Your daily source of Pwnage, Policy and Politics.

Episode 226 – MSSP, “gov.cn”, 385 e-Crimes Officers & CVE Checker

Play

ISDPodcast Episode 226 for October 4, 2010.  Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.
    

Announcements:   
 

The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs

Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St.  Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/

MyHardDriveDied.com Data Recovery Class:
 

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount. 


SANS Mentoring Program:
 

Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.

Adrian Sanabria
- SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010 
Use the Discount Code:  isdpod15KY for a 15% discount.

Phreaknic:

http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:

http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV 

Stories of Interest:
News: http://www.csoonline.com/article/620716/in-security-outsourcers-we-trust
IT and business leaders acknowledge they don’t have the staff or expertise to secure their data internally — at least not without help from outside experts. If you work for a managed security service provider (MSSP), that’s good news.

More than half (52 percent) of survey respondents said that outsourcers, also known as managed security service providers (MSSPs), are important or very important to accomplishing their security objectives. Another 19 percent said outsourcers play some role. Meanwhile, more than 30 percent cited outsourcing of some or all security functions, such as e-mail filtering and management of application firewalls, as a top priority in the next 12 months, up from 18 percent a year ago.

News:   http://english.people.com.cn/90001/90782/90872/7150848.html
Shen Yang, a doctorial tutor at School of Information Management under Wuhan University, showed reporters on Sept. 22 at his office that there are some vicious hidden links among some government-run Web sites with domain names ending in “gov.cn,” such as those linking to the “latest information on the Hong Kong Jockey Club” and “how to buy Mark Six” Web pages, according to a report by Changjiang Daily.

“These are hidden link attacks,” said Shen. “Certain text is invisible for normal online browsing and they have links to illegal Web pages containing pornographic, gambling and fraudulent items and political
content.”

Some educational websites have also become targets. There is a link to the “Hong Kong Jockey Club – Predicting thr results of Mark Six” on the website of one of China’s outstanding universities and there is a “mobile phone bugging device” link on the website of a communication school of a Chongqing-based university.

According to the data on hidden link attacks on government websites collected by Shen, more than 10 percent of China’s more than 30 million government websites are under hidden links attacks. Hackers can willfully change the Web pages at websites just like posting ads on the walls of other people’s living rooms. Some hackers even sell the rights to access website servers.  “These rights can be priced at only 50 yuan, but hackers can still generate enormous profits if they sell tens of thousands of such rights,” Shen said.
It is known that much of the domestic security software has not been able to detect hidden links. 

  A good resource for finding hidden links is http://www.unmaskparasites.com/security-tools/find-hidden-links/.  It really does nothing more than make use of Google, however it is only useful against certain types of hidden links.

News: http://www.infosecurity-magazine.com/view/12946/met-admits-police-ecrime-unit-is-underresourced/
Writing in the Sunday Telegraph, Metropolitan Police commissioner Paul Stephenson, said, “At any time, the police service is only actively targeting 11% of the 6000 organised crime groups in England and Wales.”He said only 15% of the 385 officers dedicated to online crime were investigating terrorism, fraud, identity theft and other serious non-personal crimes; the rest were investigating child exploiters and tracking the online exchange of child pornography. 
 

Tools: http://cvechecker.sourceforge.net/index.html 

A tool that attempts to identify installed software on your system and match those against the online database of CVE entries. As the identification of installed software depends on simple rules that are added by the community, it is very likely that it only detects a small portion of the installed software on your system (especially if you are running software that isn’t all that popular). And even if the tool detects the software appropriately, it still requires that the CVE entry mentions this software with the same vendor and product name as this tool detects – if not, CVE checker will not be able to match the installed software against the online CVE database.