ISDPodcast Episode 312 for January 31, 2011. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Dave Shackleford.
Announcements:
Appalachian Institute of Digital Evidence (AIDE)
When: February 17 – 18, 2011
Where: Marshall University Forensic Science Center, Huntington, WV
http://aide.marshall.edu/default.htm
SANS Community
Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam
When: Wednesday, February 23, 2011 – Wednesday, April 27, 2011
http://www.sans.org/mentor/details.php?nid=23493
Use the Discount Code: isdpod15 for a 15% discount.
My Hard Drive Died
Data Recovery Expert Certification
When: March 7-11,2011
Where: Washington, DC
Data Recovery Expert Certification
When: April 11-15, 2011
Where: Atlanta, GA
http://www.myharddrivedied.com/data-recovery-training
@BSidesAustin
When: March 11-12, 2011Where: The Walton-Joseph Building, 706-708 6th Streethttp://www.securitybsides.com/w/page/33728032/BSidesAustin2011
Outerz0ne:When: March 18-19, 2011Where: Atlanta, GACFP open now! http://bit.ly/dJoIM9
Indiana Linux Fest
When: March 25-27, 2011Where: Wynhdam Indianapolis West Hotel Indianapolis, INhttp://www.indianalinux.org/cms/
CFP is currently open!
@THOTCON
When: Friday, April 15th, 2011
Where: Chicago, IL
http://www.thotcon.org
@DerbyConWhen: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com
Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
Stories:News: http://news.techworld.com/security/3258312/hackers-break-us-government-smart-card-security/The US government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them. Over the past 18 months, security consultancy Mandiant has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. In the report Mandiant calls this technique a “smart card proxy.”
The attack works in several steps. First, the criminals hack their way onto a PC. Often they’ll do this by sending a specially crafted email message to someone at the network they’re trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network. After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the smart card. Then they wait.
News: https://www.infosecisland.com/blogview/11416-FBI-Executes-Warrants-for-Anonymous-DDoS-Attacks.html FBI agents today executed more than 40 search warrants throughout the United States as part of an ongoing investigation into recent coordinated cyber attacks against major companies and organizations. Also today, the United Kingdom’s Metropolitan Police Service executed additional search warrants and arrested five people for their alleged role in the attacks. These distributed denial of service attacks (DDoS) are facilitated by software tools designed to damage a computer network’s ability to function by flooding it with useless commands and information, thus denying service to legitimate users. A group calling itself “Anonymous” has claimed responsibility for the attacks, saying they conducted them in protest of the companies’ and organizations’ actions. The attacks were facilitated by the software tools the group makes available for free download on the Internet. The victims included major U.S. companies across several industries.
The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability. The FBI is working closely with its international law enforcement partners and others to mitigate these threats. Authorities in the Netherlands, Germany, and France have also taken their own investigative and enforcement actions. The National Cyber-Forensics and Training Alliance (NCFTA) also is providing assistance. The NCFTA is a public-private partnership that works to identify, mitigate, and neutralize cyber crime. The NCFTA has advised that software from any untrustworthy source represents a potential threat and should be removed. Major Internet security (anti-virus) software providers have instituted updates so they will detect the so-called “Low Orbit Ion Canon” tools used in these attacks.
News: http://krebsonsecurity.com/2011/01/microsoft-exploit-published-for-windows-flaw/
Microsoft warned that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.
Redmond published an advisory about a vulnerability in the way Windows handles MHTMLcode that could let attackers run Javascript code if the user is browsing a malicious site using Internet Explorer. As Wolfgang Kandek, chief technology officer at Qualys notes, that means that IE is the only known exploit vehicle for this flaw, and that other browsers such asFirefox and Chrome are not affected in their default configuration because they don’t support MHTML without the installation of specific add-ons.
Microsoft said it may issue a patch to fix the flaw, but that in the meantime IE users who are concerned about this threat can use a supplied “FixIt” tool to help shore up the way Windows handles MHTML documents. The enable that fix, visit this link and click the FixIt icon.
Cosmetics company Lush has warned customers that its UK website has been hacked repeatedly over the past three months, exposing credit-card details to fraudulent use. The website of cosmetics retailer Lush has been hacked repeatedly over the last three months. Lush did not release technical details of the attack, nor specify the number of customers compromised or the security techniques used to handle the data involved, but anecdotal evidence indicates that some customers have been the victims of fraud. The company sent an email statement to customers on Thursday outlining the incident and urging them to contact their banks.
“Our website has been the victim of hackers,” Lush said in the email. “Twenty-four-hour security monitoring has shown us that we are still being targeted, and there are continuing attempts to re-enter. We refuse to put our customers at risk of another entry — so have decided to completely retire this version of our website.” Lush said it is preparing another version of its UK website to replace the one it has taken offline. The new version will launch within a few days and will initially only accept payments via PayPal, it added. The incident affected customers who placed online orders between 4 October, 2010 and 20 January, 2011, according to Lush. Orders placed in Lush’s shops or via telephone are not affected. Some security experts have questioned Lush’s timing in notifying customers of the breach. The company has acknowledged that it discovered the issue in late December, yet affected transactions include ones placed in January.
In a statement, the cosmetics company said that it had responded to the breach by starting a “thorough investigation” and putting in place “extra security measures”. However, it was only when security monitoring showed the latest hacking attempt that Lush took down its UK website and notified customers, according to the statement.
Lush added that it is working with the police and its credit-card acquirer to carry out a full investigation into the hacking.
The company’s response raises more questions than it answers, according to security researcher Graham Cluley of Sophos.
“Was the customer credit-card information not encrypted?” he wrote in a blog post on Friday. “If it had been strongly encrypted, then although a hack might have been embarrassing, customers would not necessarily be at risk of fraud.”
My card details were used fraudulently, and I had the hassle of needing a new card and no access to my money
– Lush customerWriting on Lush’s Facebook page, several customers confirmed their details had been abused.
“My card details were used fraudulently, and I had the hassle of needing a new card and no access to my money,” wrote a user identifying herself as Jane Sendall on Friday. “It would have been nice to have been warned earlier.”
Another user, identifying herself as Kerry Aldam, wrote on Friday that a purchase in October had resulted in an incident of fraud within “the last few days”.
On its temporary UK website, Lush posted a video of toy lemmings playing music, alongside a note urging users to “click on the video to try and share a smile”. The temporary site also addressed a message to those responsible for the attack.
“To the hacker: If you are reading this, our web team would like to say that your talents are formidable,” the note read. “We would like to offer you a job — were it not for the fact that your morals are clearly not compatible with ours or our customers.”
News: http://www.malwarecity.com/blog/what-happens-in-vegas-stays-in-vegas-not-998.htmlA study on the delicate subject of Internet users’ access to online adult content and on the associated privacy and data security issues.
We all enjoy the benefits of the Internet, and for many of us this is an indispensable tool for work and communication. While the time spent on the Internet can be hugely productive, for some people compulsive Internet use can interfere with daily life, work and relationships.
When you feel more comfortable with your online friends than your real ones, or you can’t stop yourself from playing games, gambling, or surfing for adult-content sites, despite these habits’ negative consequences on your life, then you may want to start thinking about forgetting the Internet for a while.
Internet pornography is a multibillion dollar industry, as adult content sites are one of the most searched for categories of pages, with 1 in 4 search engine requests being pornography- related.
As I was curious to find out more about this phenomenon, I set out to do a study on, users’ motivation in accessing adult content sites as well as on the privacy and malware dissemination issues arising from to the use of this kind of sites.
The study contained 2 parts: a survey concerning the psychological background of online adult content use, and a net-research aiming to identify the ensuing malware and privacy related issues.
2,017 persons participated in the survey. The sample was a heterogeneous, with participants originating from 24 countries, ranging between the ages of 18 and 65, and with a sex ratio of about 1:1.
The survey concerned the respondents’ online habits: whether they look for adult-content sites and what type of sites they access (free vs paid ones), the reason for these actions, and if they have ever infected their computers with malware as a result of having accessed this kind of sites.
At the same time, I performed a net research about malware and pornographic sites and links: I looked for and checked for malware the URLs to the free and paid sites returned by different search engines based on a set of keywords such as: ”sex”, “porn”, “adult sites”, etc. I also searched through blogs and different other “collaborative platforms” to find out if the credentials of users having accounts on the adult content sites were exposed there.
The survey generated the expected results: 72% of the participants admitted that they had searched for and accessed adult-content sites, with 78% of them being men and 22% women. As regards the age, the largest segment of internet pornography consumers is the 35-45 years old one (69%).
The accessed pornographic materials can be broken down into 3 major classes: materials sent via e-mail (31%), videos that can be downloaded from different sources (torrents, web sites, hubs, etc) (91%) and real-time adult content sites such as video-chats, adult dating, etc. (72%).
Within the class of real-time adult content sites, 21% were paid sites and 97% were free ones. When asked how much money they spend on pornographic materials, the respondents declared that they assign between 250 and 500 USD/month. (mean values)
The interviewed persons usually access these sites from home (69%), their work places (25% – men, 13% – women), or from other locations (internet café, etc)(6%) and their main motivations were the need to relax (54%) and curiosity (38%).
As expected, adult-content sites and, in general, sex-related topics are very attractive for cybercriminals. When asked if they infected their computers searching for this kind of materials, 63% of respondents admitted that they had had malware-related problems more than one time. The sources of malware were especially links sent via e-mail and free downloadable videos.
On the other hand, the net research on the safety of URLs leading to pornographic sites revealed that of the 1,000 tested links, 29% were infected with different kinds of malware, especially Trojans and spyware.
Moreover, when looking on blogs and on different other “collaborative platforms”, I could find more than 500 credentials exposed on the Internet (accounts and passwords to paid adult-content sites). The way they were posted, combined with other accounts and passwords of the same user suggested the fact that they were obtained using a malicious piece of software installed on the victim’s computer.
In the end, it’s your decision if you access or not adult content sites. Just be aware of the fact that cybercriminals will take advantage of any “hot” topic and that sex is probably at the top of their list. Safe and relaxed surfing!
