Episode 230 – #BsidesATL, Hun Technology, BB decypt, Firefox 4 & Cloud Computing

Announcements:

MyHardDriveDied.com Data Recovery Class:

http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.

Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN

Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV

Stories of Interest:
Review: http://www.securitybsides.com/BSidesATLTalks

News: http://www.zdnetasia.com/nationwide-holiday-ups-china-s-risk-to-stuxnet-62203387.htm
Computer hackers have warned that the week-long National Day holiday in China that began Friday could leave the country vulnerable to further attacks from Stuxnet, according to a report by news agency AFP.

The cyberworm, which may have been designed to attack Iran’s nuclear facilities, has already hit millions of computers around the country, most of them industrial facilities.

“With the entire nation going on holiday from Friday, cybersecurity staff at large state-owned enterprises would be minimal,” said China’s biggest hacker group Chinese Honker Union. “So if they [cybercriminals] are up to something, they may very likely do it now.”

In another report published by The H Security, it quoted Chinese media reports as saying that millions of PCs and close to 1,000 industrial facilities in the country have already been infected by Stuxnet.

News: http://www.kansascity.com/2010/10/07/2286502/new-un-hackable-system-c2-will.html

Hun Technology Inc. today announced a new weapon to be made available for the U. S. Cyber Command in the ongoing cyber war.

“Through (c2) we will be able to offer a permanent solution and nuke the problems related to cyber-attacks once and for all,” said Ferenc Ledniczky, co-founder and President of Hun Technology Inc.

There are thousands of attempts made daily against our country’s infrastructure and databases. The government and cyber securities industry are spending billions of dollars repairing systems and trying to build protective measures, without success.

When Hacktivity 2010, one of Europe’s largest hacker conferences, took place in Budapest, Hungary this year, over 1,000 hackers gathered under the overlying theme “No software is immune to hackers.” With (c2), that statement is now challenged.

Tools: Web Based md5 hash cracker? http://www.md5crack.com/crackmd5.php

Seems to work well for common dictionary words, anything else I had almost no luck. Likely have better results from just using john with local dictionary files
News: http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436?page=0,0

Did you think your BlackBerry data was safe because it’s encrypted on the phone, over the airwaves, and in its backup form? Think again.

Russian software developer ElcomSoft, which, with its Russian competitor AccentSoft, has developed effective password-cracking programs for most common desktop encryption formats, is at it again. Now, it’s targeted the BlackBerry with a Phone Password Breaker that was previously limited to Apple mobile devices.
Like all password-cracking programs, this is a double-edged sword. On one hand, it can save your bacon if you really need the data backed up from a phone that’s been stolen and remotely wiped. On the other hand, cyber criminals who get their hands on your backup now have a way to read encrypted business data. In addition, government agencies that have a good reason to read your data can dig in.

News: http://www.infoworld.com/d/mobilize/firefox-4-android-beta-arrives-302
Mozilla has released the first beta versions of Firefox 4 for mobile phones. Versions are available for download for Android-based smartphones and for the Nokia N900, Mozilla said in blog post on Thursday.

The beta versions include a feature called Sync, which synchronizes a user’s tabs, history, bookmarks, and passwords between the Firefox browser on a desktop PC and that on the smartphone. The browser also comes with what Mozilla calls the Awesome Screen, which gives the user access to recent browsing history, bookmarks, and tabs by tapping on the browser’s address bar. The start screen shows tabs from the last time the user accessed the Internet, tabs from the PC, and suggests add-ons to the browser to personalize it.
Firefox for mobile is available for the Nokia N900, or for phones running Android 2.0 or newer. It has been tested on the Nexus One, HTC’s Desire and EVO 4G, and Motorola’s Droid 2. The browser should work on other Android-based smartphones from Motorola and HTC, as well, including the Desire Z (T-Mobile G2), Droid Incredible, Droid X, and the Milestone (Verizon Droid), but hasn’t been tested on these devices. The Samsung Galaxy S, and its various different U.S. versions, is also included in the latter group, according to a list of compatible phones on Mozilla’s website (https://www.mozilla.com/en-US/mobile/platforms/).

News: http://www.informationweek.com/news/security/storage/showArticle.jhtml?articleID=227700129
Nine out of 10 cloud computing users remain concerned about cloud security, yet 77% of businesses already use some form of cloud computing.

Those findings come from a survey conducted by Harris Interactive for Novell, which asked 210 IT professionals — ranging from managers to CEOs — at organizations with more than 1,000 employees about their company’s adoption of cloud computing.

According to Novell, “the research strongly suggests cloud computing — both public and private — will be an increasing part of the mix of resources deployed by enterprise IT organizations, and that companies are particularly interested in simplifying management across their integrated physical, virtual, and cloud environments.”

But from a security standpoint, related concerns are a primary barrier to cloud computing adoption for 50% of respondents. Indeed, 76% think that private data is more secure when stored on the premises, rather than with a vendor, and 81% worry about maintaining compliance with regulations if they store sensitive data in the cloud.