ISDPodcast Episode 210 for September 10, 2010. Tonight’s podcast is hosted by Rick Hayes, Adrian Crenshaw and Keith Pachulski.
Announcements:
Atlanta ISSA:
- ISSA International Conference – September 16, 2010 (http://www.issa.org/page/?p=105)
SANS Community:
- SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17th – 22nd, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)
9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354
- Use the Discount Code: isdpod15 for a 15% discount.
ShoeCon 2010:
- Atlanta, GA September 18th (http:///www.shoecon.org)
Wellesley Inn-Atlanta Airport (Google Maps)
1377 Virginia Avenue
East Point, GA 30344
(404) 762-5111
- This is a FREE event for InfoSec and IT professionals to attend to celebrate the life Matthew Shoemaker.
SANS Mentoring Program:
- Jason Lawrence will be teaching the SANS Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
- Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258). Use the Discount Code: isdpod15KY for a 15% discount.
The Louisville Metro InfoSec Conference:
- Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com).
Other upcoming cons Adrian will be at:
Phreaknic, Oct 15-17 2010, Nashville, TN
http://www.phreaknic.info
Hak3rCon Oct 23-24 2010, Charleston, WV
http://www.hack3rcon.org
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- Dallas, TX – October 11th – 15th
- SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
- Washington, DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: [email protected] or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.
Bsides Atlanta:
- http://www.securitybsides.com/BSidesAtlanta
- When: Friday, October 8, 2010
- Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).
- http://bsidesatlanta.eventbrite.com/
Stories of Interest:
News Item 1: http://www.tgdaily.com/games-and-entertainment-features/51458-film-studios-launch-cyber-attacks-on-torrent-sites
An Indian firm has blithely admitted carrying out DDoS attacks on illegal torrent websites on behalf of movie companies including 20th Century Fox.
Girish Kumar, managing director of Aiplex Software, said he’s hired by the studios to trawl the internet in the days following a movie’s release. Using software which searches for relevant keywords, Aiplex looks for sites hosting illegally pirated copies. The firm then delivers copyright takedown notices to the sites’ owners.
“Most movies are released on Friday morning at 10am in India. The movie is released in the morning – by afternoon it’s on the internet,” he told The Age.
“Generally speaking 95 per cent of… providers do remove the content. It’s only the torrent sites – 20 to 25 per cent of the torrent sites – that do not have respect for any of the copyright notices.”
News Item 2: http://abcnews.go.com/Technology/virus-mail-spreads-online/story?id=11596433
A mass-mailer worm flooded inboxes at a number of high-profile organizations today. Dubbed “Here you have” because of its e-mail subject line, the worm struck organizations such as NASA and the Walt Disney Co. In some ways, the worm is a throwback to attacks such as the Anna Kournikova virus, which security researchers at Symantec noted actually had the same subject line when it appeared in 2001.
“This used to be a massive problem when e-mail worms were at their peak, and this re-emergence shows that you can never assume old tried and true methods won’t be used again,” said Bradley Anstis, vice president of technology strategy at M86 Security.
The body of the e-mail sometimes contained the message “This is The Document I told you about, you can find it Here,” followed by a malicious link that appears to be a PDF document but is actually a .SCR file. The e-mail then instructs the recipient to “please check it and reply as soon as possible.” Other versions of the worm have the subject “Just For you” and “This is The Free Dowload [sic] Sex Movies,you can find it Here” in the body.
News Item 3: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=227400151
Alternate story: http://blog.imperva.com/2010/09/old-new-world-cup-data-breach.html
An employee was found to have stolen the information of approximately 250,000 attendees of the 2006 World Cup customers and was attempting to sell it. The information for sale included the names, addresses, passport information and dates of birth.
While the breach was by no means a new attack to a system, it continues to illustrate the need for proper database design, access control, database monitoring and data disposal policies.
1) Direct access to the database should not be permitted if not absolutely needed for business needs
2) Implementation of an application server to interface with the database server is recommended. However, the application server must be able to individually authenticate the user and pass through the user credentials to the database server
3) Implement access controls to those portions of the database storing sensitive information and restrict visibility of those tables, rows, columns to only authorized users (i.e. Oracle FGAC)
4) Implement auditing against those portions of the database storing sensitive information (ensure dba’s accessing those area’s are also audited)
5) Verify the audit information is integrated into the existing security infrastructure for monitoring or the trusted designated individuals (note I did not say individual there) have access to the information in real time
6) Implement encryption of the entire database (overkill) or encrypt those specific portions of the database where sensitive information is stored
Once the customer information is no longer needed, refer to your “Destruction of Electronically Stored Personally Identifiable Information Policy” to properly dispose of the information..you do have one of these right?