InfoSec Daily Podcast Episode 588 for February 7, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Themson Mester, and Varun Sharma.
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
When: March 30-April 1
Where: Austin, TX
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
CFP now open!
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
CFP now open!
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
CFP now open!
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Members of the Anonymous network released an email thread on Monday that claims that Symantec offered $50,000 in return for the guaranteed destruction of code tied to its pcAnywhere and Norton Antivirus tools.
But the deal fell through, according to the AnonymousIRC account, and the code will be released for free to the Internet at large, the group said.
"Update regarding Symantec: Stay tuned for the fucking lulz," added "TheRealSabu, another member of the Anonymous collective. "Let's just say Symantec tried to give us 50,000 reasons not to release sources!"
The group said later that the code would be released. Separately, Anonymous released emails from the legal team who represented Frank Wuterich, the staff sergeant who led an assault on the Iraqi city of Haditha that left 24 unarmed civilians dead.
According to the email chain, Sam Thomas, an employee of Symantec, began negotiations with "Yamatough," apparently an Anonymous hacker using a Venezuelan email address, on or about Jan. 18. According to the emails, Symantec asked Yamatough and the Anonymous group to lie about having accomplished an earlier 2006 hack, which obtained the code.
Symantec said it knew of the postings.
"In January, an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession," a company representative said in an email on Monday night. "Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."
No "Sam Thomas" could be found on LinkedIn as a Symantec employee, and emails to the account went unreturned but did not bounce.
Anonymous activists have released source code for PCAnywhere onto the internet, hours after a hacker's negotiations for payment from Symantec broke down.
The code was posted on the Pirate Bay file-sharing website on Tuesday at around 5:40am, and the BitTorrent link was included in a post to the AnonymousIRC Twitter account, which has been used to publicise the activist group's claims in the past.
"Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need" – #AntiSec #Anonymous Spread and share!" said a statement accompanying the download link on Pirate Bay.
Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.
Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.
SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.
It appears SendSpace's terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was "notified of this several days ago by Trend Micro themselves, and we're working to find a solution for this."
File storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.
Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. "It breaks in some ways the chain of evidence," he said.
The total number of patient records compromised in the US increased by 97% in 2011 compared with 2010, according to a report released this week by the Redspin consulting firm.
Redspin cites the increasing concentration of protected health information (PHI) on unencrypted portable devices and the lack of sufficient oversight of PHI disclosed to hospital’s business associates as the main reasons for the increase.
Malicious attacks (theft, hacking, and insider incidents) continue to cause 60% of all breaches due to the economic value of personal health records sold on the black market and for medical ID theft used to commit Medicare fraud, the report said.
Redspin examined the data breach information on the US Department of Health and Human Services website, x
“The velocity of breaches are increasing year over year”, said Daniel W. Berger, Redspin's president and chief executive officer. “This problem is widespread and increasing”, he told Infosecurity.
Collin Mulliner, researcher at Technische Universitaet Berlin, Group for Security in Telecommunications, believes mobile-service providers are injecting personally-discernible information such as MSISDN, IMSI, and IMEI into HTTP traffic being sent to websites.
It started several years ago when Collin read that mobile phones were leaking private data via HTTP headers — but the author provided no evidence. That didn’t sit well with Collin, so he took it upon himself to prove or disprove the claims. He explains how he became involved.
During 2008, while working with Mobile Web and Wireless Access Protocol (WAP), I stumbled across a forum where people were discussing the possibility of leaks. Nobody could make up their mind if this was happening or not. So I started investigating.
I host a website where people can download games for the Java 2 Micro Edition platform. It’s popular enough that a mobile-gaming website embeds screen shots of my games. So, every time a visitor loads a relevant page at the gaming website, a request is sent to my web server — providing lots of relevant traffic. All I had to do was add logging to see if the reports of leakage were true.
This resarch was compiled into a paper. The three highlights are:
- Private data is leaked by mobile operators around the world.
- Anybody owning a website accessed from a mobile phone has the ability to collect personal information about the mobile visitor.
- This type of leak hasn’t received any attention until now; nobody knew what to look for.
There are indications that the phone’s MSISDN, IMSI, and IMEI are being leaked. And since the MSISDN is directly linked to the person who owns the phone. If the MSISDN is known:
- It becomes possible to find the owner’s name — not a good thing if the website is malicious.
- It becomes possible to send SMS messages to visitors — for spamming or malicious reasons.