Your daily source of Pwnage, Policy and Politics.

Episode 427 – Digital Fifth Amendment, 1000 Day Ultimatum, Voice Spam Block, New PuTTY & WTF??

InfoSec Daily Podcast Episode 427 for July 13, 2011.  Tonight's podcast is hosted by Rick Hayes, Adrian Crenshaw, Karthik Rangarajan, Matthew Romanek and Varun Sharma.

Announcements:

Speak With EFF Attorneys About Your Security Research
When: Contact EFF by July 15th for presenters or July 22nd for other researchers
Where: Black Hat, BSidesLasVegas, DEF CON
https://www.eff.org/deeplinks/2011/07/speak-eff-attorneys-las-vegas-security-research

OISF July Anniversary Event
When: July 16th, 2011
Where: Dayton, Ohio
http://ohioinfosec.org

My Hard Drive Died
5-Day Bootcamp Data Recovery
Where: Chicago, Illinois
When: July 18-22, 2011

SANS Security 464 – Hacker Detection for Systems Administrators with Continuing Education Program – Russell Eubanks
Where: Atlanta, GA
When:  Tue, Aug 09 to Wed, Aug 10
https://www.sans.org/mentor/details.php?nid=25573

#BruCon
When: Sept 19-22, 2011
Where: Brussels, Belgium
http://blog.brucon.org/2011/02/confirmation-of-brucon-dates.html

@DerbyCon
When: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/

SANS Mentoring: Forensics 408 – Computer Forensic Essentials
When: Wednesday, October 12, 2011 – Wednesday, December 14, 2011
Where: Atlanta, GA
Discount Code: ISDPod15 (15% discount)
http://www.sans.org/mentor/details.php?nid=25504

2011 Fall Information Security Conference
When:  November 8 – 9, 2011
Where: Atlanta, GA (Loudermilk Conference Center)

http://www.gaissa.org

Stories

Source: http://www.theregister.co.uk/2011/07/13/eff_piles_in_against_forced_decryption/

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory.

The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused of a mortgage scam, into either turning over the passphrase or providing a plain text version of the data held on an encrypted laptop. However, such an order would be in breach of Fifth Amendment protection against self incrimination, according to papers filed by the Electric Frontier Foundation (EFF) in support of Fricosu.

Lawyers for the digital civil liberties organisation argue that the prosecution's demand that Fricosu turn over the passphrase/plain text version is contrary to the Constitution, because it effectively forces Fricosu to become a witness against herself.

"Decrypting the data on the laptop can be, in and of itself, a testimonial act – revealing control over a computer and the files on it," said EFF Senior Staff Attorney Marcia Hofmann, in a statement. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

Source: http://www.techeye.net/software/microsoft-gives-up-on-stupid-xp-users

Software giant Microsoft has finally washed its hands of stupid IT managers who will insist on running software which has been out-evolved by a slide rule.

For years, Microsoft has had to put up with business claiming that it did not need to upgrade the aging Windows XP boxes because they still worked – and if it was not broken it did not need to be mended.

Despite several attempts by Microsoft to prove how broken the software was in the face of today's security threats, businesses decided to save money by ignoring them.

Over the last few years there was considerable pressure on Microsoft to keep patching the hulk of an operating system, until it was more patch than OS.

In fact, some people believe the reason that other operating systems have not done so well is because Microsoft has continued to support XP when it should have given up a long time ago.
After all, it's not as if users can go somewhere else.

Source: http://googlevoiceblog.blogspot.com/2011/07/global-spam-filtering.html

If, like me, you have more interesting ways to spend your time than talking to telemarketers, the “Report Spam” button in Google Voice is probably your best friend.

But wouldn't it be great if the filtering could happen automatically, before unwanted calls even reach your phone, the same way Gmail filters spam before it gets to your inbox?

Thanks to the help of the thousands of Google Voice users who mark calls as spam everyday—and our own spam identification tools—it is now possible to automatically redirect calls, texts, and voicemails from any of the numbers in our database directly into your spam folder.

You can enable this feature on the Calls tab of Google Voice settings by checking the box next to Global SPAM filtering. And if a number ends up incorrectly marked as spam, you can easily unblock it by selecting the message and clicking the “Not Spam” button in your spam folder.

With your continued help marking spammy numbers (and correcting mis-labeled spam), we can continue to refine our filter and prevent annoying unwanted calls from making it to other Google Voice users.

Source: http://www.net-security.org/secworld.php?id=11278

After four long years, here comes a new version of PuTTY, the popular free telnet/SSH client for Windows and Unix platforms. PuTTY 0.61 brings new features, bug fixes, and compatibility updates for Windows 7 and various SSH server software.

PuTTY 0.61 supports SSH-2 authentication using GSSAPI, on both Windows and Unix. Users in a Kerberos realm should now be able to use their existing Kerberos single sign-on in their PuTTY SSH connections.

On Windows: PuTTY's X11 forwarding can now authenticate with the local X server, if you point it at an X authority file where it can find the authentication details. So you can now use Windows PuTTY with X forwarding and not have to open your X server up to all connections from localhost.

Source:  http://www.theregister.co.uk/2011/07/13/facebook_google_brass_hide_from_google_plus/

Our last story is really a WTF story!  Mark Zuckerberg, Google founders Larry Page, Sergey Brin, and a whole raft of Google's top brass have suddenly activated the privacy settings on their Google+ profiles.  
Even though they want you to expose your entire life to world+dog over the interwebs, they would rather not.  The newly activated privacy settings has made it impossible to see who is following them on Google+.  Zuckerberg, who had been the most adored with 134,328 followers, is now publicly listed as having zero followers.  Zuckerberg's move can be understood: Google+ is the mighty search company's answer to Facebook. But Page, Brin and the rest should be expected to lead by example. Alas, experience teaches us that while Google operates a business predicated entirely on knowing everything there is to know about you, it prefers that you know as little as possible about it.