InfoSec Daily Podcast Episode 577 for January 25, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, and Varun Sharma.
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email firstname.lastname@example.org with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on http://www.ashimmy.com.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
CFP now open!
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
CFP now open!
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
CFP now open!
DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.
Lesson 1: If you are beginning to freelance, make sure you have solid contracts and have a lawyer read the contract drafts. Core released some boilerplate examples about a year ago that are floating around on the internet available to freely use. Also, when you talk to a lawyer, don’t make small talk. The rates they charge make pentesters look like a bunch of chumps, and they charge for every minute you have their attention.
Lesson 2: Depending on the nature of your pentest, consider adding geography into the scope agreement. Shortly after Firesheep was released, I caught an executive of the company I was testing as he accessed wifi at the Starbucks down the street. The company attempted to invalidate the results because I did not have a specific clause stating that I could act outside of the physical building.
Lesson 3: Many small-business IT outsourcing firms are now tacking “Security” onto their product offerings (for example “Bob’s Computers: Service, Sales, Security”). As a result, many young techs are being shovelled into security audits without having any clue that security extends beyond asking if backups are being stored offsite, and that user drives have appropriate permissions. Fear not, there’s a resource for this: THE PTES. Read it; use the appropriate sections, google the shit out of everything you don’t understand.
[Thanks listener Adam]
A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
In an amended complaint filed yesterday in federal court, Microsoft identified the man as Andrey Sabelnikov of St. Petersburg.
According to his LinkedIn profile, Sabelnikov worked for two Russian companies that specialize in security, including the antivirus firm Agnitum, for the last six years.
Agnitum, which is based in St. Petersburg, develops and sells a Windows antivirus product called OutPost Antivirus Pro as well as a personal firewall for Windows PCs. A company spokesman confirmed today that Sabelnikov worked for the firm from September 2005 until November 2008.
Sabelnikov held a number of tiles, ending his time with Agnitum as a project manager responsible for everything from "designing the product architecture" to "implementing … critical parts of code."
In an emailed reply to questions, the Agnitum spokesman said that Sabelnikov "resigned by his own will in late 2008."
From November 2008 until December 2011, Sabelnikov worked for another Russian company, Retunil, which also markets security software. Returnil's primary product, Virtual System Pro, clones an existing copy of Windows in a virtual machine as a way to protect users from malware.
If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.
For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.
Norwegian public sector organisations will be banned from using Google Apps after the Norwegian data protection authorities ruled that the service could put citizens’ personal data at risk.
The data protection authority said Google Apps did not comply with Norwegian privacy laws because there was insufficient information about where data was being kept. The decision came from a test case in Narvik, where the local council had chosen to use Google Apps for their email.
The Norwegian ban comes just as things were going so well for Google Apps in Europe, with the company winning its largest ever contract with BBVA, the Spanish bank.
Now, however, Google could find access to swathes of public sector work effectively closed. Early last year, there was a similar decision in Denmark, where the town of Odense was banned from using Google Apps in its schools. Privacy regulators were concerned that if teachers used Google’s document and calendar functions for lesson planning, student assessment and communicating with parents, it would leave some sensitive personal data at risk.
For individuals and companies that have a bad online reputation, online reputation management (ORM) services might sound like a good investment. Such services are not illegal, even though search engines such as Google do not look favorably upon them.
But every now and then, some firms offering those services succumb to the temptation of using illegal means to achieve their goal. And, according to Fox News, California-based Rexxfield is currently being accused of belonging to that group.
As Darren Meade, a former CEO of another California-based company, tells it, Rexxfield owner Michael Roberts shared with him his intent of buying and using hacking code to surreptitiously modify websites containing negative comments and make them drop down in search results.
The code in question allegedly allows users to inject a "noindex" tag into the source code of these sites, which makes search engine crawlers skip indexing them and, thus, effectively hiding them from the great majority of users. Roberts even demonstrated to Meade the effectiveness of the code in question by hacking Ripoff Report, a popular online consumer complaint site.
German authorities are advising victims of DNSChanger Trojan programs to fix their computers' Domain Name System settings using a free tool developed by antivirus company Avira, because the servers resolving DNS queries on their behalf will be closed down on March 8.
DNSChanger is a family of Trojans for Windows and Mac OS X whose primary function is to replace the DNS servers defined on the victim's computer with rogue ones operated by the malware's authors.
The DNS is a vital part of the Internet infrastructure and is used to resolve domain names into numerical IP addresses. By controlling DNS responses, the DNSChanger gang was able to redirect victims to rogue websites that distributed fraudulent software or displayed money-generating advertisements.
The DNSChanger operation was shut down by the U.S. Federal Bureau of Investigation in November last year following a two-year long investigation. The authorities estimated the number of computers infected with this type of Trojan at 500,000 in the U.S. and over 4 million worldwide.