Your daily source of Pwnage, Policy and Politics.

Episode 216 – Dishonest Manner, It’s Back, Interpol & Suppression

Play

ISDPodcast Episode 216 for September 20, 2010.  Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski and Karthik Rangarajan.

Announcements:

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.


SANS Mentoring Program:

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria
- SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.

Phreaknic:

http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hak3rCon:

http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
News Item 1:http://www.neurosciencemarketing.com/blog/articles/fake-rolex-cheating.htm

You can find fake designer and luxury products just about anywhere these days, and most people consider owning one a harmless transgression. After all, if you were never going to pay $12,000 for a real Rolex, who is really hurt if you wear a fake that cost you $30? Rolex didn’t really lose a sale, right? It turns out that the victim of the “crime” may be none other than YOU!

A fascinating research project has demonstrated that the act of wearing a fake designer item actually causes an individual to behave in a more unethical and cynical manner. The study, by Francesca Gino, Michael I. Norton, and Dan Ariely, started by giving a group of young female subjects expensive Chloé sunglasses to wear. These glasses were actually all authentic products, but half of the subjects were told that they were wearing a fake.

In subsequent testing the subjects wearing the “fake” sunglasses were more than TWICE as likely to cheat on a math test (71% vs 26%) when they thought their cheating would not be detected. Another test showed that the subjects wearing “fake” sunglasses judged other people as more likely to behave in a dishonest manner.
News Item 2:  http://threatpost.com/en_us/blogs/researchers-google-aurora-attackers-back-business-091310

Security researchers say that a new wave of attacks suggests that the malicious hackers behind a security compromise at Google and a number of other prestigious U.S. firms are back in business, this time using an unpatched security flaw in Adobe’s PDF Reader application.

Writing on the Symantec Security blog, researcher Karthik Selvaraj said that evidence collected on a new round of targeted attacks share many of the same fingerprints as the so-called Aurora attacks in late 2009. Symantec believes the two attacks to be of the same origin. The latest attacks appear to date back at least to the beginnning of this month, when researchers say they began seeing attacks leveraging the recent Adobe 0 day vulnerability in PDF Reader that used social engineering attacks – in particular: specially crafted e-mail messages that contained a malicious PDF file attachment. Adobe warned last week about attacks, in the wild, that used a new zero day flaw in the PDF Reader and Acrobat software.
Writing for Symantec, Selvaraj noted that the wording of the e-mail messages was very similar to those associated with the Aurora attacks. The PDFs used in the attack were unlike others leveraging the zero day flaw that had been found in the wild, and all traced back to a single computer in Shandong Province, China. Furthermore, malicious components downloaded as part of the attack were similiar or identical for each of the PDFs traced to the computer in Shandong Province, Symantec said.  Analysis of the malware used in the Aurora attacks pointed to China as the source of the attacks. And, in February, 2010, media reports (anonymously) linked two schools in Shandong Province to the Google Aurora attacks. Security researchers have theorized that the Chinese government may be behind the Aurora attacks, or tacitly complicit with them, as it looks to gain access to sensitive intellectual property, as well as insight into the actions and intentions of foreign governments, as well as domestic groups that it considers a threat to the governing Communist Party. The attacks have already prompted much soul searching on the part of Google and the U.S. Government, which has raised the alarm about the dangers posed by state sponsored actors and so-called “Advanced Persistent Threats.”The Security researchers say that a new wave of attacks suggests that the malicious hackers behind a security compromise at Google and a number of other prestigious U.S. firms are back in business, this time using an unpatched security flaw in Adobe’s PDF (Portable Document Format) Reader application.
News Item 3: http://www.csoonline.com/article/616217/interpol-chief-has-facebook-identity-stolen
Related Link: http://news.techworld.com/security/3239719/facebook-poses-security-risk-at-work-study-finds/?olo=rss
Ron Noble, the Chief of Interpol, has his facebook account compromised. Apparently he was using facebook as a place to store information on individuals being investigated. Facebook isn’t at fault for this compromise of sensitive information but the person responsible for placing the information there…and why in the hell is anyone using facebook as a storage medium for sensitive information in first place???

News Item 4: http://www.nytimes.com/2010/09/12/world/europe/12raids.html

The group, Baikal Environmental Wave, was organizing protests against Prime Minister Vladimir V. Putin’s decision to reopen a paper factory that had polluted nearby Lake Baikal, a natural wonder that by some estimates holds 20 percent of the world’s fresh water.

Instead, the group fell victim to one of the authorities’ newest tactics for quelling dissent: confiscating computers under the pretext of searching for pirated Microsoft software.

Across Russia, the security services have carried out dozens of similar raids against outspoken advocacy groups or opposition newspapers in recent years. Security officials say the inquiries reflect their concern about software piracy, which is rampant in Russia. Yet they rarely if ever carry out raids against advocacy groups or news organizations that back the government.

As the ploy grows common, the authorities are receiving key assistance from an unexpected partner: Microsoft itself. In politically tinged inquiries across Russia, lawyers retained by Microsoft have staunchly backed the police.

Interviews and a review of law enforcement documents show that in recent cases, Microsoft lawyers made statements describing the company as a victim and arguing that criminal charges should be pursued.