InfoSec Daily Podcast

 
ISDPodcast Episode 176 for July 20, 2010.  Tonight’s podcast is hosted by Rick Hayes and Matthew Shoemaker.  In this episode we will discuss SANS, OpenID, Grade Changing & Pakbugs.

Announcements:

MyHardDriveDied.com:

• MHDD Data Recovery Class current dates and locations:
  • Dallas, TX – October 11th – 15th
  • SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
  • Washington, DC – December 6th – 10th
• Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

• Jason Lawrence will be teaching the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
• Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code: isdpod15KY for a 15% discount.

Atlanta ISSA:

• ISSA International Conference – September 16, 2010  (http://www.issa.org/page/?p=105)

SANS Community:

• SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17-22, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

• Registration for these classes by Aug 4th offers both $400 Early Bird savings and registration for the ISSA Conference (existing members). All attendees also receive a one year ISSA membership.  Use the Discount Code: isdpod15 for a 15% discount.

The Louisville Metro InfoSec Conference:

• Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com)

Stories of Interest:News item 1:  http://isc.sans.edu/diary.html?storyid=9208

SANS made the call to go Code Yellow to help raise awareness of the zero-day flaw being used in targeted attacks against organizations worldwide — most notably on SCADA systems with “LNK” vulnerability. SANS ISC handler and security consultant Lenny Zeltser today. “Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time. The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch. Furthermore, anti-virus tools’ ability to detect generic versions of the exploit have not been very effective so far.”   The Infocon has since been lowered back down to green.
News item 2: http://www.computerworld.com/s/article/9179224/Researchers_Password_crack_could_affect_millions
A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference. Researchers Nate Lawson and Taylor Nelson say they’ve discovered a basic security flaw that affects dozens of open-source software libraries — including those used by software that implements the OAuth and OpenID standards — that are used to check passwords and user names when people log into websites. OAuth and OpenID authentication are accepted by popular Web sites such as Twitter and Digg.

They found that some versions of these login systems are vulnerable to what’s known as a timing attack. Cryptographers have known about timing attacks for 25 years, but they are generally thought to be very hard to pull off over a network. The researchers aim to show that’s not the case.

The attacks are thought to be so difficult because they require very precise measurements. They crack passwords by measuring the time it takes for a computer to respond to a login request. On some login systems, the computer will check password characters one at a time, and kick back a “login failed” message as soon as it spots a bad character in the password. This means a computer returns a completely bad login attempt a tiny bit faster than a login where the first character in the password is correct.

News Item 3:  http://english.people.com.cn/90001/90776/90882/7065613.html
Hackers are claiming online they can break into computer systems belonging to universities and certification institutes and change the scores of students. An online search in Chinese of “hackers editing scores” results in dozens of pages of hits. The hackers say they can change students’ scores for a price – and charge between a few thousand yuan and more than 10,000 yuan for the illegal service, depending on the majors and universities involved.

A person answering the phone at one such site, who refused to reveal his name, indicated that he had helped several students. The slogan of his website was: “If you did badly in an examination, come to our hacker team.”  When asked whether he could change the score for a failed subject at the University of International Business and Economics, he said it would not be a problem after checking out the university’s homepage.  The man was very cautious and asked for the caller’s “student number” before he would reveal the price.

News Item 4:  http://www.theregister.co.uk/2010/07/13/pakbugs_crackdown/
Five alleged hackers have been arrested by the Pakistani authorities in raids that led to the closure the Pakbugs hacking and carding forum.  The operation, run by Pakistan’s Cyber Crime department of Federal Investigation Agency (FIA), followed complaints by “national and multinational organisations” over a series of website defacement and hack attacks. Pakbugs is blamed for running amok across thousands of websites belonging to various governmental and non-governmental organisations in Pakistan and elsewhere, local telecoms blog PakSpider reports.

Police seized computer equipment during the arrests of the five suspects. Others suspects remain at large, including Jawaad Ehsan, thought to live in Riyadh, Saudi Arabia.  A Pakistani government press statement explains that the suspects are thought to have expertise in a range of cybercrime techniques, including botnet management, phishing and carding.

News Item 5: http://www.newsnet5.com/dpp/lifestyle/relationships/she-said-he-said-is-it-ever-okay-to-snoop-through-your-lover%27s-things%3F-ews-original-knxv-201007131279069583502

Can snooping ever be validated in relationships?

News Item 6:
Be careful what you post online!

Orlando Sentinel – Foes may use your Facebook info against you in divorce, custody fights:

Facebook and other social networks, such as Twitter, Flickr, Photobucket and MySpace, are becoming the latest legal tool in divorce and child-support battles.

Attorneys and private investigators collecting background on a client’s ex-spouse are trolling the websites as a quick and easy way to catch someone doing something they don’t want brought up in court — snapshots of snuggling with a mistress, semi-nude photos with children nearby or drunken party pictures from a bar on a weekend a child is visiting.

Wall Street Journal – Is ‘Friending’ in Your Future? Better Pay Your Taxes First:

Tax deadbeats are finding someone actually reads their MySpace and Facebook postings: the taxman.

State revenue agents have begun nabbing scofflaws by mining information posted on social-networking Web sites, from relocation announcements to professional profiles to financial boasts.