InfoSec Daily Podcast Episode 567 for January 13, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Geordy Rostad, and Dr. Bonez.
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012 Since we were over looked again for the Best Podcast on Security you can email firstname.lastname@example.org with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on www.ashimmy.com.
Brad Smith (theNurse) We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
Anti PIPA/SOPA Meetup Meetup Groups across the country are mobilizing to help stop SOPA and PIPA, as we will very potentially see PIPA's passage in the next two weeks if we don't act.
We at Meetup HQ are alerting members of the New York Tech community about a chance to organize together. The NY Tech Meetup, New York's largest Tech Meetup, has scheduled an emergency Meetup on Wednesday, January 18. In order to build critical mass and maintain an organized event *please RSVP in the NY Tech Meetup* if you want to participate.
Schmoocon Epilogue When: After Schmoocon Where: Washington, DC Hit up anyone in NOVA Hackers
Metasploit Framework Unleashed Cincinnati When: February 11, 2012. Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics https://msfucincy.wordpress.com/ $20 donation for #HFC
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
It's Friday the Thirteenth, an infamous date in the history of malware.
So here's a satirical trip down memory lane to consider other dies irae in the computer virus calendar:
* Jerusalem virus – deletes files on any Friday the 13th from 1988 onwards.
This virus came out in 1987 but explicitly suppressed its payload that year (when Friday 13ths happened in February, March and November). In those pre-internet malware days, it needed to give itself months to spread before making its bid for infamy.
* Durban virus – zaps your hard disk on any Saturday the 14th.
The Durban virus first appeared in South Africa, following advice to South African public servants to "put their computer clocks forward a day" before going home on Thursday 12th, as a temporary mechanism to minimise the risk of damage from the Jerusalem virus.
* Sunday virus – deletes files every Sunday, and asks you "Today is SunDay! Why do you work so hard?"
Except, however, that it doesn't actually trigger its warhead due to a bug. You can imagine why the malware author didn't get around to testing that part of the code.
* Honni virus – pops up a picture of Erich Honecker on Saturday 13 August 1994.
That's the 33rd anniversary of the creation of the Berlin Wall. The late and unlamented Honecker, former leader of the DDR, had recently died in exile in Chile.
* Stuxnet virus – mentions Wednesday 09 May 1979 in its code.
The virus commemorates the performance on that day of the Grateful Dead in Binghamton, New York. (You can hear the audience cheer when the lyrics of the song "Truckin'" reach New York in the sound-clip below.)
There is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.
This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.
Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:
"Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vu
If your company were hit with a cyber attack today, would it be able to foot the bill? The entire bill, including costs from regulatory fines, potential lawsuits, damage to your organization's brand, and hardware and software repair, recovery and protection?
It's a question worth careful consideration, given that the price of cyber attacks is rising at an alarming rate.
The second annualCost of Cyber Crime study, released last August by thePonemon Institute, reported that the median annualized cost of detection of and recovery from cyber crime per company is $5.9 million — a 56% increase from the 2010 median figures. The costs of cyber crime range from $1.5 million to $36.5 million per company.
A growing number of insurance companies are offering cyber protection in the event of breaches and other malicious data attacks. But so far, they're having some difficulty making their case. Surveys show companies have yet to embrace these policies, whose costs can be staggering.
A new strain of the Sykipot malware is being used by Chinese cyber criminals to compromise US Department of Defense (DoD) smart cards, a new report has revealed.
The malware has been designed to take advantage of smart card readers running ActivClient – the client application of ActivIdentity – according to unified security information and event management (SIEM) company AlienVault.
ActivIdentity's smart cards are standardised at the DoD and a number of other US government agencies. The cards are used to identify active duty military staff, selected reserve personnel, civilian employees, and eligible contractor staff.
As with previous Sykipot strains, the attackers use an email campaign to get specific targets to click on a link and deposit the Sykipot malware onto their machines. After identifying the computers that have card readers, the attackers install keystroke logging software to steal the PIN number that is used in concert with the smart card.
There's something about Che Guevara that convinces older European men that they will become cooler through association with his "brand." We saw that again yesterday when Mercedes-Benz Chairman Dieter Zetsche launched a new carunder a banner picture of Guevara.
To Mercedes-Benz's credit, it apologized 48 hours after the event. "In his keynote speech at CES, Dr. Zetsche addressed the revolution in automobility enabled by new technologies, in particular those associated with connectivity. To illustrate this point, the company briefly used a photo of revolutionary Che Guevara (it was one of many images and videos in the presentation) …We sincerely apologize to those who took offense," the statement said.
When further pressed on the matter, Daimler spokesman Han Tjan said the image appeared for "only a few seconds" during the 45-minute "Power Point" presentation.
"It was very thoughtless not to realize that by doing that, it would offend a large number of people," Tjan said.
"Unfortunately, the word ‘revolutionary’ triggered a picture of Che Guevara … which may indicate the age of the person who did it,” he said. "That fell between the cracks … It was absolutely stupid that somebody did it."
I personally have questioned people that wear those Che Guevara shirts. This sorta sums up my opinion on those that would.
Congress is expected to consider two bills when it returns from recess on Jan. 24: the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PROTECT IP Act or PIPA) and the Stop Online Piracy Act (SOPA). The legislation is of major concern to Stanford thought leaders, in addition to nationwide legal experts, online security experts, Internet activists and the founders of many of Silicon Valley’s largest companies.
“The answer is to innovate, not to pass stupid laws that are going to screw up the Internet,” saidAnthony Falzone, executive director of the Fair Use Project at the Stanford Center for Internet and Society (SCIS) at a Dec. 7 event hosted by SCIS called, “What’s wrong with SOPA?” The panel convened experts on Internet infrastructure and security, digital intellectual property and Silicon Valley business to articulate many of SOPA’s problems.
More than 150 people attended the Law School event, which was “not meant to give equal time to both sides,” according to Falzone. The audience did include two representatives from the Motion Picture Association of America, supporters of SOPA and PIPA, who spoke up during a question and answer session.
“There were things about this bill that people in Silicon Valley needed to know – that is lawyers, entrepreneurs and technology people,” Falzone said. “Our goal was to put together an array of people who could speak to each one of those sets of considerations.”
January 18, 2012, is SOPA Blackout Day!. This is an attempt to show the effect that SOPA would have numerous sites if SOPA were to be passed by shutting down the site from 8 am to 8 pm Eastern Standard Time (6:30 pm – 6:30 am Indian Standard Time). We will be broadcasting on the 18th, but visitors to our site see a simple message about how the PIPA/SOPA legislation would shut down sites like ours.