Monthly Archives: April 2012

BSides Detroit 12 Interviews 17

This week Josh Little is back as a host. Wolfgang and Josh talk to Prutha Parikh from Qualys, doing a technical talk. Last year Prutha found CVE-2011-4317, Apache Reverse Proxy Rewrite.

Abstract. This talk will discuss the Apache Reverse Proxy vulnerability (CVE-2011-4317) that I discovered while developing vulnerability signatures for Apache. Depending on the reverse proxy configuration, the vulnerability allows access to internal systems from the Internet.The presentation will start with discussion on reverse and forward proxies and look at some older reverse proxy vulnerabilities and patches. It will go into the thought process behind bypassing the latest patch to discover a new vulnerability to remotely gain access to the internal network. It will also describe the tools, techniques and ideas that went behind discovering the new variant of the vulnerability and constructing a proof of concept to exploit the issue. Along with exploring the root cause of the issue, it also talks about the issue from an attacker’s perspective and finally recommends protection mechanisms against the attack. The talk will also give the audience a peek into the process of vulnerability signature creation and discovering new vulnerabilities.I exercised responsible disclosure of the vulnerability to Apache and after the patch was released, I went public with my findings in a blog post. I will also share a standalone tool that will help system administrators identify the vulnerability in their environment.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 16

Week 16, hard to believe BSides Detroit is four weeks out. Don’t forget checkout the BSides Detroit page for the location. Get your tickets now!

This week Wolfgang and Chris talk to a guy from a Galaxy Far Far Away, from a Long Time Ago. Kellman Meghu. Kellman’s talk is “How NOT to do security: Lessons learned from the Galactic Empire.”

It is geeky, there is security gold in there. Lots of fun. He also likes to have conversations about it after the talk.

Abstract: An analysis of the strengths and weaknesses of the Galactic Empire security policy. This presentation seeks to conduct a post-mortem on the data security policy implemented during the events that led to the destruction of critical technology needed by the Empire for continued operational efficiencies. A history of the company, as well as a detailed look at the events that followed, provides a great working analysis that can be applied to your policy in hopes of avoiding the same fate. Learning from past mistakes, let’s ensure we are not doomed to repeat them, and potentially, suffer a similar fate.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 15

This week Chris and Wolfgang talk to Leonard Isham. Leonard is security practitioner and social engineer that travels 100%. He’s taken Leonard’s talk is about negotiating, during the hiring process. While they may not budge on the amount they’re willing to pay you, they may give you other perks. From Leonard’s point of view, we leave too much on the table because we don’t ask for it.

Abstract: Career 101: How to Unlock Achievements and Level Up. This isn’t magic or some scientific formula that you can purchase. It isn’t even an infomercial. It’s social engineering and there are steps that can be taken to increase your odds; build a proven track record moving forward in your career goals and the critical negotiation process.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 14

This week Justin, Wolfgang, and Chris actually all get on the show together. And things are a little different than normal. The Three Amigos ride again, for the first time.

Chris talks a little about this years TOOOL Lock Pick Village, that he’s running. It might have a few twists in it.

Wolfgang talks a little about the talk he’s planning on giving. It’s called Naked Boulder Rolling. It is an updated version of the talk he gave last year at GrrCON, How Asteroids Falling From the Sky Improves Security.

This episode is cross-posted at Rats and Rogues.