InfoSec Daily » Podcast

Episode 585 – Eyes Open, Bouncer, PHP, NATO Deficiencies, Fakebook Accounts & What’s New?

rick.hayes — Sat, 04 Feb 2012 01:58:49 +0000

InfoSec Daily Podcast Episode 585 for February 3, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Geordy Rostad, and Dr. Bonez,

Announcements:

Unsung Heros

Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros

Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email ashimmy@hotmail.com with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on http://www.ashimmy.com.

Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
https://msfucincy.wordpress.com/
$20 donation for #HFC

Social Engineering Training
When: March 5-9, 2012

Where: Seattle, Washington
When: July 21-24, 2012

Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012

Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source:

http://www.forbes.com/sites/andygreenberg/2012/02/02/google-gets-serious-about-android-security-now-auto-scans-app-market-for-malware/

Source: http://googlemobile.blogspot.com/2012/02/android-and-security.html

The last year has been a phenomenal one for the Android ecosystem. Device activations grew 250% year-on-year, and the total number of app downloads from Android Market topped 11 billion. As the platform continues to grow, we’re focused on bringing you the best new features and innovations – including in security.

Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.

The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.

…

Source: http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions.

The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web.

…

Source: http://news.softpedia.com/news/Anonymous-Leaks-Passwords-from-Ireland-s-Foreign-Affairs-Site-250514.shtml

Anonymous hackers managed to gain access to the official website of the Irish government’s Department of Foreign Affairs, obtaining passwords used by employees and officials. Some of the passwords were used to administrate the website Irish Aid, an overseas development program.

According to The Journal, members of Anonymous Sweden led to believe that these attacks, part of OpIreland, were launched as a protest against the plans to introduce a new SOPA-like legislation.

Of the 19 credential sets leaked, 17 were used by the Department of Foreign Affairs to edit the Irish Aid website, while the other 2 were utilized by the staffers of the company that developed the site.

“We are aware of website user login information being posted online. The website server has been taken offline as a precautionary measure and the matter is being investigated by our IT specialists,” said a Department of Foreign Affairs spokeswoman.

“This is an external service and is separate to the internal Department servers; these have not been affected.”

It seems that Seán Sherlock, the junior minister behind the new law, is one of the main targets, Anonymous revealing that it plans on targeting the Labour Party’s website next, part of which Sherlock is a member.Source: http://news.cnet.com/8301-27080_3-57370710-245/how-to-identify-fake-facebook-accounts

Hello, Facebook friends, I am male, straight, often ridiculously good-looking, and this is a real message: she's not that into you.

And by she, I mean one of those hot girls on Facebook who always seems too desperate and overzealous in trying to connect to you and everyone on your friend list.

Apparently, of some 850 million active Facebook users, a lot are fake profiles created to spread spam and viruses. These are often categorized as spammers or attackers. Security firm Barracuda Networks released today the findings from its most recent study that helps distinguish attackers from real users. Here are the study's four key findings.

….

Source: http://news.softpedia.com/news/Anonymous-Leaks-Passwords-from-Ireland-s-Foreign-Affairs-Site-250514.shtml

According to The Journal, members of Anonymous Sweden led to believe that these attacks, part of OpIreland, were launched as a protest against the plans to introduce a new SOPA-like legislation.

“This is an external service and is separate to the internal Department servers; these have not been affected.”

At press time, the website of the Department of Foreign Affairs in back online, but Irish Aid displays a message that reveals they’re currently “undergoing essential maintenance.”

Source:

https://www.eff.org/deephttps://www.eff.org/deeplinks/2012/02/what-actually-changed-google%27s-privacy-policylinks/2012/02/what-actually-changed-google%27s-privacy-policy

Last week, Google announced a new, simplified privacy policy. They did a great job of informing users that the privacy policy had been changed through emails and notifications, and several experts (including Ontario’s Privacy Commissioner Dr. Ann Cavoukian) have praised the shift toward a simpler, more unified policy. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed. In fact, it took a letter from eight Representatives to persuade them to provide straightforward answers to the public about their new policy.

…

Source:

http://news.cnet.com/8301-13506_3-57370274-17/google-must-pay-$660000-for-offering-google-maps-for-free/?tag=rtcol;dis

A Paris court earlier this week ordered Google France and its parent company Google to pay plaintiff Bottin Cartographes 500,000 euros (about $660,000) for providing its free mapping services to businesses across the country. The court also required Google to pay a 15,000 euro fine for its practice.

"We proved the illegality of (Google's) strategy to remove its competitors," Jean-David Scemmama, attorney for Bottin Cartographes, a company that provides mapping services to businesses, told the AFP in an interview earlier this week. "The court recognized the unfair and abusive character of the methods used, and allocated Bottin Cartographes all it claimed. This is the first time Google has been convicted for its Google Maps application."

According to Scemmama, Bottin has been arguing its case against Google for two years, claiming the search giant was engaging in anticompetitive practices by using its free service to take control over the online-mapping industry.

In a statement to the AFP, Google said that it will appeal the court's decision, adding that Google Maps is still facing competition in that market.

…

Episode 584 – OS X 10.7.3, HTC WiFi Oops!, Leading Hackers, Passware & VeriSign

rick.hayes — Fri, 03 Feb 2012 01:47:24 +0000

InfoSec Daily Podcast Episode 584 for February 2, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Adrian Crenshaw, and Karthik Rangarajan.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: http://threatpost.com/en_us/blogs/apple-ships-huge-set-patches-os-x-020212

Apple has released a massive set of patches for a wide range of security vulnerabilities in a number of its products and components, including OSX Lion and QuickTime. The patches, which are rolled up in OS X 10.7.3, fix a slew of serious bugs, many of which can be used to execute remote code on vulnerable machines.

One of the more serious vulnerabilities Apple fixed is the flaw that researchers Juliano Rizzo and Thai Duong discovered in the TLS 1.0 and SSL 3.0 protocols last year. The vulnerability, for which they wrote a proof-of-concept exploit tool called BEAST, is fixed in the new version of Apache that Apple included in yesterday's patches. Exploiting the flaw enables an attacker to decrypt some SSL sessions.

"There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default," Apple said in its advisory.

Apple also pushed out an update that revokes trust in some of the certificates issued by Malaysian CA DigiCert that were found last year to contain weak cryptographic keys.

….

Source: http://www.pcadvisor.co.uk/news/mobile-phone/3334795/htc-vows-fix-android-flaw-revealing-wi-fi-credentials/?olo=rss

HTC is moving quickly to squash a security flaw that could expose Wi-Fi credentials on the company's Android phones.

Using an app that takes advantage of this flaw, an attacker could harvest SSID names and passwords for all wireless networks that the phone has accessed. For average consumers, this isn't a huge concern, but as researchers Chris Hessing and Bret Jordan note, the exploit “exposes enterprise-privileged credentials in a manner that allows targeted exploitation.”

The affected phones are the Desire HD (both "ace" and "spade" board revisions) Versions FRG83D and GRI40; Glacier Version FRG83; Droid Incredible Version FRF91; Thunderbolt 4G Version FRG83D; Sensation Z710e Version GRI40; Sensation 4G – Version GRI40; Desire S – Version GRI40; EVO 3D Version GRI40; and EVO 4G Version GRI40. HTC's MyTouch 3G and Google Nexus One are not affected.

HTC has acknowledged the issue, and says most phones have already received a fix through regular updates. Other phones, however, will require users to manually load the fix. The company says it will have more information on the matter next week.

….

Source: http://news.softpedia.com/news/Hackers-from-US-and-China-Responsible-for-40-of-Hack-Attempts-250311.shtml

A study released by security firm NCC reveals the origins of most hacking operations and the estimated damages they cause to the global economy each year.

The numbers show that hackers from the UK cost the global economy over $2 billion (1.4 billion EUR) in the year that passed, counting a total of 23 million hack attempts.

While this puts the United Kingdom on the 15th place on a global chart, the first two positions are occupied by China and the United States, the operations launched by cybercriminals from these countries costing the global economy around $44 billion (31 billion EUR).

“Reading the papers each day, it’s easy to think of hacking as something that happens to us from afar; that we’re victims of foreign criminal gangs in developing countries. Yet hackers can be anywhere in the world, as our research illustrates, including on our own doorstep,” Rob Cotton, NCC Group’s chief executive said.

US and China are followed on the global list by Russia, Brazil, Italy, Netherlands, France, Denmark, Germany and India.

It’s somewhat surprising that so many highly developed European countries have such a great contribution to the hacking attempts recorded worldwide, counting around 200 million attempted hacks with consequences translating into costs of $16 billion (11 billion EUR) each year.

….

Source: http://nakedsecurity.sophos.com/2012/02/02/filevault-encryption-broken/

California-based forensics software vendor Passware has released the latest version of its toolkit, which the company claims can bypass Apple's FileVault 2 disk encryption "in minutes," as well as volumes encrypted with TrueCrypt.
The software is reportedly able to capture the contents of a computer's memory via FireWire (also known as IEEE 1394 or i.LINK), analyze the memory dump, and extract the encryption keys. Passware claims that the software can recover passwords from decrypted Mac OS X keychain files as well.
Previous and current versions of Passware's software are also able to bypass Microsoft's BitLocker encryption which is built into some editions of Windows.
Although Passware seems to mainly market its software to government and law enforcement agencies and military organizations, anyone with US $795 can purchase an edition of Passware Kit that includes these features. Interestingly, Passware also lists Apple, Microsoft, Intel, and several other major tech companies among its customers.
For those who might find all this concerning, it is important to note a few important caveats.
First, Passware's software requires physical access to a computer with a working FireWire port; a remote internet attacker cannot use it to break into your Mac or PC.

….

Source: http://www.pcmag.com/article2/0,2817,2399773,00.asp

VeriSign was hit by hackers in 2010 and its computers and servers were accessed several times, but the breach was not properly reported until late last year.

The information was revealed in an October filing with the Securities and Exchange Commission (SEC) and reported today by Reuters.

"In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers," VeriSign said. "We have investigated and do not believe these attacks breached the servers that support our Domain Name System ('DNS') network."

Information was stolen, though VeriSign did not provide details on what went missing.

But while the hacks occurred in 2010, VeriSign's information security group did not tell management about the attacks until September 2011. VeriSign said it has since changed its reporting policies to make sure the same thing doesn't happen again.

Information was stolen, though VeriSign did not provide details on what went missing.

"The group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information," VeriSign said in its filing. "In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future."

VeriSign did not immediately respond to a request for additional comment.

….

Source: http://boingboing.net/2012/02/02/french-court-rules-that-its.html

A French court has ruled that Google's free Google Maps application API is anti-competitive and has ordered the company to pay €500,000 to Bottin Cartographes, a for-pay map company, as well as a €15,000 fine. Bottin Cartographes argued that Google was only planning to give away the service for free until all the competitors had been driven out of business and then they would start charging. This seems implausible to me, and contrary to Google's business model (give away services, make money from mining the use of those services). Google says it will appeal.

"This is the end of a two-year battle, a decision without precedent," said the lawyer for Bottin Cartographes, Jean-David Scemmama.

"We proved the illegality of (Google's) strategy to remove its competitors… the court recognised the unfair and abusive character of the methods used and allocated Bottin Cartographes all it claimed. This is the first time Google has been convicted for its Google Maps application," he said.

I wonder what Bottin Cartographes will do when OpenStreetMaps finishes producing high-quality, free, public domain maps of France that can be used to create APIs of the same scope and utility?

Episode 583 – Pentest Lessons, DNT for Google, 7-Step Program, Captcha Cracking Malware & Mobile Device Privacy Act

rick.hayes — Thu, 02 Feb 2012 01:48:33 +0000

InfoSec Daily Podcast Episode 583 for February 1, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, and Varun Sharma.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Pentest Lessons:
Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.

Lesson 1: When having a pentest performed, the customer should not disregard all alerts. While unlikely, an unrelated attack may still be happening. When alerts occur during a pentest, the customer should always validate them against the pentester's IP addresses.

Lesson 2: When using an exploit during a pentest, only use trusted and tested exploits. Do NOT assume that the exploit you just downloaded is safe.

Lesson 3: When performing physical pentesting (sneaking in, by passing security, picking locks, etc…) ALWAYS have a good GET OUT OF JAIL FREE CARD!

Stories

Source: http://howto.cnet.com/8301-11310_39-57368016-285/how-to-prevent-google-from-tracking-you/

Much has been made of Google's new privacy policy, which takes effect March 1. If you're concerned about Google misusing your personal information or sharing too much of it with advertisers and others, there are plenty of ways to thwart Web trackers.

But what exactly are you thwarting? You don't become anonymous when you block tracking cookies, Web beacons, and the other identifiers as you browse. Your ISP and the sites you visit still know a lot about you, courtesy of the identifying information served up automatically by your browser.

The Electronic Frontier Foundation offers the Panopticlick service that rates the anonymity of your browser. The test shows you the identifiable information provided by your browser and generates a numerical rating that indicates how easy it would be to identify you based solely on your browser's fingerprint.

According the the entropy theory explained by Peter Eckersley on the EFF's DeepLinks blog, 33 bits of entropy are sufficient to identify a person. According to Eckersley, knowing a person's birth date and month (not year) and ZIP code gives you 32 bits of entropy. Also knowing the person's gender (50-50, so one bit of entropy) gets you to the identifiable threshold of 33 bits.

Prominent in the Google privacy policy are links to services that let you view and manage the information you share with Google. Some of this personal data you volunteer, and some of it is collected by Google as you search, browse, and use other services.

To view everything (almost) Google knows about you, open the Google Dashboard. Here you can access all the services associated with your Google account: Gmail, Google Docs, YouTube, Picasa, Blogger, AdSense, and every other Google property. The dashboard also lets you manage your contacts, calendar, Google Groups, Web history, Google Voice account, and other services.

More importantly, you can view and edit the personal information stored by each Google service, or delete the service altogether. To see which other services have access to the account's information, click "Websites authorized to access the account" at the top of the Dashboard. To block an authorized service from accessing the account, click Revoke Access next to the service name.

The Google Ads Preferences Manager lets you block specific advertisers or opt out of all targeted advertising. Click the "Ads on the web" link in the left column and then choose "add or edit" under "Your categories and demographics" to select the categories of ads you want to be served or to opt out of personalized ads.

….

Source: http://www.microsoft.com/security/sir/strategy/default.aspx#!malwarecleaning

Microsoft has published a 7-step guide for cleaning malware off of an infected system. This is a welcome contrast to Apple’s policy of denying that OS X could ever be infected in the first place. The guide makes use of Microsoft’s Sysinternals suite of tools and serves as a good basis of removing infections from any system that you don’t want to reinstall.

“The guidance in IT Pro Advanced Techniques helps IT professionals investigate, analyze, and—when possible—remove malware from an infected computer. This guidance, intended for advanced users, helps IT professionals understand the impact of malware and create a rudimentary roadmap for cleaning infected computers. In addition, this effort provides the user more information about the internal operation of malware.

The guidance involves the use of several Windows Sysinternals tools, a suite of advanced diagnostics and troubleshooting utilities for the Windows platform available for download at no charge from the Microsoft Download Center. “

…

Source: http://searchsecurity.techtarget.com/news/2240114619/Cridex-Trojan-breaks-CAPTCHA-targets-Facebook-Twitter-users

A variant of a banking Trojan known as Cridex can communicate with a CAPTCHA-breaking server in order to establish malicious email accounts. Researchers at Websense Security Labs posted a video documenting how Cridex broke a CAPTCHA test and opened a Yahoo email account in six attempts.

The Cridex network grows as it infects new machines via malicious emails. The emails contain links to a Black Hole exploit kit, which attacks vulnerabilities in Web browsers and plug-ins. If successful, the kit downloads Cridex onto the machine.

“Cridex is a data-stealing Trojan that is similar to Zeus in the way it operates: It logs content from Web sessions and alters them to harvest information from the infected user,” according to the Websense Security Labs blog.

Cridex targets information from platforms like Facebook, Twitter and several online banking services. That data is then sent to a remote server.

…

Source: http://arstechnica.com/tech-policy/news/2012/01/mobile-device-privacy-act-would-prevent-secret-smartphone-monitoring.ars

Recent controversy sparked by the installation of monitoring software on millions of smartphones has led US Rep. Edward Markey (D-MA) to propose a requirement that carriers and phone makers inform consumers about the presence of monitoring software and gain their "express consent" before collecting and transmitting information from phones.

The controversy started a couple months back when a developer publicized the widespread use of Carrier IQ software, which phone manufacturers and carriers use to monitor what happens on a smartphone. While Apple, Samsung, HTC, AT&T and others all said the software is used only as a diagnostics tool to improve network and service performance, congressmen started denouncing the use of Carrier IQ, and class-action lawsuits were filed.

…

Episode 582 – DMARC, DHSBS, USB Fixers, Skyipot, & Chinese Hack Lawyers

rick.hayes — Wed, 01 Feb 2012 01:53:27 +0000

InfoSec Daily Podcast Episode 582 for January 31, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Themson Mester and Dr. Bonez.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: http://news.cnet.com/8301-27080_3-57367842-245/antiphishing-standard-in-the-works-from-google-facebook-others/

Google, Facebook, Microsoft, Yahoo, PayPal and others are working together on a standard that can be used across the Internet for blocking phishing e-mails.

The 15 companies will be announcing on Monday DMARC.org, which stands for Domain-based Message Authentication, Reporting, and Conformance–a system for verifying that e-mails are coming from legitimate companies and not imposters trying to trick people into clicking a phishing link. Basically, the system offers a common way for companies to authenticate their legitimate communications with customers.

Also in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.

…

Source: http://www.tgdaily.com/software-brief/61138-man-denied-entry-to-us-because-of-a-tweet

Apparently the Department of Homeland Security has nothing better to do than to monitor what vacationing tourists post on Twitter.

A 26-year-old bar manager by the name of Leigh Van Bryan, an Irish citizen, decided to take a trip to Los Angeles. Before he left, he wrote this message on Twitter:

"Free this week, for quick gossip/prep before I go and destroy America."

Then, to his surprise, when he arrived at LAX he was treated like a criminal, interrogated by government officials, and then forced to return back to his home.

News reports compared the Twitter message to passengers who joke about having a bomb at the airport and are then escorted off the premises. But obviously, Bryan's message was not even a joke about violent activity.

Anyone with a normal sense of the English language would realize the context implied he was going to "tear it up" or go wild, you know, have a good time. For anyone to even think that was any sort of potential threat is ridiculous.

In another tweet, Bryan apparently wrote that while in LA he would be "diggin' Marilyn Monroe up," a reference to an episode of Family Guy.

…

Source: http://www.networkworld.com/research/2012/012712-how-to-prevent-thumb-drive-255414.html

For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.

Here we profile four organizations that have taken slightly different approaches to dealing with thumb-drive security to match the organizations' specific needs and policies.

1. City of ColumbusApproach: Uses Intelligent ID software to categorize files, and then assign a level of encryption on the fly.

2. TurkcellApproach: Uses classification software from Titus that monitors Microsoft Office business documents and alerts users when they try to copy that data to a thumb drive.

3. CIGNAApproach: Allows employees to copy encrypted data, but they are prompted to type in a reason why they're copying. The reasons are later compared to the actual file transfers.

4. University of Alabama, Birmingham Health SystemApproach: Uses DeviceLock to monitor ports and encrypt data. Allows staff and students to use thumb drives at will, but all file transfers are monitored and recorded.

…

Source: http://www.symantec.com/connect/blogs/insight-sykipot-operations-0

The Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a few letters followed by a date hard-coded within the Sykipot Trojan itself. In some cases the keyword preceding the numbers is the sub-domain's folder name on the Web server being used.

Here are some examples of the campaigns we have seen so far:

alt20111215
auto20110413
auto20110420
be20111010
chk20111219
chksrv20111122
easy20110720w
easy20110926n
good20110627
help20110908
help20110926
info20111025
info20111028
info20111031G
insight20111122
pretty20111101
pretty20111122
pub2011124x
server20111212
webmail20111122
world20111205

These campaign markers allow the attackers to correlate different attacks on different organizations and industries.

The attackers also left additional clues allowing us to gain insight into what appears to be a staging server that is used prior to the delivery of new binaries to targeted users. In addition, we were able to confirm that the server was also used as a command and control (C&C) server for a period of time as well. The server is based in the Beijing region of China and was running on one of the largest ISPs in China. Furthermore, on one occasion one of the attackers connected from the Zhejiang province. The server has hosted over a hundred malicious files from the past couple of months, many of which were used in Sykipot campaigns.

…

Source: www.bloomberg.com/news/2012-01-31/china-based-hackers-target-law-firms.html

China-based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal.

Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and the Treasury Board, according to Daniel Tobok, president of Toronto-based Digital Wyzdom. His cyber security company was hired by the law firms to assist in the probe.

…

Episode 581 – The Big Picture, HOIC, The Clanks, .ru Abused, & No Click Pwnage

rick.hayes — Tue, 31 Jan 2012 01:59:21 +0000

InfoSec Daily Podcast Episode 581 for January 30, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Karthik Rangarajan, and Beau Woods.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Subcommittee Markup: H.R. 3674, PrECISE Act of 2011
When: February 1, 2012
Where: 311 Cannon House Office Building, Washington, DC (also live streaming)
http://homeland.house.gov/markup/subcommittee-markup-hr-3674

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: http://www.petitiononlinecanada.com/petition/canadians-against-bill-c11-the-copyright-modernization-act/362

Do you want to be labelled a criminal for copying songs off a CD that you have purchased onto your iPod? With the aforementioned bill, you will be…

The current Canadian government wants to pass Bill C-11 (of the formerly defunct Bill C-32) under the guise of modernization of our current copyright laws. What this bill fails to do is keep any modern consumer in mind.

With the current language of the bill regarding "digital locks" or DRM to many of you, the passing of the bill label most of you criminals.

Potential criminals? With severe fines? for the following actions that many of the current generation of computer literate consumers do:

- Copying a song off a CD that you have purchased to your iPod or cell phone to listen to on your commute to work?

- Copying a movie off a DVD or Blu-Ray that you have purchased to your cellphone or tablet to watch while waiting in line at the cash register?

- Copying a CD, DVD or Blu-Ray disc that you have purchased in order to prevent your young children from scratching the original disc? (something I'm sure that has happen to many a parent including this one)

Do these actions sound criminal to you?

In our current economic climate, do most of us have so much disposable income that we can purchase the same song over and over again? In different formats so that we can listen to it in our car, iPod, cell phone, computer, and home stereo?

Please make your voice against Bill C-11 known to the current Canadian federal government. You can start by signing this petition, and writing to the Prime Minister's office: pm@pm.gc.ca and the Industry Minister: christian.paradis@parl.gc.ca

Geordy’s Comments: It seems like the SOPA problem is worldwide. The world is not seeing the wool pulled over their eyes. I could not find a single news article that mentioned SOPA, ACTA and Bill C-11 and called them all out for the crock of shit they are.

Beau’s Comments: Yep, Spain just passed a similar bill with considerable pressure from the US. And from The Guardian: “The UK and 21 other European Union member states on Thursday signed an international copyright agreement treaty called ACTA sparking more demonstrations by Internet users who have protested for days both virtually and physically over fear it will lead to online censorship.”

….

Source: http://blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year.

Attackers are constantly changing their tactics and tools in response to defender's actions. Recently, the SANS Internet Storm Center (ISC) also highlighted a javascript verion of LOIC that, while generating the same attack traffic as our previous analysis showed, actually executed the attacks without the user "initiating" the attacks by pressing any buttons.

SpiderLabs has identified a new DDoS attack tool in circulation called HOIC (High Orbit Ion Canon).

….

Source: http://www.symantec.com/connect/fr/blogs/androidcounterclank-found-official-android-market

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

For each of these malicious applications, the malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.

The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.

…

Source: http://www.abuse.ch/?p=3581

During the past few years the Top Level Domain (TLD) .ru has been heavily abused by cybercriminals. According to ZeuS Tracker, TLD .ru was one of the most abused Top Level Domains that were used by criminals to run ZeuS botnet controllers.

The Top Level Domain .ru is managed by the Coordination Center for TLD RU (cctld.ru). CCTLD.ru finally did their job well and addressed the reputation problem TLD.ru had by setting up new terms and conditions for domain name registration of .ru domains which came into force on November 11 2011.

In fact this means that a registrar can terminate a domain name when it is being used for phising attacks or when it is being used to control a botnet.

However, what I can say so far is that the number of fraudulent .ru domains used by ZeuS botnet herders decreased in the beginning of 2012. I can also see that malicious .ru domains which are being added to ZeuS Tracker have a much shorter life span. While malicious .ru domains used to stay active for several weeks or months in the past, they are now getting nuked much faster (mostly within 4-24hrs). That’s great news for the internet community!

Unfortunately we all know that there is a never ending cat and mouse game between the security industry / infosec community and cybercriminals. Criminals have already noticed that their domains are getting shut down much faster. So they started to look for another TLD to use for their dirty business and found a TLD that nearly has been forgotten: the TLD .su.

…

Source: http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

Attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment.

According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn't have to click on a link or open an attachment — just opening the email is enough.

"The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened," eleven says in a news release."This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser."

The current wave of drive-by spam contains the subject "Banking security update" and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.

…

Episode 580 – Weekend Wrap-up with Dr. b0n3z

Dr Bones — Sun, 29 Jan 2012 02:52:44 +0000

Episode 580 – Weekend Wrap-up with Dr. b0n3z

InfoSec Daily Podcast Episode 580 for January 28, 2012. Tonight's podcast is hosted by Dr. Bonez.

Guests: frontpage, connection, oncee, spridel

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Social Engineering Training
When: March 5-9, 2012

Where: Seattle, Washington
When: July 21-24, 2012

Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012

Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP closes March 30!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Pentest Lessons:

Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.

Lesson 1: If you are beginning to freelance, make sure you have solid contracts and have a lawyer read the contract drafts. Core released some boilerplate examples about a year ago that are floating around on the internet available to freely use. Also, when you talk to a lawyer, don’t make small talk. The rates they charge make pentesters look like a bunch of chumps, and they charge for every minute you have their attention.

Lesson 2: Depending on the nature of your pentest, consider adding geography into the scope agreement. Shortly after Firesheep was released, I caught an executive of the company I was testing as he accessed wifi at the Starbucks down the street. The company attempted to invalidate the results because I did not have a specific clause stating that I could act outside of the physical building.

Lesson 3: Many small-business IT outsourcing firms are now tacking “Security” onto their product offerings (for example “Bob’s Computers: Service, Sales, Security”). As a result, many young techs are being shovelled into security audits without having any clue that security extends beyond asking if backups are being stored offsite, and that user drives have appropriate permissions. Fear not, there’s a resource for this: THE PTES. Read it; use the appropriate sections, google the shit out of everything you don’t understand.

[Thanks listener Adam]

Source: http://arstechnica.com/tech-policy/news/2012/01/twitter-uncloaks-a-years-worth-of-dmca-takedown-notices-4410-in-all.ars

On almost any given day, Twitter receives a handful of requests to delete tweets that link to pirated versions of copyrighted content—and quickly complies by erasing the offending tweets from its site.

But Twitter has taken the unusual step of making DMCA takedown notices public, in partnership with Chilling Effects, a project of the Electronic Frontier Foundation and several universities. The site shows 4,410 cease and desist notices dating back to November 2010. While most of 2011 shows daily or near-daily activity, there is just one notice in January 2012, suggesting either that Twitter is suddenly receiving fewer DMCA takedown notices or that the database is not quite up to date.

Twitter was already submitting data to Chilling Effects prior to this week, but this latest iteration makes it easier for users to locate Twitter-specific takedown notices. If you search the Chilling Effects site, you can also find many thousands of DMCA notices issued to Google, but Facebook has kept its own notices private.

Source: http://arstechnica.com/microsoft/news/2012/01/kinect-tech-shows-up-in-laptop-prototypes.ars

Kinect's vision and depth perception technology could soon be integrated into laptops. The Daily has seen two prototypes, believed to be from Asus, that incorporate an array of sensors above the top of the screen, replacing the traditional webcam. Below the display are a set of LEDs. Sources at Microsoft confirmed to The Daily that the laptops contain versions of the Kinect sensor.

Asus has dabbled with Kinect-like systems before. Its Xtion PRO PC peripheral uses sensor and software technology licensed from PrimeSense—technology also found in Microsoft's Kinect sensor.

What the sensor might be used for is anybody's guess. The Kinect for Windows—a version of the Xbox 360 accessory with revised firmware to support close-up operation—will be released in February, and with that, third-party applications that use the sensor will start to arrive. Windows 8 might even include direct support for Kinect-powered features: documents leaked in 2010 hinted at Kinect integration with automatic user switching using face detection.

Source: http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

Attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment.

According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when am email is opened in the email client. The user doesn't have to click on a link or open an attachment — just opening the email is enough.

Source: http://blog.hacktalk.net/how-to-do-it-wrong/

As I’m sure many of you HackTalkers have read, UFC.com was recently defaced which led to Dana White essentially daring Anonymous to do it again.

I see stuff like this time and time again, a hacking forum will get pwned by some group and after picking up the pieces, the site which got hacked will talk crap about their attackers and essentially dare them to try it again. Inevitably the site will be hacked again because the administrators of the site are still leaving gaping security holes in their site. This is something that has been done time and time again.

This doesn’t relate only to hacking either. In pretty much every walk of life, if someone kicked your ass once you can be certain they can do it again, especially if you egg them on.

Episode 579 – Dude, Where’s My Porn?, Please Pass the Tinfoil, Virus Inception: Birth of Skynet, Spamvertisement Squatnet & All Your DoD Are Belong To Us

rick.hayes — Sat, 28 Jan 2012 02:03:09 +0000

InfoSec Daily Podcast Episode 579 for January 27, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Geordy Rostad, and Dr. Bonez.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: https://torrentfreak.com/megaupload-users-plan-to-sue-the-fbi-over-lost-files-120126/

In most reports following the MegaUpload shutdown, the site is exclusively portrayed as a piracy haven.

However, hundreds of thousands, perhaps millions of people used the site to share research data, work documents, personal video collections.

As of today, these people are still unsure whether they will ever get their personal belongings back.

In a response, Pirate Parties worldwide have started to make a list of all the people affected by the raids, and they are planning to file an official complaint against the US authorities.

“The widespread damage caused by the sudden closure of Megaupload is unjustified and completely disproportionate to the aim intended,” they announce.

“For this reason Pirates of Catalonia, in collaboration with Pirate Parties International and other Pirate Parties, have begun investigating these potential breaches of law and will facilitate submission of complaints against the US authorities in as many countries as possible, to ensure a positive and just result.”

…

Source: https://billmullins.wordpress.com/2012/01/26/googles-new-policy-whats-the-problem-why-the-outrage/

As a long standing vocal opponent of Google’s invasive practices – and, having not stood on the sideline as the Octopus spread its tentacles – I now find myself in the uncomfortable position of defending the indefensible – those same overreaching and invasive practices.

In yesterday’s presumptuous announcement, Google explained its new policy – with just the right amount of deceptive glitter - a customer care focus.

Our new policy reflects a single product experience that does what you need, when you want it to – ……. reflecting our desire to create one beautifully simple and intuitive experience across Google.

A bit of a twist on reality, I should think.

The reality being of course – Google has always viewed you as the product – not, the customer. Yes, you the user – are a product. The customers (no, not you), are the companies that buy the targeted advertising that is directed to you. It’s hardly news that Google generates its revenue through targeted advertising – directed at you.

…

Source: http://redtape.msnbc.msn.com/_news/2012/01/27/10245683-what-if-a-virus-infected-a-virus-frankenware-spotted-by-security-firm

What if two computer viruses got together on your computer and had a baby?

It does happen, says security firm BitDefender, and the result is more mutant than mutt. The firm has taken to calling the third, new piece of malware produced by the odd couple — with apologies to Mary Shelley — "Frankenware." The spontaneous software offspring might be dangerously unpredictable, and it can be harder to defend again, BitDefender says.

There are so many computer viruses flying around out there that they can't help bumping into one other while wreaking havoc on our computers. In fact, virus writers account for this. In order to protect and defend a hard-won compromised computer, some virus writers actually install their own antivirus programs after they infect a PC. That way, another bad guy can't come along and hijack an already hijacked machine, said Catalin Cosoi, head of the Online Threats Lab at BitDefender, based in Romania.

…

Source: https://www.net-security.org/secworld.php?id=12275

A network of some 7,000 typo squatting domains is being used by scammers to effectively drive traffic towards their scammy sites, some of which get so much traffic that they managed to enter Alexa's top 250 list of sites with the largest Web traffic, say Websense researchers.

The typo squatting domains take advantage of the "fat-fingered" visitors of popular websites such as Google, Twitter, Gmail, YouTube, Wikipedia, Victoria's Secret, Craigslist, and many more, and redirect them to spam survey sites.

…

Source: http://www.military.com/news/article/china-suspected-in-attacks-on-dod-computer-cards.html

Cyber security firms have discovered a computer virus that uses servicemembers’ network security cards to hack into government networks.

How does it work? servicemembers receive an email with an official-looking PDF file connected to the virus that allows it to record keystrokes, said Jaime Blasco, lab manager for Alien Vault, a California-based cyber security firm. The virus then collects a service member’s personal identification number associated with a Common Access Card when he logs into a government computer.

“The hackers can get in pretty easily with this virus and do whatever they want on a government computer while a soldier just works on his computer,” Blasco said in a phone interview from his office in Spain.

Blasco said he suspects the cyber attack originates from China because of the Chinese characters found within the virus’ coding.

…

Episode 578 – malwareAnywhere™, Zulu, NYPII, DoDroid & Threat of the Year

Karthik.Rangarajan — Fri, 27 Jan 2012 03:15:34 +0000

InfoSec Daily Podcast Episode 578 for January 26, 2012. Tonight's podcast is hosted by Rick Hayes, Adrian Crenshaw, Karthik Rangarajan, Geordy Rostad, and Varun Sharma.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: http://www.theregister.co.uk/2012/01/25/pcanywhere_patch/

Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.

The most severe of the two holes allows hackers to remotely inject code into vulnerable systems – made possible because a service on TCP port 5631 permits a fixed-length buffer overflow during the authentication process. This line of attack ought to be blocked by a properly configured firewall, but it'd be stupid to rely on that without patching vulnerable systems.

The other flaw relies on overwriting files installed by pcAnywhere in order to escalate a user's privileges, although miscreants will already need access to vulnerable system to do this.

Neither flaw has been weaponised into exploits by hackers, reckons Symantec. The security firm credits Edward Torkington (of NGS Secure) and independent security researcher Tad Seltzer with discovering the flaws.

…

Source: http://research.zscaler.com/2012/01/introducing-project-zulu.html

Our goal in building Zulu, was to provide a simple and straightforward interface accessible to anyone regardless of security knowledge, while still delivering granular results that are of value to those that are more security savvy. I believe we've achieved this by providing a UI that requires no additional input beyond the UI to be analyzed, while allowing a few necessary advanced options, (User-Agent and Referer) when encountering malware triggered only when certain input variables are met. Results also display an overall ranking of Benign, Suspicious or Malicious, but also include details of elements that went into the overall score.

…

Source: https://threatpost.com/en_us/blogs/data-breach-affects-two-million-ny-customers-state-commission-investigate-012412#.Tx8yS3ae0YA.reddit

The New York State Public Service Commission announced yesterday they'll be looking into a data breach that may have exposed the personal information of almost two million customers to unknown attackers.

An employee from a software consulting firm contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was allowed unauthorized access to the company’s databases, prompting the investigation, according to a statement by the the Commission on Monday.

Both companies are owned by Iberdrola USA of Rochester, N.Y. and serve approximately 1.8 million customers collectively.

While NYSEG and RG&E claim there is no proof customers’ data may have been mishandled, they have begun to send preventive notifications regarding the breach to their customers. The exposed data includes Social Security Numbers, dates of birth and some financial account information, according to a press release (.PDF) issued by the NY Commission on Monday.

…

Source: http://fcw.com/articles/2012/01/24/android-smart-phones-tablets-classified-sipr-network.aspx

New security standards expected to be approved soon would let devices powered by the Android operating system use the Defense Department's classified networks, according to an Army official.

DOD and National Institute of Standards and Technology are close to approving the standards, according to Michael McCarthy, program manager and director of operations, Army Brigade Modernization Command. The standards will allow service members, DOD personnel and other government users to use the devices on classified networks, including the military’s Secret Internet Protocol Router Network (SIPRNet).

McCarthy spoke Jan. 24 at the Soldier Technology 2012 conference in Arlington, Va. He said the goal is to have Android smart phones and tablets able to connect to SIPR-level systems by the summer. This development marks a critical step forward for tactical operations and represents the high priority that mobile communications have become, he said.

“There were going to be no information assurance [standards issued] until 2014, but with the groundswell of interest and needs, the agencies responsible for certification are giving this a higher priority,” McCarthy said. “The key is that it allows users from DOD and other agencies to access databases that in the past they couldn’t get to using a smart phone.”

…

Source: http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-01.aspx

In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.

And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.

The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware—in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.

…

Episode 577 – Pentest Lessons, Kelihos, O2mo, Privacy Backlash, Hiding Bad Reviews & DNS Changer Change Back

Karthik.Rangarajan — Thu, 26 Jan 2012 02:03:57 +0000

InfoSec Daily Podcast Episode 577 for January 25, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, and Varun Sharma.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Pentest Lessons:
Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.

[Thanks listener Adam]

Stories

Source: http://www.computerworld.com/s/article/9223667/Accused_Kelihos_botnet_maker_worked_for_two_security_firms

A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.

In an amended complaint filed yesterday in federal court, Microsoft identified the man as Andrey Sabelnikov of St. Petersburg.

According to his LinkedIn profile, Sabelnikov worked for two Russian companies that specialize in security, including the antivirus firm Agnitum, for the last six years.

Agnitum, which is based in St. Petersburg, develops and sells a Windows antivirus product called OutPost Antivirus Pro as well as a personal firewall for Windows PCs. A company spokesman confirmed today that Sabelnikov worked for the firm from September 2005 until November 2008.

Sabelnikov held a number of tiles, ending his time with Agnitum as a project manager responsible for everything from "designing the product architecture" to "implementing … critical parts of code."

In an emailed reply to questions, the Agnitum spokesman said that Sabelnikov "resigned by his own will in late 2008."

From November 2008 until December 2011, Sabelnikov worked for another Russian company, Retunil, which also markets security software. Returnil's primary product, Virtual System Pro, clones an existing copy of Windows in a virtual machine as a way to protect users from malware.

….

Source: http://www.thinkbroadband.com/news/4990-o2-shares-your-mobile-phone-number-with-every-website-you-visit.html

If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.

For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.

…

Source: http://blogs.ft.com/fttechhub/2012/01/google-faces-norwegian-public-sector-ban/#axzz1kPjBMnTo

Norwegian public sector organisations will be banned from using Google Apps after the Norwegian data protection authorities ruled that the service could put citizens’ personal data at risk.

The data protection authority said Google Apps did not comply with Norwegian privacy laws because there was insufficient information about where data was being kept. The decision came from a test case in Narvik, where the local council had chosen to use Google Apps for their email.

The Norwegian ban comes just as things were going so well for Google Apps in Europe, with the company winning its largest ever contract with BBVA, the Spanish bank.

Now, however, Google could find access to swathes of public sector work effectively closed. Early last year, there was a similar decision in Denmark, where the town of Odense was banned from using Google Apps in its schools. Privacy regulators were concerned that if teachers used Google’s document and calendar functions for lesson planning, student assessment and communicating with parents, it would leave some sensitive personal data at risk.

…

Source: https://www.net-security.org/secworld.php?id=12267

For individuals and companies that have a bad online reputation, online reputation management (ORM) services might sound like a good investment. Such services are not illegal, even though search engines such as Google do not look favorably upon them.

But every now and then, some firms offering those services succumb to the temptation of using illegal means to achieve their goal. And, according to Fox News, California-based Rexxfield is currently being accused of belonging to that group.

As Darren Meade, a former CEO of another California-based company, tells it, Rexxfield owner Michael Roberts shared with him his intent of buying and using hacking code to surreptitiously modify websites containing negative comments and make them drop down in search results.

The code in question allegedly allows users to inject a "noindex" tag into the source code of these sites, which makes search engine crawlers skip indexing them and, thus, effectively hiding them from the great majority of users. Roberts even demonstrated to Meade the effectiveness of the code in question by hacking Ripoff Report, a popular online consumer complaint site.

…

Source: https://www.networkworld.com/news/2012/012412-authorities-prepare-to-close-down-255242.html

German authorities are advising victims of DNSChanger Trojan programs to fix their computers' Domain Name System settings using a free tool developed by antivirus company Avira, because the servers resolving DNS queries on their behalf will be closed down on March 8.

DNSChanger is a family of Trojans for Windows and Mac OS X whose primary function is to replace the DNS servers defined on the victim's computer with rogue ones operated by the malware's authors.

The DNS is a vital part of the Internet infrastructure and is used to resolve domain names into numerical IP addresses. By controlling DNS responses, the DNSChanger gang was able to redirect victims to rogue websites that distributed fraudulent software or displayed money-generating advertisements.

The DNSChanger operation was shut down by the U.S. Federal Bureau of Investigation in November last year following a two-year long investigation. The authorities estimated the number of computers infected with this type of Trojan at 500,000 in the U.S. and over 4 million worldwide.

…

Episode 576 – Encryption Legally Broken, Stop Scottish Farmers!, No GPS Tracking, No OPT Out & SOPA/ACTA Hack

Karthik.Rangarajan — Wed, 25 Jan 2012 03:58:07 +0000

InfoSec Daily Podcast Episode 576 for January 24, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Themson Mester, and Varun Sharma.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/

Judge Robert Blackburn ordered a Peyton, Colo., woman to decrypt the hard drive of a Toshiba laptop computer no later than February 21–or face the consequences including contempt of court.

Blackburn, a George W. Bush appointee, ruled that the Fifth Amendment posed no barrier to his decryption order. The Fifth Amendment says that nobody may be "compelled in any criminal case to be a witness against himself," which has become known as the right to avoid self-incrimination.

"I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Blackburn wrote in a 10-page opinion today. He said the All Writs Act, which dates back to 1789 and has been used to require telephone companies to aid in surveillance, could be invoked in forcing decryption of hard drives as well.

Ramona Fricosu, who is accused of being involved in a mortgage scam, has declined to decrypt a laptop encrypted with Symantec's PGP Desktop that the FBI found in her bedroom during a raid of a home she shared with her mother and children (and whether she's even able to do so is not yet clear).

…

Source: http://www.theregister.co.uk/2012/01/23/freetard_sopa_fail/

Angry copyfighters barraged a small Scottish food certification agency with abuse last week – in the belief they were protesting against hated US anti-piracy legislation.

The Scottish Organic Producers Association – whose website is at sopa.org.uk – was perplexed when it found itself on the receiving of dozens of nasty and illiterate emails.

Remarkably, nothing about the site's design – including pictures of sheep, vegetables, Angus cattle and fruit – did anything to suggest to the furious freetards that they'd got the wrong SOPA – or that something might be not quite right.

…

Source: http://www.eweek.com/c/a/Mobile-and-Wireless/Supreme-Court-Ban-on-Warrantless-GPS-Tracking-has-Wider-Implications-212536/

A U.S. Supreme Court decision released on Jan. 23 will have a significant impact on how law enforcement officers can use GPS technology to track criminal suspects in a wide variety of cases.

In this case, the use of a GPS location device attached to the bottom of a car driven by a suspect allegedly to conduct drug deals was considered a violation of the suspect’s Fourth Amendment rights under the U.S. Constitution. But in some ways the case raises more questions than it answers.

The case in question was the conviction of Antoine Jones for drug trafficking. The police asked for and received a warrant for the GPS tracking in the District of Columbia good for 10 days. However, the police didn’t actually manage to affix the device to the vehicle being used by Jones until 11 days later, in a parking lot in Maryland. The trial court accepted the GPS evidence, which helped locate the place where Jones stored his drugs, but that was overturned on appeal, as was the conviction.

The Supreme Court, in deciding the case, took the most narrow possible view. The reasoning behind the decision was that the act of attaching the GPS device after the warrant expired constituted an illegal search. Essentially, the court reasoned that by touching Jones’ car, the police effectively seized his effects without a warrant, whicThe right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” All such seizures require a properly sworn warrant issued by a court, the amendment says.

h is one of the things that the Fourth Amendment says you can’t do. The Fourth Amendment says “…

Source: http://www.washingtonpost.com/business/technology/google-tracks-consumers-across-products-users-cant-opt-out/2012/01/24/gIQArgJHOQ_story.html Google said Tuesday it will follow the activities of users across e-mail, search, YouTube and other services, a shift in strategy that is expected to invite greater scrutiny of its privacy and competitive practices.

The information will enable Google to develop a fuller picture of how people use its growing empire of Web sites. Consumers will have no choice but to accept the changes.

The policy will take effect March 1 and will also impact Android mobile phone users, who are required to log in to Google accounts when they activate their phones.

The changes comes as Google is facing stiff competition for the sometimes fleeting attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing last week to meet earnings predictions. Apple, in contrast, reported record earnings Tuesday, blowing past even the most optimistic expectations.

Google’s move appears to be aimed squarely at Apple and Facebook — titans of the tech industry that have been successful in keeping people within their ecosystem of products. Google, which makes money by selling targeted ads, is hoping to do the same by offering a Web experience tailored to personal tastes.

….

Source: http://www.theregister.co.uk/2012/01/24/antisec_sopa_acta_hack/

Anonymous and LulzSec members have hacked US government security web site OnGuard Online and defaced it, forcing it offline, in retaliation for the recent MegaUpload takedown and the controversial Anti-Counterfeiting Trade Agreement (ACTA), the groups have announced.

Anonymous has been ramping up its opposition to ACTA on Twitter via the #ActAgainstACTA hashtag and has been a vocal opponent of the US government’s move to silence file-sharing site MegaUpload last week and arrest the men behind it.

Late on Monday local time, Anonymous tweeted from one of its official accounts that it had hacked the OnGuard Online site, which is managed by the Federal Trade Commission and is similar to the UK’s Get Safe Online.

At the time it defaced the site with a message, also posted to Pastebin, detailing its beef with the authorities. The site is now down, presumably as its admins work out how to clean it up while addressing the security flaws which made the hack possible in the first place.

“umad? don't like it when your site is wiped of the internet do you? If SOPA/PIPA/ACTA passes we will wage a relentless war against the corporate internet, destroying dozens upon dozens of government and company web sites,” the message read.

“As you are reading this we are amassing our allied armies of darkness, preparing boatloads of stolen booty for our next raid. We are sitting on hundreds of rooted servers getting ready to drop all your mysql dumps and mail spools. Your passwords? Your precious bank accounts? Even your online dating details?! You ain't even trying to step to this.”

Alongside the message were the email addresses of FTC employees as well as a lengthy log of the hack itself.

The attack was launched under the banner of the AntiSec campaign waged by members of Anonymous and LulzSec against law enforcement and government agencies since last summer.

….

Episode 575 – Racist Router, Aaron Gets Axed, G+ Required, Dreamhost’s Nightmare, CBS & Hannibal

rick.hayes — Tue, 24 Jan 2012 02:10:04 +0000

InfoSec Daily Podcast Episode 575 for January 23, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Boris Sverdlik, Karthik Rangarajan, and Varun Sharma.

Announcements:

Unsung Heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source: https://www.nydailynews.com/news/national/wifi-signal-racist-anti-semitic-slur-teaneck-nj-sparks-police-probe-signal-rec-center-router-article-1.1008135

A bigot named their WiFi signal “F— All Jews and N—-” — and now cops are investigating.

The hateful signal I.D. popped up on the iPhone of a 28-year-old mom inside a Teaneck, N.J. recreation center, where her 3-year-old daughter was attending dance class.

The offending signal was coming from a router connected in the Richard Rodda Community Center in the the township, located 10 miles outside New York City.

…

Source: http://www.huffingtonpost.com/2012/01/20/aaron-barr-cybersecurity-anonymous-occupy-wall-street_n_1219328.html

Just last week Aaron Barr, the former HBGary Federal CEO whose email was hacked by Anonymous in February, was "schooling" the FBI on security and social media. Now he's been let go from his new job at another federal contractor, Sayres and Associates. His former boss at Sayres told HuffPost it was because Barr was acting like a "cowboy" on the company dime.

Barr's strange year in the public eye began in early 2011. At the time he was the CEO at HBGary Federal, an information security contractor working with both federal government agencies and with outside firms. In a Feb. 4 article, he claimed to the Financial Times that he was on the cusp of exposing the leaders behind the loose-knit confederation of hackers and activists known as Anonymous.

The Anons struck back, releasing thousands of internal emails from HBGary Federal — emails that showed that HBGary Federal was working for a law firm, which was in turn working for the U.S. Chamber of Commerce, to hurt Wikileaks by feeding it false information and discrediting its supporters in the media.

…

Source: http://techcrunch.com/2012/01/20/new-google-accounts-require-gmail-and-g-accounts/

Google appears to have made some changes to its account creation process. Whereas before, all it took was an email address of any kind and some basic demographic data, now you are required to create both a Gmail account and a presence on Google+. This doesn’t strike me as a user-friendly change.

On one hand, it’s harmless in a way: you create a throwaway email address and a dummy G+ account if you don’t want to use them. Problem solved. But is that really a step people should have to take if they just want to use Google Docs or YouTube? Certainly Google will say that this is all about the integration of services, but part of the attraction of Google services has always been how you can just use one or the other. This forced-signup device smells of an attempt to boost G+ numbers, and is reminiscent not of the Google of yore, but of the Apple and Facebook of today.

…

Source: http://techcrunch.com/2012/01/20/dreamhost-hacked-password-changes-made-mandatory/

Another day, another hack. The company whose data was compromised this time? DreamHost.

According to DreamHost’s status blog, the company detected “unauthorized activity within one of [their] databases”. In other words: someone was snooping around where they shouldn’t have been snooping, and DreamHost noticed the foot prints.

Alas, the company isn’t divulging much information as to the nature of the hack, beyond that they “don’t have evidence that customer passwords were taken at this time”. Still, they’re requiring password resets for all Shell/FTP accounts (read: not the account that DreamHost customers use to login to the billing/backend system, but the user accounts they use to access and maintain their actual websites.) for what seems to be all DreamHost customers. If you find yourself having trouble logging into your DreamHost FTP accounts today, it’s because your password has already been disabled.

….

Source: http://www.nationaljournal.com/tech/hackers-claim-responsibility-for-temporarily-felling-cbs-com-after-attacking-doj-site-20120122?mrefid=related2

A group of hackers temporarily wiped clean CBS.com, in what seemed to be further retaliation for the government shutdown last week of file-sharing site Megaupload.com.

Several Twitter accounts linked to Anonymous, a loosely organized collective of hackers, posted messages claiming responsibility for the hack, some of them mentioning "#OpMegaUpload," shorthand for Operation Mega Upload. At least one suggested Fox would be targeted next.

The group claimed responsibility for hacking the Justice Department's website earlier in the week after federal officials shut down Megaupload.com.

For a short period, visitors to CBS.com were presented with a single blank HTML file around mid-day on Sunday. The site has since been restored.

….

Source: http://www.scmagazine.com/arab-facebook-logins-posted-by-israeli-hacker/article/224338

In four separate posting on Saturday to the Pastebin website, an Israeil hacker calling himself Hannibal announced he had published emails and logins of 100,000 allegedly Arab Facebook users. He also made the data available on 14 other file-sharing sites.

According to a published report by an investigator who downloaded the data from the file-sharing sites, the number of stolen Facebook accounts is likely closer to 20,000.

The self-professed "general of Israel's hackers" claimed to have about 30 million email accounts, 10 million bank accounts and four million credit cards of Arabs from all over the world. His purpose, he stated, is to display his strength "to save Israel" from cyber attack.

"The Arabs should learn a lesson and know not to mess with me," he wrote.

Hannibal's actions are apparently in retaliation for a data dump earlier this month when OxOmar, who claimed to be a member of a Saudi hacking gang Group-XP, declared he had posted banking details on 400,000 Israelis. Israeil banks refuted the claim, asserting that most of the data was outdated and that in actuality only 14,000 records were exposed.

…

Episode 574 – Weekend Wrap-up with Dr. b0n3z

Dr Bones — Sun, 22 Jan 2012 12:07:54 +0000

Episode 574 – Weekend Wrap-up with Dr. b0n3z
InfoSec Daily Podcast Episode 574 for January 21, 2012. Tonight's podcast is hosted by Dr. Bonez, Boris Sverdlik, and Themson Mester.

Guests: aricon, coolacid, connection, and spridel

Announcements:

Unsung Heroes

Have you ever stumbled on your tool while walking and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros

http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/

CampusCon 2012
When: January 21, 2012
Where: MOVED: CampusCon has been moved to the main WIT campus on Browne's Road
http://campuscon.hackingwit.com
(from Baconzombie)

New England InfoSec Tweetup
When: January 21, 2012
Where: Ledgewood Hills Clubhouse – Nashua, NH
http://neistu3.eventbrite.com/

SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484

ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org

Schmoocon Epilogue
When: After Schmoocon
Where: Washington, DC
Hit up anyone in NOVA Hackers
http://shmooconepilogue.eventbrite.com/

Social Engineering Training with Chris Hadgany
When: March 5-9, 2012

Where: Seattle, Washington
When: July 21-24, 2012

Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012

Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training

BSides Chicago

When: Saturday, April 28th, 2012

Where: Volcano Room (further info coming)
Cost: Free (as always!) – Registration opening soon!
http://www.securitybsides.com/w/page/48444703/BSidesChicago-2012
They’re looking for sponsors, so if you know someone, pass it on.

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

You don't have a sufficient version of Flash Player to display this animation.

Stories

Source:

Pentest Lessons:

Adam Compton & Zac Wagle's should get credit for the "Pentest Lessons" idea. They also started a twitter account: https://twitter.com/pentestlessons.

Lesson 1: Don’t assume that your client has any idea what you do. Don’t assume they aren’t interested in hearing about it though. Every time you are talking to the customer, you are representing the company. Educating the client is a great way to build business relationships.

Lesson 2: Stay within your scope: if you've been hired to audit or test – don't fix anything.

In my reckless youth I popped a box that had a virus on it. I thought I'd be a superhero and remove the virus so I could laugh about it during my report presentation. Instead the machine locked up, and 300 Kilometres away I could FEEL it's blue screen. Yeah, it was the company's payroll server.

Lesson 3: Depending on your engagement agreement, if you fuck up something really important (like a payroll system), don't wait long before reporting it.

Lesson 4: If you are doing an audit which consists mostly of interviews, actually perform the interview. Don’t go into tangents and stories. It is an interview after all. Ask them to explain their job functions, what they do on a day to day basis, and what types of challenges they run in to. #SoShowMeOrFuckYou

Source: http://www.wired.com/threatlevel/2012/01/anons-rickroll-botnet/

A version of Anonymous’ voluntary botnet software, known as LOIC (Low Orbit Ion Canon), was modified to make it not so voluntary, drafting unwary bystanders, journalists and even anons who don’t support DDoS tactics into attacks on the U.S. Justice Department. Thursday’s trickery seems not to have been central to the successful takedown of sites like justice.gov, RIAA.com and MPAA.com, but not all anons are pleased with forcing unwitting bystanders to join in a potentially illegal action.

The trick snagged those who happened to click on a shortened link on social-media services, expecting information on the ongoing #opmegaupload retaliation for the U.S. Justice Department’s takedown of popular file sharing site Megaupload. Instead they were greeted by a Javascript version of LOIC — People were already firing packets at targeted websites by the time their page was loaded.

Source: http://www.reuters.com/article/2012/01/21/us-internet-piracy-megaupload-idUSTRE80K07Q20120121

A police official said dozens of officers, backed by helicopters, forced their way into the mansion, nestled in lush, rolling farmland, after Dotcom refused them entry, a scene more reminiscent of a high-octane spy drama than the usual policeman's lot in rural New Zealand.
"Despite our staff clearly identifying themselves, Mr Dotcom retreated into the house and activated a number of electronic-locking mechanisms," said Detective Inspector Grant Wormald from the Organised and Financial Crime Agency New Zealand.
Officers broke the locks and Dotcom barricaded himself into a safe room which officers had to cut their way through to gain access.
"Once they gained entry into this room, they found Mr Dotcom near a firearm which had the appearance of a shortened shotgun," he said. "It was definitely not as simple as knocking at the front door."

Source: http://www.nydailynews.com/news/national/wifi-signal-racist-anti-semitic-slur-teaneck-nj-sparks-police-probe-signal-rec-center-router-article-1.1008135

A bigot named their WiFi signal “F— All Jews and N—-” — and now cops are investigating.

The hateful signal I.D. popped up on the IPHONE of a 28-year-old mom inside a Teaneck, N.J. recreation center, where her 3-year-old daughter was attending dance class.

The offending signal was coming from a router connected in the Richard Rodda Community Center in the the township, located 10 miles outside New York City.

The Teaneck Police Department Juvenile Bureau and the Bergen County Prosecutor's Office Computer Crime Unit are investigating it as a "possible bias crime," Wilson said.

Source: http://thenextweb.com/dd/2012/01/21/7-ways-to-start-learning-how-to-code-right-now-for-free/

1. Processing

2. Codeacademy
3. Bloc (Ruby)
4. Get Physical
5. Start with HTML
6. Grab your iPAD, connect to F— All Jews and N—-” and then throw it in a lake.
7. Read, Watch and Fail

Source: http://www.techdirt.com/articles/20120120/14472117492/mpaa-directly-publicly-threatens-politicians-who-arent-corrupt-enough-to-stay-bought.shtml

Reinforcing the fact that Chris Dodd really does not get what's happening, and showing just how disgustingly corrupt the MPAA relationship is with politicians, Chris Dodd went on Fox News toexplicitly threaten politicians who accept MPAA campaign donations that they'd better pass Hollywood's favorite legislation… or else:

"Those who count on quote 'Hollywood' for support need to understand that this industry is watching very carefully who's going to stand up for them when their job is at stake. Don't ask me to write a check for you when you think your job is at risk and then don't pay any attention to me when my job is at stake,"

This certainly follows what many people assumed was happening, and fits with the anonymous comments from studio execs that they will stop contributing to Obama, but to be so blatant about this kind of corruption and money-for-laws politics in the face of an extremely angry public is a really, really, really tone deaf response from Dodd.

Episode 573 – Good Riddance SOPA/PIPA, Young Love, Shallow Talent Pool, IPv6 For Real & Bad Guy’s Google

Karthik.Rangarajan — Sat, 21 Jan 2012 06:05:57 +0000

InfoSec Daily Podcast Episode 573 for January 20, 2012. Tonight's podcast is hosted by Karthik Rangarajan, Boris Sverdlik, Geordy Rostad, and Dr. Bonez.