09.16
InfoSec Daily Podcast
ISDPodcast Episode 214 for September 16, 2010. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Adrian Crenshaw.
Announcements:
ShoeCon 2010:
- When: Saturday, September 18, 2010
- Where: Wellesley Inn-Atlanta Airport (Google Maps)
- This is a FREE event for InfoSec and IT professionals to attend to celebrate the life Matthew Shoemaker.
SANS Mentoring Program:
- Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
- http://www.sans.org/mentor/details.php?nid=21538
- When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
- Use the Discount Code: isdpod15 for a 15% discount.
- Adrian Sanabria – SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
- http://www.sans.org/mentor/details.php?nid=22258
- When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
- Use the Discount Code: isdpod15KY for a 15% discount.
The Louisville Metro InfoSec Conference:
- http://www.louisvilleinfosec.com
- When: Thursday, October 7th, 2010
- Where: Churchill Downs
Bsides Atlanta:
- http://www.securitybsides.com/BSidesAtlanta
- When: Friday, October 8, 2010
- Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).
- http://bsidesatlanta.eventbrite.com/
Phreaknic:
- http://www.phreaknic.info
- When: Oct 15-17 2010
- Where: Nashville, TN
Hak3rCon:
- http://www.hack3rcon.org
- When: Oct 23-24 2010
- Where: Charleston, WV
MyHardDriveDied.com Data Recovery Class:
- Dallas, TX – October 11th – 15th
- Washington, DC – December 6th – 10th
- Use the Discount Code: isdpodcast for a $300 discount.
Defcon and Blackhat 2010 videos:
Stories of Interest:
News Item 1: http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
The Linux kernel has been purged of a bug that gave root access to untrusted users – again. The vulnerability in a component of the operating system that translates values from 64 bits to 32 bits (and vice versa) was fixed once before – in 2007 with the release of version 2.6.22.7. But several months later, developers inadvertently rolled back the change, once again leaving the OS open to attacks that allow unprivileged users to gain full root access.
The bug was originally discovered by the late hacker Wojciech “cliph” Purczynski. But Ben Hawkes, the researcher who discovered the kernel regression bug, said here that he grew suspicious when he recently began tinkering under the hood of the open-source OS and saw signs the flaw was still active.
“I showed this to my friend Robert Swiecki who had written an exploit for the original bug in 2007, and he immediately said something along the lines of ‘well this is interesting,’” Hawkes wrote. “We pulled up his old exploit from 2007, and with a few minor modifications to the privilege escalation code, we had a root shell.”
http://www.exploit-db.com/exploits/15023/
News Item 2: http://www.computerworld.com/s/article/9184179/Report_RBS_WorldPay_hacker_gets_four_years_probation
The mastermind behind one of the biggest hacking paydays in history has been sentenced to four years’ probation and an US$8.9 million fine, according to published reports.
Victor Pleshchuk, 28, was sentenced to four years’ probation on Wednesday, according to Bloomberg News. He is considered the leader of a group of criminals who organized a 2008 precision strike on RBS WorldPay, the payment processing division of the Royal Bank of Scotland.
In addition to the reduced sentence of probation, Pleshchuk must also pay back more than 275 million rubles ($8.9 million) to RBS WorldPay, Bloomberg reports.
Russia is trying to fight a reputation for being soft on cybercrime, but this light sentence won’t do much to change that perception. Security experts say that Pleshchuk falls into the same category of highly accomplished cybercriminals as Albert Gonzalez, best known for hacking into retailer TJX Companies and the Heartland Payment Systems payment processing network. In March, Gonzalez was sentenced to 20 years in federal prison.
News Item 3: http://www.theregister.co.uk/2010/09/08/salary_database_hack/
A court has ordered a UK hacker to pay compensation after he used a purloined laptop to hack into his ex-employer’s personnel database.
Colin Parker, 31, gained unauthorised access to staff contracts containing salary details and emailed this to around 400 workers at his ex-employer, CHI and Partners. Parker’s attempt to create bad feeling among workers at the firm was foiled by an alert sys admin, who intercepted and deleted the potentially incendiary emails.
Parker, who was found responsible for the theft of a laptop and given a conditional discharge*, agreed to pay his ex employer CHI and Partners £4,000 in compensation and £3,000 in prosecution costs to settle the case during a hearing at Southwark Crown Court on Monday. He is liable for 12 months’ imprisonment if he fails to satisfy these conditions, a spokesman for Southwark Crown Court confirmed.
News Item 4: http://www.darkreading.com/insiderthreat/security/management/showArticle.jhtml?articleID=227300424
The recently revealed abuse of insiders’ system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to implement more stringent security practices, experts said this week.
Last week, nine Sprint employees were charged with misusing their access to the telecommunications giant’s systems to redirect phone charges to other customers by “cloning” their cell phones — to the tune of more than $15 million in fraudulent charges in the first six months of this year.
The case highlights the need for enterprises to implement controls that will help them catch insiders who might be focused on fraud, says Dawn Cappelli, technical manager of the threat and incident management team at Carnegie Mellon University’s Software Engineering Institute CERT Program.
“Any controls that organizations can think of to put on their systems, as far as what data should this person be accessing [or] what would look out of the ordinary, are important,” Cappelli says.
Such attacks are becoming more common, according to CMU’s Software Engineering Institute. Last year, more than half of the respondents to the group’s 2010 CyberSecurity Watch Survey said they were the victim of an insider attack. The average insider attack lasts about 15 months, Cappelli says.
News Item 5: http://www.schneier.com/blog/archives/2010/09/orange_balls_as.html
http://www.urlesque.com/2010/09/02/orange-balls-anti-theft/
When someone robs a store, the clerk can throw the ball at the perp (or at the perp’s feet) so they’re easily identified after they escape.
According to the Japan Times, though they’re only thrown in 7% of robberies, the balls mostly work as a deterrent, since stores prominently display them. They’re so visible that foreigners in Japan often wonder what they’re there for.