InfoSec Daily Podcast Episode 582 for January 31, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Themson Mester and Dr. Bonez.
Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… Chris John Riley has started to gather suggestions for your “unsung hero” of the tools world. He is looking specifically to gather a list of tools that aren’t on every penetration testers, or forensic investigators list, but that you have respect for. http://blog.c22.cc/2012/01/13/unsung-heros
Information Security Blogger Awards 2012
Since we were over looked again for the Best Podcast on Security you can email email@example.com with your name, email address and ISD Podcast as your write-in nominee. Please note, you have to provide your blog or podcast URL so that it can be verified that you are a blogger or podcaster. Vote for your favorite blogs as well on http://www.ashimmy.com.
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
Metasploit Framework Unleashed Cincinnati
When: February 11, 2012.
Where: Digitorium in Griffin Hall, the home of Northern Kentucky University’s College of Informatics
$20 donation for #HFC
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
CFP now open!
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
CFP now open!
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
CFP now open!
DerbyCon 2012 – "The Reunion"
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Google, Facebook, Microsoft, Yahoo, PayPal and others are working together on a standard that can be used across the Internet for blocking phishing e-mails.
The 15 companies will be announcing on Monday DMARC.org, which stands for Domain-based Message Authentication, Reporting, and Conformance–a system for verifying that e-mails are coming from legitimate companies and not imposters trying to trick people into clicking a phishing link. Basically, the system offers a common way for companies to authenticate their legitimate communications with customers.
Also in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.
Apparently the Department of Homeland Security has nothing better to do than to monitor what vacationing tourists post on Twitter.
A 26-year-old bar manager by the name of Leigh Van Bryan, an Irish citizen, decided to take a trip to Los Angeles. Before he left, he wrote this message on Twitter:
"Free this week, for quick gossip/prep before I go and destroy America."
Then, to his surprise, when he arrived at LAX he was treated like a criminal, interrogated by government officials, and then forced to return back to his home.
News reports compared the Twitter message to passengers who joke about having a bomb at the airport and are then escorted off the premises. But obviously, Bryan's message was not even a joke about violent activity.
Anyone with a normal sense of the English language would realize the context implied he was going to "tear it up" or go wild, you know, have a good time. For anyone to even think that was any sort of potential threat is ridiculous.
In another tweet, Bryan apparently wrote that while in LA he would be "diggin' Marilyn Monroe up," a reference to an episode of Family Guy.
For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.
Here we profile four organizations that have taken slightly different approaches to dealing with thumb-drive security to match the organizations' specific needs and policies.
1. City of ColumbusApproach: Uses Intelligent ID software to categorize files, and then assign a level of encryption on the fly.
2. TurkcellApproach: Uses classification software from Titus that monitors Microsoft Office business documents and alerts users when they try to copy that data to a thumb drive.
3. CIGNAApproach: Allows employees to copy encrypted data, but they are prompted to type in a reason why they're copying. The reasons are later compared to the actual file transfers.
4. University of Alabama, Birmingham Health SystemApproach: Uses DeviceLock to monitor ports and encrypt data. Allows staff and students to use thumb drives at will, but all file transfers are monitored and recorded.
The Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a few letters followed by a date hard-coded within the Sykipot Trojan itself. In some cases the keyword preceding the numbers is the sub-domain's folder name on the Web server being used.
Here are some examples of the campaigns we have seen so far:
These campaign markers allow the attackers to correlate different attacks on different organizations and industries.
The attackers also left additional clues allowing us to gain insight into what appears to be a staging server that is used prior to the delivery of new binaries to targeted users. In addition, we were able to confirm that the server was also used as a command and control (C&C) server for a period of time as well. The server is based in the Beijing region of China and was running on one of the largest ISPs in China. Furthermore, on one occasion one of the attackers connected from the Zhejiang province. The server has hosted over a hundred malicious files from the past couple of months, many of which were used in Sykipot campaigns.
China-based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal.
Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and the Treasury Board, according to Daniel Tobok, president of Toronto-based Digital Wyzdom. His cyber security company was hired by the law firms to assist in the probe.