InfoSec Daily Podcast Episode 625 for March 21, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, and Dr. Bonez.
When: March 30-April 1
Where: Austin, TX
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
When: May 21-25, 2012
Where: MU Forensic Science Center - Huntington, West Virginia
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA
Social Engineering Training
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Black Jester, the Sudanese hacker known for personally going to a United Nations office to inform them of vulnerabilities that affected one of their sites, returns. This time he managed to breach a subdomain owned by NASA, more precisely the one that belongs to Air Traffic Conflict Resolutions (airtrafficconflictresolutions .arc.nasa.gov).
“A lot of hackers hacked NASA in someway and leaked info or databases, so I thought that they have no security, so I found that domain unpatched for SQLi, and tried to exploit it. It’s just a shame for NASA not to patch there networks after all those incidents,” the hacker told us.
As a result of the hack, Black Jester leaked some sample information from their servers, just to prove that he gained access.
“The Pastebin document I made contains the target link, and the credential for the server with their hashed passwords so that skids don’t hack it immediately. Also the databases I got from the server,” he explained.
“I could do more damage but I think my point has been received. Also, just because it’s a sub-domain, but that doesn’t mean they are protected.”
If on previous occasions he alerted companies of security holes that affected their public websites, this time he said that he didn’t notify them because he was disappointed of the way he was treated whenever he tried to help.
The computer systems of the agency in charge of America's nuclear weapons stockpile are "under constant attack" and face millions of hacking attempts daily, according to officials at the National Nuclear Security Administration.
Thomas D'Agostino, head of the agency, says the agency faces cyber attacks from a "full spectrum" of hackers.
"They're from other countries' [governments], but we also get fairly sophisticated non-state actors as well," he said. "The [nuclear] labs are under constant attack, the Department of Energy is under constant attack."
A spokesman for the agency says the Nuclear Security Enterprise experiences up to 10 million "security significant cyber security events" each day.
"Of the security significant events, less than one hundredth of a percent can be categorized as successful attacks against the Nuclear Security Enterprise computing infrastructure," the spokesman said—which puts the maximum number at about 1,000 daily.
The agency wants to beef up its cybersecurity budget from about $126 million in 2012 to about $155 million in 2013 and has developed an "incident response center" responsible for identifying and mitigating cyber security attacks.
At a Google-run competition in Vancouver last month, the search giant’s famously secure Chrome Web browser fell to hackers twice. Both of the new methods used a rigged website to bypass Chrome’s security protections and completely hijack a target computer. But while those two hacks defeated the company’s defenses, it was only a third one that actually managed to get under Google’s skin.
A team of hackers from French security firm Vupen were playing by different rules. They declined to enter Google’s contest and instead dismantled Chrome’s security to win an HP-sponsored hackathon at the same conference. And while Google paid a $60,000 award to each of the two hackers who won its event on the condition that they tell Google every detail of their attacks and help the company fix the vulnerabilities they had used, Vupen’s chief executive and lead hacker, Chaouki Bekrar, says his company never had any intention of telling Google its secret techniques—certainly not for $60,000 in chump change.
“We wouldn’t share this with Google for even $1 million,” says Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”
Those customers, after all, don’t aim to fix Google’s security bugs or those of any other commercial software vendor. They’re government agencies who purchase such “zero-day” exploits, or hacking techniques that use undisclosed flaws in software, with the explicit intention of invading or disrupting the computers and phones of crime suspects and intelligence targets.
As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available.
It's been a week now since Microsoft released a patch for the RDP bug and the exploit code that was included with the information the company sent to its partners in MAPP (Microsoft Active Protections Program) was found in an exploit on a Chinese download site shortly thereafter. Luigi Auriemma, the researcher who discovered and reported the vulnerability to Microsoft through the TippingPoint Zero Day Initiative, said that the packet found in the exploit code that leaked was a direct copy of the one he submitted with his bug report.
Officials at ZDI said that they are certain that the code did not leak from their organization. Microsoft officials have said little more than to acknowledge that there seems to be a leak from somewhere within MAPP. The company has not indicated whether that was on their end or from one of the MAPP members.
Now, there is a working exploit committed to the Metasploit Framework, which is a typically a good indicator that attacks are about to ramp up. Brad Arkin, head of product security and privacy at Adobe, said in a talk recently that when there's a newly public vulnerability in one of the company's products, the attacks start with a trickle against high value targets and then increase sharply from there.
This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition.
With more than 50,000 new malware samples attacking the Internet daily and hackers becoming more and more sophisticated – tracking online behavior, monitoring social networks and developing new forms of cyber criminality every year – computer users must take measures to protect themselves online. And Comodo, a leading Internet security provider, wants to help them do just that.
Now, Comodo Security Solutions is embarking on a campaign to give both consumers and businesses educational information in the form of informative blogs at Blogs.comodo.com and via tips on Facebook and Twitter as well as through educational videos.
For example, Comodo's educational campaign will explore many Internet-related problems facing both businesses and individuals, ranging from solutions that increase web site traffic to ways Android users can defeat malware attacks.
For years, Comodo has challenged the Internet security industry, calling on vendors to stop selling cleaning software as protection. Unlike other Internet security companies, Comodo's solutions reject weak conventional strategies such as blacklisting known threats. Comodo's solutions use a more advanced white list strategy that actually prevents infections.
Comodo also uses Default Deny prevention technology that stops even new threats before they can cause damage to a computer, isolating suspicious files so they cannot cause harm – unlike the Default Allow approach used by other Internet security vendors that address the problem only after a system is infected.