-------------------------------------------------------------------------------- TRACsec - Episode 1 - Hackerspaces, War Robots, and (Ab)using Facebook API's -------------------------------------------------------------------------------- Tom Mackenzie, Ryan Dewhurst, Arron Finnon, Chris John Riley Show length 1:37:28 -------------------------------------------------------------------------------- In the first episode of the TRACsec podcast, the boys talk to Esther Schneeweisz (aka Astera) about hackerspaces and her forth coming talk at 26C3, entitled 'A Discourse On Robotic Warfare'. The interview starts off with speaking to Astera about the global hackerspace scene and what a hackerspace is. Full of information about the dynamics and logistics of hackerspaces, and how people can get involved and how they may go about setting their own spaces. The interview finishes with Astera discussing her Robotic Warefare talk. - http://twitter.com/astera - http://astera.soup.io/ - http://hackerspaces.org - http://events.ccc.de/congress/2009/wiki/Welcome In the shows technical segment, the boys look at how Facebook can be used as a valuable resource of data when attacking an organisation. Focusing on using Facebook's own API to retrieve data on people who are connected to a Facebook group. Notes can be found here http://www.finux.co.uk/blog/?p=78 Other links .: http://www.lightbluetouchpaper.org/2009/05/20/attack-of-the-zombie-photos/ http://theharmonyguy.com/ -------------------------------------------------------------------------------- To finish off the boys talk about a couple of news stories out on the wire. http://www.wpacracker.com/ Moxie launches cloud WPA Cracking site. He's just a fucking legend, but don't use paypal to pay him in dough (great write up by finux) BruCON dates annouced: http://blog.brucon.org/2009/12/brucon-2010-save-date-24-25-sept.html Mark it in your calendar: BruCON 2010 will be on 24 & 25 September 2010!! Pass the word!! Children in the UK to be compulsory taught Internet safety within primary school: http://news.bbc.co.uk/1/hi/technology/8398763.stm Lessons in using the internet safely are set to become a compulsory part of the curriculum for primary schoolchildren in England from 2011. The lessons are one element of a new government strategy being unveiled called "Click Clever, Click Safe". Children will also be encouraged to follow an online "Green Cross Code" and block and report inappropriate content. http://praetorianprefect.com/archives/2009/12/unu-gets-kaspersky-again/ Unu, a Romanian hacker (one who may enjoy the challenge of breaking into other computers but does no harm) who we've talked about on the site before has been busy with his fifth demonstrated SQL Injection vulnerability on the web site of a well known company in the last 30 days. This time he has again targeted Kaspersky Labs, the anti-virus vendor that he previously demonstrated web site vulnerabilities for back on February 7th of this year. The sites affected this time around are the Kaspersky Lab sites in Malaysia http://www.kaspersky.com.my and Singapore http://www.kaspersky.com.sg. On both sites it is a news section, news.php, that is vulnerable, leading to the same MySQL database backend, and exposing customer and employee access credentials as well as what appear to be activation keys for Kaspersky Internet Security 2010. http://www.theregister.co.uk/2009/12/14/microsoft_cofee_vs_decaf/ Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe. Decaf is a light-weight application that monitors Windows systems for the presence of COFEE, a bundle of some 150 point-and-click tools used by police to collect digital evidence at crime scenes. When a USB stick containing the Microsoft software is attached to a protected PC, Decaf automatically executes a variety of countermeasures. ** This episode was recorded prior to the self-destruct mechanism of DECAF being activated **