Your daily source of Pwnage, Policy and Politics.

Episode 208 – QuickTime Vuln, Secunia PSI & Wikileaks

Play

ISDPodcast Episode 208 for September 8, 2010.  Tonight’s podcast is hosted by Rick Hayes, and Keith Pachulski.

Announcements:

Atlanta ISSA:

SANS Community:

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

  • Use the Discount Code: isdpod15 for a 15% discount.

ShoeCon 2010:

Wellesley Inn-Atlanta Airport (Google Maps)
1377 Virginia Avenue
East Point, GA 30344
(404) 762-5111

  • This is a FREE event for InfoSec and IT professionals to attend to celebrate the life Matthew Shoemaker.

SANS Mentoring Program:

  • Jason Lawrence will be teaching the SANS Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
  • Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code:  isdpod15KY for a 15% discount.

The Louisville Metro InfoSec Conference:

Other upcoming cons Adrian will be at:
Phreaknic, Oct 15-17 2010, Nashville, TN
http://www.phreaknic.info
Hak3rCon Oct 23-24 2010, Charleston, WV
http://www.hack3rcon.org
MyHardDriveDied.com:

Bsides Atlanta:

News Item 1: http://english.farsnews.com/newstext.php?nn=8906081424
An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.

“To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US and Britain standing on top of them, through a new method and hacked and changed the pages of more
than 1,000 of their websites,” Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.

If you open the hacked sites now, you can see a logo of Iran and some pictures of martyrs Rajaee and Bahonar and a bi-lingual text in Persian and English expressing our group’s protest at the US, Britain and France’s attitude towards terrorism, Kamalian added.

Noting that the project started on Saturday and continued until Monday morning, he reminded that the group managed to hack more than 1,000 governmental sites of the aforementioned countries, including the official website of Louisiana state in the US, Britain’s Pevensey city council and other websites.

News Item 2: http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010
Technical Details: http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1A Spanish security researcher has discovered a new vulnerability in Apple’s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake.

The result of the problem is the creation of what amounts to a backdoor in the QuickTime code, Santamarta said. “WATCH OUT! Do not hype this issue beyond it deserves. This time Backdoor != malicious code but a horrible trick a developer implemented during the development cycle.These hacks could end up having a harmful impact,” he wrote in his blog post explaining the vulnerability.

Santamarta has sent the exploit code to the folks at the Metsploit Project and there will be a Metasploit module available for this attack soon.

“The Quicktime plugin is widely installed and exploitable through IE; ASLR and DEP are not effective in this case and we will likely see this in the wild,” said HD Moore, founder of the Metasploit Project.  Moore added that it looks right now as though the bug is exploitable only through Internet Explorer, and is likely to be exploited through drive-by download attacks.

News Item 3:http://krebsonsecurity.com/2010/09/revisiting-secunias-personal-software-inspector/
Secunia URL: http://secunia.com/blog/123/
The second release of the Secunia Personal Software Inspector Beta 2.0 auto-update application for third party software such as Adobe Reader, Flash, Air, Java, and Skype. If the Secunia application doesn’t have the application as part of the software it is possible to add it in the link to the executable to have it auto update it for you. Personally, Secunia for a new money bag on this one with it ease of use and decentralized distribution not that I’ve personally tested it but the public information so far seems to be positive.

News Item 4: http://gizmodo.com/5626381/this-is-the-nuclear-bunker-where-wikileaks-will-be-located

Gizmodo has photos of the Pionen White Mountains, the nuclear bunker in which Wikileaks will locate some of its servers. It was excavated 98 feet underground, in a rock hill in the center of Stockholm, Sweden, during the Cold War. Originally, it was just a bomb shelter built in 1943. In the 70s, the Swedes turned the shelter into a full bunker, a civil defense center that was going to hold an emergency unit of the Swedish government in the case of a nuclear war.

Now, protected under thirty meters of rock and 1.64-feet-thick solid steel doors, it is the colocation center of Bahnhof, a Swedish internet hosting company. Bahnhof further expanded the facilities when they took over it, blasting new space for gas oil power plants extracted from decommissioned German submarines. In the case of an external power outage, the generators would kick in, keeping the servers running non-stop.

Apparently, the Bahnhof people are pretty happy to host Wikileaks in their ultra-secure bunker, safe from any political pressure and physical assaults. Wikileaks is under attack by the US government for the publications of many of its secrets. Most recently, Wikileaks released 100,000 internal military documents from the Afghanistan war.