2010
09.14

InfoSec Daily Podcast

 
ISDPodcast Episode 212 for September 14, 2010.  Tonight’s podcast is hosted by Rick Hayes Keith Pachulski, Adrian Sanabria and Karthik Rangarajan.

Announcements:

Atlanta ISSA:

SANS Community:

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

  • Use the Discount Code: isdpod15 for a 15% discount.

ShoeCon 2010:

Wellesley Inn-Atlanta Airport (Google Maps)
1377 Virginia Avenue
East Point, GA 30344
(404) 762-5111

  • This is a FREE event for InfoSec and IT professionals to attend to celebrate the life Matthew Shoemaker.

SANS Mentoring Program:

  • Jason Lawrence will be teaching the SANS Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
  • Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code:  isdpod15KY for a 15% discount.

The Louisville Metro InfoSec Conference:

Other upcoming cons Adrian will be at:
Phreaknic, Oct 15-17 2010, Nashville, TN
http://www.phreaknic.info
Hak3rCon Oct 23-24 2010, Charleston, WV
http://www.hack3rcon.org
MyHardDriveDied.com:

Bsides Atlanta:

Adrian Sanabria: Twitter – http://twitter.com/sawaba

Stories of Interest:
News Item 1: http://www.theregister.co.uk/2010/09/13/adobe_fla sh_0day_vuln/
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04&displayLang=en#QuickDetails
Adobe Systems on Monday warned of a critical vulnerability in the most recent version of its Flash Player that is being actively exploited in the wild. The vulnerability affects Flash Player 10.1.82.76 for Windows, Macintosh, Linux, Solaris, and Android operating systems, Adobe said in an advisory. “There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows,” the warning said, without elaborating. The latest versions of Adobe’s Reader and Acrobat applications are vulnerable to the same flaw, but there’s no evidence they are being exploited. The advisory credited Steven Adair of the Shadowserver Foundation for working with Adobe’s security team on the vulnerability. Members of Shadowserver weren’t immediately available to respond to questions. The disclosure means there are at least two unpatched flaws in widely used Adobe applications that are presently under attack by criminals. As reported on Wednesday, a separate flaw in Reader 9.3.4 for Windows is also being exploited in emails that try to trick recipients into clicking on an attached PDF file. Once opened, the booby-trapped document exploits a stack overflow flaw in Reader, causing machines to run malware. While the vulnerability is in all versions of the PDF viewing software, it is being exploited only on Windows-based installations, Adobe has said.

Microsoft and Adobe Systems announced Sept. 10 that the latest edition of Microsoft’s Enhanced Mitigation Experience Toolkit can be used to block attacks. The announcement followed reports that an exploit currently in the wild can bypass Microsoft’s data execution prevention feature using a technique known as ROP (return-oriented programming). “Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation,” said a post on Microsoft’s Security Research & Defense blog. “However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit.”  EMET 2.0 blocks the exploit by deploying mandatory ASLR as well as export address table access filtering, Microsoft said.

News Item 2:  http://www.arcsight.com/press/release/merger-announcement/
HP and ArcSight, Inc. announced today that they have signed a definitive agreement for HP to acquire ArcSight, a leading security and compliance management company, for $43.50 per share, or an enterprise value of $1.5 billion.

The combination of HP and ArcSight will improve security, reduce risk and facilitate compliance at a lower cost for customers. ArcSight’s superior technology is highly complementary with HP’s existing security portfolio of hardware, software and services.