tmacuk

Hosts:
Arron Finnon – http://www.finux.co.uk
Chris John Riley – http://www.c22.cc
Tom MacKenzie – http://www.tmacuk.com
Robert Ladyman – http://www.file-away.co.uk

Guest
Moxie Marlinspike – http://www.thoughtcrime.org

The show is a friendly chat with the legend that is Moxie Marlinspike.  Talking about SSL/TLS, Google Sharing, WPACracker, KnockKnock, and Moxie’s well documented troubles with payment house PayPal

——-

TRACsec News

We’re very proud to announce that TRACsec will be one of the media partners for bruCON this year, which we’re all very stoked about.  As everyone knows we’re big fans of bruCON so its a real pleasure to get the good word out and spread the news.

As part of our duties we’d like to let everyone know about the ‘Call for Papers’ for this years bruCON.

The conference will be held in Brussels (24 & 25 September 2010).

BruCON is a 2-day Security and Hacking Conference, full of interesting presentations, workshops and security challenges.

Topics of interest include, but are not limited to :

Electronic/Digital Privacy
Wireless Network and Security
Attacks on Information Systems and/or Digital Information Storage
Web Application and Web Services Security
Lockpicking & physical security
Honeypots/Honeynets
Spyware, Phishing and Botnets (Distributed attacks)
Hardware hacking, embedded systems and other electronic devices
Mobile devices exploitation, Symbian, P2K and bluetooth technologies
Electronic Voting
Free Software and Security
Legal and Social Aspect of Information Security
Software Engineering and Security
Security in Information Retrieval
Security aspects in SCADA, industrial environments and “obscure” networks
Forensics and Anti-Forensics
Mobile communications security and vulnerabilities
Information warfare and industrial espionage
Social Engineering
Virtualisation Security

Abstract submission is no later than 30th of April 2010
and notification will be in mid may 2010

http://blog.brucon.org/2010/02/brucon-2010-call-for-papers.html

——–
The News Segment -

Information security professionals survived the recession relatively unscathed, a global survey of 3,000 security professionals by IT security body (ISC)² reveals.
More than half of the information security professionals surveyed received salary increases in 2009, and less than 5% lost their jobs

http://www.computerweekly.com/Articles/2010/03/05/240518/IT-security-professionals-39recession-proof39-survey.htm

The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week

http://news.zdnet.co.uk/communications/0,1000000085,40057470,00.htm

Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key.
The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systemsthroughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.

http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/

ShmooCon videos available for download at http://www.shmoocon.org/presentations.html

——-

TRACsec tech seg

This months tech segment is looking at some of the tool that Moxie has released such as SSLStrip and SSLSniff

Some of Arron’s stuff
http://www.finux.co.uk/blog/?p=74
http://www.finux.co.uk/blog/?p=43
http://www.thoughtcrime.org/software/sslstrip/
http://www.thoughtcrime.org/software/sslsniff/