InfoSec Daily Podcast Episode 649 for April 19, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Adrian Crenshaw and Karthik Rangarajan.
Announcements
Outerz0ne 8
When: April 20-21, 2012
Where: Wellesley Inn, Atlanta GA
http://www.outerz0ne.org
Linuxfest Northwest 2012
When: April 28-29, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center - Huntington, West Virginia
http://www.appyide.org/
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA
http://www.sans.org/mentor/details.php?nid=28014
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Skydogcon
When: October 26-28
Where: Hotel Preston in Nashville, TN
http://www.skydogcon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://news.techworld.com/personal-tech/3352311/anonymous-launches-anonpaste-alternative-pastebincom
The Anonymous hacking collective has launched a new site that it claims will allow users to post material without fear of being tracked down.
Anonymous described the new site, dubbed AnonPaste, as a safer site than Pastebin.com, which has been used by hackers to post evidence of their exploits.
In a joint statement issued Tuesday, Anonymous and a group calling itself the People's Liberation Front said the new site will allow people to post any material with complete anonymity.
The statement said posts to the new site would not be censored or moderated in any way.
The two groups said AnonPaste offers 256-bit AES encryption at the browser layer. All data posted to the site will be encrypted and decrypted in the browser so no "usable paste data [is] stored on the server for the authorities or anyone else to seize," the statement claimed.
"There will be no need for us to police this service, and in fact we don't even have the ability of deleting any particular paste," it said.
AnonPaste supports a URL shortening feature and allows users to post up to 2MB of text snippets at a time. Users can specify how long they want the text to remain available on the site.
Pastebin.com was originally created for programmers to temporarily store and share snippets of code and configuration information. Over the years, people have used the site to post and share all sorts of documents and has become a favorite for hackers looking to publicize details of their exploits.
Anonymous, LulzSec and other groups routinely post documents obtained from hacking attacks. Often, the documents posted on Pastebin have included personal, financial and confidential information of individuals and businesses.
Anonymous and the People's Liberation Front said AnonPaste was launched after learning that Pastebin.com may move to censor content and pass on the IP addresses of people posting on its site to law enforcement authorities.
….
Source: http://www.networkworld.com/community/node/80324
Source: http://cee.mitre.org/docs/overview.html
Enter the Common Event Expression (CEE) standard, a group effort being championed by Mitre Corporation. Other participants include Cisco, HP/ArcSight, McAfee, NIST, and Microsoft. CEE seeks to solve a basic problem that doesn't get enough attention. Every IT device and application generates log files but there really are no standards for how these logs present their data. As a result, you either have to learn what the log files are telling you or develop technologies to normalize these logs into some common and useable format. It's easy to see how this has become such a big problem — more IT stuff, more logs of different flavors that needs to be collected, normalized, processed, etc.
CEE is designed to address this problem from cradle to grave by defining common event definitions, enumeration, classification, languages, transport protocols, etc. In other words, everything to event/log production to event/log consumption is covered.
Mitre is no stranger to security standards, think CVE (Common Vulnerability Enumeration). That said, CEE is not the only game in town. The Linux community has something called "Project Lumberjack," Verizon touts a standard called Verizon Enterprise Risk and Incident Sharing (VERIS), and the IETF is playing in this space as well. CEE doesn't necessarily compete with these other efforts however since it is extensible and could work in concert with other standards.
I noticed that Sensage and Tripwire have announced support for CEE and would encourage others to do the same. CEE is not a panacea by any means, but enterprise organizations need better security intelligence and analytics ASAP and no one should expect them to invest years of time and tens of millions of dollars to piece together customer solutions. Security standards like CEE can go a long way toward expediting common security data standards, wider data exchange, and deeper analysis. For that reason alone, the security technology industry should be much more engaged.
….
Emory Healthcare says they are missing 10 data disks of information on surgical patients from between 1990 and 2007 from a storage location at Emory University Hospital.
Officials released a statement Wednesday afternoon that said as soon as they discovered the disks were missing, that an exhaustive search began. The search and investigation is continuing.
According to the university, the disks were removed from their storage location at some point between February 7 and February 20, 2012. The disks came from an old computer system that was deactivated in 2007.
Officials insist there is no indication the information has been misused in any way. They also insist this is not a breach or hacking of their systems.
….
Groups of Anonymous hacktivists from around the world plan to focus distributed denial-of-service attacks on organisations including the Home Office, GCHQ, and McDonald's on Saturday.
Activists from Sweden, Brazil, the US and Russia will participate in attacks on the websites of the Home Office, GCHQ, MI5, MI6, Theresa May, Number 10, the Supreme Court, McDonald's, EDL, BNP, the Be my Parent adoption agency, and Justice, members of UK Anonymous group AnonAteam told ZDNet UK via an internet radio broadcast on Wednesday.
"We've scanned [GCHQ and the Home Office]," Anonymous hacker 'Winston Smith' said. "We've uncovered paths we didn't realise were available, from the scans that we've done."
A hacker identified as 'Murdoch' directed ZDNet UK to a Pastebin document — purportedly the results of scans of systems of the organisations to be targeted.
"GCHQ is running on Linux 2.6.18 and has got port 80 open," Smith told ZDNet UK. "We will try to attack four [GCHQ] ports."
Smith said that Anonymous had gleaned information from a failed attempt to take down the GCHQ website last weekend.
"[GCHQ] moved around some of the pages we were attacking before — we couldn't analyse the traceroutes," said Smith. "There will be three or four types of attack, using three or four types of technology. We have agreed with other groups to attack together."
The Home Office website was attacked during the course of the radio broadcast on Wednesday, and was intermittently up and down, according to checks made by ZDNet UK.
Before those disruptions, a Home Office spokesman said the government department was bracing itself for attacks.
….
Source: http://www.thenewstribune.com/2012/04/18/2111929/facebooks-rite-of-passage-into.html
"Welcome to Facebook!"
Underneath, printed in big, bold, red letters, are slogans like: "We Hack Therefore We Are," or "Move Fast and Break Things." Within days, your software code will be in front of our more than 845 million users.
And so begins the six-week journey of a new employee class in Facebook's "Bootcamp," an experience shared by every engineering hire, whether they are a grizzled Silicon Valley veteran or a fresh-faced computer science grad. Since 2008, hundreds of Facebook's engineers have passed through Bootcamp, which may lack the physical tests of military basic training but does provide the same kind of shared experience and cultural indoctrination into the world's largest social network.
Bootcamp is one part employee orientation, one part software training program and one part fraternity/sorority rush. When new engineering recruits are hired at Facebook, they typically do not know what job they will do. They choose their job assignment and product team at the culmination of Bootcamp, a program that exemplifies Facebook's adherence to founder and CEO Mark Zuckerberg's "Hacker Way," an organizational culture that is supposed to be egalitarian, risk-taking, self-starting, irreverent, collaborative and creative.
Each new recruit needs to take a deep breath. Within a few days, all are expected to be pushing live software updates out to the better part of a billion users. If a Bootcamper crashes part of Facebook doing that, well, it won't be the first time.
"I would describe it as a way for us to educate our engineers not only on how we code and how we do our systems, but also how to culturally think about how to attack challenges and how to meet people," said Joel Seligstein, the head of the Bootcamp program, who might be described as Facebook's answer to Yoda. "We like to teach what's important very early on, on Day 1. I would say it's even more of a cultural program than it is a teaching program."
From "the HP Way" at Hewlett-Packard to Google's sense of what's "Googley," company culture is a mainstay of Silicon Valley life. With workplace perks like free gourmet food and other amenities, life at Facebook doesn't look much different on the surface from Google, Zynga, Twitter or many other young, fast-growing Internet companies.
….
Source:
http://www.nbcbayarea.com/news/local/Berkeley-High-School-Uncovers-Attendance-Scam-148023145.html
About 50 Berkeley High School students will be suspended and up to four could be expelled for a recently discovered scheme in which students hacked into the school's attendance system and sold cleared absences to classmates, school administrators said Wednesday.
School staff discovered the breach in the school's attendance system while reviewing student data a few weeks ago, according to Principal Pasquale Scuderi. Administrators found that several student accounts in the school's attendance database, called Powerschool, appeared to have unauthorized changes to their attendance records last fall.
Further investigation revealed that at least four students got their hands on an administrative password that allows access to Powerschool, then logged in and cleared absences or tardy marks on classmates' records for a fee, Scuderi said. The principal did not disclose how much money the students exchanged, but said an investigation by district technical staff and administrators showed that about 50 students participated in the scam.
"The degree of involvement ranged from what we now know was a few students literally selling the clearance of absences to those who may have accepted having a few absences or tardies cleared by a friend or acquaintance who gained access," the principal said in a statement.
Scuderi said he believes the expulsion of those students who launched the scam is an appropriate response, considering the number of administrative hours spent to investigate the scheme as well as the "flagrant dishonesty exhibited".The principal said that while he is disappointed in the students, he hopes the incident will be a teachable moment for staff and parents and is encouraged by current attendance records for the school's 3,200 students.
The school's attendance record rose to 94 percent for the first seven months of the school year compared to 92 percent during the same period last year. Over the past year, the school has made attendance a top priority, hiring a dean of attendance to oversee the school's attendance process and crack down on chronic truancy, the principal said. Scuderi credited the school's addition this year of a dean of attendance as well as the school's teachers for keeping attendance levels high.
….
