time. It was a very different type of show due to trying to condense everything in to a single hour. (Good thing we didn't have any real content, Just kidding) SecuraBit opened the show but because Jay needed to switch some things out we actually went to a break faster than normal. When we returned from the break we did indeed have Jay on the line. We started to go into the new Microsoft Zero Day, and Jay informed us that he had been out of the loop for a week but since the patch only came out 73 minute before he found out about it he figured he was right on time. The next topic was Chris Gerling going to sans and taking the forensics 508 course. Chris then told us that he felt like he should never have picked up a helix disk based on the level of knowledge he has now compared to before the course. We also discussed that many states are requiring a Private Investigators license to do forensics. That none of us on the show agreed that this was a good idea, but yet several lobbyists have been pushing for this very idea. Jay asked the question about what was thought about the BGP security vulnerability. Anthony discussed a new site he went to as a security review. After the break, we went into the trivia question. The trivia Question was: What are the flags you have to set in order to do an NMAP-style XMAS scan in Unicornscan? We will post the winner soon in conjunction with the Security Justice podcast. After the trivia question we went into thoughts on what to do about prior employees, handling creditials, voice mails, and emails. We referenced the guy in San Francisco who was fired from the job, but yet still was able to hold the network he left hostage. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Anthony Gartner - AnthonyGartner.com Chris Gerling - Hak5Chris, Chrisgerling.com Chris Mills - ChrisAM Jason Mueller - SecurabitJay Important links for the show and documents used: No links this time!
In this episode we talk about Chris Gerling attending the SANS Cyber Defense Initiative 2008 in Washing DC. He will be taking the Security 508 Computer Forensics, Investigation, and Response course. If you are at the conference please make sure you look for Chris. He also plans to take the new GPEN test while there. We might be bringing the sock monkey to Shmoocon and have him do some interviews. We also spoke about how few businesses are actually checking a persons signature or id for credit cards. Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married. After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room. Went into the issue of dns forwarding being done on CheckFree.com The article was actually from The Washington Post by Brian Krebs. Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of 1password. It was a Great hookup. Then we covered various apps on the IPhone. We touched on what the encryption is on a 3g network. We found a great powerpoint slide show explaining it. After the last break we went into firewall set ups. Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued. You will just have to listen to it to see what kind of sense it makes. We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit). From there the show just went down hill with strippers and alcohol. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Anthony Gartner - AnthonyGartner.com Chris Gerling - Hak5Chris, Chrisgerling.com Chris Mills - ChrisAM Jason Mueller - SecurabitJay Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.sans.org/cdi08/ http://www.sans.org/training/description.php?mid=98 http://www.sans.org/press/giac_pentest_cert.php http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?nav=rss_blog
Forensics requires a PI licenseWelcome to Cyberwar Country, USAShmoocon Speakers Thanks to surbo from i-hacked.comThanks to Hak5 Computerworld: Mozilla Raises Firefox Security BarUse of Rogue DNS Servers on RiseHostsGene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSPChris Gerling, CISSP