InfoSec Daily Podcast Episode 681 for May 31, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Adrian Crenshaw, Karthik Rangarajan, and Geordy Rostad.
Announcements
Hacker Wars — The Movie
When: June 15-17, 2012
Where: Pittsburgh, PA, some time this summer.
What: Ever wanted to participate in Live action Capture the Flag? Well here is your chance. This contest is modeled on so-called "penetration tests" which is when ethical hackers attempt to break in to a company's computer systems with the target's permission. This is in an effort to find security problems before the bad guys do. The contest won't just involve sitting at computers, it will also involve other typical activities: performing reconnaissance of physical facilities, surveillance of individuals, urban exploration, infiltration of buildings, and surreptitious contact with moles in the target organization. Email dan at bizling dot com or hit me up on twitter @dklinedinst.
Where: Pittsburgh, PA, some time this summer.
What: Ever wanted to participate in Live action Capture the Flag? Well here is your chance. This contest is modeled on so-called "penetration tests" which is when ethical hackers attempt to break in to a company's computer systems with the target's permission. This is in an effort to find security problems before the bad guys do. The contest won't just involve sitting at computers, it will also involve other typical activities: performing reconnaissance of physical facilities, surveillance of individuals, urban exploration, infiltration of buildings, and surreptitious contact with moles in the target organization. Email dan at bizling dot com or hit me up on twitter @dklinedinst.
Security B-Sides Cleveland
When: Friday, July 13, 2012
Where: 5800 Rockside Woods Boulevard, Independence OH 44131
http://www.securitybsides.com/w/page/27427415/BSidesCleveland
When: Friday, July 13, 2012
Where: 5800 Rockside Woods Boulevard, Independence OH 44131
http://www.securitybsides.com/w/page/27427415/BSidesCleveland
Cost: Free
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
Where: Black Hat Vegas
When: November 12-16, 2012
Where: Bristol, UK
Where: Bristol, UK
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Hack3rCon^3
When: October 19-21, 2012
Where: Charleston, WV
http://hack3rcon.org/
http://hack3rcon.org/
Stories
CSIS Security Group A/S has uncovered a new trojan-banker family which we have named Tinba (Tiny Banker) alias “Zusy”.
Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs.
Tinba is the smallest trojan-banker we have ever encountered and it belongs to a complete new family of malware which we expect to be battling in upcoming months.
The code is approx 20KB in size (including config and webinjects) and comes simple and clear without any packing or advanced encryption. Antivirus detection of the analyzed samples is low.
….
The FBI has arrested hacker "Cosmo", according to a report by Eduard Kovacs of Softpedia. Cosmo is alleged to be the leader of four-man hacktivist group UGNazi, which took control of the web site of major payment services provider WHMCS just over a week ago.
Previously, UGNazi had been known primarily for distributed denial-of-service (DDoS) attacks carried out using its own botnet. Earlier this month, for example, it briefly took down the US Department of Education web site. UGNazi received even more attention when, on 21 May, it hacked into servers belonging to UK billing company WHMCS and copied private internal information, which it posted online two days later. The stolen data included a MySQL dump of the company's customer database containing nearly 130,000 records, and data from the main server. The hackers gained access to WHMCS' Twitter account and infiltrated the user forum. The group also carried out DDoS attacks to take down the WHMCS domain for several hours.
The UGNazi hackers reportedly used basic social engineering techniques to gain access to the WHMCS domain. One of the hackers, probably Cosmo, phoned WHMCS's hosting company claiming to be the company's CEO and correctly answered the security question. They were then given full access to the company's main server.
WHMCS provides payment systems for small to medium-sized web sites. At the time of the intrusion, the customer database contained just under 13,000 credit card numbers, which were encrypted using a symmetrical AES algorithm. Passwords were salted, which should have made them harder to decrypt – but since the salt was recorded directly after the password, not impossible.
….
The Obama administration and a private-sector working group have announced a cooperative initiative to combat malicious botnets, which are being called a growing threat to the online economy and national security.
The Industry Botnet Group and the Homeland Security and Commerce departments released on May 30 a set of principles for addressing the challenge of botnets across the entire Internet ecosystem. In addition to this framework for collaboration, the government also will step up public outreach efforts to educate users about online threats and will coordinate efforts to address the technical threats posed by botnets.
On May 30, the National Institute of Standards and Technology hosted a workshop on the technical aspects of botnet activity, aimed at disrupting the botnet life cycle and removing malicious code on compromised devices.
Botnets are networks of compromised computers that can be coordinated through command-and-control servers operated by criminals or others. Malware on compromised computers can be updated and used for a variety of purposes, including information stealing, spamming, mounting distributed denial-of-service attacks and infecting new computers. The networks often are rented out by their controllers for malicious purposes, and because of their distributed nature they can be difficult to defend against.
The Industry Botnet Group was formed in January as a result of a Commerce Department effort to develop a consensus on how to combat the threat of botnets.
….
Source: http://www.thejakartapost.com/news/2012/05/24/us-counterfeit-military-parts-accusation-goes-far.html
The U.S. government has found yet another reason to ignore its own problems and bash China, this time accusing the country of compromising national security via the manufacture of counterfeit electronic components used by the U.S. military.
The Senate Armed Services Committee said a year-long investigation revealed that counterfeit parts manufactured in China have been installed in U.S. military vehicles, including cargo and surveillance aircraft.
A report issued after the investigation claimed that more than 70 percent of approximately 1 million counterfeit parts can be traced to China, adding that the country has failed to adequately police its counterfeit electronics market.
The accuracy of the claims is questionable at best, but bigger questions should be answered first: how did counterfeit parts end up slipping into the U.S. military system in the first place? And for what purpose were the parts originally shipped for?
The U.S. has maintained a military embargo on China for 23 years. Military components and weapons aren't supposed to be officially traded between the two countries to begin with. Taking this into consideration, the U.S. ought to find out precisely who purchased the parts and how they passed muster before accusing China of wrongdoing.
Recent accusations by the U.S. concerning China's currency policies, export quotas, patent protection and alleged acts of cyberwarfare ought to be seen for what they really are: attempts to distract the U.S. public from the real problems that are plaguing the country.
Although the U.S. economy is slowly recovering and unemployment is starting to decrease, the country's government still has a lot of work to do. To that end, the U.S. should stop taking action that will undermine the most important bilateral relationship in the world and work on reviving its economy.
….
Hours after being released from jail, a man walked through an emergency door at San Diego International Airport, onto the tarmac and sat down on a United Express plane Tuesday, according to San Diego authorities.
"He completely bypassed TSA screening," San Diego Harbor Police Chief John Bolduc said. "He was in a public area and went out an emergency fire door, which gave him access to the tarmac."
Marc Duncan, 38, was paroled from jail Monday night, according to San Diego County Sheriff's Department records. He had been serving time for theft.
After it was opened, the emergency door alarm sounded, and Bolduc said police were on site in four minutes, but by then Duncan had blended in with other passengers.
…
Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and network security features in iOS, most of which had been known before but hadn't been publicly discussed by Apple.
The iOS Security guide, released within the last week, represents Apple's first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices. Security researchers have been doing ther best to reverse engineer the operating system for several years and much of what's in the new Apple guide has been discussed in presentations and talks by researchers.
One of the more-discussed security elements in iOS is the implementation of ASLR (address space layout randomization), an exploit mitigation that's designed to prevent attackers from using memory corruption bugs. Researchers discovered the addition of ASLR to iOS, but Apple never really talked about it.
"Built-in apps use ASLR to ensure that all memory regions are randomized upon launch. Additionally, system shared library locations are randomized at each device startup. Xcode, the iOS development environment, automatically compiles third-party programs with ASLR support turned on," the security guide says.
The document also talks in detail about the way that Apple's code-signing process for iOS apps works. The process is key to the company's ability to control which apps are allowed to run on iOS devices and also a central part of its security architecture. This code-signing system is one of the main features cited by security experts when they discuss the security capabilities of iOS relative to Android and other mobile operating systems.
….
[end]
