InfoSec Daily Podcast Episode 613 for March 7, 2012. Tonight's podcast is hosted by Rick Hayes, and Karthik Rangarajan.
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
When: March 30-April 1
Where: Austin, TX
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
CFP now open!
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
CFP now open!
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA http://www.sans.org/mentor/details.php?nid=28014
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
When: July 26-29, 2012
Where: Rio Hotel and Casino – Las Vegas, NV
CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
At the RSA 2012 conference last week in San Francisco, Corero Research revealed research findings that show more than half US companies who have been victim of a DDoS attack blame a competitor for the breach.
The research, conducted by VansonBourne – and commissioned by Corero Network Security – took in responses from 300 mid-to large-sized enterprises in both the UK and the US and interestingly reports significantly different results dependent on geography.
Results show that one in three organizations (31%) has suffered at least one Distributed Denial of Service (DDoS) attack in the last 12 months, but that US companies are twice as likely as those in the UK to have experienced an attack: 38% of US companies versus 18% of UK companies.
“This could be a combination of speculation – how the different countries perceive attacks – and actual concrete differences”, Neil Roiter, director of research, Corero, told Infosecurity at RSA. “The UK is less sensitive and thus uses less forensics. Often, people are being attacked and don’t know it. Sometimes, it’s more obvious. With DDoS attacks on gamer networks, I sometimes wonder how they stay in business during the attack”.
Adobe SWF Investigator is the only comprehensive, cross-platform, GUI-based set of tools, which enables quality engineers, developers and security researchers to quickly analyze SWF files to improve the quality and security of their applications. With SWF Investigator, you can perform both static and dynamic analysis of SWF applications with just one toolset. SWF Investigator lets you quickly inspect every aspect of a SWF file from viewing the individual bits all the way through to dynamically interacting with a running SWF.
SWF Investigator Features
From a static perspective, you can disassemble ActionScript 2 (AS2) and ActionScript 3 (AS3) SWFs, view SWF tags and make binary changes to SWF files. SWF Investigator also lets you view associated information, including local shared objects (LSOs) and per site settings.
From a dynamic perspective, you can call functions within the SWF, load the SWF in various contexts, communicate via local connections and send messages to Action Message Format (AMF) endpoints in order to test more effectively.
SWF Investigator contains an extensible fuzzer for SWF applications and AMF services, so you can search for common Web application attacks. This toolset also provides a variety of utilities including encoders and decoders for SWF data, as well as a basic compiler for testing small pieces of ActionScript code.
- SWF Investigator is the only application of its kind that's built on Adobe AIR – a versatile runtime that supports ActionScript, the language used to create SWF applications. This allows for native interaction between the SWF Investigator and the SWF application. Using ActionScript also makes the source code of the tool more intuitive for SWF developers.
- SWF Investigator has the ability to auto-update, so you don't need to worry about whether or not you have the most current version.
- Since it's an open source AIR application, SWF Investigator can be modified to fit your environment, and it is cross-platform.
A well-known Polish security researcher has discovered major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide. The research done by Adam Gowdiak reveals that a combination of security issues present in software, hardware and services from multiple vendors can have a devastating impact on the security of modern digital satellite TV platforms. Gowdiak will be presenting this research in two talks at the third annual Hack In The Box Security Conference in Amsterdam in May (21st – 25th @ Okura Hotel).
In research spanning over one and a half years, Gowdiak has discovered over 20 security issues in the environment of one of the biggest satellite TV operators in Poland. Gowdiak aims to demonstrate that a novel platform such as digital satellite TV set-top-boxes is not immune to hacking and can be infected with malware in the very same way as computers these days – automatically and without user interaction.
The research reveals that well constructed malware can break the security of silicon chips implementing advanced security mechanisms in these set-top-boxes. Gowdiak has verified that this can result in the illegal sharing of encrypted satellite TV programming over the Internet with other, non-paying users.
An Irish police officer's email blunder led to the spectacular leak of a sensitive conference call between the FBI and Scotland Yard, U.S. law enforcement said Tuesday.
An indictment unsealed in a New York court alleges that a teenager linked to the Lulz Security group of hackers was able to eavesdrop on the call after an unnamed officer with Ireland's national police force forwarded a work message to his insecure personal email account.
The email, which apparently originated from the FBI's Timothy Lauster, invited dozens of law enforcement officers from across Europe and the United States to coordinate their efforts against LulzSec and its amorphous umbrella group, Anonymous.
The FBI's indictment said that 19-year-old Donncha O'Cearrbhail intercepted the email and used the information in it to access and secretly record the Jan. 17 call, which hackers subsequently broadcast across the Internet.
The indictment said O'Cearrbhail was charged with one count of computer hacking conspiracy, and one count of intentionally disclosing an unlawfully intercepted wire communication.
O'Cearrbhail was one of five people charged in a multinational operation targeting hackers linked to Lulz Security. His indictment was unsealed on Tuesday as authorities revealed the group's ringleader had secretly become an FBI informant and turned against his comrades.
A spokesman for the Irish police, known as the Garda Siochana, refused to comment either on the details of the O'Cearrbhail charge or on the nature of the email blunder.
In a predictable backlash against the sweep that has netted suspected LulzSec members in America and Europe, Anonymous has defaced some web pages of the security firm Panda Security.
As previously reported by The Register, the arrests turned on the assistance of Hector Xavier Monsegur, known in LulzSec circles as Sabu. Anonymous has added another name-to-blame to the list, accusing Panda Security of helping the FBI by infiltrating chatrooms and message boards.
The promo page, Panda Security’s “Cybercrime Files”, has been defaced with a long statement denouncing Sabu, and accusing the security company of “working with Law Enforcement to lurk and snitch on anonymous activists”.
The attackers list a total of 36 of the company’s pages which it says have been defaced, some of which have either been restored or were listed by mistake.
“Anonymous existed before LulzSec and will continue existing,” the post also states.
More seriously, the defaced page – still available at the time of writing – also shows email addresses and passwords apparently obtained in the attack.