09.07
InfoSec Daily Podcast
ISDPodcast Episode 207 for September 7, 2010. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Karthik Rangarajan.
Announcements:
Atlanta ISSA:
- ISSA International Conference – September 16, 2010 (http://www.issa.org/page/?p=105)
SANS Community:
- SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17th – 22nd, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)
9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354
- Use the Discount Code: isdpod15 for a 15% discount.
ShoeCon 2010:
- Atlanta, GA September 18th (http:///www.shoecon.org)
Wellesley Inn-Atlanta Airport (Google Maps)
1377 Virginia Avenue
East Point, GA 30344
(404) 762-5111
- This is a FREE event for InfoSec and IT professionals to attend to celebrate the life Matthew Shoemaker.
SANS Mentoring Program:
- Jason Lawrence will be teaching the SANS Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
- Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258). Use the Discount Code: isdpod15KY for a 15% discount.
The Louisville Metro InfoSec Conference:
- Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com).
Other upcoming cons Adrian will be at:
Phreaknic, Oct 15-17 2010, Nashville, TN
http://www.phreaknic.info
Hak3rCon Oct 23-24 2010, Charleston, WV
http://www.hack3rcon.org
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- Dallas, TX – October 11th – 15th
- SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
- Washington, DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: [email protected] or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.
News Item 1: http://www.hackiswack.com/
[Note: Karthik - I think they got rickrolled, didn't they?]
It seems that Snoop has teamed up with Symantec in an effort promote an anti-cybercrime promotion. They are looking for your 2-minute or less anti-cybercrime Rap videos. The grand prize winner gets two tickets to a Snoop Dog concert, the chance to meet his Management/Agent and a Toshiba laptop. Really? Since when is meeting someone’s Management/Agent a big deal?
News Item 2: http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=227300073
[Note: Input Validation..old news isn't good news. Should be part of the base software development. Obscure, non-specific error messages - don't leak more information than you need to with your web apps. Patch..patch patch..monitor both the front end and back end connectivity from the server to the DB server. Ensure proper privs are defined for the app to access/modify the backend DB.]
A new wave of mass SQL injection attacks seen in mid-August to hit over half a million websites, including parts of Apple’s site serves as a weighty reminder of the growing prevalence of mass injections and of SQL injections in general as a favorite means of hackers to tap into organizations’ infrastructure and data resources.
OWASP Development Guide: http://www.owasp.org/index.php/Category:OWASP_Guide_Project
OWASP Code Review: http://www.lulu.com/product/paperback/owasp-code-review/4458615
OWASP Testing Project: http://www.owasp.org/index.php/Category:OWASP_Testing_Project
News Item 3: http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/
Tomorrow’s WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks — or to foreign governments. And that means if you work for the military, get ready to have your web, email and other network usage monitored even more than it is now.
Darpa’s new project is called CINDER, for Cyber Insider Threat. It’s lead by a legendary hacker-turned-Darpa-manager. CINDER may have preceded Pfc. Bradley Mannings’ alleged disclosure of tens of thousands of documents about the Afghanistan war from Defense Department servers. But the idea is to find someone just like him. By hunting for poker-like “tells” in people’s use of Defense Department computer networks, Darpa hopes to find indications of indicate hostile intent or potential removal of sensitive data. “The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks,” according to the defense geeks’ request for contractor solicitations on the project.
That took on an increased urgency last month after WikiLeaks dropped 77,000 Afghanistan field reports into the public domain. While Admiral Mike Mullen’s furious blood-on-its-hands reaction got all the press coverage, Defense Secretary Robert Gates’ response appears to have been the more lasting one, policy-wise. Gates fretted that a casualty of WikiLeaks’ document dump would be the Defense Department’s years-long initiative to push vital information down to the front lines, so lower ranking officers and enlisted men had the sort of high-level battlefield views that used to be the province of their commanders. All that’s been jeopardized by Manning, he said, the soldier accused of being WikiLeaks’ inside man.
“We want those soldiers in a forward operating base to have all the information they possibly can have that impacts on their own security, but also being able to accomplish their mission,” Gates mused in a July press conference. “Should we change the way we approach that, or do we continue to take the risk” of future leaks? Gates partially answered his own question — however cryptically — by adding, “There are some technological solutions,” though “most of them are not immediately available to us.”