InfoSec Daily Podcast

 
ISDPodcast Episode 180 for July 26, 2010.  Tonight’s podcast is hosted by Rick Hayes, Matthew Shoemaker and Karthik Rangarajan.  In this episode we will discuss GSM, Apple, Web Scraping, Audit Cheating & Firefox.

Announcements:

MyHardDriveDied.com:

• MHDD Data Recovery Class current dates and locations:
  • Dallas, TX – October 11th – 15th
  • SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
  • Washington, DC – December 6th – 10th
• Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.

SANS Mentoring Program:

• Jason Lawrence will be teaching the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
• Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code: isdpod15KY for a 15% discount.

Atlanta ISSA:

• ISSA International Conference – September 16, 2010  (http://www.issa.org/page/?p=105)

SANS Community:

• SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17th – 22nd, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

• Registration for these classes by Aug 4th offers both $400 Early Bird savings and registration for the ISSA Conference (existing members). All attendees also receive a one year ISSA membership.  Use the Discount Code: isdpod15 for a 15% discount.

The Louisville Metro InfoSec Conference:

• Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com)
  Use the Discount Code: IGK-0726 when you and register for $30 off the $99 ticket price ($69), until Sept. 1st.  This discount will expire on that date.

Stories of Interest:News Item 1:  http://www.computerworld.com/s/article/9179529/New_Kraken_GSM_cracking_software_is_released
A few weeks ago, an open source group released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before.  They rely upon what is often referred to as the Berlin A5/1 rainbow table set.

GSM was academically broken in 1991. The software is key step toward eavesdropping on mobile phone conversations over GSM networks. Since GSM networks are the backbone of 3G, they also provide attackers with an avenue into the new generation of handsets.

In December, the group released a set of encryption tables designed to speed up the arduous process of breaking A5/1 encryption, but the software component was incomplete. Now the software is done, and the tables are much more efficient than they were seven months ago. “The speed of how fast you could crack a call is probably orders of magnitude better than anything previously,” said Frank Stevenson, a developer with the A5/1 Security Project. “We know we can do it in minutes; the question is, can we do it in seconds?”

News Item 2: http://washington.bizjournals.com/washington/stories/2010/07/12/focus1.html
McLean-based Cvent Inc. filed a $3 million copyright lawsuit against a West Coast competitor this spring, the software company didn’t just allege simple plagiarism. Cvent, which offers a database of venue profiles for corporate event planners, accused rival Eventbrite Inc. of quietly unleashing an automated program — a webbot or “bot,” for short — on Cvent.com to purloin thousands of pages of valuable content.  In its complaint filed May 10 in federal District Court in Alexandria, Cvent alleged the San Francisco company had taken information that cost more than $10 million to create and reproduced it on its own website — errors intact.

The lawsuit highlights a prime fear of companies whose stock in trade is a mass of publicly available data: Web scraping. The widespread but sometimes legally hazy practice — in which tailor-made programs mimic a human user to harvest content from the Web — runs the gamut from benign to malicious.

In some cases, scraping is used to help market researchers or create Web mashups that stitch together data in new and creative ways.

In others, it serves as a vehicle for corporate espionage and piracy. The demand for scraping has spawned a market for custom-built bot software, as well as for software to thwart those bots.

Looking at the two sites, is it any wonder that they might want someone else’s content?
http://replay.waybackmachine.org/20080115032045/http://www.eventbrite.com/
http://replay.waybackmachine.org/20080115233613/http://www.cvent.com/

News Item 3:  http://www.securitypark.co.uk/security_article264914.html
According to a survey conducted by Tufin Technologies of 242 IT professionals mainly from organizations employing 1000 to 5000+ employees, 1 in 10 admitted that either they or a colleague have cheated to get an IT audit passed.  However it isn’t all bad news; compared to a similar survey conducted in 2009 the number of people admitting to cheating has halved in number.

Amongst those who have cheated lack of time and resources are cited as the main reasons, underlining the ever increasing pressure on today’s IT departments. With 25% responding that firewall audits take a week to conduct attempting to avoid this painful process is understandable if not excusable.

What’s more 30% of respondents only audit their firewalls once every 5 years and even more worrying 7% never even conduct an audit. With this in mind it’s less surprising to find out that 36% of IT professionals admit their firewall rule bases are a messincreasing  their susceptibility to hackers, network crashes and compliance violations.

The survey also found that:

• 31% only audit their firewalls once a year
• 22% don’t know how long it takes to audit their firewalls
• Of those that admit their firewall rule base is a mess, 25% believe this makes their network susceptible to crashes and 38% susceptible to compliance violations
• 56% responded that automation tools would save them a lot of time.  While companies pay a lot of attention to the firewalls selection process, and invest millions in acquiring it, much less attention and resources are invested in making sure the firewalls are optimized at all times for potential security risks and compliance breaches

News Item 4: http://www.h-online.com/security/news/item/Mozilla-releases-Firefox-3-6-8-to-close-critical-vulnerability-1044973.html
Just a couple of days after the arrival of Firefox 3.6.7, the Mozilla development team has released version 3.6.8 of its popular open source web browser to close a single, critical rated, vulnerability. According to the developers, a previous fix in 3.6.7, aimed at addressing a plug-in parameter array crash, can itself cause a crash that could lead to memory corruption. The developers say that, “In certain circumstances, properties in the plug-in instance’s parameter array could be freed prematurely leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory.”

Further information about the vulnerability (CVE-2010-2755) have yet to be detailed in the change log, which currently shows “Zarro Boogs found”. All users are advised to upgraded as soon as possible.

A number of Firefox users are reporting that the built-in update service used by Firefox is still initially being flagged by Symantec’s Norton Anti-Virus and Norton Internet Security 2010. The same problem occurred shortly after the release of Firefox 3.6.7 but took care of itself after a sufficient number of Norton users downloaded the browser and marked the file as trustworthy. Following the 3.6.6 update, Norton generates a false positive indicating that some of the applications files are infected with malware, resulting in various files being quarantined after the Firefox update was installed.

More details about the release can be found in the release notes. Firefox 3.6.8 is available to download for Windows, Mac OS X and Linux. Alternatively, Firefox 3.6 users can upgrade to the new version, either by waiting for the automated update notification or by manually selecting “Check for updates” from the Help Menu.