It’s almost that time. DefCon is right around the corner and things are coming together nicely. Here is where we stand and a rough schedule of events:

• Bloggers welcome. I got a lot of feedback asking if it’s just for “Podcasters” but we would like to invite bloggers to participate as well.

• I-Hacked.com and Astaro are our current sponsors, and I am still waiting on confirmation from two others.

• We have Skybox 208 all day Saturday. During the day it will be open to all podcasters to record in peace and quite if they wish.

• We have the following podcasters attending that I know of

  • PaulDotCom – Larry and Paul

  • CyberSpeak – Bret and Ovie (possible)

  • Network Security Podcast

  • Security Justice

  • Securabit

  • SploitCast

  • Security Catalyst (possible)

• Special Guests

  • Hvensnt from I-Hacked.com

  • Offensive Security

• Schedule of Events (Saturday)

  • 10 AM to 7 PM – Open to Podcasters Only

  • 7 PM – 8:30 – Setup and Testing for Live show

  • 8:30 – 9:00 – Doors open for audience

  • 9 – 10 – Live Show

  • 10 + After Party

We’ll see you there!

mubix

So after my last post, which autotwittered, I got a reply from a guy by the name of Frank Eliason, who goes by the handle “ComcastCares” on Twitter. And this is how the converation went:

mubix: Blogged Comcast: The start of a new series http://tinyurl.com/6jrvhe

5 days ago

comcastcares: @mubix I would like to help. Email me *********[snipped]@cable.comcast.com (new email: We_Can_Help@cable.comcast.com)

5 days ago

mubix: @comcastcares it shouldn’t come to the point where you need to help. I expect a certain level of service for the golf time I am paying for

about 3 hours later

comcastcares: @mubix The golf time?

2 minutes later

mubix: @comcastcares the premium that I pay monthly helps pay for Comcast execs trips to the golf course

about 1 hour later

comcastcares: @mubix Oh! I have not been golfing in a long time. Actually I do not know any golfers here. I guess I should make more friends

So after I’m done insulting the guy, he still goes out of his way to help me out. The very next day after this twitter conversation happens, a “gumbling” as my wife put it, contractor came to my house and put the cable in the ground. So I would like to give notice to Comcast: Frank Eliason is the best employee you have, if he every leaves or gets fired, I’m switching providers. To those who have problems with Comcast and their customer support, click the email link above and Frank will fix any problem you have, or at the very least he will know who to contact and with get things actually moving.

Thank you Frank.

mubix

So, now that your feed reader is full up of all the DNS problems, I would like to present you with one more tidbit. How many of you have checked your iPhone, Blackberry, or other web enabled mobile device against this vulnerability?  I did, and wasn’t happy.

For more information please check out these links:

In depth explination: http://www.mcgrewsecurity.com/?p=151

To check to see if you are vulnerable: http://www.doxpara.com/

http://www.mckeay.net/2008/07/21/patch-dns-now/

http://www.matasano.com/log/mtso/

http://www.doxpara.com/?p=1176

http://blogs.zdnet.com/security/?p=1520

I am truely getting tired of iPhone “Web Apps”. I created the title like I was going to give them a fair chance, but they truely have ZERO integration into the actual phone. They do have a pretty interface and I have to give props to some of the design developers, but does this seem more of a copout to anyone else?

I’ll give an example. I LOVE Remember the Milk. It is probably the best task system out there in my opinion. I have for the longest time tried to get tasks on my phone and have it integrate into my calendar. So I was very excited about the new iPhone and the possibility that there would be a killer app for calendar / todo syncing with the service I already love, RTM. To my shock I found they had a Web App. What does this do for me? I now can add tasks to my to do and RTM can email or text me when something comes up. I find this pointless, because I can simply add tasks with a full qwerty keyboard at the nearest computer with a internet connection. PLUS to add to it, RTM wants me to “Go Pro” in order to… use their WEBSITE? Hmm, pay 25 dollars and use their iPhone friendly web site, or just use their normal site from my iPhone…. I am not against paying for a product, and I am especially not against supporting a developer, but don’t make me pay for VISITING YOUR WEB SITE.

I feel that a lot of these “Web Apps” are a complete waste of developers time, instead give me an ACTUAL iPhone App! Now, if Apple is charging all kinds of money to be published to the App Store than I retract all I have said. If not, you are missing the boat people, charge 9.99 a pop and make an iPhone app that is worth downloading. I promise that I won’t be the only one pushing that “Purchase” button.

Now, I don’t like to publicly bad mouth companies, but at some point, Comcast’s lack of “service” has got to stop. Well, let me rephrase that: Comcast needs to be held accountable for their utter lack of due diligence. I have been a Comcast customer by default ever since they swallowed the portion of Adelphia that held my area. I say this because only recently, have I actually had a choice in the matter. So, without further ado, here is my latest Tales from Comcast Customer:

Having recently moved, I decided that even though I have a choice, incurring additional “setup” fees for switching services was not something I wanted. So they guy was there 5 days after I moved in, ran the line, and we were hot with both digital cable, and speedy internet service. I came home from work, ran some speed tests and was delighted to see that I had just almost tripled my speeds from my previous residence.

Weeks go by, and this line that the Comcast installer ran from the box to my house is still strung across my lawn. I call and they say they will send someone out to put it down as soon as possible.

2 months later, I call again; they cannot see in their system that a request to put a line in the ground was ever submitted. After 20 minutes of trying to ensure that the “Customer Service Representative” fully understood that there was actually, physically, an orange coaxial line, above ground, strung across my front lawn, that was Comcast’s responsibility, she submitted a new request.

1 week after the new request, I come home to a Comcast truck in the driveway. YIPEE!, nope, he was there to fill out the request for a contractor to come and put the line in the ground. So basically he had no purpose in life or in my driveway.

2 weeks after the new request, no contractor, but someone at some point came by my house and spray painted lines on my lawn where my line should be in the ground. (And no, I didn’t miss a call or the contractor coming)

3 weeks after the new request, the wife is fed up and she has me call Comcast after our TV goes out for no apparent reason. Guess what I got when I called? A busy signal. That just doesn’t compute in my head. How is Comcast going to present me with a busy signal for a 24 hour service line? Anyways, the next day I call and actually get through. Now guess what they told me? Nope, they had the request, but it was for September!? The “Customer Service Representative” was nice enough to move it up to this Saturday.

To Be Continued….

Once this event has run its course, it will be filed under “Stupid People” in the links menu, under “Tales of a Comcast Customer: EP1”

To All,

Well, this year marks the first annual DEFCON Podcaster’s Meetup, and we will be doing it in STYLE. For those of you who made it out to the second annual Podcaster’s Meetup at ShmooCon, we ran into some hitches (like sound), but as we grow, so do the problems. Let me start off by telling you some sweet news. We are nailing down time in a SkyBox! So we will have plenty of room, piece and quite for recording, and a nice view over the con, plus NO WALKING TO THE PARTY. We will have it right there in the box!

To Podcasters,

I need to know as soon as possible how many already are set to go, those intending on getting set up and those who can’t make it. Also, if the idea of getting in free pushes you over the ‘going’ edge, we may be able to work that as well. Also, on that note, please forward this, like a Microshaft chain letter to any other podcasters that may be going, give them my email address so we can start a dialog and work out any kinks in their plans.

To Potential Sponsors,

I have included you in this email because I want you to understand the possibilities of this event. It will be at DEFCON 16. The most well known security / hacker conference. If you want to send fliers, stickers, drinks, money, or prizes, we can work out the details. We will be recording and broadcasting a live show from DEFCON which usually brings in 100 local and up to 500 remote viewers. It is then rebroadcast on which ever podcasters or vidcasters distribution that wants to and that could range from 10,000 to 1 million potential viewers.

As information is updated and confirmations come in, I will be updating the collaboration site: http://www.podcastersmeetup.com/ . Feel free to post or forward this information on to who every you like.

If you would like an account in order to broadcast your presence at the event, please signup and I will upgrade your user level.

For those who may not know: DEFCON 16: August 8-10, 2008

Thank you for your time, and I look forward to hearing from you,

Rob Fuller, a.k.a. Mubix

Since I wasn’t able to catch the commenter before they went offline I will leave it anonymous but they make a good point about my Crazed Bovine Traversal post:

In response to your “Crazed Bovine Traversal” blog post, a ringtone virus would likely depend upon some sort of code execution bug in the audio parsing code of the mobile device. Propagation could simply be done via text messaging or web site. It’s possible but to be honest sort of unlikely that it would last long. Most exploits for these types of vulnerabilities would be targeted towards a specific mobile device but you could always do something like…

— Anonymous

The response was never completed, but I would like to pose this question. Wouldn’t it be a specific mobile OS not just a specific device? I mean, how often does your phone say. “Patch available, press here to update”. Not to be cynical, but even Microsoft Windows gets updates faster than most phones. I have absolutely no knowledge of how a mobile OS works or the versioning behind them. So please correct me if I am wrong. To be honest, the iPhone, from what I have seen, gets more updates than Windows Mobile and Blackberry combined. I mean just search for Blackberry 4.3 and AT&T. That update has been out for something like a year, and AT&T still won’t release it to it’s customers.

On a Dutch news site there was a story about a hacker that stole 50,000 credit cards (well, the information at least) and also stole a prerelease version of Quake Wars. What do you think made the title line? Quake Wars. That puts things in perspective on what is impotant. Big companies like the one that made Quake Wars have the liquid budget to chase this guy down, but the 50,000 individuals don’t.

Is it bad that my sole thought after reading this article is wondering how he got into the Id Software servers?

Source: HERE

In other hacker news,

• “Hacker reveals flaws in school website security”

• “Woman accused of hacking Houston organ bank indicted”

So, I made a new category basically for posts that I want to keep for myself and also post for other people not to have as hard a time finding: Archiving.

In Ubuntu I have always set a password for root and “su -” up to root to run things that needed root access. Well after watching IronGeek’s latest video on Labrea (click here to watch the video). I gleaned a new way to get to a root prompt without having to set a password and su up each time. He called it SUDO Interactive mode. And al you do is:

sudo -i

That’s it, and you are good. Just thought I would share.

Just wanted to pimp Paul from PaulDotCom’s class coming up here shortly. Also, to register go to  http://www.pauldotcom.com/sans  and help their podcast out.

SANS Institute – SANSFIRE 2008

Wednesday, July 23, 2008 : 9am – 5pm

Paul Asadoorian, Defensive Intuition

6 CPE Credits