InfoSec Daily Podcast Episode 635 for April 2, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Beau Woods, and Karthik Rangarajan.
When: April 20-21, 2012
Where: Wellesley Inn, Atlanta GA
Linuxfest Northwest 2012
When: Saturday, April 28-29, 2012
Where: Bellingham Technical College – Bellingham, WA
When: May 21-25, 2012
Where: MU Forensic Science Center - Huntington, West Virginia
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
When: October 26-28
Where: Hotel Preston in Nashville, TN
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now.
Oracle released an update that patched this vulnerability back in February… for Windows.
But — Apple hasn't released the update for OS X (yet).
It appears that the Flashback gang is keeping up with the latest in exploit kit development. Last week, Brian Krebs reported that the CVE-2012-0507 exploit has been incorporated into the latest version of the Blackhole exploit kit. And that's not all. Though it is unconfirmed, there are rumors of yet another available exploit for an "as-yet unpatched critical flaw in Java" on sale.
So if you haven't already disabled your Java client, please do so before this thing really become an outbreak. Our previous instructions on how to check whether you are infected with Flashback is still applicable. However, for this variant, there is an additional updater component that is created in the infected user's home folder. By default it is created as "~/.jupdate".
Go to your /Users/yourusername/Library/ folder and look to see if you find any of these files:
If you don't have any of these files, you're not infected.
The owner of Pastebin.com says he plans to hire more staff to help police "sensitive information" posted to the site. The website is frequently used by Anonymous and other hackers to reveal data taken from their targets. In the past this has included home addresses, email passwords and bank account details. Pastebin currently relies on an abuse report system to alert it to material that might need to be removed. Jeroen Vader, a 28 year-old Dutch entrepreneur, bought the site from its original owner in early 2010.
In that time he says he has helped grow its popularity, as it now attracts an average of 17 million unique visitors a month. The site makes money from banner adverts on its pages.
Many visitors to the site use it to keep watch over trending topics. These often include articles posted by people who identify themselves as being linked to the hacktivist collective Anonymous, or related movements such as Antisec or Lulzsec.
“I think it is very important that people have access to sites like Pastebin, because it offers them total freedom of speech”
Recent posts have included details of attacks on Panda Labs, the Spanish security firm; Stratfor, the security think tank; and email addresses and passwords belonging to users of the Youporn pornography sites.
According to a new report by Juniper Research titled “Mobile Revenue Assurance & Fraud Management: Business Strategies & Forecasts 2012-2016,” mobile telecoms industry lost over $58 billion last year (more than 6% of global revenues) due to inadequate FM (Fraud Management) and RA (Revenue Assurance) processes. The report suggests that if these processes aren’t fixed, the scale of losses could rise five-fold by 2016.
The research company says that while operators have been obliged to integrate an ever-expanding array of devices and simultaneously manage a surge in cellular network traffic, billing systems have failed to keep pace. As a result, they are increasingly unable to accurately capture the large volume of transactions that occur on the network.
In that sense, Juniper recommends implementation of automated system solutions that provide end-to-end visibility of the revenue chain, and which could lead a net reduction of nearly $15 billion per annum compared with 2011.
Some other key findings from the report include:
Revenue leakages will continue to be relatively higher in developing regions, particularly in Africa and the Middle East.
Solutions are exploiting a single repository of data to reduce Total Cost of Ownership (TCO) and are integrating a number of complementary applications as the industry moves towards Business Assurance.
Twitter’s TweetDeck, the application that “brings more flexibility and insight to power users,” has been taken temporarily offline after a customer from Australia noticed that he could gained access to hundreds of other accounts through the app.
“TweetDeck is currently down while we look into an issue. Apologies for the inconvenience,” Tweetdeck representatives wrote a few hours ago. TechCrunch managed to obtain a statement from Geoff Evason, the one who identified the bug. “I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts,” Evason said.
To demonstrate the seriousness of the issue, he even performed a small test in which he took over another user’s account from which he made a tweet. Approximately 8 hours after it was taken down, TweetDeck managed to address the problem and restored the service.
TweetDeck representatives issued a statement regarding the incident:
As soon as we learned about the issue today, we took TweetDeck down to diagnose the situation. We discovered a bug that caused a very small number of TweetDeck users to have access to other TweetDeck users’ accounts. (The accounts that could be accessed were random; it was not possible to select specific accounts and access them.)
No one’s password was compromised, and we aren’t aware of any instances where this access was used maliciously. As a precaution, we removed account credentials associated with affected TweetDeck users; they will need to log in to authorize the TweetDeck application to access their accounts.
Concerns about credit-card security heightened Friday after a little-known Atlanta company disclosed it had been hit by hackers, potentially exposing hundreds of thousands of account holders to fraud.
The breach at Global Payments Inc. is the latest in a wave of data attacks that have heightened consumer concerns about identity theft. The card industry has been particularly vulnerable to those concerns amid a slew of big breaches in recent years as more Americans choose to pay with plastic rather than cash.
The extent of the breach couldn't be determined and it wasn't immediately clear if cardholders have seen fraudulent transactions. Consumers typically aren't liable for unauthorized purchases made on their cards.
The company declined to say how many cards were at risk, but people familiar with the investigation estimated that it could be hundreds of thousands.
The company said it "identified and self-reported unauthorized access into a portion of its processing system." It added that in early March it "determined that card data may have been accessed."