[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 224.mp3[/podcast]
ISDPodcast Episode 224 for September 30, 2010.  Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

I2P Anonymous Network Overview: http://www.i2p2.de/

Stories of Interest:
News: http://www.theregister.co.uk/2010/09/23/vacuum_cleaner_bandits/
Thieves armed with little more than a drill and a powerful vacuum cleaner siphoned £60,000 out of a supermarket safe in France in what police said is the 15th such heist against the same store chain.

The burglars have made off with €500,000 by exploiting a flaw in the security system of Monoprix, the chain that has been targeted since 2006, The Sun reports. Once they get inside the premises, they drill a small hole in the “pneumatic tube” used to transport money from the checkout to the strong room. This allows them to raid a safe without ever having to break its locks.

News: http://www.independent.co.uk/news/uk/crime/12-years-in-jail-for-man-in-vile-porn-plot-2087755.html
Update to a story we discussed in August about Neil Weiner, a man who sought to ruin the life of a school caretaker by planting child pornography on his computer. Weiner has now been convicted on two counts of possession of child pornography and one count of perverting the course of justice. He was sentenced to 12 years in jail.

“The judge told Weiner that his plot to have Mr. Thompson sacked and prosecuted very nearly succeeded. Police had been careful not to make public their arrest of the caretaker and only informed those at the school who needed to know, he said. ‘But you gratuitously and spitefully informed the local press so that he and his wife suffered the distress of the unwelcome publicity which followed.’ Mr. Thompson’s health and that of his wife suffered. The judge said: ‘There are still those who believe, and probably always will, that he is a pedophile. I am wholly satisfied that Mr. Thompson is innocent.’ … Weiner had discovered the caretaker’s password by looking over his shoulder one day and been caught doing so. When Mr. Thompson was asked why he did not change it, he said he wished he had, adding: ‘Who in their worst nightmares would could have thought that anyone could stoop to do what he did?’”

Tools: http://www.purehacking.com/afd/
@ChrisJohnRiley tweeted about a tool called Active Filter Detection (AFD).  AFD allows security auditors to identify the presence of Intrusion Prevention Systems and other technologies that would directly impact the quality of a security assessment.  So I decided to download and install the program.  Not wanting to run it as part of a pen-test/audit, I decided to test it internally against a server running a HIDS.  I took three packets for it to tell me that my packets were being filtered.  This peaked my interest, so I contacted a friend that has an Internet presense with a WAF along with an IPS.  This tool sends what could essentially be described as packets with known attack signatures and looks for and analyzes the response.  It was able to detect when he had the WAF and IPS’s turned on and when I was communicating directly through to the web server.  If you conduct external security assessments, you might want to further investigate AFD.

News: http://www.theregister.co.uk/2010/09/24/voip_hacker_sentenced/

A Venezuelan citizen on Friday was sentenced to 10 years in US federal prison for hacking into the networks of telecommunications companies and then routing millions of minutes of voice over IP calls over their systems.

Edwin Andres Pena, 27, admitted in February that he pocketed more than $1m in the scam, in which he posed as a legitimate reseller of long-distance calling services. By scanning networks of AT&T and other companies, Pena was able to identify unprotected ports through which he could transmit more than 10 million minutes of unauthorized calls.

Pena, who spent much of his time in Miami, was described as the mastermind behind the operation. For technical help in identifying vulnerable networks, he turned to a Spokane, Washington, hacker named Robert Moore. He was previously sentenced to two years in prison for his role, which included performing more than 6 million scans on AT&T’s network alone over a five-month span in 2005.

Following the arrest of the two men in 2006, Pena fled the US and engaged authorities in a manhunt through South and Central America. Agents finally apprehended him in Mexico in 2009.

Prosecutors reckon that Pena’s scheme caused a loss of $1.4m in less than a year. One of the targeted companies – which was based in Newark, New Jersey, where the case was prosecuted – was billed for more than 500,000 unauthorized telephone calls that Pena routed through its network.  In addition to his 120-month prison sentence, Pena was ordered to pay restitution of a little more than $1m.
News: http://blogs.amd.com/home/2010/09/22/getageek
In a blog post written by Leslie Sobon, the company’s vice president of marketing, Sobon describes her life in the largely male-dominated world of technology as being “mostly surrounded by guys all day,” but says: “I can tell you that – in general – technical guys are pretty cool.”

Sobon goes on to offer a five-step programme for girls who want to be able to land a bespectacled Dungeons & Dragons-loving hunk of their very own, starting with an exhortation to “learn the language” in order to better understand the near-gibberish that pours forth from their suitor’s mouth.

The next step is to, “hang out where the geeks hang out,” which might seem obvious – but Sobon does offer a list of likely events like QuakeCon, overclocking contests, and LAN parties. Not listed are other likely venues for the ultra-geeky, like chiptune concerts and – the ost common location – cloistered in the dark, eyes glued to a monitor.

Girls are advised to ask questions, too – although Sobon says, “You don’t really have to understand what these questions mean.” So don’t fret your little female brain if they’re too complicated for you to understand. Sobon suggests a list of queries that you could just “throw [...] into the conversation,” including, “What will win, x86 or ARM?” And, “What’s more important in the PC – the CPU or the GPU?”

[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 223.mp3[/podcast]
ISDPodcast Episode 223 for September 29, 2010.  Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News: http://www.securityweek.com/how-stop-cyber-attack-it-happens
One of the fastest growing segments of the world economy is cybercrime. The opportunity is created by the inexorable digitization and interconnection of enterprises both Government and Commercial, and is exacerbated by increasingly sophisticated and well-funded attackers. The modern IT security approach to countering this threat has been reactive, not proactive. Intrusion detection systems, firewalls, Web filters, anti-malware software and Patch Tuesdays represent the state of the art, and while there are a lot of great security products and technologies available, the concept of allowing connectivity to critical information and networks while trying to filter and detect malicious activity is fundamentally flawed. The black hats simply change tactics to circumvent defenses, they are always one step ahead.

• Learn from Others’ Mistakes
• Do your Homework
• What Not to Do
• Ask the Experts

News: http://www.homesecuritysource.com/blogs/top-5-credit-and-debit-card-skimming-attacks.aspx
Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

• Wedge Skimming
• POS Swaps
• ATM Skimmers
• Data Interceptors
• Dummy ATM’s

News: http://www.storefrontbacktalk.com/social-networks/ohio-wal-mart-giftcard-thief-gets-11k-just-for-the-asking
Earlier this month, a man called a 24-hour Wal-Mart in Columbus, Ohio, at 1 AM and told an associate he was with Wal-Mart’s IT department. The caller instructed the associate to activate gift cards, read him those card numbers and then scratch off the tape on the back of the cards so she could tell him the authorization codes, police said. And the associate obliged. Hours—and more than $11,000 in online fraud—later, the store realized it had been had.

This incident, which police are still investigating, raises the issue of associate training. Preliminary information given to police by Wal-Mart did not indicate that the caller gave the associate any reason to believe he really was from Wal-Mart IT. Nor was any reason offered as to why an IT person would make such a request. Was the thief assuming the 1 AM crew might be more accommodating and less suspicious?

The incident reportedly happened on September 5 at the Westpointe Plaza Wal-Mart near Columbus, said Columbus Police Detective Susan Collins, who added on Wednesday (Sept. 22) that Wal-Mart had yet to indicate how it arrived at the very specific fraud figure of $11,054.60. Nor did the retailer say how many—or the nature of—the transactions involved. A Wal-Mart spokesperson on Wednesday (Sept. 22) also said she had yet to hear back from store officials about the incident’s particulars.

News: http://darkreading.com/smb-security/security/app-security/showArticle.jhtml?articleID=227500486
As social networks become more popular, such threats are becoming more common, taking advantage of the trust between users. No wonder, then, that more than a third of small and midsize businesses (SMBs) already have identified a social network as the entry point for a virus or Trojan horse infecting their corporate networks, according to survey released last week by Panda Security.

“Everyone has to worry about it, but small and medium businesses are most vulnerable,” says Sean-Paul Correll, a senior threat researcher with Panda. “Either they don’t have the needed expertise or they don’t have the budget to hire the expertise.”

Malicious code is not the only threat that SMBs are facing on the social networking front. Many companies are finding workers posting sensitive information on these sites without fully understanding the implications of the act. More than one company has leaked critical business information inadvertently to the press via social network postings.

“You can see the [news] article going up as the employee is tweeting,” Correll says.

For SMB owners who may not have the technical chops of their younger workers, dealing with social networks can be particularly daunting, says Ian Moyse, channel director of Europe, Middle East, and Africa for security firm Webroot.

“The younger employees have grown up with it — it’s likely on their phone,” Moyse says. “A lot of small business owners may not understand that this is going on.”

But completely banning Facebook, Twitter, and LinkedIn often leads only to unhappy employees, who might still use the services through a smartphone or from home. Instead of trying to block such services, SMBs should work with their employees, Moyse says.

News: http://www.theregister.co.uk/2010/09/23/vacuum_cleaner_bandits/
Thieves armed with little more than a drill and a powerful vacuum cleaner siphoned £60,000 out of a supermarket safe in France in what police said is the 15th such heist against the same store chain.

The burglars have made off with €500,000 by exploiting a flaw in the security system of Monoprix, the chain that has been targeted since 2006, The Sun reports. Once they get inside the premises, they drill a small hole in the “pneumatic tube” used to transport money from the checkout to the strong room. This allows them to raid a safe without ever having to break its locks.

News: http://www.independent.co.uk/news/uk/crime/12-years-in-jail-for-man-in-vile-porn-plot-2087755.html
Update to a story we discussed in August about Neil Weiner, a man who sought to ruin the life of a school caretaker by planting child pornography on his computer. Weiner has now been convicted on two counts of possession of child pornography and one count of perverting the course of justice. He was sentenced to 12 years in jail.

“The judge told Weiner that his plot to have Mr. Thompson sacked and prosecuted very nearly succeeded. Police had been careful not to make public their arrest of the caretaker and only informed those at the school who needed to know, he said. ‘But you gratuitously and spitefully informed the local press so that he and his wife suffered the distress of the unwelcome publicity which followed.’ Mr. Thompson’s health and that of his wife suffered. The judge said: ‘There are still those who believe, and probably always will, that he is a pedophile. I am wholly satisfied that Mr. Thompson is innocent.’ … Weiner had discovered the caretaker’s password by looking over his shoulder one day and been caught doing so. When Mr. Thompson was asked why he did not change it, he said he wished he had, adding: ‘Who in their worst nightmares would could have thought that anyone could stoop to do what he did?’”

[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 222.mp3[/podcast]
ISDPodcast Episode 222 for September 28, 2010.  Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News: http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-destroy-Iran-s-Bushehr-nuclear-plant
Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target — a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be  immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.

Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.

News: http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_infection_of_industrial_systems
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.

Experts from Iran’s Atomic Energy Organization also reportedly met this week to discuss how to remove the malware.

Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies.

Those control systems, called SCADA, for “supervisory control and data acquisition,” operate everything from power plants and factory machinery to oil pipelines and military installations.

According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country.

News: http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227500817
While the Stuxnet worm attack has raised the bar for targeted attacks on the critical infrastructure, it’s not the first time the power grid has been in the bull’s eye. Attacks against these systems are actually quite common — it’s just that they are mostly kept under wraps and rarely face public scrutiny like Stuxnet has.

Nearly 60 percent of critical infrastructure providers worldwide, including oil and gas, electric, and telecommunications, say they have been targeted by “representatives” of foreign governments, according to a study published earlier this year by The Center for Strategic and International Studies and commissioned by McAfee. More than half of the respondents had experienced a targeted, stealthy attack akin to the Aurora attacks that hit Google, Adobe, and nearly 30 other companies earlier this year. In addition, nearly 90 percent of the respondents said their networks had been infected with malware, and more than 70 percent had been hit with low-level DDoS attacks and vandalism, insider threats, leakage of sensitive data, and phishing or pharming.

As reported last week, Stuxnet has shed light on just how vulnerable their control systems really are, and as the first known malware attack to target power plant and factory floor systems, it has been a wake-up call for the potential damage that could be inflicted on a power plant and the potential consequences to the physical world. Though no one knows for sure who created and launched it (speculation has pointed to nation-state sponsorship) or what the endgame really was, the concentration of infections has mostly been in Iran and India. Nearly 60 percent of Stuxnet infections were located in Iran, according to Symantec.

Speculation that the worm was specifically gunning for Iran’s nuclear power plant gained a bit more traction in the past couple of days: Iran’s official news agency reported over the weekend that Stuxnet had infected employee machines at the plant, according to an AP report. And some 30,000 IP addresses had been across Iran, according to other reports.

News: http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infected_PCs_at_nuclear_reactor
Although some computers at Iran’s Bushehr nuclear reactor were infected by the Stuxnet worm, none of the facility’s crucial control systems were affected, Iranian officials claimed Sunday.

The news followed Saturday’s admission by Iran that Stuxnet had infected at least 30,000 computers in the country. The worm, which researchers have dubbed the most sophisticated malware ever, targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility companies.

Those control systems, called SCADA, for “supervisory control and data acquisition,” manage and monitor machinery in power plants, factories, pipelines and military installations.

“The studies show that few PCs of Bushehr nuclear power plant workers are infected with the virus,” Mahmoud Jafari, the facility’s project manager, told Iran’s state-run Islamic Republic News Agency on Sunday.

Stuxnet Iran Image:

News: http://www.theregister.co.uk/2010/09/24/ebay_spear_phishing_attack/
Romanian authorities said they have detained a man suspected of absconding with more than $3m by snaring 3,305 eBay employees in a spear phishing campaign last year.

Liviu Mihail Concioiu is under investigation for carrying out two phishing attacks that were directed solely at eBay employees, according to a press release (translation here) from Romania’s DIICOT agency. In the first, he netted user names and passwords for 1,784 employees and in the second he got another 1,521 employee credentials.

The suspect then used 417 of the stolen accounts to log in to eBay’s internal network, where, according to computer-forensics expert Gary Warner of the University of Alabama at Birmingham, he accessed details about high-value eBay customers.

With that information, Concioiu was able to fleece 1,183 eBay users of more than $3m. One of the reasons the scam was so successful, Warner said, was its extremely small footprint. The detailed information about high-value customers allowed him to fly under the radar of traditional phishing defenses because he sent out relatively few emails compared with more common phishing attacks.

To say the least, it’s a startling revelation that more than 3,300 eBay employees were tricked into turning over credentials to highly restricted parts of their company’s network.

News: http://www.securityweek.com/how-stop-cyber-attack-it-happens
One of the fastest growing segments of the world economy is cybercrime. The opportunity is created by the inexorable digitization and interconnection of enterprises both Government and Commercial, and is exacerbated by increasingly sophisticated and well-funded attackers. The modern IT security approach to countering this threat has been reactive, not proactive. Intrusion detection systems, firewalls, Web filters, anti-malware software and Patch Tuesdays represent the state of the art, and while there are a lot of great security products and technologies available, the concept of allowing connectivity to critical information and networks while trying to filter and detect malicious activity is fundamentally flawed. The black hats simply change tactics to circumvent defenses, they are always one step ahead.

• Learn from Others’ Mistakes
• Do your Homework
• What Not to Do
• Ask the Experts

News: http://www.homesecuritysource.com/blogs/top-5-credit-and-debit-card-skimming-attacks.aspx

Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

• Wedge Skimming
• POS Swaps
• ATM Skimmers
• Data Interceptors
• Dummy ATM’s

[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 221.mp3[/podcast]
ISDPodcast Episode 221 for September 27, 2010.  Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News: http://www.csoonline.com/article/618014/are-you-too-perfect-to-be-an-effective-security-manager-
Ever spend time working on policies, solutions and messages only to be ignored or cast aside? Worse, after spending the time to build a solution, are people simply not responding?

Perfection is a fallacy, as the “responsible” individuals within our organizations we need to share our experiences. Most of our education is through experience within our positions. What we learn we need to better communicate to help other not only learn about our jobs but understand why we are doing them.

When sharing those experiences, be sure the environment they are communicated in is free of judgements and ridicule, it must be an open and free forum.

Admit your mistakes, we all make them. To say we don’t is only tarnishing us as an individual as well as our entire profession. We learn through mistakes, share them so others can learn to not make the same ones. Don’t create mistakes, meaning dont lie or bullshit people..creating fake scenario’s can be devastating to your career as well as your reputation.

News: http://news.cnet.com/8301-13506_3-20017438-17.html
Sony informed consumers this week that some counterfeit PlayStation 3 controllers could ignite or explode when used.  According to the company, counterfeit PlayStation 3 controllers, which Sony says are “identical in appearance to genuine PlayStation 3 wireless controllers,” have started cropping up in the wild. The company said that the “quality, reliability, and safety of counterfeit products is uncertain.”

But it gets worse. Those who have bought counterfeit PlayStation 3 controllers could put themselves in physical danger. According to Sony, the counterfeit products could “ignite or explode, resulting in injury or damage to the user, your PlayStation 3, or other property.”

Sony didn’t specify where counterfeit controllers are being sold. But the company did recommend that consumers stick with its own wireless controllers, which are available from a number of reputable retail outlets.

News: http://www.theregister.co.uk/2010/09/23/msse_free_for_small_biz/
Microsoft is extending the availability of its freebie Microsoft Security Essentials to small businesses from early next month.  The application – which provides protection against viruses, spyware, and other malicious software – was launched as a basic scanner available to consumers at no charge last September. From October, small businesses running up to 10 PCs can use the technology without charge.

Microsoft explained: “This extended availability to small businesses centers on a change to the End User Licensing Agreement (EULA) that allows small business customers to legally download the software onto individually managed business PCs.”

Redmond is continuing to offer its Forefront client suite, which offers improved manageability, to larger businesses. More detail on the deal can be found on Microsoft’s SMB Community blog here.

News: http://www.foxnews.com/politics/2010/09/27/seeking-expand-internet-wiretaps/
The Obama administration is developing plans that would require all Internet-based communication services — such as encrypted BlackBerry e-mail, Facebook, and Skype — to be capable of complying with federal wiretap orders, according to a report published Monday.

The bill, which the White House plans to deliver to Congress next year, would require communication service providers be technically capable of intercepting and decrypting messages, raising serious privacy concerns, the Times said.

Keith: So he not only wants a big red freaking button to shut off the internet, but he wants the ability to be able to nullify the encrypted transports we rely on to conduct and protect our business operations.

[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 220.mp3[/podcast]
ISDPodcast Episode 220 for September 24, 2010.  Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski and Karthik Rangarajan.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News: http://www.networkworld.com/news/2010/091510-nsa-accreditations.html
The National Security Agency wants to use commercially-built security products and the latest virtualization software. But the slow pace of getting products certified through NSA channels and the lightening fast pace of change in the IT industry is causing national-security heartburn.

The high-tech spy agency, which also guides Defense Department information security, has become an enthusiastic proponent of open standards-based technologies such as Trusted Network Connect (TNC) and Trusted Platform Module (TPM) put forward by the organization Trusted Computing Group (which announced it expects to propose an end-to-end security framework for cloud computing around year-end).

This week the secretive NSA held its first conference related to its views on trusted computing. The NSA Trusted Computing Conference and Exposition in Orlando drew about 500 attendees and 39 exhibiting companies.

Michael Lamont, NSA chief of the network solutions office, noted in his keynote that since May of this year the national-security strategy has been “COTS [commercial off the shelf] first, not GOTS [government].”

News: http://www.informationweek.com/blog/main/archives/2010/09/larry_ellison_h.html
Introducing Oracle’s new Exalogic Elastic Cloud machine, Larry Ellison opened his remarks by saying that cloud computing has many definitions, and he cited Amazon.com and Salesforce.com as examples of profoundly different cloud approaches. And then he unloaded on Salesforce.com for “commingling” customers’ data and offering “a very weak security model.”

“Maybe the two most well-known examples of cloud computing represent opposite ends of the spectrum,” Ellison said in underscoring his contention that cloud computing means many different things to many different people. “On the one hand you have Salesforce.com, a very successful application on the Internet, and a lot of people call that cloud computing—you access the application on the web, it’s 10 years old, and it’s SaaS technology, and some people say that’s cloud computing.”

As a counterpoint, Ellison then described Amazon.com’s EC2 as a hardware/software platform for building and running applications and using Linux, Java, Oracle database, MySQL, and other prominent technologies in a highly virtualized environment that can run a wide variety of applications.

“The technology is virtualized so each customer has its own separate, secure, and virtual environment with fault isolation, so most systems failures affect only one customer,” Ellison said as even I began to see which way he was tilting.

News: http://blogs.wsj.com/washwire/2010/09/21/former-nsc-official-criticizes-cyber-security-policies/
The Obama administration’s cyber security policies came under fire today from unexpected quarters — former National Security Council official Richard Clarke, who advised the administration’s transition team.

“The Obama administration so far has failed to do the necessary with regard to cyberwar,” said Clarke, who now heads a security consulting firm, Good Harbor Consulting, and recently co-authored a book on cyber security. In a speech in Washington to the Cyber Conflict Studies Association, he acknowledged several times that he was critiquing his friends.

The Obama administration was quick to fire back. “The Obama administration is very focused on this,” said one administration official. “The president has designated [cyber security] as a strategic national asset.”

The administration hasn’t articulated a strategy to tackle computer network security in the U.S. The Pentagon has hinted that such a strategy exists but hasn’t described it publicly, Clarke said. He said the Pentagon is working to extend its cyber protection efforts to the private sector because the Department of Homeland Security isn’t providing that security.

Among other failings, Clarke said the Homeland Security’s cyber security programs are underfunded and the department has “done nothing” about cyber threats to critical infrastructure such as the electric grid, which is increasingly dependent on the Internet to stay up and running.

News: http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227500353
New research shows parents have more to worry about than their college students’ underage drinking: Twenty-three percent of college kids say they have hacked for fun or profit, although most of them believe doing so is wrong.

The report, commissioned by Tufin Technologies and the Association of Chief Police Officers in the U.K., found that 32 percent of college students aged 18 to 21 say hacking is “cool,” 28 percent consider it easy to accomplish — and all the while 84 percent consider it the wrong thing to do.

Some 40 percent hacked for the first time after they turned 18; one in three say they hacked for fun, 22 percent say the main motivation for hacking was curiosity, and 15 percent cited profit as their motivation. The report surveyed 1,000 college students at eight universities in England.

Nearly 40 percent of the hackers used their own computers to do the dirty deed, while 32 percent used their universities’ computers. Another 23 percent used public computers at an Internet cafý. College kids are hacking Facebook accounts (37 percent), email accounts (26 percent), and online shopping accounts (10 percent).

– http://www.hackerhighschool.org/

Tools: http://trac.aircrack-ng.org/changeset/1781
Aircrackng has been updated to include EWSA Project file exports for v3.02. Make sure you svn up and then recompile.  What is EWSA you may ask?  Elcomsoft Wireless Security Auditor (http://www.elcomsoft.com/ewsa.html) which allows you to “test” how secure a wireless network is.  So big deal you may say, but wait there’s more!  It comes with a built-in wireless network sniffer and more importantly it offers GPU acceleration technology when one or more compatible NVIDIA or ATI video cards are present for key cracking.