InfoSec Daily Podcast Episode 597 for February 17, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Geordy Rostad, Themson Mester, and Dr. Bonez.
Announcements:
Brad Smith (theNurse)
We all know and love Brad Smith, aka theNurse. His humor and smiling positivity is a wonderful example for our community. At Hacker Halted he had a massive stroke and has been in the hospital ever since.
Brad and his wife did not ask for this help, but as a community we feel that if we can help we want to. Please feel free to check in for status or to donate. Either way we thank you and I know Brad thanks your for your support, prayers and positive thoughts.
http://www.social-engineer.org/brad-smith-updates/
http://www.social-engineer.org/bradsmithdonation/
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
InfoSec Southwest
When: March 30-April 1
Where: Austin, TX
http://www.Infosecsouthwest.com
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
CFP now open!
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!
Defcon 20
When: July 26-29, 2012
Where: Rio Hotel and Casino – Las Vegas, NV
http://defcon.org/
CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to and locate the Affiliate Program link on the right hand side.
Stories
Source: https://www.eff.org/deeplinks/2012/02/members-uk-parliament-recommend-censoring-online-extremism
In a report published last week, members of the United Kingdom Parliament concluded that the Internet plays a major role in the radicalization of terrorists and called on the government to pressure Internet Service Providers in Britain and abroad to censor online speech. The Roots of Violent Radicalisation places the Internet ahead of prisons, universities, and religious establishments in propagating radical beliefs and ultimately recommends that the government “develop a code of practice for the removal of material which promotes violent extremism” binding ISPs.
While the Terrorism Act 2006 authorizes British law enforcement agencies to order certain material to be removed from websites, lawmakers on the Home Affairs Committee stated that “service providers themselves should be more active in monitoring the material they host.” Their report raises serious concerns that political and religious speech will be suppressed. Security expert Peter Neumann who testified before the Committee asked why websites like YouTube and Facebook can’t be as “effective at removing . . . extremist Islamist or extremist right-wing content” as they are at removing sexually explicit content or copyrighted material that violates their own terms of service.
…
Source: http://boingboing.net/2012/02/14/fbi-says-paying-cash-for-coffe.html
Using cash for small purchases like a cup of coffee, gum and other items is a good indication that a person is trying to pass for normal without leaving the kind of paper trail created using a debit or credit card for small purchases.
The most recent update asks coffee shop owners, baristas and other customer-service specialists to be on the lookout for the enemy who walks among us (who evidently has been reanimated from the graves of the 1950s Red Scare era of blacklisting and Communist-baiting or the KGB's constant witch hunt for capitalist sympathizers or people who resent being witch-hunted for their political beliefs).
…
Source: http://news.nationalpost.com/2012/02/16/vikileaks-house-of-commons
An IP address connected to the Vikileaks30 Twitter account — which has been burning up the Twittersphere with claims about Public Safety Minister Vic Toews’ personal life — originates within the House of Commons, it has been revealed.
The Vikileaks30 Twitter account surged into public prominence in the wake of the tabling of new legislation that would allow increased police surveillance of the Internet and those that use it.
In a bid to determine the origin of the account, which posted a string of tweets online offering alleged details relating to Toews’s divorce proceedings, the Ottawa Citizen undertook an investigation on Thursday.
An email was sent to the writer of the Vikileaks30 Twitter account, containing a link to a website. The website was monitored by the Citizen and only the author of Vikileaks30 had the address of the website.
….
Source: http://www.nextgov.com/nextgov/ng_20120213_7454.php
The Homeland Security Department nearly doubled its 2013 funding request for cybersecurity in an otherwise slimmed-down budget.
There is bipartisan support for improving computer network defenses, so the outlook may be positive for obtaining much of the proposed $769 million from Congress. The funding would go toward the National Cyber Security Division for protecting federal networks and coordinating with the private sector on safeguarding critical infrastructure systems such as utility grids.
In 2011, Homeland Security Secretary Janet Napolitano asked for $459 for the division. The Infrastructure Protection and Programs Directorate, which oversees the program and other cyber-related initiatives, also would be boosted from $888.2 million in estimated spending this year to $1.2 billion in fiscal 2013. By comparison, the Pentagon has asked for only a $200 million increase over last year's $3.2 billion cyber request.
…
Source: http://www.kahusecurity.com/2012/another-chinese-pack/
A Chinese website found by @switchingtoguns appears to be another Chinese exploit pack.
As mentioned in a previous post, Chinese “exploit packs” are straightforward and no-nonsense. It doesn’t use PHP, have a database, nor does it have an administration panel. It’s a collection of HTML files that contain exploit code and minimal Javascript obfuscation. Despite its simplicity, it appears to be quite effective and it seems as though that’s all that really matters to its creators.
The entry page contains iframes that call upon several exploit files in the single folder:
This pack, which we’ll call “Zhi Zhu Pack” (pronounced “jii-juu”), contains five exploits but interestingly there are no Java exploits. The first three exploits were also found in the previously announced pack we called “Yang Pack“.
* IEPeers (CVE-2010-0806)
* Flash 10.3.181.x (CVE-2011-2110)
* Flash 10.3.183.x (CVE-2011-2140)
* IE Time Element Memory Corruption (CVE-2011-1255)
* WMP MIDI (CVE-2012-0003)
Why are we calling it “zhī zhū”? There’s numerous references to the word “spider” in several of its HTML files. “Zhī zhū” in Chinese means spider so this is basically the Spider Exploit Pack.
….
Source: http://research.zscaler.com/2012/02/dreamhost-hijacked-websites-redirect-to.html
Following the Dreamhost hack, that was revealed this week, many websites hosted by the company have been hijacked to redirect users to a Russian scam page.
I've identified hundreds of websites hosted by DreamHost that contained a PHP page redirecting to hxxp://www.otvetvam.com/. Here are a few examples:
- http://www.lciva.com/wp-content/plugins/extended-comment-options/gyrewnv.php
- http://honorboundphoto.net/photos/10007-mankato_habitat_for_humanity_golf_tournament/agtruje.php
- http://ryanmasters.ca/wp-content/gallery/our-kingdom/thumbs/tyiueg.php
- http://treatmentofpanicattacks.com/wp-content/cache/supercache/www.treatmentofpanicattacks.com/category/anxiety-support/polzin.php
- http://r4theband.co.uk/content/wp-content/themes/agregado/includes/cache/gyrewnv.php
- http://dedehaluk.com/cache/hakkinda/fgjke.php
- http://www.agustindondo.co.uk/yellowbrick/wp-content/files_flutter/modules/fgjke.php
- http://dcstavclub.org/wp-content/themes/newzen_2.0_build_105/images/fgndnju.php
- http://camtarn.org/gizmoblog/content/06/03/entry060305-180312/comments/fgjke.php
- http://derek.hinchy.org/MT-5.031-en/mt-static/support/theme_static/professional_website/themes/professional-green/polzin.php
- http://ojosdelmundo.dreamhosters.com/images/comprofiler/gallery/tghreig.php
No comments
Trackbacks/Pingbacks