InfoSec Daily Podcast Episode 569 for January 16, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Boris Sverdlik, Beau Woods, Adrian Crenshaw, and Varun Sharma.
Announcements:
Unsung Heros
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email ashimmy@hotmail.com with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on www.ashimmy.com.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/
Anti PIPA/SOPA Meetup
When: January 18, 2012
Where: NY Tech Meetup HQ, New York City
http://www.meetup.com/ny-tech/events/47879702/
CampusCon 2012
When: January 21, 2012
Where: WIT {Waterford Institute of Technology} Sports – Waterford, Ireland
http://campuscon.hackingwit.com
(from Baconzombie)
New England InfoSec Tweetup
When: January 21, 2012
Where: Ledgewood Hills Clubhouse – Nashua, NH
http://neistu3.eventbrite.com/
SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484
ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org
Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
https://msfucincy.wordpress.com/
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
BSides Chicago
When: Saturday, April 28th, 2012
Where: Volcano Room (further info coming)
Cost: Free (as always!) – Registration opening soon!
http://www.securitybsides.com/w/page/48444703/BSidesChicago-2012
They’re looking for sponsors, so if you know someone, pass it on.
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!
DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://projects.ajc.com/gallery/view/metro/atlanta/mlk-day-atlanta-011612
Happy Martin Luther King, Jr. Day.
….
Source: http://www.examiner.com/computers-in-denver/house-kills-sopa
In a surprise move today, Representative Eric Cantor(R-VA) announced that he will stop all action on SOPA, effectively killing the bill. This move was most likely due to several things. One of those things is that SOPA and PIPA met huge online protest against the bills. Another reason would be that the White House threatened to veto the bill if it had passed. However, it isn't quite time yet to celebrate, as PIPA(the Senate's version of SOPA) is still up for consideration.
The online protests about the bill were surprising and large. They ranged anywhere from callng Representatives, companies, and senators to get them to change their mind, to actively moving domain's away from and targeting the business model of the companies that supported/lobbied for the bill. GoDaddy lost well over 100,000 domains in the space of about 10 days due to their involvement with these bills, along with other various targets. Reddit in particular has been influential in turning the tide against SOPA and PIPA, and is a good demonstration of how the Internet enables Democracy.
….
In a short appearance on Meet the Press on Sunday, Senate leader Harry Reid continued to insist that the Senate intended to move forward with PIPA, despite the widespread concerns, despite the White House's statement against the bill, and despite multiple Senators — including bill co-sponsors — asking him to hold off putting the bill to a vote.
What's stunning is how misleading Senator Reid is being here. First, he claims that the bill is about "jobs," despite a total lack of evidence that that's true. In fact, as has been noted plenty of times here, the part of the economy that is creating jobs — the startup/tech sector — is the one who gets burdened by this bill. David Gregory then responds by pointing out that people keep pointing out to him online that this bill isn't really about jobs, and will harm the internet. Reid then tries to pretend that this is a new revelation. He notes that it was "reported out of the committee unanimously" back in May. That's true, but that was back before most people understood the bill, or the internet had spoken out. Even then, many of us were quite clear in speaking out about why this bill was a problem. But Harry Reid pretends that it's "just in the last few weeks" that anyone has raised concerns." That's flat out ridiculous.
….
Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/01/12/MN4Q1MO9JK.DTL
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called "an infestation" of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
It appeared at first that the problem was contained in a single computer lab at Cloud Hall on the Phelan Avenue campus, one of a dozen City College sites around the city. David Hotchkiss, the chief technology officer, immediately shut the lab down and reported the problem to Chancellor Don Griffin, General Counsel Scott Dickey and Board of Trustees President John Rizzo.
But a closer look revealed a far more nefarious situation, which had been lurking within the college's electronic systems since 1999. For now, it's still going on. So far, no cases of identify theft have been linked to the breach. That may change as the investigation continues, and college officials said they might need to bring in the FBI.
The college's payroll, admissions and accounting systems have yet to be analyzed for the viruses.
….
Source: http://thehackernews.com/2012/01/hacker-will-release-full-norton.html
A hacker with code name of 'Yama Tough' announce via Twitter that on Tuesday he will leak the full source code for Symantec Corp's flagship Norton Antivirus software which is 1.7GB src.
Last week Yama Tough has released fragments of source code from Symantec products along with a cache of emails. The hacker says all the data was taken from Indian government servers. Yama Tough is trying to prove that Indian government was snooping on America and China.
YamaTough said via Twitter "Pass it on to forensics and win the lawsuit,".He has offered support to an American man who filed a lawsuit against Symantec Corp by publishing source code from a 2006 version of Norton Utilities, a software program at the heart of the legal dispute. It was not immediately clear how the source code might help the case.
A Symantec spokesperson commented on the incident:
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
Symantec has confirmed that hackers have managed to steal a portion of Norton Antivirus’ source code, used in two discontinued enterprise products. According to Symantec, the company’s servers weren’t hacked, but the hackers managed to get the code from a third-party server.
….
Source: http://threatpost.com/en_us/blogs/zappos-says-24-million-customers-affected-data-breach-011612
Online retailer Zappos said that its network has been compromised and attackers were able to access personal information belonging to more than 24 million of its customers. Zappos said that its database that contains customers' credit card numbers was not compromised, however.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," Tony Hsieh, the company CEO, said in an email to employees.
"Because of the nature of the investigation, the information in this email is being sent a bit more formally, and unfortunately we are not able to provide any more details about specifics of the attack beyond what is in this email and the link at the end of this email, but we can say that THE DATABASE THAT STORES OUR CUSTOMERS' CRITICAL CREDIT CARD AND OTHER PAYMENT DATA WAS NOT AFFECTED OR ACCESSED."
Zappos is a large retailer, mainly known for its shoe business. But the company also sells a large range of other goods, including clothing and accessories. As a result of the data breach, Zappos already has expired all of the affected customers' passwords and is requiring them to reset their credentials.
….
Adrian’s top Zappos jokes:
5. Hacking Zappos was no mean feet.
4. Servers at Zappos were probably laced with malware.
3. I bet the network admins at Zappos feel like real heels.
2. Details are still coming in about the compromise, so we are still waiting for the other shoe to drop.
1. They will have a hard time capturing the culprit, he was probably behind 7 SOCKS proxies. 
….
Source: http://news.softpedia.com/news/T-Mobile-Hacked-by-TeaMp0isoN-Administrators-and-Staff-Exposed-Exclusive-246643.shtml
The infamous hacktivist collective TeaMp0isoN breached the official website of T-Mobile, one of the largest wireless communications providers in the world, leaking sensitive login information that belongs to their staff and administrators.
The hackers posted a document on Pastebin to prove the success of the operation, but we’ve contacted them to find out the details and the main reason why T-Mobile is a target.
“They are known to be supporting the Big Brother Patriot Act law. Any cell phone company doing so I would see as a target,” said one of the hackers.
“One of the main reasons for the hack is because they are corrupted, but we also wanted to show how weak their security is.”
The hackers found SQL injection vulnerabilities on t-mobile.com and newsroom.t-mobile.com and managed to get a hold of the names, email addresses, phone numbers and passwords of the administrators and staff members.
“Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords,” the hackers said after analyzing the data.
We've tried to get in touch with the company for a statement, but the media contact page is hosted on one of the breached subdomains and it’s currently taken offline, which probably means that they're currently dealing with the incident.
….
