ISDPodcast Episode 273 for December 7, 2010. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Karthik Rangarajan.
Announcements:
SANS Cyber Defense Initiative 2010
Washington, DC.
Marriott Wardman Park
Dec 10-17, 2010
http://washingtontechnology.com/calendar/2010/12/sans-cyber-defense-initiative-2010.aspx
SANS Community:
Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam: http://www.sans.org/mentor/details.php?nid=23493
Wednesday, February 23, 2011 – Wednesday, April 27, 2011
Use the Discount Code: isdpod15 for a 15% discount.
DojoCon:
13699 Dulles Technology Dr
Herndon, VA 20171
Dec 11-12, 2010
Appalachian Institute of Digital Evidence (AIDE):
AIDE Winter Meeting, Marshall University Forensic Science Center, Huntington, WV
When: February 17 – 18, 2011
CFP Deadline: December 12, 2010
http://aide.marshall.edu/default.htm
Ultimate Pentesting VM: /resources/upv/ Stories:
News: http://mashable.com/2010/12/03/limewire-out-of-business/
Seven months after the peer-to-peer file-sharing service was defeated in federal court, its company is preparing to shut down.
In October, LimeWire stopped distributing its software and shut down its servers in order to comply with a court ruling stemming from its lawsuit with the RIAA. In June, the RIAA said it would seek $1 billion in statutory damages for the copyright infringement incurred by the service.
Yesterday, Peter Kafka at AllThingsD reported that LimeWire had shut down its online music store. The closing of this store, which operated like iTunes or eMusic (that is, legally), suggested that the overall company might be shuttering.
News: http://www.pcworld.com/businesscenter/article/211845/how_secure_is_windows_phone_7_app_code.html?tk=twt_security
A recent glitch on Microsoft’s download servers for brand new Windows Phone 7 applications has sparked widespread Internet chatter among developers and focused new attention on the best ways to protect smartphone apps from being hacked. The MobileTechWorld Web site discovered that it was possible for registered developers with “unlocked” phones to download the basic code package, in Microsoft’s XAP file format, directly from Microsoft’s online servers, bypassing the company’s online Zune marketplace. The XAP “package” could then be subjected to a variety of well-known tools to break down the files into their constituent elements, including any data or intellectual property that the developer might want to keep hidden. The ease of unpacking is due to the underlying foundation for Windows Phone 7 apps — a version of Microsoft’s .Net code framework. The application code runs in a virtual machine, which interprets it and makes calls to the underlying operating system. For WP7, the virtual machine is provided by either Microsoft Silverlight or Microsoft XNA Studio. From the outset, .Net applications, like those of other managed code environments such as Java (and by extension Android, among other mobile operating systems) have been easy to disassemble for experienced programmers.
“A WP7 XAP [pronounced 'zap'] is nothing more than a zip file with an XML manifest in it,” says Kevin Hoffman, Windows developer and author. “.Net developers have always known that their applications…were subject to disassembly. Tools like ILDASM.EXE and Reflector have always allowed anyone with even a basic knowledge of .Net to crack open the file and, in many cases, read completely un-obscured source code.”