InfoSec Daily Podcast Episode 578 for January 26, 2012. Tonight's podcast is hosted by Rick Hayes, Adrian Crenshaw, Karthik Rangarajan, Geordy Rostad, and Varun Sharma.
Announcements:
Unsung Heros
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email ashimmy@hotmail.com with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on http://www.ashimmy.com.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/
Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
https://msfucincy.wordpress.com/
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!
DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://www.theregister.co.uk/2012/01/25/pcanywhere_patch/
Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.
The most severe of the two holes allows hackers to remotely inject code into vulnerable systems – made possible because a service on TCP port 5631 permits a fixed-length buffer overflow during the authentication process. This line of attack ought to be blocked by a properly configured firewall, but it'd be stupid to rely on that without patching vulnerable systems.
The other flaw relies on overwriting files installed by pcAnywhere in order to escalate a user's privileges, although miscreants will already need access to vulnerable system to do this.
Neither flaw has been weaponised into exploits by hackers, reckons Symantec. The security firm credits Edward Torkington (of NGS Secure) and independent security researcher Tad Seltzer with discovering the flaws.
…
Source: http://research.zscaler.com/2012/01/introducing-project-zulu.html
Our goal in building Zulu, was to provide a simple and straightforward interface accessible to anyone regardless of security knowledge, while still delivering granular results that are of value to those that are more security savvy. I believe we've achieved this by providing a UI that requires no additional input beyond the UI to be analyzed, while allowing a few necessary advanced options, (User-Agent and Referer) when encountering malware triggered only when certain input variables are met. Results also display an overall ranking of Benign, Suspicious or Malicious, but also include details of elements that went into the overall score.
…
The New York State Public Service Commission announced yesterday they'll be looking into a data breach that may have exposed the personal information of almost two million customers to unknown attackers.
An employee from a software consulting firm contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was allowed unauthorized access to the company’s databases, prompting the investigation, according to a statement by the the Commission on Monday.
Both companies are owned by Iberdrola USA of Rochester, N.Y. and serve approximately 1.8 million customers collectively.
While NYSEG and RG&E claim there is no proof customers’ data may have been mishandled, they have begun to send preventive notifications regarding the breach to their customers. The exposed data includes Social Security Numbers, dates of birth and some financial account information, according to a press release (.PDF) issued by the NY Commission on Monday.
…
Source: http://fcw.com/articles/2012/01/24/android-smart-phones-tablets-classified-sipr-network.aspx
New security standards expected to be approved soon would let devices powered by the Android operating system use the Defense Department's classified networks, according to an Army official.
DOD and National Institute of Standards and Technology are close to approving the standards, according to Michael McCarthy, program manager and director of operations, Army Brigade Modernization Command. The standards will allow service members, DOD personnel and other government users to use the devices on classified networks, including the military’s Secret Internet Protocol Router Network (SIPRNet).
McCarthy spoke Jan. 24 at the Soldier Technology 2012 conference in Arlington, Va. He said the goal is to have Android smart phones and tablets able to connect to SIPR-level systems by the summer. This development marks a critical step forward for tactical operations and represents the high priority that mobile communications have become, he said.
“There were going to be no information assurance [standards issued] until 2014, but with the groundswell of interest and needs, the agencies responsible for certification are giving this a higher priority,” McCarthy said. “The key is that it allows users from DOD and other agencies to access databases that in the past they couldn’t get to using a smart phone.”
…
Source: http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-01.aspx
In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.
And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.
The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware—in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.
…
