InfoSec Daily Podcast Episode 453 for August 17, 2011. Tonight's podcast is hosted by Rick Hayes, Karthik Rangarajan, Matthew Romanek, and Varun Sharma.
Announcements:
#BruCon
When: Sept 19-22, 2011
Where: Brussels, Belgium
http://blog.brucon.org/2011/02/confirmation-of-brucon-dates.html
@DerbyCon
When: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/
SANS Mentoring: Forensics 408 – Computer Forensic Essentials
When: Wednesday, October 12, 2011 – Wednesday, December 14, 2011
Where: Atlanta, GA
Discount Code: ISDPod15 (15% discount)
http://www.sans.org/mentor/details.php?nid=25504
Hack3rCon 2011
When: October 21-23rd, 2011
Where: the Charleston House Hotel and Conference Center
http://www.hack3rcon.org/
2011 Fall Information Security Conference
When: November 8 – 9, 2011
Where: Atlanta, GA (Loudermilk Conference Center)
http://www.gaissa.org
Stories:
Source: http://www.itp.net/585823-trend-micro-picked-by-go-daddy-group
Trend Micro has been selected by the Go Daddy Group, a global provider of web hosting, domain name registrations and new SSL Certificates, to help them better understand and stay ahead of online threats. The Go Daddy Group currently has over 9.4 million customers, more than 49 million domain names under management and maintains more than five million active hosting accounts.
Go Daddy has implemented Trend Micro Deep Security, which is designed to provide advanced protection for systems in the dynamic data centre – from physical, virtual or cloud servers, to virtual desktops.
"Since Trend Micro Deep Security has a small footprint, it allows us to keep the same customer density on our servers. The Deep Security console is very easy to use, and anything you can do from the console can be carried out automatically to keep the cost of administration low," said Todd Redfoot, GoDaddy.com chief information security officer.
Source: http://www.theinquirer.net/inquirer/news/2102527/amazon-launches-cloud-service-government
Amazon has launched a version of its Amazon Web Services (AWS) specifically for US government agencies. Amazon's AWS division has become one of the firm's best known products, providing cloud computing and storage to a wide range of commercial and government organisations. Now Amazon has launched an AWS region called Govcloud (US) that will cater specifically for US government agencies and their contractors.
Not surprisingly Amazon was quick to boast of its security credentials, saying it supports "existing security controls and certifications such as PCI DSS Level 1, ISO 27001, and SAS 70". It offers support for the processing and storage of International Traffic in Arms controlled data, which means data access is limited to US citizens, automatically meaning that only US citizens can access Govcloud.
Amazon is also looking for other countries to sign up, however the UK government pulled the plug on its G-cloud initiative, opting instead to consolidate its datacentres.
Source: http://www.securityweek.com/hackers-get-their-own-scoreboard-and-rankings
Sometimes hacking is about money; other times, it’s about competition, and when that happens, it is also about getting a little credit.
Enter RankMyHack.com. The site is described as the world’s “first elite hacker ranking system”, and invites people to submit proof of their Website hacks in exchange for points – the higher the points, the higher the place on the leader board.
“So far more than 1000 sites were hacked in this competition – including very high profile ones,” blogged Rob Rachwald, director of security strategy at Imperva.
“How do hackers get ranked? They need to prove they have indeed hacked a site – by inserting a predetermined text into the hacked site page,” Rachwald continued. “Rankmyhack scans for that text in the page – and gives score based on how popular the website is. Lower points are awarded for XSS attacks.”
Source: http://www.itworldcanada.com/news/fired-it-staff-created-virtual-chaos-at-pharma-company/143752
Logging in from a Smyrna, Georgia, McDonald's restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company's computer infrastructure earlier this year.
Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty Tuesday to computer intrusion charges in connection with the attack on Feb. 3, 2011. He wiped out 15 VMware host systems that were running e-mail, order tracking, financial and other services for the Florham Park, New Jersey, company.
"The Feb. 3 attack effectively froze Shionogi's operations for a number of days, leaving company employees unable to ship product, to cut checks, or even to communicate via e-mail," the U.S. Department of Justice said in court filings. Total cost to Shionogi: US$800,000.
Cornish had resigned from the company in July 2010 after getting into a dispute with management, but he had been kept on as a consultant for two more months.
Then, in September 2010, the drug-maker laid off Cornish and other employees, but it did a bad job of revoking passwords to the network. One employee, who was Cornish's friend and former boss, allegedly refused to hand over network passwords to company officials and eventually was fired because of this.
Source: http://www.csoonline.com/article/688127/cracked-spyeye-cheers-worries-researchers
A hacking group has released a tool to remove the copy protection for a popular bot program, an event that is both good news and bad news for end users, a security researcher said Tuesday.
Last week, a group of hackers, known as the Reverse Engineer's Dream (RED) Team, released a program that can crack the licensing system around the SpyEye bot builder, allowing criminals to pirate — and researchers to analyze — the popular malicious program, said Sean Bodmer, senior threat intelligence analyst for network security firm Damballa. The crack, as such security breaks are called, has already led to cut-rate copies of the SpyEye software being sold for less than $100, down from a typical price of $6,000 to $10,000, he says.
"Once you have compiled that patch, you run it against an already acquired SpyEye builder. That builder is then cracked and the hardware ID system is bypassed," Bodmer says. "Therefore, anyone that has access to that specific version of the builder, which you can find online, can crack it."
The crack allows anyone to remove the license protections, run the builder on any of their own systems, or allow others to run the cracked version. The plummeting price is one nugget of good news, undercutting the sales of the original SpyEye group.