InfoSec Daily Podcast Episode 316 (Explicit) [ 44:58 | 20.61 MB ] Play Now | Play in Popup | Download (328)

ISDPodcast Episode 316 for February 4, 2011.  Tonight’s podcast is hosted by  Rick Hayes, Keith Pachulski, Karthik Rangarajan, Varun Sharma and Geordy Rostad.

Announcements:

Appalachian Institute of Digital Evidence (AIDE)

When: February 17 – 18, 2011
Where:  Marshall University Forensic Science Center, Huntington, WV

http://aide.marshall.edu/default.htm

SANS Community

Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam

When: Wednesday, February 23, 2011 – Wednesday, April 27, 2011
http://www.sans.org/mentor/details.php?nid=23493

Use the Discount Code: isdpod15 for a 15% discount.

OWASP February Chapter Meeting:
When: February 24, 2011 6-8pm
Where: Tilted Kilt http://tinyurl.com/4oh2thj

My Hard Drive Died
Data Recovery Expert Certification
When: March 7-11,2011
Where: Washington, DC

Data Recovery Expert Certification
When: April 11-15, 2011
Where: Atlanta, GA
http://www.myharddrivedied.com/data-recovery-training

@BSidesAustin

When: March 11-12, 2011Where: The Walton-Joseph Building, 706-708 6th Streethttp://www.securitybsides.com/w/page/33728032/BSidesAustin2011

Outerz0ne:When: March 18-19, 2011Where: Atlanta, GACFP open now! http://bit.ly/dJoIM9

Indiana Linux Fest
When: March 25-27, 2011Where: Wynhdam Indianapolis West Hotel Indianapolis, INhttp://www.indianalinux.org/cms/

@DerbyConWhen: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/

Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)

Stories:
News:  http://www.infosecurity-us.com/view/15642/twitter-flood-heralds-egypts-return-to-the-internet
Twitter flood heralds Egypt’s return to the internet A flood of celebratory and congratulatory tweets on Twitter has greeted the news that internet services have been restored in Egypt. “Internet is back in Egypt! I am tweeting this from my fone in Alex,” tweeted Rawya Rageh. The government-imposed internet blackout from late on January 27 came after anti-government protests erupted across the country. Even blocked sites such as Twitter and Facebook have been restored, but mobile phone services, such as text messaging, are still not functioning fully, according to the Financial Times. Mobile phone operators were instructed to suspend services on Friday last week, but mobile operator Vodafone was one of the first to restore services, after just 24 hours. Social networking sites such as Twitter and Facebook have been credited with playing an important role in mobilizing protests last week. Even after the blackout was introduced, Egyptians were able to publish tweets using the Speak2Tweet voice-to-text services introduced by Twitter in collaboration with Google.

News: http://www.itnews.com.au/News/246715,more-trouble-for-egypt-when-the-lights-flick-back-on.aspx
As Egypt faces its fifth day of a Government-imposed internet blackout, analysts and anti-censorship groups have warned of technical, political and business challenges to come even if political unrest in the country is resolved.

Most of the country’s internet routing addresses were withdrawn simultaneously on Friday, in Government attempts to curb protests against President Hosni Mubarak’s 30-year-rule. At around 8am in Sydney today, Egypt’s last functional internet service provider, Noor Data Networks, went offline. Jonatan Walck of net activist group Telecomix said the move was a world first, arguing that the internet was merely one communication channel for people who fuelled the protest.  “Shutting down internet almost entirely is unheard of, and I have seen nothing like what Egypt did,” he told iTnews. “If they had twitter, they would tweet. If they need to make a call chain, that would be it. If they just need to get out of the door and take their neighbours with them, they would. No, I believe if anything, [shutting down the internet] fuelled the protests,” he said.

Joining organisations such as Google and Twitter in providing methods for Egyptians to communicate online, Telecomix maintained a pool of dial-up internet connections that activists could use for free.It also monitored amateur radio channels and offered to publish faxed messages online. But further challenges would arise when the country returned online, Walck predicted.

“I expect internet [use] to be monitored much more closely,” he explained. “It’s obvious that the current regime understands the internet is something worth putting time and effort into if you want control, and it’s likely whoever is in power later on will know the same.” Today, Telecomix regarded Egypt as being on “the same level as North Korea and Burma in internet censorship” amid rumours that Egyptian phone lines were to be shut down. The group was working on cryptographic methods to bypass any government censorship that might occur in Egypt when connections were restored. Walck expected a reconnected Egypt to require darknets like TOR and I2P, email and web encryption, virtual private networks and proxies for communications to remain free of government control. Meanwhile, analysts and the Internet Society warned that businesses could shun Egypt after seeing the Government shut down mobile and internet services.

The Egyptian Stock Exchange – which went offline with network provider Noor today – has fallen sharply since the so-called “Jan. 25″ protests began. Although the January 28 withdrawal of Egyptian border gateway protocol routes did not appear to affect international traffic that crossed Egypt, the Internet Society warned that connections to neighbouring regions may be disrupted if the country’s 52 ISPs came back online at once.

“If the Egyptian government reinstates connections quickly, there is likely to be a lot of churn in the routing system, which will possibly further affect neighbouring regions’ traffic,” the society stated. “Also, this action will have a lasting impact on international corporations’ interest in doing business within Egypt. Whether they consider withdrawing their equipment and services, or simply refuse to establish peering links with Egypt, it could have a lasting impact on Egypt’s ability to establish effective and efficient network connections to the rest of the world.”

Ovum telecommunications analyst Angel Dobardziev said mobile operators such as Vodafone, Blackberry and Google would be encouraged to more carefully weigh the “political risk of operating in emerging markets” against growth opportunities. Vodafone shut down its Egyptian mobile network at the Government’s command last week, and restored voice communications “as soon as [it was] able” on Saturday morning. Dobardziev blamed the “telecoms boom” in Egypt for accelerating a clash between more conservative, authoritarian traditions and more modern aspirations for open information access. “As events in Egypt show, the road ahead may be rocky for all, including telcos and the people they serve,” he stated.

News: http://www.eweek.com/c/a/Security/US-Senators-Say-CyberSecurity-Bill-Different-From-Egypts-Web-Kill-Switch-191126/
{Seriously, you fucking hypocrites}
Three U.S. senators denounced the Egyptian government for shutting down Internet services in that nation while defending their proposed cyber-security bill that would give the president authority to take over computer networks and systems. The steps the Mubarak government took last week to shut down Internet communications in Egypt were, and are, totally wrong,” said Senators Joseph Lieberman of Connecticut, Susan Collins of Maine, and Tom Carper of Delaware in a joint statement on Feb. 1. “His actions were clearly designed to limit internal criticisms of his government,” the senators said. The senators plan to reintroduce last spring’s “Protecting Cyberspace as a National Asset Act,” a cyber-security bill that would hand control of non-governmental computer systems over to the president during a “national cyber-emergency.”

News: http://blog.games.com/2011/02/03/hacker-steals-12-million-dollars-from-farmville-maker-zynga/
A UK-based hacker pled guilty to stealing For several months in 2009, the hacker, named Ashley Mitchell, posed as an administrator for Zynga Poker, which gave him the access he needed to steal the chips. The massive number of chips missing tipped off Zynga to the hack and a sting operation was set up to catch Mitchell.

He pleaded guilty to five hacking charges and the judge says Mitchell will face a long prison sentence, especially since this happened after a suspended sentenced for another hacking crime.ling 400 billion poker chips from the popular Zynga Poker game on Facebook, and then selling a portion of them on the black market for roughly $12 million dollars. (There’s a black market for virtual poker chips? Now I’ve seen it all.)

News: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229200206Insider threats, botnets and malware, and research to support the Comprehensive National Cyber Initiative (CNCI) are among areas of cybersecurity investment the Department of Homeland Security (DHS) will make in fiscal year 2011. The DHS Science and Technology Homeland Security Advanced Research Projects Agency (HSARPA) is seeking proposals on 14 areas of cybersecurity research it plans to focus on this year, five of which will contribute to the CNCI, a series of efforts to provide front-line defense against cybersecurity threats, according to a Broad Agency Announcement posted on FedBizOpps.gov. The total value of the acquisition is $40 million.
The DHS has been investing in cybersecurity for a couple of years through HSARPA, and this year shows the agency focusing on both traditional methods of security such as software assurance, enterprise-level security metrics, and network resiliency, as well as more forward-thinking areas of exploration such as making security more user-friendly to worker productivity and network
Topics also include areas that became critical security concerns for the government last year, such as insider threats — highlighted by the Wikileaks scandal — and creating modeling and analysis capabilities to predict the effects of cyberattacks such as botnets and malware on federal government and other critical infrastructure, interest in which intensified after the discovery of last year’s Stuxnet worm.
News: http://www.washingtonian.com/blogarticles/people/capitalcomment/18158.htmlWhile the candid characterizations of foreign leaders by diplomats (“thin-skinned” Nicolas Sarkozy,“corrupt” Vladimir Putin) have received much of the attention from the recent WikiLeaks document dump, hidden in the flood of cables are behind-the-scenes dramas involving Washington power players. National Journal’s Bruce Stokes learned in the documents that, while he was the magazine’s international-economics correspondent, he was unknowingly the central character in an apparent Chinese espionage plot.

In 2009, five State Department employees who were negotiating with China on reducing greenhouse-gas emissions evidently received e-mails bearing Stokes’s name and contact information. The subject line of his purported messages — “China and Climate Change” — was germane and innocuous enough to pass as a journalist’s query. For good measure, Stokes’s cyber-imitator included comments in the e-mails related to the recipients’ jobs, according to a State Department cable documenting the incident. The e-mails, though, weren’t from the offices of National Journal. Instead they were a ruse known as “spear phishing,” in which the sender imitates someone the recipients may know, luring them to open the message and any attach-mints, which usually contain a computer virus.
Stokes was a well-thought-out target: He has connections to the diplomatic corps — including his wife, Wendy Sherman, the Clinton administration’s policy coordinator on North Korea and now a principal at the Albright Stonebridge Group — and he has known the US climate-change envoy, Todd Stern, for years.
News: http://blog.comcast.com/2011/01/comcast-activates-first-users-with-ipv6-native-dual-stack-over-docsis.html
Comcast has announced that they have successfully activated their first group of cable modem customers using IPv6 in a “Native Dual Stack” configuration. They can now access content and services natively over both IPv6 and IPv4, since they have both addresses.They have also said that these customers are the first native Dual Stack users activated in a production DOCSIS network in North America. On January 11th, 2011, 25 Ipv6 enabled users came online in Littleton, Colorado area. Since then, Comcast has expanded the number of users in Colorado and soon plan to expand to additional areas in other parts of the country. Each user has been delegated an IPv6 /64 block as part of the trial which is comprised of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses, as a first step as we evaluate what will be the optimal IP addresses for their customers. The customers are connected using Arris cable modems and home networking equipment from Apple.

Tools: http://freeworld.thc.org/thc-hydra/
THC Hydra v6.1 Released

• More license updates for the files for the debian guys
• Fix for the configure script to correctly detect postgresql
• Add checks for libssh v0.4 and support for ssh v1
• Merge all latest crypto code in sasl files
• Fix SVN compilation issue on openSUSE (tested with v11.3)