ISD Podcast Episode 157 for June 22, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements:
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- Atlanta, GA – July 12th-16th
- Dallas, TX – October 11th – 15th
- Washington, DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.
SANS Mentoring Program:
- Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
Atlanta ISSA:
Ohio Information Security Forum:
Event Date: July 10th, 2010
Location: SCC Research Park, Auditorium
Time: 8:30AM-5:30PM
Friends of the Podcast:
Webhosting services:WebSpeedway
Corrections:
Stories of Interest:
News item 1: http://www.avertlabs.com/research/blog/index.php/2010/06/22/mcafees-secret-life-of-teens-survey
McAfee released results from their Secret Life of Teens survey which provides a detailed snapshot of online teen behavior. It reveals that 85 percent of teens go online somewhere other than at home and under the supervision of their parents, nearly a third (32 percent) of teens say they don’t tell their parents what they do while they are online, and 28 percent engage with strangers online. The survey results should serve as a wake up call for many parents.
Kids today are using mobile devices more than ever to get connected, which means increased opportunities for unsupervised usage. Is this a bad thing? Not necessarily but it can become one easily. I truly believe it comes down to values. It is not that young people today do not value privacy or security but rather that they value openness much more. It takes both education and technology to keep young people protected, both of which are firmly in the hands of us as parents. Kids cannot teach themselves to be safe online.
McAfee commissioned Harris Interactive to conduct the survey and it it we detail some pretty startling facts:
69 percent of teens divulged their physical location
28 percent chatted with strangers
Of those teens who chatted with strangers, defined as people whom they did not know in the offline world:
43 percent shared their first name
24 percent shared their email address
18 percent post photos of themselves
12 percent post their cell phone number
Girls make themselves targets more often than boys eye-opening: 32% of the girl respondents indicated they chat with strangers online vs. 24% of boy respondents.
News item 2: http://it.tmcnet.com/news/2010/06/16/4849639.htm
U.S. District Judge Donovan Frank was in a quandary: In an age where computers are everywhere and even cell phones have Internet access, how do you keep a man accused of hacking into his neighbors’ e-mails away from computers? In the case of Barry Vincent Ardolf, you send court officers out to his home in Blaine and seize every device capable of getting online, including his three teens’ computers.
Frank warned Ardolf on Tuesday that if he’s caught online, “the next stop will not be a halfway house. It’ll be the Sherburne County jail.” Ardolf, 45, was charged June 7 with aggravated identity theft and with threatening the vice president and other elected officials. Prosecutors allege a couple living near Ardolf reported him to police for inappropriately touching one of their children, so to retaliate, he created e-mail accounts in their names, hacked into their wireless computer routers and sent threats, child pornography and other vile messages.
He was scheduled for arraignment before Frank in St. Paul on Tuesday, and he was planning to accept a plea offer from Assistant U.S. Attorney Tim Rank. But before the hearing, Ardolf rejected the offer because it contained a recommendation that he be sentenced to a minimum of two years in prison.
The investigation began in February 2009 when an Ardolf neighbor complained to the Anoka County sheriff’s office that he was being harassed. The man claimed an anonymous e-mail account in his name was used to send messages to the neighbor’s co-workers, according to an affidavit by FBI Special Agent Robert Cameron.
The e-mails contained incriminating messages and child pornography, Cameron wrote.
Ardolf is also alleged to have used the neighbor’s name to set up an account on the social networking website MySpace. The page included child pornography, as well as this entry under “Who I’d like to meet”: “Any ladies looking for a good time. I’m married but my spouse bites big time. I’m looking for a new love of my life. I can afford to let her go and start new. After all … I’m rich!” “From training and experience, I know that individuals who post child pornography images do not typically do so under their true name,” Cameron noted in his affidavit.
When Anoka County investigators checked into the origins of the e-mails, they showed they had come from the neighbor. When they questioned him, he said he feared Ardolf had hacked into his wireless Internet router.
One of the first breaks in the case came after an e-mail in March, the affidavit asserts. Investigators discovered that someone had created an e-mail account at 5:29 p.m. March 17 from a computer with one Internet protocol address but had logged out of the account seven minutes later from a different IP address.
The first address belonged to a neighbor who lived across the street from Ardolf; the second belonged to a neighbor who lived in the next house over from Ardolf. It indicated someone was shifting between wireless accounts, Cameron said.
The e-mails took a more ominous turn May 6. One of the victim’s e-mail addresses was used to send a threat to Vice President Joe Biden, Gov. Tim Pawlenty, Minnesota State Rep. Tim Sanders and a Blaine police captain.
“This is a terrorist threat! Take this seriously,” the e-mail read. “I hate the way people are spending money you don’t have…. I’m assigning myself to be judge jury and executioner… Don’t bother trying to trace this e-mail…..” The e-mail was signed, which prompted Cameron to note in his affidavit, “I know, through training and experience, that violent threats to the Vice President of the United States are not typically conducted in one’s true name.” After the threat to the officials, the FBI got involved.
News item 3:http://www.theregister.co.uk/2010/06/16/blackenergy2_ddos_attacks/
Banks in Russia and Ukraine are under continued siege by criminal gangs wielding a sophisticated, next-generation exploitation kit that hacks the financial institutions’ authentication system and then hits it with a denial-of-service attack.
The attacks are being carried out with the help of a top-to-bottom revision of BlackEnergy, a popular hack-by-numbers toolkit that until recently was used primarily to launch DDoS, or distributed denial-of-service, attacks. Eastern European criminal gangs are using the expanded capabilities of BlackEnergy 2 to siphon funds out of electronic bank accounts and then assault the financial institutions with more data than they can handle, said Joe Stewart, a researcher with security firm SecureWorks’ Counter Threat Unit.
The attacks, which also use a BlackEnergy 2 module to bypass a Java-based application the banks use to authenticate customers online, began near the end of 2009. They show no signs of letting up, said Stewart, who observed the same modus operandi earlier this week.
“Over the months that I’ve been monitoring this botnet, it’s attacked probably a dozen or more banks with the same type of pattern of attacking the java authentication app,” Stewart told The Register. “All we see is, yes, this group has the plug-in that does the banking theft and then we see them also hacking that same banking authentication with the DDoS attack.”
BlackEnergy came to prominence in 2008 when it was reportedly used to disrupt internet communications in Georgia during the armed conflict between the former Soviet republic and Russia. It quickly became a major staple among Eastern European thugs, selling online for about $40 until free, pirated copies became widely available.
News item 4: http://www.networkworld.com/news/2010/061610-dns-security.html
The dream of bolting security onto the Internet’s Domain Name System takes one step closer to reality on June16th as Internet policymakers host a ceremony in northern Virginia to generate and store the first cryptographic key that will be used to secure the Internet’s root zone.
This key ceremony is one of the final steps in the deployment of DNS Security Extensions (DNSSEC) on the Internet’s root zone. DNSSEC is an emerging Internet standard that prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.
The key ceremony generated the master root key, the key that signs all the other keys. This was being done a month before the actual roll-out of DNSSEC so that we have a valid key and that folks can test with it.
The key ceremony’s demonstrate the set of procedures that the Internet engineering community has created to generate and store keys for the root zone in a secure way. Attendees will include ICANN staff and DNS experts from around the world. The key generation and storage process will be audited.
“People from all over the world will be part of the process of creating the key for the top level of the DNS,” explains Steve Crocker, an Internet security expert and CEO of Shinkuro. “They will witness and be able to report that the proper procedure was carried fairly and scrupulously.”
The two key ceremonies are among the last steps before production-scale deployment of DNSSEC on the root zone, which is scheduled for July 15.
News item 5: http://www.eweek.com/c/a/Security/ATandT-Investigating-User-Account-Complaints-by-iPhone-4-Customers-375228
AT&T said it is investigating reports that customers were able to view other people’s information when placing advance orders for Apple iPhone 4. The issue came as AT&T was dealing with a huge amount of interest in the device, with preorders totaling 600,000 in a single day. According to Gizmodo, the issue appeared when some customers tried to log into their AT&T account to order a new iPhone 4. Even though the user entered their username and password, they would be taken to another user’s account. Gizmodo posted screenshots from several readers that reported experiencing the issue.
“We have received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process,” the AT&T spokesperson told eWEEK. “We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.”
AT&T did not give any information about what could have caused the problem, which in turn follows the leak of e-mail addresses belonging to Apple iPad 3G owners.
Citing high demand, AT&T has halted sales of the new iPhone until inventory can be restocked. AT&T said it logged more than 13 million visits to a Web page where current customers can check if they’re eligible to upgrade to the new phone – three times more than the previous single-day record for eligibility upgrade checks.
