InfoSec Daily Podcast Episode 566 for January 12, 2012. Tonight's podcast is hosted by Rick Hayes, Adrian Crenshaw, Karthik Rangarajan, and Geordy Rostad.
Information Security Blogger Awards 2012 Since we were over looked again for the Best Podcast on Security you can email firstname.lastname@example.org with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on www.ashimmy.com.
Brad Smith (theNurse) We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
Schmoocon Epilogue When: After Schmoocon Where: Washington, DC Hit up anyone in NOVA Hackers
Metasploit Framework Unleashed Cincinnati When: February 11, 2012. Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics https://msfucincy.wordpress.com/ $20 donation for #HFC
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Hacktivist group Anonymous has released what it claims to be a series of log-in details for Israeli SCADA systems, in what could be retaliation for Tel Aviv's hardline reaction to the recent mass credit card hack on thousands of its citizens.
The new @FuryOrAnon account, which has been vouched for by one of the group's most prominent Tweeters, @AnonymouSabu, posted a link to the Pastebin page on Twitter on Wednesday.
"Who wanna have some fun with israeli scada systems…" noted the tweet.
The Pastebin page in question contains what it claims to be a list of ten IP addresses for Israeli SCADA systems as well as log-in details.
The timing of the release of these details comes just a couple of days after Israeli deputy foreign minister Danny Ayalon likened those who recently hacked the bank accounts of thousands of Israeli citizens to terrorists.
"Israel has active capabilities for striking at those who are trying to harm it and no agency or hacker will be immune from retaliatory action," he's reported to have said.
Maintaining the pressure on the country's leaders, @anonymouSabu published a series of tweets on Thursday with the #fuckisrael hashtag.
Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed.
Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations.
"We collect a tremendous amount of data from our global assets," said T.J. Campana, a Senior Program Manager in Microsoft Digital Crimes Unit (DCU). Now the company is now working on a way to get slices of that information to its partners, including ISPs, CERTs, government agencies and private companies, based on their need, he said.
Microsoft is beta testing the system internally in recent months. Campana described it as a 70-node cluster running the Apache Hadoop framework on top of Windows Server. It currently stores data culled from the Kelihos botnet in September, 2011 and other sources.
The data includes IP addresses of Kelihos infected systems complemented by other data such as the AS (autonomous system) number and reputation data provided by Microsoft's Smart Data Network Services (SNDS). Personally identifiable informaiton (PII) would not be part of the threat feed, Campana said.
Microsoft collects the data by leveraging its huge Internet infrastructure, including a load-balanced, 80gb/second global network, to swallow botnets whole – pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline.
Researchers and attackers have had no shortage of mobile platforms and devices to sink their teeth into in recent years, thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the direction of RIM, and specifically its BlackBerry PlayBook tablet.
The first dings in the PlayBook's armor came last month when a group of researchers published a tool that could jailbreak PlayBook tablets through the exploitation of a bug they'd discovered in the operating system. RIM later issued a fix for the jailbreak, but that was just the start of what may end up being a long road for the company's security efforts.
The latest indication is work done by a pair of researchers who found a series of problems and weaknesses in PlayBook, including one that enables an attacker to listen in on the connection between the tablet and a BlackBerry handset. That connection, which is done via Bluetooth in the company's Bridge application, is designed to allow users to access their corporate email, calendar and other data on the tablet.
Researchers Zach Lanier and Ben Nell of Intrepidus Group were able to locate and grab the authentication token sent between the two devices during Bridge connections and, as an unprivileged user, connect to the PlayBook and access the user's email and other sensitive information. The key to their finding, which they discussed in a talk at the Infiltrate conference here Thursday, is the fact that the PlayBook's OS puts the authentication token for the Bridge sessions in a spot that is readable by anyone who knows how to find it.
All devices have Wi-Fi interfaces (laptops, tablets, mobile phones, consoles, etc) and their operating systems have features to easily manage the wireless networks you connect them to. When you connect for a first time to a new network, most users save the informations for later use (or the system stores it for you without notification). This small database will be used later by the operating system to discover which known network(s) is(are) available and automatically connect to them.
This database may contains a lot of interesting data. Some may reveal private information like your employer, your ISP, where you go to party, to eat, where you go on holidays or which security conference you attended. Why? Simply because networks are often configured with explicit names
By default, when a new wireless network is configured, the flag “auto-connect” is enabled. This is the case on Ubuntu, MacOS and Windows 7. What does this mean? Each time you boot your computer or you reconfigure your Wireless card, the device will sent “Probe Request” management frame over the air. This can be compared to a message like “Hey! Network xxx are you there?“. Even if your network uses encryption, all those probes are sent in clear! In Wi-Fi technologies, they are several methods available to detect the available networks or SSIDs:
“Probe Requests” are very interesting to be captured to detect the SSID’s already configured and used by people. To achieve this, we just need a BackTrack 5, a Wi-Fi network card that supportsmonitoring mode and some tools.
Cable TV and internet service provider Comcast recently rolled out an upgrade to its entire internet service network that prevents DNS blocking. DNS blocking would be necessary to enforce the Stop Online Piracy Act (SOPA) should it pass.
TheDNSSEC technology Comcast has implemented across its network is intended to add an extra layer of security to websites by checking for a special DNS signature to prove that the site is actually what it claims to be, according to aTechDirt report.
The humor in all of this is that Comcast is a big supporter of SOPA. But now it’s not only made its network incompatible with SOPA, it’s also undercut the need for SOPA somewhat by putting in place technology that helps legitimize the identity of websites to improve accountability and security.
Look back at any period of rapid technological progress and you’ll find two groups of individuals: Pioneers tirelessly charting new territory for the benefit of the species and members of the old order standing against the tide to fight back the phantom of their own perceived obsolescence. The debate over the Stop Online Piracy Act boils down to exactly this — a desperate last-ditch effort by the reigning Hollywood and recording industry elite to preserve their crumbling empires, no matter the cost to free speech, innovation and security.
It’s not the first time this has happened, and it certainly won’t be the last. Jump back a hundred or so years to one example famously cited bycopyright law professor Lawrence Lessig, in which American march composer John Philip Sousa speaks out against a machine called the gramophone that played recorded music without the need of live musicians.
“When I was a boy…in front of every house in the summer evenings, you would find young people together singing the songs of the day or old songs,” Sousa said at a Congressional hearing in 1906. “Today you hear these infernal machines going night and day. We will not have a vocal cord left. The vocal cord will be eliminated by a process of evolution, as was the tail of man when he came from the ape.” Ironically, he was rallying against the very recording industry that went on to rally against recordable cassette tapes, and is currently rallying against the internet.