InfoSec Daily Podcast Episode 534 for November 30, 2011. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, and Keith Pachulski.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
A Hungarian citizen has pleaded guilty to stealing confidential information from the computers of Marriott International, and threatening to reveal the information if the hotel chain did not offer him a job maintaining the company's computers, the Department of Justice said on Wednesday.
Attila Nemeth, 26, pleaded guilty in the District of Maryland before U.S. District Judge J. Frederick Motz, according to a statement by DOJ. He was detained after he traveled to the U.S. on a ticket purchased by Marriott for a fictitious job interview.
Nemeth is said to have admitted that he used an infected email attachment sent to some Marriott employees to install malicious software on the company's system that gave him a "backdoor" access to proprietary email and other files.
Nemeth sent an email to Marriott staff on Nov. 11 last year, informing them that he had been accessing Marriott's computers for months and had obtained proprietary information, according to Nemeth's plea agreement. He threatened to reveal the information if Marriott did not give him a job maintaining the company's computers.
Thailand has warned users of Facebook that they could face prosecution under harsh lese-majeste laws if they press ''share'' or ''like'' on images or articles considered unflattering to the Thai monarchy.
The prosecution of a Thai-born US citizen who has pleaded guilty to translating a banned biography of King Bhumibol Adulyadej has signalled that authorities are also targeting lese-majeste offences committed overseas.
Thailand's Information and Communications Technology Minister, Anudith Nakornthap, says that even though Facebook clicks of ''like'' or ''share'' are only done to show support for messages, they could violate laws that carry sentences of three to 15 years jail for each charge.
Google replaced Microsoft as the number one vendor for reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity. Oracle came in second, with 63; Microsoft fell to third place, with 58, all according to Trend Micro's Third Quarter Threat Report.
Trend Micro threat researchers also witnessed a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions. Their work led them to the uncovering of one of the most notable groups of targeted attacks during the third quarter – the LURID downloader.
These attacks, which were classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users' systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.
Criminals who commit offences online and cyber bullies will be banned from the internet as part of the Government’s new cyber security strategy, announced today.
It calls for police and courts to make more use of existing “cyber sanctions” to restrict access to the social networks and instant messaging services in cases of hacking, fraud and online bullying. Sex offenders and those convicted of harrassment or anti-social behaviour also face more internet restrictions under the new strategy.
Similar orders have been imposed on those charged with involvement in a series of cyber attacks by the Anonymous and LulzSec groups earlier this year, while they await trial.
Cyber sanctions were also used following the riots this summer. Two teenagers in Dundee were banned from the web for inciting riots via Facebook.
Officials are now looking into whether "cyber tag" technology could be used to monitor offenders and report to authorities if break their bail or sentence conditions by using the internet.
"The Ministry of Justice and the Home Office will consider and scope the development of a new way of enforcing these orders, using ‘cyber-tags’ which are triggered by the offender breaching the conditions that have been put on their internet use, and which will automatically inform the police or probation service," cyber security strategy said.
During the last year Netflix managed to outgrow BitTorrent in terms of the amount of US Internet traffic it generates. A promising finding for Hollywood as it shows that there’s an overwhelming interest for the legal movie streaming service. At TorrentFreak we wondered what might happen if all US BitTorrent users made the switch to Netflix, and the results of this exploration are quite intriguing.
The movie industry claims that piracy is costing them billions of dollars a year.
Luckily for Hollywood, many Americans choose to consume their online media through legal services such as Netflix. In fact, there are now so many that the total Internet traffic generated by Netflix has outgrown that of BitTorrent.
This made us wonder – what would happen if all movie-downloading BitTorrent users made the switch to Netflix? What if movie piracy via BitTorrent disappeared?
Before we crunch some numbers we have to say that the model we use relies on a lot of assumptions. However, we try to keep these in favor of the movie industry to maximize their potential ‘profits’. We obviously chose Netflix as a BitTorrent replacement because it comes closest to what ‘pirates’ want.
The European Court of Justice this morning ruled that content owners can not strong-arm Internet service providers (ISPs) into filtering out copyright-infringing content.
This case has its origin in a dispute between ISP Scarlet and SABAM, a Belgian management company responsible for authorizing the use by third parties of the musical works of authors, composers and editors. In 2004, the right-holders group established that users of Scarlet’s services were downloading such musical works from its catalogue by means of peer-to-peer (p2p) file-sharing networks.
Belgium’s Court of First Instance ordered Scarlet, on pain of a periodic penalty, to bring those copyright infringements to an end by making it impossible for its customers to send or receive in any way electronic files – a filter, in other words. Scarlet appealed the decision, claiming the ruling was incompatible with EU law as well as the e-Commerce Directive.
Indeed, EU law says national authorities must not adopt measures which would require an ISP to carry out general monitoring – let alone filtering – of the information that it transmits on its network.