2010
07.01

Episode 164.5 – Firewire Fail, Stego, Comcast & HTML5 Porn

Category: Podcast / Tags: no tag / Comments Off

InfoSec Daily Podcast

 
I had a little bit of an A.D.D moment tonight when I accidentally unplugged the Firewire drive that we were storing  the podcast on.  The problem is that this was mid-recording and about 25-minutes in.  So after getting ragged for my stupidity we decided we would record version 164.5.  ISD Podcast Episode 164.5 for July 1, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.

Announcements:

MyHardDriveDied.com:

  • MHDD Data Recovery Class current dates and locations:
    • Atlanta, GA – July 12th-16th
    • Dallas, TX – October 11th – 15th
    • Washington, DC – December 6th – 10th
    • Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

  • Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.

Atlanta ISSA:

Kentuckiana ISSA Meeting
July 9th from 11:30 AM to 1:00 PM at Sullivan University.
http://www.issa-kentuckiana.org/index.php?option=com_content&view=article&id=13&Itemid=13
Ohio Information Security Forum:
Event Date:  July 10th, 2010
Location: SCC Research Park, Auditorium
Time: 8:30AM-5:30PM

The Louisville Metro InfoSec Conference
Thursday October 7th, 2010
at Churchill Downs!
http://www.louisvilleinfosec.com/
Registrations between now and July 16th, 2010 receive a
50% DISCOUNT on the $99 ticket price!

After July 16th the ticket price will go back to normal

Friends of the Podcast:

Webhosting services:WebSpeedway

Corrections:

Stories of Interest:
News item 1: http://news.cnet.com/8301-13578_3-20009101-38.html
A clandestine network of Russian spies in the United States used private Wi-Fi networks, flash memory sticks, and text messages concealed in graphical images to exchange information, federal prosecutors said Monday.

The Justice Department has filed criminal charges against 11 people who allegedly were covert agents of the Russian government assigned to establish close ties with American policymakers, including White House officials and an unnamed political fundraiser.

The court papers made public on Monday (PDF and PDF) include details of 21st century spycraft more high-tech than anything Jason Bourne knew about: defendant Anna Chapman allegedly brought her laptop to a coffee shop on 47th Street in Manhattan in January and transferred data with a Russian government official who drove by in a minivan but never entered the store.

In another information exchange two months later, Chapman allegedly opened her laptop while in a bookstore in lower Manhattan–probably the Barnes and Noble store on Greenwich Street–and used a private Wi-Fi network to communicate with the same Russian official who was nearby.

Some members of what the FBI calls “the Illegals,” meaning agents who adopted cover stories and lived in the United States for decades, allegedly used custom steganographic software developed in Moscow.
(Steganography is the practice of concealing secret messages in otherwise innocuous files.)

News item 2:  http://www.networkworld.com/news/2010/062810-misconfigured-cisco-gear-could-lead.html
Users of a popular Cisco Systems wireless access point may be setting themselves up for trouble if they leave a WPA wireless migration feature enabled, according to researchers at Core Security Technologies.

The issue has to do with Cisco’s Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless access for devices that use either the insecure WEP (Wired Equivalent Privacy) protocol or the more secure WPA standard.

This gives companies a way to gradually move from WEP to WPA without immediately buying all-new, WPA-capable equipment. But while auditing the network of a customer who used the product, Core researchers discovered that even networks that had stopped using WEP devices could still be vulnerable, so long as the Aironet’s migration mode was enabled.

Researchers were able to force the access point to issue WEP broadcast packets, which they then used to crack the encryption key and gain access to the network.

News item 3:  http://www.wwj.com/Detroit-Sues-Comcast-Over-Franchise/7569300

The city of Detroit is suing Comcast Corp.’s local subsidiary, saying that a 2006 state law creating one statewide franchise for cable TV providers that applies to all local jurisdictions violates the constitutions of both the United States and the state of Michigan.

The suit was filed June 21 in federal district court in Detroit. Comcast has 20 days to respond.

The city is seeking to overturn Comcast’s current franchise agreement with the city and reinstate its 1985 franchise.

The city claims that the Federal Cable Communications Policy Act of 1984 still controls its contractual relationships with Comcast, because under Article VI, Section 2 of the United States Constitution, “federal law is the supreme law of the United States and preempts all contrary state law.”

Also, the city argues, the 2006 law violates the state Constitution, because Article 7, Section 29 of that constitution gives cities, townships and villages “the exclusive authority to grant franchises” within the state.

In Michigan, the State Constitution delegates to the cities, townships and villages within the State, the exclusive authority to grant franchises. Const. 1963, Art. 7, § 29.

News item 4: http://www.ibtimes.com/articles/31345/20100629/google-baidu-censorship-internet-search-engine-redirecting-unfiltered.htm

Google Inc. has announced a “new approach” in China after the government said the company could no longer automatically redirect users to the unfiltered Hong Kong site.

“Ever since we launched Google.cn, our search engine for mainland Chinese users, we have done our best to increase access to information while abiding by Chinese law. This has not always been an easy balance to strike, especially since our January announcement that we were no longer willing to censor results on Google.cn,” said Google’s chief legal officer David Drummond in a blog posting on Monday.

Prior to the announcement, the search engine had been redirecting the search inquiries to its unfiltered site in Hong Kong to avoid the censorship issues in China.

But now, the company has to stop redirecting as the Chinese government officials found it unacceptable and warned of losing license to operate in the country, if continued. Due date for the renewal of license is June 30, 2010.

Baidu Inc, with over 60 percent of share in internet search in China, to grab the chance and expand. It has announced new plans to hire U.S engineers to enhance its technical skills and propel its growth globally.
News item 5: http://www.owasp.org/index.php/How_to_write_insecure_code
Continuing our coverage of the OWASP “How to write insecure code” with Secure Languages

Type safety
Means anything you enter at the keyboard is secure.

Secure languages
Pick only programming languages that are completely safe and don’t require any security knowledge or special programming to secure.

Mix languages
Different languages have different security rules, so the more languages you include the more difficult it will be to learn them all. It’s hard enough for development teams to even understand the security ramifications of one language, much less three or four. You can use the transitions between languages to hide vulnerabilities too.

News item 6: http://www.digitalplayground.com/home.php