InfoSec Daily Podcast Episode 626 for March 22, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Adrian Crenshaw, Karthik Rangarajan, Geordy Rostad, and Dr. Bonez.
Announcements:
InfoSec Southwest
When: March 30-April 1
Where: Austin, TX
http://www.Infosecsouthwest.com
Outerz0ne 8
When:April 20th-21st
Where:Wellesley Inn, Atlanta GA.
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center - Huntington, West Virginia
http://www.appyide.org/
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA
http://www.sans.org/mentor/details.php?nid=28014
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Skydogcon
When: October 26-28
Where: Hotel Preston in Nashville, TN
http://www.skydogcon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Tool:
Source: http://thehackernews.com/2012/03/7-ways-to-improve-your-networks-web.html
Admins looking to improve on their company’s web security often turn to software solutions to help assess and automate their security tasks. Good web security software can make surfing the web safe and secure by protecting users from potential vulnerabilities in their operating systems or browsers, as well as helping them to avoid policy violations. The top web security software packages can help you to improve your network’s web security in many ways. Here are seven of the major benefits web security software offers:
…
Source: http://blog.damballa.com/?p=1543
Many organizations I speak with have instigated network filtering and security monitoring solutions targeted at identifying malicious binaries traversing their egress points. Something that they’ve been observing in recent months is the increase of suspicious binaries that are unsupported and non-executable. Ordinarily any intercepted binaries would be farmed off to static anti-virus scanners or tin-wrapped behavioral analysis engines for classification; however a growing volume of these binaries cannot be scanned or executed within virtual environments. What’s going on?
More often than not, these perimeter network defenses are encountering encoded and obfuscated malicious binaries – constructed purposefully by an attacker to bypass network threat detection products. These evasions aren’t anything new, it’s just that the tools and functionality to encode malicious binaries “on-the-fly” have become standard features in a growing number of automated attack delivery tools and DIY botnet construction kits.
The non-executable binaries are typically malicious binaries that have been encoded using simple, light weight, cryptographic techniques. They need to be decoded at the receivers end and decrypted back in to their “original” file format for proper malicious execution. In many cases the entire (original) malicious binary is encrypted using a simple XOR cipher. While there are no shortage of techniques that can be used (take a look at the default assortment of file encoders within the Metasploit MSFencode module for instance), XOR does seem popular and is more than “good enough” to bypass existing security technologies. Sometimes the simplest evasion techniques are the best.
…
Source: http://blog.trendmicro.com/compromised-wordpress-sites-drive-users-to-blackhole-exploit-kit/
TrendMicro has been alerted to reports of a mass compromise of WordPress sites that lead to CRIDEX infection. To lure users to these compromised sites, the cybercriminals behind this employed spammed messages purporting to come from known legitimate sources such Better Business Bureau and LinkedIn, just to name a few. These spam use social engineering tactics to entice unsuspecting users to click the link found in the email.
Clicking this link leads to a series of compromised WordPress sites, which ultimately point users to the Blackhole Exploit kit that targets vulnerabilities cited in CVE-2010-0188 and CVE-2010-1885. This is detected by Trend Micro as JS_BLACOLE.IC.
…
Source: http://www.china.org.cn/china/2012-03/22/content_24957036.htm
The man suspected of hacking into China's largest website for programmers and leaking personal information about more than 6 million users last December has been detained on charges of illegal acquisition of computer data, Beijing News reported yesterday.
The suspect, surnamed Zeng, was nabbed in Wenzhou, east China's Zhejiang Province, on February 4 after Beijing police opened an investigation into the case on December 22, the paper said.
The leak, considered the biggest in China's Internet history, occurred on December 21 when personal information of over 6 million users of the China Software Developer Network was exposed on the Internet for free downloading.
Police said the leaked information contained user IDs, passwords and e-mail addresses in clear text. The leak had a rippling effect on other websites, including online shopping, gaming, social networking and even financial service websites.
Police noticed that most of the leaked data dated from July 2009 to July 2010, indicating the CSDN server was hacked before July 2010.
Zeng caught the police's attention because he claimed in an online post in September 2010 that he had gained command of the CSDN database and wanted to cooperate with the website, it was reported.
He admitted to hacking into the CSDN server in April 2010 through a system loophole and sneaking into an online recharge platform and a stock brokerage system.
During the investigation, police also uncovered four other hackers, the paper said.
…
Source: http://defense.aol.com/2012/03/21/they-re-here-cyber-experts-warn-senate-that-adversary-is-alread/
With attacks on U.S. networks increasing even as both government and industry pour more money into defense, top officials told the U.S. Senate Tuesday that the nation needs a new approach – one that presumes an eternal state of cyber-war. "I think we've got the wrong mental model here," said James Peery of the Energy Department's Sandia National Laboratories. "We've got to go to a model where we assume our adversary is in our networks, on our machines, and we've got to operate anyway, we've got to protect the data anyway."
Today's cyber-defenses are only "buying tactical breathing room… much like treading water," agreed the acting director of the Defense Advanced Research Projects Agency, Ken Gabriel. "If you find yourself in the middle of the ocean, treading water is a good thing," he went on, but it's not sufficient as a long-term strategy. Today, it's much cheaper and easier to attack a computer network than it is to defend it, the assembled experts agreed; what's essential is to change that "cost equation."
That disturbed Ohio Sen. Rob Portman, the top Republican on the "emerging threats" panel of the Senate Armed Services Committee, which held the hearing. "You believe," he summed up, "[that] we can do things that make it more costly for them to hack into our systems… but you didn't say that we can stop them."
"We are in an environment of measures and countermeasure," replied Zachary Lemnios, the Pentagon's chief technology officer and assistant secretary of defense for research and engineering. As in other areas of warfare, "for every concept that's deployed, a countermeasure is deployed by an adversary."
….
CA Technologies has found a nasty flaw in flagship backup software ARCServe. The flaw goes all the way back to version 10 of the product, which has just reached v.16.
CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.”
Many versions of ARCserve can fix the bug with a patch, but CA's advisory says the solution for ARCserve Backup for Windows r12.0 is to “Update to CA ARCserve Backup for Windows r16 SP1.”
We're sure ARCserve users will appreciate the forced upgrade and happily set aside other work to make it happen
….
