He did this as a class project along with a couple other kids. Matt is the voice of the thief, and the sheriff.

 

 Cookie Thief [2:59m]: Play Now | Play in Popup | Download

His first can was posted a couple years ago (click here to see the first one)

This was a wacky episode and I only was able to turn up toward the end due to some scheduling conflicts, but I think it turned out pretty good in the end.

 

 Standard Podcast: Play Now | Play in Popup | Download

Norton just release a report of what they consider the 100 Dirtiest Web Sites of Summer 2009. This is to say in terms of security, not indecentcy.  Altho as it turns out 48% of the sites listed are also of an adult content nature. The thing I found interesting is the number of sites with totally random types of content, such as deer hunting, kareoke, and family fun sites. Those villians will stop at nothing!

There are solutions to help you land on these known bad sites, such as google safe browsing for firefox. Now keep in mind, as brought up in my last post… be extra careful about where you stick your cell phone

I returned as a guest host… looks like I may become a regular part of the cast. I promise I wont keep cross posting these forever, but doing it again since we talked about a blog post I had written yesterday.

Full show notes can be found at The Information Security Place site

 

 Standard Podcast [67:21m]: Play Now | Play in Popup | Download

I have been noticing how quick my friends are about grabbing their iPhones/Smartphones when we are discussing something. They dont hessitate to pull up whatever site the search engine indicates may answer a question or even pull up some security site on their phone.

These same users are paranoids on their desktop, with anti-virus/malware tools, browser plugins like noscript and so forth. They “know” about security, but something about smartphones turn off this logic and safe browsing practices go out the window.

From what I can see most malware these days are delivered via web browser attacks and email. Its only a matter of time for the web and email attacks to be targetted at your smartphone. A device that has firmware that rarely if ever will be updated once a security problem is found. Its fertile ground… be aware.

Heres a brief article bring up the same issue http://www.securitypronews.com/insiderreports/insider/spn-49-20090819SmartphoneUsersTakeWebThreatsLightly.html

The MightySeek Podcast is returning.

I am starting an effort to have a show posted every 2 weeks, with hopes for a Hands On Series every 2 months.

I will also be joining the An Information Security Place podcast as well. They do a podcast about general information security and I will be the resident webappsec expert to comment on those topics. This post is going to link to that episode 22 of the An Information Security Place podcast. I will not be normally doing this, but am doing it this week to get things rolling.

 

 Standard Podcast: Play Now | Play in Popup | Download

I am back and have started development on the next version of podPress. A few things have lined up to make this possible

• My work schedule is now setup to allow me to be more active in the community again, which means I can now get podPress dev and my Podcast going again.
• Tons of people keep bugging me for updates, and I have appreciated every one of them
• And special thanks to the new sponsor for giving me the final push that was needed to get going on development again.

My 3rd grade sone did this awesome animation using Stickman, so I have to show it off.

 

 Youtube version [1:04m]: Play Now | Play in Popup | Download
 High Qulaity version: Download

My buddy rsnake over at Ha.ckers.org posted a report from Larry Suto about tests he performed on web application scanners and comparing how well they cover a web applications code base.

The report is intesting on many fronts, one of which is the fact that the tool I help build at NT OBJECTives came out on top, but also because its the first type of review thats looking at a statistic that really compares scanners in a quantifiable way.

Some comment on the site from users of the other products or from the vendors themselves have made the claim that web scanners are not designed to be “point and shoot” as they say, and that a human should be training the scanner to each web app. I think they are doing users a disservice to work from that assumption.

A scanner should do as much as it can on its own, and let humans do their own pen testing, and/or help point pen testers to areas of interest. If your a organization with hundreds or thousands of web apps that need testing, do you really have the man power to teach your “automated web scanner” how to test each of those apps?

Do you really have time to spend clinking on every link, and filling out every form on a website with some 3000+ pages, or do you want the scanner that does the best job of doing all of this for you?

For all the details, check out the changelog but this is one release that cleans up a ton of mess and adds in support for full integration with the Podango API.

Theres still a few tiny features I want to add in, but its in good shape, and I need sleep so I can run off to the Podcast Expo in a few hours.

UPDATE – Bug in this version… of course, so hang on for next release due out in a few hours