Your daily source of Pwnage, Policy and Politics.

Episode 136 – USB Malware, Bluetooth Monitoring?

Play

ISD Podcast Episode 136 for May 24, 2010.  This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.

Announcements:

MyHardDriveDied.com:

  • MHDD Data Recovery Class current dates and locations:
    • San Francisco – June 14th -18th
    • Atlanta – July – 12th-16th
    • Dallas, TX – October – 11th – 15th
    • Washington DC – December 6th – 10th
    • Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: [email protected] or go to http://www.myharddrivedied.com. Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

  • Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.

Atlanta ISSA:

  • ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University.  The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: [email protected].
  • ISSA International Conference – September 16, 2010  (http://www.issa.org/page/?p=105)

North Alabama ISSA:

  • Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL.  Event is open to ISSA members at a discounted price ($35 full price is $50). For more information please visit the North Alabama ISSA’s web site at: http://northalabama.issa.org/.  Email [email protected].

Friends of the Podcast:

Webhosting services:WebSpeedway

Stories of Interest:
News item 1: http://news.techworld.com/security/3224283/ibm-red-faced-after-handing-out-usb-drives-stuffed-with-malware/
You might get more than you bargained for if you attend a security conference. IBM shocked delegates at the Australian AusCERT conference in Queensland by handing out USB sticks infected with malware.

The company was forced to write to delegates apologizing for its error. “At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.”

It was actually worse than IBM intimated. To make it doubly embarrassing, according to security company Sophos, the company included two examples of malware: W32/LibHack-A. and W32/Agent-FWF.

Sophos’s senior technology consultant, Graham Cluley had a guess how the error occurred. “My guess is that they didn’t check the USB sticks before handing them out. Maybe they out-sourced the creation of the USB content to a third party, and they weren’t careful enough. After all, if an infected PC was used to create the “image” of the USB drive then it would have been easy for that disk image to be infected and copied onto every USB stick they handed out.”

News item 2: http://www.chicagotribune.com/classified/automotive/ct-met-eisenhower-travel-times-0521-20100523,0,7325891.story
Whoever thought that talking on a cell phone while driving would be considered a public service?

But that will be the case in one respect starting within the next few weeks on the Eisenhower Expressway, where travel times have soared since a resurfacing project began this spring between Thorndale Avenue in the western suburbs and the Circle Interchange near downtown Chicago.

To generate travel-time information on the torn-up highway, the state has hired a Wisconsin company to monitor signals sent from motorists using Bluetooth-enabled personal electronic devices such as hands-free headsets for cell phones, wireless headphones and computer peripherals.

Each device has a unique identification marker that will be tracked anonymously at various points on the Eisenhower to determine travel times and pinpoint areas of congestion, according to the Illinois Department of Transportation.