InfoSec Daily Podcast Episode 539 for December 6, 2011. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Geordy Rodstad and Themson Mester
Announcements:
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital for almost a month.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/
SANS Mentoring: Security 401 SANS Security Essentials Bootcamp Style
When: Starts January 24, 2012
Where: Atlanta, GA
Discount Code:
http://www.sans.org/mentor/details.php?nid=25484
ShmooCon 2012
When: January 27th-29th, 2012
Where: Washington Hilton Hotel, Washington, DC
http://www.shmoocon.org
Thotcon 0×3
When: Friday April 27th, 2012
Where: Secret location in Chicago
http://tickets.thotcon.org/
Attending THOTCON counts towards CAP, SSCP or CISSP CPE credits.
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
http://aide.marshall.edu
CFP now open!
DerbyCon 2012 – "Dropping the Deuce"
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://www.theregister.co.uk/2011/12/06/cnet_nmap_toolbar_wrapping_row/
Cnet has come under fire for wrapping downloads of the popular Nmap network analysis tool and other open-source software packages with a toolbar of dubious utility.
Nmap is a popular open-source network auditing and penetration-testing tool that allows sysadmins to run network troubleshooting and penetration tests. Over the last few days, users who have downloaded the tool from Cnet popular download.com site have been, by default, offered it in conjunction with the Babylon Toolbar.
Sysadmins can opt out of receiving the toolbar, which changes their browsing experience, home page and default search engines, but they are clearly directed towards accepting the software, as a blog post by Sophos illustrates.
Gordon Lyon (Fyodor), the developer of Nmap, has cried foul over the way the toolbar has been pushed, objecting in a post to the North American Network Operators' Group (Nanog) mailing list (extract below).
The problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn't put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!
Lyon added that consumers downloading VLC, the popular open-source media player software, are also being offered the Babylon toolbar, via what he described as a a "Trojan installer".
….
Source: http://www.readwriteweb.com/enterprise/2011/12/opendns-adds-encrypted-securit.php
OpenDNS announced a technology preview today for Macs running their DNS services called DNSCrypt. Think of this as doing for the DNS protocol what HTTPS does for the Web protocols. Like its mainline service, it is freely available, and Windows and Linux versions are promised for next year. You can download the code here for the Mac OS. They will eventually post all of their code on GitHub for public scrutiny.
DNSCrypt solves one critical flaw in the DNS process: the ability to snoop as a "man in the middle" of a conversation between two computers, because it encrypts all DNS traffic between your computer and the Internet. This is a real concern, and there have been several exploits lately that took advantage of DNS requests, because the vast majority of them are issued in the clear. (Just like most emails.)
The version of DNSCrypt that is available is a "preview" meaning that it could have problems in daily use. We haven't yet tried it.
DNSCrypt isn't the only game in town, and for years an effort called DNSSEC has been trying to take hold for increased DNS security. DNSSEC solves a larger problem: not only does it provided an encrypted channel, but also adds authentication and a chain of trust to ensure that the expected DNS record hasn't been tampered with. They can be used together. Sadly, few sites have implemented it to date.
….
International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details.
“International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information,” reads the email provided by SpywareSucks.
“You are receiving this email from International Checkout because your credit card information was in the database which was compromised.”
It seems as the breach was discovered sometime in mid-September and an investigation has immediately commenced. Besides the fact that the authorities were notified of the issue, the credit card information from the databases was removed to make sure no one still had access.
Even though the information was encrypted, the attacker managed to obtain the encryption key that was stored in a separate location.
“As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take the appropriate measures to protect themselves,” the notification adds.
….
Source: http://www.theregister.co.uk/2011/12/06/hidden_gchq_code_breaking_challenge/
Codebreakers are split over whether there might be a hidden challenge in the GCHQ-set code-breaking puzzle set last week.
The signals intelligence agency set a puzzle at canyoucrackit.co.uk in its attempt to drum up potential interest in a career at the spy centre from outside its traditional graduate programme. The three-part puzzle was broken independently by several people, but Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England, was the first to post a detailed explanation of the crack.
The challenge involved making uncovering a code-word starting with a 16×10 grid of paired hexadecimal numbers. The first stage involves recognising that the numbers are executable code (a decryption algorithm) as well as unpicking some steganography involving the image of the numbers. The second stage involves building a virtual computer to execute code that, when correctly done, outputs the link to the third stage.
The third stage involves finding the licence key to run a linked program. Finding the licence key involves decoding the program and seeing how it works. Three hidden numbers from the first two stages of the process are needed to get the final answer that reveals the keyword.
Other amateur codebreakers who also tried their hand at the codebreaking challenge included John Graham-Cumming, the man behind the project to build Charles Babbage's Analytical Engine. Graham-Cumming also launched the successful petition for an apology from the British government for its persecution of Alan Turing.
….
Source: http://www.pcadvisor.co.uk/news/internet/3322974/inida-calls-for-facebookgoogle-remove-offensive-content
The Indian government is calling for Facebook, Google and other web firms to remove offensive content.
Communications Minister Kapil Sibal said any "inflammatory" and "defamatory" content covering religion and politics that could create social tension should be removed or the web giants, which also include Yahoo and YouTube, will face "stern action". It is thought Sibal in particular objects to comments and images of Congress president Sonia Gandhi and Prime Minister Manmohan Singh.
"These websites have been told to be more vigilant towards such content and ensure that such objectionable matter is not used on the Internet," a senior official of the Department of Telecommunications told The Hindu.
"They have been asked to inform the government of such controversial matter so that immediate remedial measures could be taken. We have asked them to actively screen and filter all such material before they are uploaded."
Facebook, which has 28 million users in India, said in a statement it "will remove any content that violates our terms, which are designed to keep material that is hateful, threatening, incites violence or contains nudity off the service".
Source: http://news.softpedia.com/news/Steam-s-Birthday-Celebrated-by-Phishers-238586.shtml
English and German speaking Steam customers are advised to beware of a website that allegedly offers an anniversary upgrade. In reality, the site is carefully designed by phishers to steal the login details of unsuspecting users, reports GFI.
“Valve gives to you one of 1000 available Steam-gold-account upgrades which allow you to play all 72 games for free!” reads the fake offer.
While the site (steambirthday.com) is well designed, most of the links being set up to point to legitimate Steam related locations, a big yellow UPGRADE NOW button that claims there are only 103 updates available will lead to a secondary malicious page that displays a form in which the victim is required to complete his log-in details.
Once the username, the password and the email address are provided, another form request a confirmation code received via email, this being the point where the crooks have everything they need to steal a Steam account.
“As the Steam-Project starten at September, 12th 2003 , no one had thaugt, that this system is that great. In a really short time our servers become more and more and today, there are more than thousand meters of them. The games became more and more, too. Today, we are on of the biggest companies with a great software to sell our multi-player games,” reads a message on the main page of the phony site.
