InfoSec Daily Podcast Episode 581 for January 30, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Karthik Rangarajan, and Beau Woods.
Announcements:
Unsung Heros
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email ashimmy@hotmail.com with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on http://www.ashimmy.com.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/
Subcommittee Markup: H.R. 3674, PrECISE Act of 2011
When: February 1, 2012
Where: 311 Cannon House Office Building, Washington, DC (also live streaming)
http://homeland.house.gov/markup/subcommittee-markup-hr-3674
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
https://msfucincy.wordpress.com/
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!
DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Do you want to be labelled a criminal for copying songs off a CD that you have purchased onto your iPod? With the aforementioned bill, you will be…
The current Canadian government wants to pass Bill C-11 (of the formerly defunct Bill C-32) under the guise of modernization of our current copyright laws. What this bill fails to do is keep any modern consumer in mind.
With the current language of the bill regarding "digital locks" or DRM to many of you, the passing of the bill label most of you criminals.
Potential criminals? With severe fines? for the following actions that many of the current generation of computer literate consumers do:
- Copying a song off a CD that you have purchased to your iPod or cell phone to listen to on your commute to work?
- Copying a movie off a DVD or Blu-Ray that you have purchased to your cellphone or tablet to watch while waiting in line at the cash register?
- Copying a CD, DVD or Blu-Ray disc that you have purchased in order to prevent your young children from scratching the original disc? (something I'm sure that has happen to many a parent including this one)
Do these actions sound criminal to you?
In our current economic climate, do most of us have so much disposable income that we can purchase the same song over and over again? In different formats so that we can listen to it in our car, iPod, cell phone, computer, and home stereo?
Copyright modernization need to keep the modern consumer in mind, and need to include fair use and common sense.
Please make your voice against Bill C-11 known to the current Canadian federal government. You can start by signing this petition, and writing to the Prime Minister's office: pm@pm.gc.ca and the Industry Minister: christian.paradis@parl.gc.ca
Geordy’s Comments: It seems like the SOPA problem is worldwide. The world is not seeing the wool pulled over their eyes. I could not find a single news article that mentioned SOPA, ACTA and Bill C-11 and called them all out for the crock of shit they are.
Beau’s Comments: Yep, Spain just passed a similar bill with considerable pressure from the US. And from The Guardian: “The UK and 21 other European Union member states on Thursday signed an international copyright agreement treaty called ACTA sparking more demonstrations by Internet users who have protested for days both virtually and physically over fear it will lead to online censorship.”
….
Source: http://blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html
In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year.
Attackers are constantly changing their tactics and tools in response to defender's actions. Recently, the SANS Internet Storm Center (ISC) also highlighted a javascript verion of LOIC that, while generating the same attack traffic as our previous analysis showed, actually executed the attacks without the user "initiating" the attacks by pressing any buttons.
SpiderLabs has identified a new DDoS attack tool in circulation called HOIC (High Orbit Ion Canon).
….
Source: http://www.symantec.com/connect/fr/blogs/androidcounterclank-found-official-android-market
Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.
For each of these malicious applications, the malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.
The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.
…
Source: http://www.abuse.ch/?p=3581
During the past few years the Top Level Domain (TLD) .ru has been heavily abused by cybercriminals. According to ZeuS Tracker, TLD .ru was one of the most abused Top Level Domains that were used by criminals to run ZeuS botnet controllers.
The Top Level Domain .ru is managed by the Coordination Center for TLD RU (cctld.ru). CCTLD.ru finally did their job well and addressed the reputation problem TLD.ru had by setting up new terms and conditions for domain name registration of .ru domains which came into force on November 11 2011.
In fact this means that a registrar can terminate a domain name when it is being used for phising attacks or when it is being used to control a botnet.
However, what I can say so far is that the number of fraudulent .ru domains used by ZeuS botnet herders decreased in the beginning of 2012. I can also see that malicious .ru domains which are being added to ZeuS Tracker have a much shorter life span. While malicious .ru domains used to stay active for several weeks or months in the past, they are now getting nuked much faster (mostly within 4-24hrs). That’s great news for the internet community!
Unfortunately we all know that there is a never ending cat and mouse game between the security industry / infosec community and cybercriminals. Criminals have already noticed that their domains are getting shut down much faster. So they started to look for another TLD to use for their dirty business and found a TLD that nearly has been forgotten: the TLD .su.
…
Attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment.
According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn't have to click on a link or open an attachment — just opening the email is enough.
"The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened," eleven says in a news release."This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser."
The current wave of drive-by spam contains the subject "Banking security update" and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated.
…