Your daily source of Pwnage, Policy and Politics.

[display_podcast]

Episode 288 – Ettercap, Texas Hacker, OpenBSD, Barbie & 4Chan


ISDPodcast
Episode 288 for December 28, 2010.  Tonight’s podcast is hosted by  Rick Hayes, Keith Pachulski, and Varun Sharma.

Announcements:

SANS Community:

Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam:  http://www.sans.org/mentor/details.php?nid=23493

Wednesday, February 23, 2011 – Wednesday, April 27, 2011

Use the Discount Code: isdpod15 for a 15% discount.

Appalachian Institute of Digital Evidence (AIDE):

AIDE Winter Meeting, Marshall University Forensic Science Center, Huntington, WV

When: February 17 – 18, 2011

http://aide.marshall.edu/default.htm

THOTCON:

The THOTCON 0×2
Where: Chicago, IL
When:  Friday, April 15th, 2011
http://www.thotcon.org
The CFP will close on January 01, 2011 – Get your talk in NOW

Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
Stories:
News:
http://blog.spiderlabs.com/2010/12/anti-security-and-the-christmas-day-incident.html

On the morning of Dec. 25, yet another anti-security eZine was published, its contents this time targeting some well-known security professionals and projects.

The Anti-Security Movement isn’t anything new, they have been around in various forms for a long time, with different names and different group affiliations, including ~el8, pHC (Phrack High Council), Fluffy Bunny, PR0J3KT M4YH3M, h0no, ZFO and others.

With the release of the “Owned and Exposed” eZine this particular Anti-Security group made claims of that they compromised several different web sites and security projects, providing evidence in the form of configuration files, directory listings, and password files gained mostly via web-server / web application attacks leveraged against the public web servers for these projects. In some cases they targeted other unrelated systems hosted on the same shared environment as their targets.

One of the claims made in the zine was that they compromised the popular ARP-Spoofing toolkit – Ettercap, and implied that the code had been altered several years ago. The implication was that a backdoor was placed in the code.

Now, the Ettercap project itself has been frozen for a few years, and is not currently maintained. So unlike some of the other projects that were “Owned and Exposed” the Ettercap project really doesn’t have anyone to publicly post an analysis of the attack, the impact, and any response to the claims made in the zine.

As a result, this statement created a certain amount of FUD with various people suggesting that Ettercap project was backdoored by someone that hacked their website some years ago.

This anxiety is not exactly unfounded, in the past, different well known systems and applications such as Linux Kernel, OpenSSH and many others were attacked and backdoored, so these sorts of rumors are generally taken seriously in the information security community.

The source code was not modified. They didn’t had access to it in any way.  The CVS is safe and so [are] the downloads.  These are the good SHA1sum:

206972046b7cfc4150e5d08eff18a93dd49b9574  ettercap-NG-0.7.0.tar.gz

13d1353daf97af03b7b72f40c5f6c51ef41d3b3d  ettercap-NG-0.7.1.tar.gz

514760efdca27a45d6486c18679d2b6e9ba67452  ettercap-NG-0.7.2.tar.gz

7a2c3f848ca4f39c07fddeb0d6308641265bc4ff  ettercap-NG-0.7.3.tar.gz

I’ve checked and [these] are the same as those on sourceforge.   Here at SpiderLabs we do not endorse the Anti-Security movement in any way, and we respect and appreciate Ettercap Project and Offensive Security Projects. In fact, even before SpiderLabs developed the tool Thicknet we considered simply resurrecting and modifying the Ettercap project for this purpose.

Our advice is to make sure that your copy of Ettercap has the SHA1sum provided by ALoR.

News: http://www.startribune.com/local/112307894.html
Federal authorities say a Texas hacker stole more than a quarter-million dollars from a subsidiary of Digital River Inc., the Eden Prairie-based  e-commerce company, by redirecting electronic payment transfers to his personal account.
In an indictment unsealed Tuesday in federal court in Minneapolis, Jeremey Parker, 35, of Houston, was charged with computer fraud and wirefraud. According to the indictment: From Dec. 23, 2008, through Oct. 15, 2009, Parker hacked into the computer network to take $274,000 belonging to Digital River through a subsidiary, SWReg Inc.
News: http://www.darkreading.com/database-security/167901020/security/attacks-breaches/228900060/openbsd-project-finds-two-bugs-in-software-s-ipsec-implementation.html
The OpenBSD project has found two bugs in how OpenBSD, a Unix-like open source operating system, implements Internet protocol security (IPsec).  The bugs are of interest given the recent allegation made by Gregory Perry, former CTO of now-defunct Federal Bureau of Investigation contractor Network Security Technology (NetSec), that the FBI created a backdoor in the OpenBSD code base, specifically in how it implements IPsec. He also alleged that multiple developers involved in contributing code to OpenBSD were on the payroll of NetSec, and that the FBI had hired it to create the backdoors.
Are the bugs a smoking gun? According to Theo de Raadt, the founder and leader of the OpenBSD project, one IPsec bug in OpenBSD relates to a “CBC oracle problem,” and was fixed in the software crypto stack by Angelos Keromytis, the architect and primary developer for its IPsec, but ignored in device drivers, overseen by device driver author Jason Wright. Interestingly, both men had worked for NetSec, at different times.
“Neither Jason nor Angelos were working for NetSec at that time, so I think this was just an accident,” said de Raadt. “Pretty serious accident.”
News: http://www.computerworld.com/s/article/9202201/Mattel_disavows_Barbie_Video_Girl_porn_link
Somehow somebody put a link to a pornographic chat site on a Barbie.com page used to promote Barbie Video Girl, a version of the iconic doll that comes with an embedded video camera. Sandra McDermott reported the problem to her local TV news station Tuesday after clicking on the link while trying to upload video on the Barbie.com Web site with her 10-year-old daughter.
Her daughter was uploading the video for a Barbie Video Girl movie contest, where kids enter videos they’ve shot using the toy.
When it looked like the computer might have frozen, McDermott clicked on a navigation link that should have taken her to www.barbie.com/videogirl/. Instead, she was taken to the very not-safe-for-work Camlive.com Web site, which offers “Live Sex Chat – Amateur Cams and Pornstars.”
News: http://status.4chan.org/
4Chan has apparently become a victim of a DDoS.

All works represented here are compiled from various sources (email, IRC, forums, and original author/websites). If the original work is copyrighted it is presented under the fair use of a copyrighted work, Copyright Act of 1976, 17 U.S.C. § 107, for purposes of criticism, comment, news reporting, teaching, and research. No use is directly intended as an infringement of copyright. Attribution is always given to the original source, if known. To have any copyrighted material removed, please contact isdpodcast[at]isdpodcast[dot]com.