InfoSec Daily Podcast Episode 551 [ 42:54 | 19.66 MB ] Play Now | Play in Popup | Download (101)

InfoSec Daily Podcast Episode 551 for December 21, 2011.  Tonight's podcast is hosted by Rick Hayes, Karthik Rangarajan, and Varun Sharma.
 

Announcements:

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

LayerOne
When: May 26-27, 2012
Where: Unannouced
Los Angeles area
http://www.layerone.org/

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Pentest Lessons:
Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.

Lesson 1: Don't blindly follow the intern's suggestions.
Lesson 2: Don't enable the firewall on a host you've compromised without first checking the rules to see if you're going to block your own connection to the host.

Backstory: They popped a box via ColdFusion vuln and ran into an issue that required some network troubleshooting. The intern suggested turning on the firewall so they could use the logging to troubleshoot. They turn on the firewall and POP! No more connection. In addition, port 80 got blocked, so the customer's site went down as well. They had to call the customer to get the firewall turned back off.

Lesson 3: Don't scan Polycom VOIP phones' embedded web server with a web scanner or vulnerability scanner with web checks enabled. You will reboot every phone. The federal contractor I was working for had executives in all day conference calls with their government clients. Their conference calls were rudely cut short.

Lesson 4: Your company’s network is most secure when all of the employees are on vacation.
Lesson 5: Do not copy content from one pentest report to another. Saving 10 minutes is not worth getting fired.
Lesson 6: Do not copy a PDF from an OpenOffice Word to an Office XP into an Office 2011. Its hell to read for anyone else, and crashes systems.
 

Stories

Source: http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html

In Beijing, Foreign Ministry spokesman Liu Weimin said at a daily briefing that he hadn't heard about the matter, though he repeated that Chinese law forbids hacker attacks. He added that China wants to cooperate more with the international community to prevent hacker attacks.
The Chamber moved to shut down the hacking operation by unplugging and destroying some computers and overhauling its security system. The security revamp was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours, were expected to be off duty.

Damage from data theft is often difficult to assess.

People familiar with the Chamber investigation said it has been hard to determine what was taken before the incursion was discovered, or whether cyberspies used information gleaned from the Chamber to send booby-trapped emails to its members to gain a foothold in their computers, too.

Chamber officials said they scoured email known to be purloined and determined that communications with fewer than 50 of its members were compromised. They notified those members. People familiar with the investigation said the emails revealed the names of companies and key people in contact with the Chamber, as well as trade-policy documents, meeting notes, trip reports and schedules.
…
Source: http://www.msfn.org/_/security/hackers-may-develop-a-computer-virus-to-infe-r8865?

"Synthetic biology" is accelerating "faster than computer technology", say experts who have warned that hackers could someday use it to develop a computer virus to bend human minds.

According to Andrew Hessel of Singularity University on US space agency NASA's research campus, "It could lead to a world where hackers could engineer viruses or bacteria to control human minds.

"This is one of the most powerful technologies in the world. Synthetic biology — the writing of life. I advocate cells are living computers and DNA is a programming language.

"I want to see life programmed and used to solve global challenges so that humanity can achieve a sustainable relationship within the biosphere. It's growing fast. It will grow faster than computer technologies."

He predicts a world where people can "print" DNA, and even "decode" it. But he warned that viruses and bacteria send chemicals into human brains and could someday be used to influence, or even "control" people, 'Daily Mail' reported.

A literal virus — injected into a "host" in the guise of a vaccine, say — could be used to control behaviour, says Hessel who warns people "may've to learn how to counterattack" against such weapons.
….
Source:  http://blog.trendmicro.com/seasons-warnings-iphone-4s-scam-and-other-holiday-threats

Looking for cheaper iPhone 4S this holiday season? Be wary, because cybercriminals can trick you into giving out your online financial credentials. We’ve recently found a phishing attack that specifically targets users who are out to purchase an iPhone 4S through eBay.
The attack involves domains that display replicated eBay posts for iPhone 4S units. The screenshots below show a sample of the fake page, and the original eBay post from which the content was copied.

InfoSec Daily Podcast Episode 550 [ 38:52 | 17.81 MB ] Play Now | Play in Popup | Download (104)

InfoSec Daily Podcast Episode 550 for December 20, 2011.  Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Beau Woods, Karthik Rangarajan, and Themson Mester.
 

Announcements:

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Stories

Source: http://dl.packetstormsecurity.net/papers/general/Armitage-hacking_made_easy_Part-1.pdf
….
Source:  http://threatpost.com/en_us/blogs/gaining-remote-shell-android-122011

The security of Android devices has come under quite a lot of scrutiny in recent months, with researchers identifying various root exploits and permission leaks that could be exploited. In this video, researcher Thomas Cannon of ViaForensics demonstrates a method for setting up a remote shell on an Android device without using any exploits or vulnerabilities. The method works on various versions of Android, up to and including Gingerbread.
….
Source:  http://blog.trendmicro.com/new-unfollowed-you-scam-hits-twitter-trending-topics

Twitter‘s list of trending topics appears to have been hit hard by another variant of the familiar “see who unfollowed you” scam:
Significant numbers of Tweets are being sent out that contain the above message: saying that a certain number of people have unfollowed them, and to find out who unfollowed you, click on the link. A few hashtags were generally attached to the end of the tweet.
What happens when you click on the link? You are redirected to a page for a “Followers Monitor”, which leads eventually to a page asking you to authorize an application to use your Twitter account. This rogue application is able to carry out such “minor” operations as reading your tweets, updating your profile, and even posting tweets on your behalf. If you actually give the app access, of course, the first thing it will do is post its own version of the spammed Tweet.
….
Source:  http://www.cnn.com/2011/12/20/us/bradley-manning-hearing/index.html
A convicted computer hacker from California testified Tuesday in Pfc. Bradley Manning's preliminary hearing about six days of chats he conducted with someone who claimed to have leaked classified information and was "looking to brag about what they had done."

Adrian Lamo said he traded instant messages in a chat format with someone self-identified as Bradass87. Lamo testified that based on an e-mail he received from Manning, as well as an examination of Manning's Facebook page, that Bradass87 was Manning.

The testimony came on the fourth day of the preliminary hearing, which will determine if Manning proceeds to a full military court-martial.

Manning is accused of stealing and leaking more than a quarter of a million classified documents from the State Department and the Defense Department to the WikiLeaks website, the biggest intelligence leak in U.S. history.

Army Criminal Investigation Command Special Agent David Shaver later testified that the chat logs that Lamo provided to the Army largely matched chat logs found on Manning's computer in Iraq.

The prosecution did not ask Lamo any specific questions about the chats themselves, but did establish that he was diagnosed with Asperger's syndrome and takes medication for it. At one point he admitted overusing his medication to the point that his parents became concerned and he eventually was put in an involuntary psychiatric hold for three days.
….
Source:  http://miguelalmeida.net/2011/12/what-will-change-in-security-in-2012.html

What will change in security in 2012?  In essence, in one word: nothing. The attacks will be essentially the same, although it is likely they'll become more sophisticated, and the defenses, in practice, will also be the same. Why? Because security is only strengthened when people are afraid. This is a fact. Fear. Fear for your life or the life of your relatives and friends, fear for the loss of financial assets, and fear for the loss of power and peer recognition. And despite the evolution of current threats and attacks, we've not yet reached a level of chaos, widespread chaos, which would trigger those emotions. In 2012? No. Not yet. But I don't think we're improving our defenses substantially to avoid this scenario. Why? Because, oddly enough, we're not afraid to be afraid.
….
Source:  http://threatpost.com/en_us/blogs/researchers-warn-new-windows-7-vulnerability-122011

Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia.
In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine.

"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the Secunia advisory said.
Microsoft officials have not confirmed the vulnerability, but said that they're looking into it.
….
Source:  http://css.csail.mit.edu/cryptdb/

For the last three decades or so, the big problem in using encryption hasn’t been whether strongly encrypted files can be cracked. The problem remains that to actually do anything with encrypted data—search it, sort it, or perform computations with it–that data must be decrypted and exposed to prying eyes.

Now the Google- and Citigroup-funded work of three MIT scientists holds the promise of solving that long-nagging issue in some of the computing world’s most common applications. CryptDB, a piece of database software the researchers presented in a paper (PDF here) at the Symposium on Operating System Principles in October, allows users to send queries to an encrypted set of data and get almost any answer they need from it without ever decrypting the stored information, a trick that keeps the info safe from hackers, accidental loss and even snooping administrators. And while it’s not the first system to offer that kind of magically flexible cryptography, it may be the first practical one, taking a fraction of a second to produce an answer where other systems that perform the same encrypted functions would require thousands of years.

Cryptographers have long sought to implement a system they call “fully homomorphic encryption,” in which a user can encrypt data into indecipherable strings of numbers, do math with those strings, and then decrypt the results to get the same answer he or she would have if the data hadn’t been encrypted at all. That’s a useful trick if you need to perform operations on health care or financial data in a situation like cloud computing, where the computer (or the IT administrator) doing the calculations can’t always be trusted to access the private numbers being crunched. IBM cryptographer Craig Gentry compares the idea to “one of those boxes with the gloves that are used to handle toxic chemicals,” as he once put it. “All the manipulation happens inside the box, and the chemicals are never exposed to the outside world.”

InfoSec Daily Podcast Episode 549 [ 44:44 | 20.5 MB ] Play Now | Play in Popup | Download (95)

InfoSec Daily Podcast Episode 549 for December 19, 2011.  Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Beau Woods, Karthik Rangarajan, Geordy Rostad, and Varun Sharma.
 

Announcements:

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Stories

Source: http://www.globalpost.com/dispatch/news/regions/americas/united-states/111216/anonymous-hackers-sopa-vote-congress

In response to a bill now before Congress, which opponents say would dramatically erode Internet freedom, the free and fair use of copyrighted material and online privacy, hacker groups have begun to publicly threaten to launch attacks on US government workers and websites.

The US House Judiciary Committee debated for a second day on Friday the Stop Online Piracy Act (SOPA), a bill that would bestow the US Department of Justice and individual copyright holders with unprecedented powers to shut down websites and crack down on users for what they deem to be violations of copyrights.

The vote was postponed after day two of the debate after a wayward tweet derailed talks on Thursday. Rep. Steve King (R – Iowa) tweeted that Rep. Sheila Jackson Lee (D – TX) was “boring.” The hearing then grinded to a halt after Jackson Lee took issue with the offensive comment. The hearing fell behind schedule and the vote was delayed until Dec. 21.
The delay will give the bill’s detractors more time to organize its calls for the bill to be dropped. The bill as it now stands appears to have enough votes to pass the House of Representatives and move on to the Senate.
….
Anonymous hackers are lining up to take down the US government if SOPA passes.  From the picture, it looks like must be lining up at the Apple store…
….
Source: http://www.usatoday.com/news/military/story/2011-12-19/manning-wikileaks-hearing/52074010/1

Computer forensics investigators testified Monday that the computer of a soldier accused of sharing military secrets contained thousands of sensitive files and logs of conversations between himself and a former hacker who turned him in.

Investigators said they found evidence Army Pfc. Bradley Manning downloaded thousands diplomatic cables, Guantanamo assessment documents, video from a controversial 2007 airstrike in Baghdad and military records of a 2009 U.S. airstrike in Gerani, Afghanistan, in which dozens of civilians were found dead.

As the evidentiary hearing for Manning entered its fourth day, the government had called 13 witnesses and was expected to ask eight more to testify before the defense presents its case. Expected to last several more days, the hearing will help determine whether Manning should be court-martialed on 22 charges, including aiding the enemy. If convicted at court-martial, Manning could face life in prison.

Manning, 24, of Crescent, Okla., is accused of giving the secrets-sharing website WikiLeaks a trove of government material while working as an intelligence analyst in Iraq in 2009 and 2010, including Iraq and Afghanistan war logs, and State Department cables.
….
Source:  http://blog.al.com/wire/2011/12/hacker_threat_to_iowa_caucus_v.html

Taking seriously an apparent threat from a notorious collective of computer hackers, the Iowa Republican Party is boosting the security of the electronic systems it will use in two weeks to count the first votes of the 2012 presidential campaign.

Investigators don't know if the threat is authentic, but it has nonetheless led the state party to confront a worst-case scenario. Their fear: an Iowa caucus marred by hackers who corrupt the database used to gather votes and crash the website used to inform the public about results that can shape the campaign for the White House.

"With the eyes of the media on the state, the last thing we want to do is have a situation where there is trouble with the reporting system," said Wes Enos, a member of the Iowa GOP's central committee and the political director for Minnesota Rep. Michele Bachmann's campaign in the state. "We don't want that to be the story."

Confident in the existing safeguards protecting the vote count itself, Enos and other members of the party central committee told The Associated Press they recently authorized additional security measures aimed at ensuring hackers are unable to delay the release of caucus results.

The state GOP fears such a delay could disrupt the traditional influence of Iowa's first-in-the-nation vote. Candidates who do well tend to gain momentum in the presidential race, while those finishing at the back of the pack may drop out. Experts in computer security said such concerns are valid.

"It's very clear the data consolidation and data gathering from the caucuses, which determines the headlines the next morning, who might withdraw or resign from the process, all of that is fragile," said Douglas Jones, a computer science professor at the University of Iowa who has consulted for both political parties.

"If I were one of these 'hacktivists' who had no scruples, I would be really strongly tempted to see if I could get into the computer and see if I could make 'SpongeBob SquarePants' win."
….
Source:  http://community.websense.com/blogs/securitylabs/archive/2011/12/19/lady-gaga-s-twitter-account-tweeting-links-to-survey-scam.aspx

The Twitter account of famous singer Lady Gaga has apparently been hacked. It's being used by attackers to lure her more than 17 million followers to click on a link:
After a number of redirects, the link ultimately leads to a survey scam that is designed to harvest personal information:
The first link uses the URL shortener bit.ly, which has suspended the link as "being potentially problematic." Although this should keep most users away from the scam for now, the attackers are likely to post new tweets that include phishing or malicious URLs as long as they have control of the account. The Twitter community has responded by sharing the fact that Lady Gaga's account shouldn't be trusted. This led to #stophackinggaga as a trending Twitter topic at the time this post was written. As always, be careful of links you click on Twitter, even when they appear to come from trusted accounts.
….

Source:  http://seattletimes.nwsource.com/html/businesstechnology/2017026763_chinacyberwar18.html

Google and Intel were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyberspies on iBahn, a provider of Internet services to hotels, takes some explaining.

iBahn provides broadband business and entertainment access to guests of Marriott International and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn's networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new-product development to merger negotiations.

More worrisome, hackers might have used iBahn's system as a launchpad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave's SpiderLabs, a security firm.

The hackers' interest in companies as small as Salt Lake City-based iBahn illustrates the breadth of China's spying against firms in the U.S. and elsewhere.

The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same group of China-based cyberspies.

The companies, including firms such as Research in Motion and Boston Scientific, range from some of the largest corporations to niche innovators in sectors like aerospace, semiconductors, pharmaceuticals and biotechnology, according to intelligence data obtained by Bloomberg News.

"They are stealing everything that isn't bolted down, and it's getting exponentially worse," said U.S. Rep. Mike Rogers, a Michigan Republican who is chairman of the Permanent Select Committee on Intelligence.

China has made industrial espionage an integral part of its economic policy, stealing company secrets to help it leapfrog over U.S. and other foreign competitors to further its goal of becoming the world's largest economy, U.S. intelligence officials have concluded in a report released last month.
 

InfoSec Daily Podcast Episode 548 [ 34:32 | 16.01 MB ] Play Now | Play in Popup | Download (103)

InfoSec Daily Podcast Episode 548 for December 16, 2011.  Tonight's podcast is hosted by Karthik Rangarajan, Boris Sverdlik, Geordy Rostad, and Themson Mester.

Announcements:

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Stories

Source: https://technet.microsoft.com/en-us/security/bulletin/ms11-095

This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.

This security update is rated Important for Active Directory, ADAM, and AD LDS when installed on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 (except Itanium), Windows 7, and Windows Server 2008 R2 (except Itanium). For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by changing the way that Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) handle objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
…

Source: http://www.wired.com/threatlevel/2011/12/internet-war-2/
The House and Senate agreed to give the U.S. military the power to conduct “offensive” strikes online — including clandestine attacks, via a little-noticed provision in the military’s 2012 funding bill.

The power, which was included in the House version but not the Senate version, was included in the final “reconciled” bill that is all but guaranteed to pass into law.

Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to–
(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).

While “offensive” action isn’t defined, that’s likely to include things like unleashing a worm like the Stuxnet worm that damaged Iran’s nuclear centrifuges, hacking into another country’s power grid to bring it down, disabling websites via denial-of-service attacks, or as the CIA has already done with some collateral damage, hacking into a forum where would-be terrorists meet in order to permanently disable it.
…
Source: http://www.theregister.co.uk/2011/12/16/potent_xss_script/

A hacker has published code for potent cross-site scripting attacks that he claims go beyond the usual cookie stealing and phishing for users' private details.

Cross-site scripting (XSS) flaws allow attackers to present content under their control in the context of a vulnerable yet trusted site, thus tricking marks into handing sensitive information to miscreants. As well as creating a means to present pop-ups that link to a hacker-controlled site, XSSes can also lead to cookie theft.

Niklas Femerstrand is the hacker who in October 2011 discovered that a debugging tool on the American Express website was vulnerable to an XSS flaw. He developed an "XSS on steroids" script while researching a similar flaw on the website of an unnamed Swedish bank.

"There are common myths about XSSes saying they can only be be used for phishing and cookie harvesting," he said. "My code bursts those myths and is so the first way of transforming a 'non persistent' XSS into a persistent state."

"I have written self-aware code that recognizes its own presence and makes a local infection of its own payload into all links of a website presented to the infected visitor. This way the non-persistent XSS becomes persistent to the infected user. It also follows the user through page forms and sends interesting data to the attacker (usernames, passwords, credit card info)," he added.

Femerstrand last week published his attack code on his website here.
…

Source: http://www.wired.com/threatlevel/2011/12/sopa-vote-delayed/

The House Judiciary Committee considering whether to send the Stop Online Piracy Act to the House floor abruptly adjourned Friday with no new vote date set — a surprise given that the bill looked certain to pass out of committee.

The committee’s chairman and chief sponsor of the legislation, Rep. Lamar Smith (R-Texas), agreed to further explore a controversial provision that lets the Attorney General order changes to core internet infrastructure in order to stop copyright infringement.

Smith said the hearing would resume at the “earliest practical day that Congress is in session.” Hours later,  Rep. Darrell Issa (R-California) tweeted that the committee would resume action Wednesday.

The abrupt halt to Friday’s proceeding, which followed a marathon-long, 11-hour hearing Thursday, was based on a motion from Rep. Jason Chaffetz (R-Utah). He urged Smith to postpone the session until technical experts could be brought in to testify whether altering the internet’s domain-naming system to fight websites deemed “dedicated” to infringing activity would create security risks.

Just yesterday, Smith said that was not necessary, despite a signed letter by many of the internet’s core engineers saying the bill’s approach was technically flawed.

The legislation mandates that ISPs alter records in the net’s system for looking up website names, known as DNS, so that users couldn’t navigate to the site. Or, if ISPs choose not to introduce false information into DNS at the urging of the Justice Department, they instead would be required to employ some other method, such as deep-packet inspection, to prevent American citizens from visiting infringing sites.

ISPs, could, for instance, adopt tactics used by the Great Chinese Firewall to sniff for traffic going to a blacklisted site and simply block it.
…

Source: http://www.sec-1.com/blog/?p=233

Gary O’Leary-Steele
Advisory: Multiple Splunk Vulnerabilities
crsf
remote exec
encoded directory traversal
free mode dont enforce authentication… whoops / password policy not enforced

This aim of this project was to assess typical Splunk deployments for vulnerabilities that could be exploited by a malicious attacker paper: http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

Multiple vulnerabilities were discovered that could be exploited to gain remote code execution as the root/localsystem user. A full description of the discovered vulnerabilities can be found here: Download

The vendor has patched the issue in version 4.2.5. Sec-1 would like to thank Splunk for their prompt and professional response.
 

InfoSec Daily Podcast Episode 547 [ 41:06 | 18.84 MB ] Play Now | Play in Popup | Download (85)

InfoSec Daily Podcast Episode 547 for December 15, 2011.  Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Adrian Crenshaw, Karthik Rangarajan, and Varun Sharma.

Announcements:

Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse.  His humor and smiling positivity is a wonderful example for our community.  At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to.  Please feel free to check in for status or to donate.  Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
http://aide.marshall.edu
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Stories

Source:   http://torrentfreak.com/french-presidents-residence-busted-for-bittorrent-piracy-111215/

Nicholas Sarkozy, the president of France and one of the most powerful men of Europe, was busted today after journalists from a French news site, armed with Élysée Palace IPs, took a peak to see what has been downloaded from the president’s residence.

If the three-strike piracy law adopted by French authorities early this year would be applied, the Palace would be left without an Internetconnection for about two months.

A total of six downloads that can be considered copyright infringement were recorded by the new BitTorrent-use tracking service as coming from Sarkozy’s place, reports TorrentFreak.

Tower Heist, Arthur Christmas and a high quality version of a BeachBoys album were among the pirated materials.

Now, even though the YouHaveDownloaded website’s owners said that their service cannot handle Dynamic IP’s, making the pirate-appointing business less accurate, a quick look at the IP addresses provided by Nicolas Perrier of Nikopik using the Whois service from DomainTools reveals that indeed the addresses belong to “Presidence de la Republique”.

Since the controversial website was launched, a lot of organizations that support anti-piracy movements were caught with their pants down. Yesterday we say how even Sony, Universal and Fox employees spend a lot of time downloading content from torrent sites.
…
Source:  http://www.pcadvisor.co.uk/news/security/3325419/visa-investigates-security-breach-at-european-payment-processor

Visa is investigating a potential security breach at an European payment processor that might have affected cardholders in eastern Europe.

"Visa Europe has been informed of a potential data security breach at a European processor and an investigation is underway," the company said in a statement. "We are working closely with our member banks to ensure cardholders are protected," it added.
The potentially affected payment processor is serving an undisclosed merchant chain that does business in several eastern European markets, Visa said.
Multiple banks have been alerted and some have already taken steps to limit the potential fraud. Romanian state-owned CEC Bank is in the process of reissuing 17,000 payment cards as a result of the incident.
The bank received official reports according to which information corresponding to a number of payment cards issued by Romanian and foreign financial institutions had been compromised.
…
Source:  http://www.hollywoodreporter.com/thr-esq/ellen-degeneres-facebook-scam-lawsuit-273805

Pretty much everyone with an e-mail account is familiar with the type of scam wherein a person with connections has something valuable to offer, but is experiencing some form of trouble and is willing to provide compensation for needed assistance. Is someone trying to swindle those who would do practically anything for an all expense paid trip to meet their favorite talk show host?
On Tuesday, Telepictures Prods, a subsidiary of Warner Bros. and a producer of The Ellen DeGeneres Show filed a lawsuit against an anonymous individual who allegedly has been posing as Ellen's manager.
According to the complaint, the defendant(s) created fake email accounts and a profile on Facebook in the name of Eric Gold, DeGeneres' manager. After passing himself off as an employee of her show, the fake Eric Gold is said to have solicited and collected personal information from fans. How? Fans were told that they had been selected to appear on the program.
We've collected more info on the scam. A typical message began:

"You have been selected from members of the Ellen DeGenere's Facebook Fan page to be on her talk show because of your comment on the 'Halloween edition'. If you are interested in attending, this offer is an all expense paid trip from Ellen in appreciation of being a fan of Ellen.You are required to reply as soon as possible because we have limited time."

The message then promises that the recipient will receive a $3,000 check to cover travel expenses. To receive the check, the recipients have to give their full name, address, cell phone number and e-mail address.
…
Source:  http://www.darkreading.com/database-security/167901020/security/news/232300536/five-big-database-breaches-of-2011-s-second-half.html

Though the second half of the year has been comparably calmer than the first half's excitement over database breaches at RSA, Sony, and Epsilon, the breach numbers continued to roll in — especially at healthcare organizations, which made up a disproportionate number of exposed records. Here are some of the biggest breaches that went down in the second half of the year, along with a few database security lessons learned.
1. The Breach Victim: Nemours
Assets Stolen/Affected: Names, addresses, dates of birth, Social Security numbers, insurance data, medical treatment data, and bank account information for 1.6 million patients, vendors, and employees.
2. The Breach Victim: Tricare/SAIC
Assets Stolen/Affected: Protected health information from 5.1 million patients of U.S. military hospitals and clinics.
3. The Breach Victim: Sutter Physicians Services and Sutter Medical Foundation
Assets Stolen/Affected: Personally identifiable information of 3.3 million patients supported by Sutter Physicians Services and medical information of another 934,000 Sutter Medical Foundation patients.
4. The Breach Victim: SK Communications
Assets Stolen/Affected: Thirty-five million names, email addresses, phone numbers, and resident registration numbers of social media users at South Korean sites Cyworld and Nate.
5. The Breach Victim: Valve, Inc.
Assets Stolen/Affected: Personally identifiable information for 35 million users of Valve's online gaming site.
…
Source: http://abcnews.go.com/Technology/wireStory/us-set-soldier-leaks-targets-assange-15162032
As the suspected source for the biggest intelligence leak in American history faces his first hearing Friday, U.S. prosecutors have their eye on another prize: the man who disclosed the documents to the world.

When WikiLeaks' spectacular disclosures of U.S. secrets exploded onto the scene last year, much of Washington's anger coalesced around Julian Assange, the silver-haired globe-trotting figure whose outspoken defiance of the Pentagon and the State Department riled politicians on both sides of the aisle. Pfc. Bradley Manning, long under lock and key, hasn't attracted the same level of ire.

The pair's fates have been intertwined, however, even if the Australian-born computer hacker says he didn't know the private's name until after news of his arrest emerged in June 2010. Manning's alleged disclosures put Assange at the epicenter of a diplomatic earthquake.
Assange in turn has worked energetically to drum up support for the imprisoned soldier — all while emphasizing that the way his anti-secrecy site was set up meant he could not be sure if Manning was his source.

U.S. investigators have been scrutinizing links between the two as they explore the possibility of charging the Australian with serious crimes under U.S. law. A Virginia grand jury is studying evidence that might link Assange to Manning, but no action has yet been taken.

Source: http://www.wired.com/threatlevel/2011/12/internet-war-2/
The House and Senate agreed to give the U.S. military the power to conduct “offensive” strikes online — including clandestine attacks, via a little-noticed provision in the military’s 2012 funding bill.

The power, which was included in the House version but not the Senate version, was included in the final “reconciled” bill that is all but guaranteed to pass into law.
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to–
(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).

While “offensive” action isn’t defined, that’s likely to include things like unleashing a worm like the Stuxnet worm that damaged Iran’s nuclear centrifuges, hacking into another country’s power grid to bring it down, disabling websites via denial-of-service attacks, or as the CIA has already done with some collateral damage, hacking into a forum where would-be terrorists meet in order to permanently disable it.

Source: http://www.ft.com/cms/s/2/bf962998-1d01-11e1-a26a-00144feabdc0.html
Businesses breaching European Union privacy rules will face fines of up to 5 per cent of their global turnover under sweeping proposals to be unveiled next month.

In the first significant update of data protection legislation since 1995, companies found to have mishandled any personal data they hold – be it of their customers, suppliers or their own employees – will face the highest levels of fines, which could extend to billions of euros for large multinationals.

The measures are being finalised within the European Commission. They will have to be approved by national governments, some of which – especially Germany – will be reluctant to lose oversight on privacy matters to Brussels. The process is likely to take at least two years, with another two before the measures come into effect.

The proposals would bolster significantly the EU’s powers on combating data protection breaches, such as when companies sell customer data to third parties without authorisation or fail to adequately protect information held by social networks and “cloud computing” services.