InfoSec Daily Podcast Episode 669 for May 16, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Dr B0n3z, and Karthik Rangarajan.
Announcements
EFF DEFCONtest
https://supporters.eff.org/civicrm/pcp/info?reset=1&id=42&ap=1
GraniteSec (formerly The New England InfoSec Tweetup)
When: May 19, 2012
Where: Veasey Memorial Park, Groveland, MA
http://granitesec.org
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center – Huntington, West Virginia
http://www.appyide.org/
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA
http://www.sans.org/mentor/details.php?nid=28014
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: November 12-16, 2012
Where: Bristol, UK
http://www.social-engineer.com/social-engineer-training
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Hack3rCon^3
When: October 19-21, 2012
Where: Charleston, WV
http://hack3rcon.org/
Skydogcon
When: October 26-28
Where: Hotel Preston in Nashville, TN
http://www.skydogcon.com
Hacker Wars — The Movie
Ever wanted to participate in Live action Capture the Flag? Well here is your chance
What: This contest is modeled on so-called "penetration tests" which is when ethical hackers attempt to break in to a company's computer systems with the target's permission. This is in an effort to find security problems before the bad guys do. The contest won't just involve sitting at computers, it will also involve other typical activities: performing reconnaissance of physical facilities, surveillance of individuals, urban exploration, infiltration of buildings, and surreptitious contact with moles in the target organization.
http://www.kickstarter.com/projects/278183749/hacker-wars
Stories
Source: http://www.infoworld.com/d/the-industry-standard/pc-users-admit-pirating-software-193218
Visitors to Wikipedia who see advertisements on the site have most likely fallen victim to a browser-based malware infection, Wikimedia Foundation, the organization operating the website, said on Monday.
"We never run ads on Wikipedia," said Philippe Beaudette, director of community advocacy for the Wikimedia Foundation, in a blog post. "If you're seeing advertisements for a for-profit industry … or anything but our fundraiser, then your web browser has likely been infected with malware."
One example of such malware is a rogue Google Chrome extension called "I want this," Beaudette said. However, similar malicious add-ons might also exist for Mozilla Firefox, Internet Explorer, and other browsers, he said.
This type of malicious software is known as click fraud malware and can target multiple websites at once. In addition to injecting ads into Web pages, such rogue extensions are also known to hijack search queries in order to earn their creators affiliate revenue, said Graham Cluley, a senior technology consultant at Sophos, in a blog post Tuesday.
Spotting this type of rogue behavior on Wikipedia is easier than on other websites because the site doesn't run any commercial advertisements. "We're here to distribute the sum of human knowledge to everyone on the planet — ad-free, forever," Beaudette said.
Wikipedia's operating costs are covered by donations. An online fundraiser is organized every year, and that's usually the only time a banner is displayed on the site's pages.
Users who are seeing commercial ads on Wikipedia should disable all their browser add-ons to determine if they are the source of the problem, Beaudette said.
…
Brian Dunn gave Best Buy's board of directors plenty of reason to doubt that he was the man to engineer the company's comeback.
Dunn, 52, who resigned as CEO of the struggling electronics chain last month while the company was investigating his "alleged misconduct," was taken down by an "inappropriate relationship" with a 29-year-old female employee. That was the finding of investigators who were hired to look into the relationship and Best Buy released their report today.
The four-page audit included details about Dunn loaning the woman money, giving her use of a hotel room and sending her text messages in which he "expressed affection" for the employee (more on this later). According to Best Buy's report, Dunn and the woman deny their relationship was sexual or romantic.
Even if it was romantic, is that a big deal? Plenty of executives from powerful companies are married to former employees. But Best Buy's board claims a line was crossed, a threshold of credibility and honesty. That's the same line Hewlett-Packard's board of directors claimed Mark Hurd, its former CEO, also crossed two years ago.
In 2010, Hurd was pushed out at HP after he was accused of making unwelcome sexual advances towards a public-relations contractor, who was also a former actress and reality television star. Hurd was never accused of flaunting the relationship, but his other, more important relationship with HP's board of directors had soured so badly, he was forced to step down.
…
Source: http://www.pcmag.com/article2/0,2817,2404504,00.asp
The Pirate Bay is under fire from an unknown attacker in a distributed denial of service (DDoS) strike that has lasted at least 24 hours.
In an early morning post to its Facebook page, The Pirate Bay announced that it was "under a quite big ddos attack."
"We don't know who's behind it but we have our suspicions," the post continued. "Once we've awaken our tech guru Winston Q we'll get on the issue." By 12:20pm, the site said it was "getting back up [and] stronger than ever," and pointed user to its list of proxies.
As of 2pm Eastern time, access to the site was still spotty.
The attack comes after ISPs in the U.K. and the Netherlands were ordered to block access to The Pirate Bay over copyright violations. In retaliation, the hacking group Anonymous struck out at Virgin Media, one of the U.K. ISPs ordered to block to the site, prompting The Pirate Bay to equate the move to censorship.
In a blog post, the team responsible for the Virgin Media attack – AnonAteam – wrote that it had "no involvement" in the DDoS attack on The Pirate Bay.
"It is not a legitimate protest for anyone to be involved with nor does it fall within our objectives," AnonAteam said. "Anyone involved in the attack should stop. It is our understanding Anonymous have no involvement in this attack."
Later in the day, The Pirate Bay said "we KNOW that it is NOT Anonymous who is behind the ddos attack."
As noted by TorrentFreak, "Pirate Bay downtime happens a handful of times each month, [but] it rarely persists for more than a few hours. When it goes beyond that the steady flow of reader emails to TorrentFreak quickly transforms itself into a torrent."
Alternate Sites: http://pastebin.com/JVGDat6v
…
Source: http://threatpost.com/en_us/blogs/kickstarter-data-breach-publishes-70000-startup-ideas-051512
An application programming interface (API) error on the popular Kickstarter crowdfunding website exposed the plans and descriptions of more than 70,000 yet-to-be launched projects.
The API bug exposed project descriptions, goals, durations, rewards, videos, images, locations, categories, and usernames for unlaunched projects.
In a statement, Kickstarter said that no account or financial data of any kind was made accessible by the exposure.
It is unlikely that casual users came into contact with any of the unlaunched project data, the company claims, because of the way the API was indexed on the site.
“For those who are unfamiliar, an API is a software interface that allows software to communicate with one another,” reads the statement. "It's not like a webpage that an internet user could point their browser to. It is a feed of data meant to be shared between software. The API in this instance is for Kickstarter's internal use.”
The bug was initially introduced during a site upgrade on April 24. It remained live until it was discovered and fixed at 1:42 PM Friday, May 11.
The company apologized in their statement, calling the bug "completely unacceptable."
The Wall Street Journal reported that Amazon Payments handles all of Kickstarters pledges and that the company never even sees user credit card or other billing information.
Kickstarter had to pull a video game start-up off the site earlier this month when it became clear that the project was a scam.
…
Source: http://www.net-security.org/secworld.php?id=12935
If you are a user of any of the paid versions of Avira's various antivirus and security software and you have tried to update it/them in the last 24 hours, chances are that you're now sitting before a crippled PC, wondering what happened.
So what did happen?
Well, it seems that the new update makes the AntiVirProActiv component – not present only in the company's free offering – erroneously detect critical Windows processes as malware and automatically terminate them.
It also blocks other popular Microsoft and third party software, and sometimes even prevents Windows from booting at all.
It is unknown how many individuals and businesses were affected by the defective update but, according to Emil Protalinski, it seems to have been downloaded millions of times.
Avira's forums are heaving with users searching for a way to undo the damage, and the company is furiously working on a solution.
So far, they advise users to either temporarily disable the ProActiv component or to add an exception for every blocked application.
For those who can boot Windows only in safe mode, disabling ProActiv requires bringing up the Task Manager, opening a new task and typing “c:\program files\avira\antivir desktop\avconfig.exe”, then running it.
…
Source: http://www.infoworld.com/d/the-industry-standard/pc-users-admit-pirating-software-193218
More than half of global PC users admit that they pirate software at least occasionally, contributing to a black-market economy estimated at $63.4 billion in 2011, up from $58.8 billion the previous year, according to a new survey from the Business Software Alliance.
The trade group, a leading advocate for stronger intellectual property rules and stricter enforcement practices, for the first time directly asked survey respondents how often they acquire pirated or not fully licensed software in its 2011 Global Software Piracy Study, the ninth installment of the annual report.
Of the 57 percent of survey participants who admitted to using illegal copies of software, 5 percent said they always use pirated software, 9 percent answered "mostly," 17 percent "occasionally," and 26 percent said they "rarely" do. Thirty-eight percent said they never install pirated software, while the remaining 5 percent said they didn't know or declined to answer.
"If 57 percent of consumers admitted they shoplift, authorities would react by increasing police patrols and penalties," Robert Holleyman, president and CEO of the BSA, said in a statement. "Software piracy demands a similarly forceful response — concerted public education and vigorous law enforcement."
The report pegged the overall global piracy rate at 42 percent, roughly the same as the 2010 mark, with much of that activity driven by surging PC usage in emerging markets, where BSA says piracy rates are considerably higher than in developed countries. Emerging countries received 56 percent of PC shipments last year, according to the BSA. In aggregate, users in emerging markets reported a piracy rate of 68 percent, compared to the average figure of 24 percent in mature markets.
….
[end]
