ISDPodcast Episode 320 for February 10, 2011. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, Adrian Crenshaw and Varun Sharma.
Announcements:
Appalachian Institute of Digital Evidence (AIDE)
When: February 17 – 18, 2011
Where: Marshall University Forensic Science Center, Huntington, WV
http://aide.marshall.edu/default.htm
SANS Community
Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam
When: Wednesday, February 23, 2011 – Wednesday, April 27, 2011
http://www.sans.org/mentor/details.php?nid=23493
Use the Discount Code: isdpod15 for a 15% discount.
OWASP February Chapter Meeting:
When: February 24, 2011 6-8pm
Where: Tilted Kilt http://tinyurl.com/4oh2thj
My Hard Drive Died
Data Recovery Expert Certification
When: March 7-11,2011
Where: Washington, DC
Data Recovery Expert Certification
When: April 11-15, 2011
Where: Atlanta, GA
http://www.myharddrivedied.com/data-recovery-training
@BSidesAustin
When: March 11-12, 2011Where: The Walton-Joseph Building, 706-708 6th Streethttp://www.securitybsides.com/w/page/33728032/BSidesAustin2011
#Outerz0ne:When: March 18-19, 2011Where: Atlanta, GACFP open now! http://bit.ly/dJoIM9
Indiana Linux Fest
When: March 25-27, 2011Where: Wynhdam Indianapolis West Hotel Indianapolis, INhttp://www.indianalinux.org/cms/
#BruCon
When: Sept 19-22, 2011
Where: Brussels, Belgium
http://blog.brucon.org/2011/02/confirmation-of-brucon-dates.html
CFP & CFT open now! http://blog.brucon.org/2011/01/brucon-call-for-papers-2011.html
@DerbyConWhen: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/
Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
Special Guest: Bill Gardner (@oncee). Bill is the InfoSec coordinator of AIDE and an AIDE Board Member, a co-founder and Vice President of 304Geeks, an organizer of Hack3rCon, and an information security evangelist and educator. By day Bill is the IT Manager at one of West Virginia’s larger law firms.
Stories:
News: http://threatpost.com/en_us/blogs/google-ships-chrome-9-plug-nine-security-holes-020411Google has officially released version 9.0.597.84 of its Chrome web browser to stable and beta channels for Windows, Mac and Linux, an update that addresses nine separate security vulnerabilities. According to Google’s Chrome Releases blog, one of the vulnerabilities is rated critical while two are high-risk. In keeping with their bounty reward program, Google awarded Aki Helin from Finland’s Oulu University Secure Programming Group $1000 for each of his high-risk vulnerabilities:
Use-after-free in image loading. Crashing when printing in PDF event handler. The update’s only critical vulnerability was an audio bug, a race condition in audio handling, found by contributors to the social news site Reddit while trying to play the HTML5 game Z-Type. The rest of the vulnerabilities, rated low, ranged from sandbox leaks to minor browser crashes. Chrome’s recent update also includes support for a fairly new technology, WebGL, which brings new 3D graphics to the browser along with Chrome Instant, a feature that begins loading pages as you type the URL. Additionally, all users of Chrome now have the ability to access the Chrome Web Store. As Google looks to expand their focus on web apps, recent problems with Apple’s Mac App Store and even Google’s own Android Market suggests it won’t necessarily be clear sailing.
News: http://www.themarker.com/tmc/article.jhtml?ElementId=skira20110210_1214540 (Translated from Hebrew)You think your AV is protecting you? Think again. According to a study of Israeli Security Art Company, only 17% of existing viruses are discovered by anti-virus, when the effectiveness of 42 anti-virus was examined in real time.
Another study found that more than half of the AV tested were able to detect less than 10% of active viruses. The AV software with the highest detection rate was McAfee (Artemis/GW version) with 17% chance of detection. Kaspersky had a detection rate of 16% and Microsoft had a detection rate of 13%. Norton is lagging behind with detection rate of 12%. TrendMicro, Aladdin eSafe, Fortinte, Mac, AFI full version fell virus detection rates of less than 10%. Iftach Ian Amit, VP Business Development Security Art, says that “the use of anti-virus for information security is more a psychological solution and does not really provide an appropriate solution to protect against intrusions by Trojans organization’s databases.” According to him, while organizations continue to focus on old technology defense solutions such as antivirus firewall, attackers already have tools to easily bypass these protections. “They are flooding the market with various versions of viruses and Trojans tangibly endanger the security companies the ability to provide fast and effective against them.”
Many organizations invest considerable resources in protecting against external attack, but the problem is who broke many information coming from the organization itself with employees or suppliers – are if you deliberately and without their knowledge. As in the case of Kam. Later research examined the major countries in which crime groups operate online. Analysis of online financial fraud activity showed that about 34% of online attacks come from Russia, 22% U.S. and 21% from China. Also, were the main points of attack: more than a third in 2010 took place in organizations based in the U.S.; a quarter of them took place in centers in Britain; attacked the third state in 2010, is South Africa, with 15%.
A major study emphasizes online crime activity on behalf of governments and political organizations: the last three years online crime is not just a thing of the independent groups in many countries, especially the military and political enterprise users online crime groups to open the front-line attack (cyber warfare), also accompanied by physical assault (such as attack reactor in Syria in 2007). Which carried out similar attacks using organized crime organizations / civil service online in 2010 were Aurora attack on more than 40 leading U.S. commercial entities in which Google and Adobe, and the war Russia – Georgia. Reports indicate that in Israel there is a central part of cyber attacks. Computer worm caused damage in Iran led Stoxnat accusing finger directed towards the U.S. intelligence agencies, including the CIA, and the body of Israel’s intelligence, Mossad, who collaborated – according to estimates – with 8200 technology intelligence unit and other units
News: https://www.infosecisland.com/blogview/11584-Drug-Cartels-Profiting-from-Malware-and-Pirated-Software.html
David Finn, associate general counsel at Microsoft, warns of the growing prevalence of malware-laden pirated software being produced by international criminal syndicates and drug cartels. Finn cites evidence that these criminal organizations are finding software piracy to be a lucrative addition to other revenue streams such as drug trafficking. One Mexican cartel is thought to make as much as $2.2 million dollars per day distributing pirated software at over 180 different retail outlets. That is big business. “An important theme that resonated among the international groups is the number of organized criminal gangs that rely on the profits gleaned from pirated software to fund other crimes. Sophisticated criminal syndicates and drug cartels are building large scale counterfeiting operations and selling illegal software to consumers. These illegal enterprises have generated astronomical profits that the gangs funnel toward violent crimes such as drug trafficking, arms and weapons trafficking, kidnapping and extortion,” Finn writes.
The problem goes far beyond losses for the companies whose intellectual property and potential profits are being siphoned off by these criminal enterprises – consumers are at risk too. There is a high risk that pirated software may contain malicious code designed to steal confidential information or work to enslave a victim’s computer for use in criminal botnet operation. The malware can also be designed to spread to the victim’s contacts, threatening security and privacy far beyond the initial purchaser of the counterfeit application. The problem is international in nature, and Finn advocates a multi-national effort by both the public and private sectors to combat the growing problem. “Given the global worldwide impact of the issue, and the fact that it touches so many lives, it’s crucial that organizations, governments, and businesses collaborate on a regular basis to share resources, build awareness, and generate new ideas in our effort to reduce piracy,” Finn recommends.
News: http://nakedsecurity.sophos.com/2011/02/04/android-market-web-store-backdoor-phone-hackers/
If you are follow the Google Android operating system scene, you will probably have heard about the new, web based Android Market store which was launched a few days ago. The Android Market website allows the user to browse, search and install Android apps using an alternative to the standard device Android Market app that comes on smartphones. The user is simply required to sign in with their standard Google credentials and the application will retrieve the details of Android devices registered in your name as well as the details of all the Market applications you have already installed. Once the user signs in to Android Market the application install is available at the click of a button.
The most important security aspect of the installation process on Android are the permissions an app requires on a device after the installation. Android users should particularly carefully read the required permissions before they install any applications, from the official Android Market or any other source. For example, a game which requests unusual permissions such as SEND_SMS or RECEIVE_SMS should be considered highly suspicious and installed only if the user is certain about its functionality.
As expected, the web-based Android Market displays the required permissions so that the user can make an informed decision about whether to install the application. However, the next step in the installation is where a big red security flag is raised. Once the user clicks on the install button on the website, the mobile device will automatically start downloading the application in the background. This probably happens using the INSTALL_ASSET intent discovered last year by Jon Oberheide when Google used the Android’s GTalkService mechanism to remotely remove a test Trojan application created by the researcher. In summary – if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself.
The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence. In future, however, the phishers’ intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user’s Android devices instead. Google should make changes to the remote installation mechanism as soon as possible. As a minimum, a dialog should be displayed on the receiving device so that the user must personally accept the application that is being installed. Let us hope that the update will come in time to prevent cybercriminals abusing the Android Market for the automatic installation of malicious software.
News: http://www.theregister.co.uk/2011/02/09/playstation_jailbreak_key_tweeted/
An official Sony Twitter account has leaked the PlayStation 3 master signing key at the heart of the company’s legal offensive against a group of hackers being sued for showing how to jailbreak the popular game console.
Kevin Butler, a fictional PS3 vice president retweeted the metldr key in what can only be assumed was a colossal mistake.
“Lemme guess… you sank my battleship?” he wrote in a post to the micro-blogging website that has been preserved for all the world to see. It goes on to include the key and the ironic words “Come at me.” The message was later removed from Butler’s tweet stream with no explanation why the key was leaked and then removed. In a lawsuit filed in federal court in San Francisco last month, Sony accused well-known jailbreaker George Hotz, aka geohot, and more than 100 other hackers of violating US copyright law by disclosing the key, which is used to sign games and software that runs on the PS3. Last week, Sony expanded its legal dragnet when it filed a series of motions seeking the identity of YouTube and Twitter users who did nothing more than discuss the issuance of the key or view videos showing how the latest hack worked. Sony contends that videos and web postings disclosing the key violate provisions of the Digital Millennium Copyright Act that prohibit the circumvention of technology designed to prevent access to copyrighted material. Two weeks ago, the judge presiding over the case tentatively ruled Sony was likely to prevail on those claims and issued a temporary restraining order to prevent what she said would be “irreparable harm” if Hotz wasn’t required to surrender all his computer gear and remove all references to the hack that he posted online.
News: http://www.startribune.com/business/115532664.html
Thousands of Wells Fargo & Co. customers were left angry and short of cash Monday after a majority of the bank’s 12,000 ATMs nationwide crashed. The outage, which began Monday afternoon, lasted for several hours and was still not fixed by the time branches closed. Many frustrated customers went from one Wells Fargo ATM to the next trying to withdraw their money, only to find “Out of Service” messages at every stop. As of 8:45 p.m. Monday, Wells Fargo officials said they still did not know what caused the crash, though the bank had managed to fix the problem at all of its locations.
“All we can say is that we’re aware of the situation and we’re working to resolve it as quickly as possible,” said Peggy Gunn, a spokeswoman for Wells Fargo. “We apologize to our customers.”
The Wells Fargo ATM failure is unusual — both in its size and duration, say experts. Normally, ATM outages occur for one or two hours and are isolated to particular regions of the country. But the failure Monday continued until after bank branches closed Monday evening in the Twin Cities, and shut down Wells Fargo ATMs in states all over the country, from California to New York. “This is a huge deal,” said Richard Crone, a bank technology consultant from San Carlos, Calif. “It’s frightening when you consider that, for millions of Americans, their only lifeline to cash is their ATM.” Crone said the failure could have been caused by anything from a security breach to a software glitch.
Wells Fargo is the nation’s fourth-largest bank and is the biggest bank, by deposits, in Minnesota. About one out of three households in the nation gets banking services through Wells Fargo. Customers could still access their money Monday at non-Wells Fargo ATMs using their check cards, but this often meant several dollars in extra fees. Wells Fargo charges $2.50 for withdrawals on Wells Fargo accounts made at alternative ATMs, and the bank that owns the other ATM often charges its own fee of $2 or more. Wells Fargo said it had not determined whether it would reimburse customers for the extra fees. Gail Hillebrand, a senior attorney with the Consumers Union in San Francisco, said she was surprised the bank had not already pledged to reimburse the extra fees.
“I give them a very bad grade for assuring customers,” she said. “That’s a real slap in the face to not only make your customers go somewhere else to get their money, and then to hit them with a $2.50 fee.”
Funny: http://www.youtube.com/watch?v=FgWT-ba9q0E
DDtek.biz has a funny as shit video on the benefits of certs versus the DEFCON 2011 CTF. It’s not everyday that you get to hear about someone configuring Bi-Rectal Modems.