InfoSec Daily Podcast

 
ISDPodcast Episode 174 for July 16, 2010.  Tonight’s podcast is hosted by Rick Hayes, Matthew Shoemaker and the intern, Karthik Rangarajan.  In this episode we will discuss WordPress, Shortcut Flaw, iPhone & “Perfect Citizen”.

Announcements:

MyHardDriveDied.com:

• MHDD Data Recovery Class current dates and locations:
  • Dallas, TX – October 11th – 15th
  • SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
  • Washington, DC – December 6th – 10th
• Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

• Jason Lawrence will be teaching the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
• Adrian Sanabria (sah-NAH-bree-ah) will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code: isdpod15KY for a 15% discount.

Atlanta ISSA:

• ISSA International Conference – September 16, 2010  (http://www.issa.org/page/?p=105)

SANS Community:

• SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17-22, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

• Registration for these classes by Aug 4th offers both $400 Early Bird savings and registration for the ISSA Conference (existing members). All attendees also receive a one year ISSA membership.  Use the Discount Code: isdpod15 for a 15% discount.

The Louisville Metro InfoSec Conference:

• Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com)
• Registration made between now and July 16th, 2010 receive a 50% DISCOUNT on the $99 ticket price!  After July 16th the ticket price will go back to normal.

Stories of Interest:News Item 1:  http://torrentfreak.com/u-s-authorities-shut-down-wordpress-host-with-73000-blogs-100716/
According to the owner of a free WordPress platform which hosts more than 73,000 blogs, his network of sites has been completely shut down on the orders of the authorities.   BurstNet for 7 months but on Friday July 9th the site disappeared.
You may recall that ‘Operation In Our Sites‘ targeted several sites including TVShack.net, Movies-Links.TV, FilesPump.com, Now-Movies.com, PlanetMoviez.com, ThePirateCity.org, ZML.com, NinjaVideo.net and NinjaThis.net.  This action is only the beginning, and the thought is that more sites will be targeted as the months roll on.  Due to the fact that the authorities aren’t sharing information and BurstNet are sworn to secrecy, it is proving almost impossible to confirm the exact reason why Blogetery has been completely taken down. The owner does, however, admit to handling many copyright-related cease and desists in the past, albeit in a timely manner as the DMCA requires.

News item 2:http://www.theregister.co.uk/2010/07/16/windows_shortcut_trojan/ and http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Hackers have developed malware that spreads via USB sticks using a previously unknown security weakness involving Windows’ handling of shortcut files.

Malware targeting the security weakness in the handling of ‘lnk shortcut files has been spotted in the wild by Belarus-based security firm VirusBlokAda. The malware uses rootkit-style functionality to mask its presence on infected systems. These rootlet drivers come digitally signed by legitimate software developer Realtek Semiconductor, a further mark of the sophistication of the attack.

In an advisory, VirusBlokAda says it has seen numerous incidents of the Trojan spy payloads dropped by the malware since adding detection for the malign code last month. Even fully patched Windows 7 systems are vulnerable to attack in cases where a user views files on an infected USB drive using Windows Explorer, security blogger Brian Krebs reports

News Item 2: http://news.cnet.com/8301-17852_3-20010210-71.html?part=rss&subj=news&tag=2547-1_3-0-20

According to the Orange County Register, Jeanne Mundango Manunga, a 25-year-old woman from Santa Ana, Calif., wanted to make people believe that it was others who disliked her. That, indeed someone was out to get her. Actually two someones– her ex-boyfriend and his sister-in-law.

She informed her local police department–actually, three of her local police departments–that she was receiving nasty, nasty texts from these two people.

It seems she visited various police departments at least 19 times in an attempt to somehow persuaded the police to finally issue arrest warrants for the alleged miscreants. In fact, the sister-in-law was arrested three times and spent some time locked up while she tried to raise bail.

The ex-boyfriend and his sister-in-law were quite convinced that something was afoot. So, they went along to a cell phone store, where they happily learned that Manunga had bought a pre-paid cell phone under her sister-in-law’s name.

Once the police had worked out that most of the calls had been made from places that seemed remarkably adjacent to Manunga’s home or place of employment, their suspicions were deeply aroused.

This all led to a jury finding her guilty of three felony counts of false imprisonment by fraud or deceit and two misdemeanor counts of making a false police report. For she had, indeed, sent the threatening text messages from the pre-paid phone to her own original cell phone. Perhaps she had an unlimited texting plan.

News Item 3: http://www.scmagazineuk.com/facebook-adds-panic-button-via-an-application-to-protect-younger-users/article/174378/
Facebook has added a panic button via an application that will give users direct access to the CEOP’s advice and reporting center – ClickCEOP – from their homepage giving them the very latest help on online safety, as well as a dedicated facility for reporting instances of suspected grooming or inappropriate sexual behaviour.

The application will be backed by a new CEOP page that, when ‘liked’, will look to engage with young people to help raise the profile of online safety. An automatic advert will also appear on the homepage of every user aged between 13 and 18 years old, inviting them to add the application.

News Item 4:  http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html

The NSA is launching a program called “Perfect Citizen”, which may or may not involve spying on domestic networks:

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

It doesn’t matter as long as we’re safe from cyber-terrorists, of course. This is about right:

Wired has asked the NSA some pointed questions about whether Congress has been briefed on the program. My guess is that they haven’t, at least not in any meaningful way. Congress hasn’t insisted on exercising any oversight of any part of CNCI under either Bush or Obama. They probably don’t know anything about this, and they don’t want to.

“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” said one internal Raytheon email, the text of which was seen by The Wall Street Journal. “Perfect Citizen is Big Brother.”

News Item 5:  http://www.nytimes.com/2010/07/17/technology/17apple.html
Apple, acknowledged Friday that the company’s iPhone 4 had some problems with its antenna but said the same problems affected all smartphones and had been widely exaggerated by the media. In order to put the problems behind it, Apple would give free (bumpers) cases that wrap around the rim of the phone — to all iPhone 4 buyers who want them. And he said those who had already bought the cases would get a full refund. The price of the bumpers from Apple is $29.

Customers still unhappy can return the phones for a full refund. The cases will remain free until Sept. 30.