Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 257: "The Criminal Edition" for Thursday September 1st, 2011.
- Paul is teaching "Advanced Vulnerability Scanning Techniques Using. Nessus" Saturday, September 17 - Sunday, September 18 at SANS/Las Vegas.
- DerbyCon : Louisville, Kentucky – September 30th to October 2nd. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit" Friday and Saturday of the Con from 4:00PM to 9:00PM.
- Jack wants to hear if you've experienced Sec Burn Out, mainly so he can sell you Jack's Daniels Sexy Anti-Burnout ointment (TM).
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
- We're spinning up a new mini-podcast/videocast and we and we're looking for topics from our listeners. We've also got a device that we want you to tell us what to do with - a Roomba. It has to be something for use in a pentest.
Guest Interview: Don Bailey
7:30 PM EDT
Don A. Bailey is a Security Consultant with iSEC Partners and while his primary expertise is in developing exploit technology, he is also well versed at reverse engineering, fuzzing, enterprise programming, binary analysis, root-kit detection/ design, and network penetration testing. Most recently, Don spoke at Blackhat Las Vegas and SOURCE Boston regarding vulnerabilities in the global telephone network and the GSM protocol.
- How did you get your start in information security?
- Tell us about your recent War Texting car exploit
- Has there been any further work on the Carmen Sandiego research? - VIDEO
- Why does Oprah love Zoombaks?
Guest Tech Segment: John Strauchs, Tiffany Rad, & Teague Newman talk prison electronic systems and PLCs
John has spent quite a bit of time in prison (work). He has participated in over 100 design (police, courts, and corrections) projects in his career, which include 14 federal prisons, 23 state prisons, and 27 city or county jails. Additionally, his work was an inspiration for the 1993 movie, "Sneakers" for which he was the Technical Advisor.
Tiffany Strauchs Rad, JD, is the President of ELCnetworks, LLC., and is also a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law, ethics and information security.
Teague Newman is an independent information security consultant and an instructor for Core Security Technologies. Some of his (legal) hobbies include GPU-based password auditing and liquid nitrogen overclocking.
John, Tiffany and Teague will discuss SCADA & PLC VULNERABILITIES IN CORRECTIONAL FACILITIES
Stories For Discussion
- getting props for your hacks - [Larry] - So much of hacker culture has been the ability to brag about your leet hax to your friends and build street cred. Well, now in this crazy internet age, there is a scoring engine for your leet hax, so you can brag and compete with your friends! They even have bounties for specific sites! 4w350m3! So, back to reality, I'm guessing that this is 1. a publicity stunt 2. A bad idea 3, The feds. I'm hoping that if is is the Feds they are using it not to raid the likely teenager's homes, but to steer them in the right direction instead of ruining their lives.
- DigiNotar breach analyzed - [Larry] - This may have gone back as far as 2009 when the CA website was breached. This analysis (by Swa Franzen) is excellent, due to that hnature that Swa ia a nateive Dutch speaker, and can get at some of the details os the releases from the company. My favorite? "Users of SSL certificates can depending on the browser vendor be confronted with a statement that the certificate is not trusted. This is in 99,9% of the cases incorrect, the certificate can be trusted. I've got nothing positive to say about that." Woah. [I know kung fu!]. So what's the meaning in all of this to the end user? In most cases, you won't even come across a DigiNotar/Vasco certificate. If you do it will warn you (yes, yes, yes), assuming of course you keep your browser up to date (with new CRLs).
- Exploiting the PHY layer - [Larry] - Oh Travis (and others, Bratus, Speers, Melgares and Rebecca Shapiro <- some young folks to watch…), you so clever. By looking that the PHY layer of wireless (ZigBee in particular), one may be able encapsulate packets inside of packets to perform injection, based in missed headers due to interference with RF anomalies. The paper indicates a real world example where a similar attack took place in 1938 with Orson Wells' War of the Worlds radio broadcast…Clearly here the intent is that many overlook the PHY layer when looking in an attack surface for protocols.
- Windows 7 Phone sends geolocation data? - [Larry] - Amy says that Microsoft Camera app on the Windows 7 phone transmits geolocation data, nearby Wifi access points even though you said not to. Privacy issues abound here, but I think they admitted this (sorta) back when this happened with the iPhone. What I think they missed is that they said they would not do it if you said no…
- Loose lips sink Diplomatic cables - [Larry] - Wikileaks encrypts uncensored cables. Wikileaks gives some journalists the password to the PGP archive, written on paper, but with one part left out, transmitted verbally. Sorry, passPHRASE, not passWORD. This is actually a good password. Then the Guardian newspaper publishes a book about the account and publishes said passphrase. Then the guardian says, that they did not disclose it, and blamed wiki leaks. Later in the same response form the Guardian, they say, yeah, we disclosed it, but we didn't tell you where the files were….and the password expired in a few hours anyways. I don;t get this final remark, as with PGP you cannot set an expiration for a passphrase, only keys used for encrypting. This of course would have limited value for long term storage of the sensitive data.
- The Effects of Social Media on Undercover Policing - So, this could go either way. Crime syndicates could hire people like us to tell them who is the mole in your environment. I mean, its not that hard. You have pictures, history, habbits, etc... that are posted all over the web if you are using social networking. Makes it tough to be undercover. On the flip side, you can use Social NEtworking to create fake identities to do a better job undercover. Its getting really difficult not to have a digital fingerprint. Is there a way to erase the past from the Internet? Not that I know of, but we should be using our expertise to help law enforcement solve this problem, as it will only get worse.
- RankMyHack.com Hacked - Why do people target sites like this? Just for fun? I mean its funny and all, guess it goes to show that security can be bypassed, no matter what.
- [Kernel.org Compromisse] - Okay, here's my case in point. Kernel.org was hacked. Now, if there is ever a place that you want to embed evil code, it would be the Linux kernel.
- SkullSecurity Â» Blog Archive Â» A deeper look at ms11-058
- Evil Core Bootkit with Attitude
- Mac Lion Accepts Any LDAP Password. Um - Yea, hacking made easy thanks to Apple. I mean, passwords just get in the way of usability, right?
- Apple hires fake Viagra expert to stop counterfeit iDevices - Wow, that sounds like a hard job. In China, there are fake Apple stores and fake iDevices all over the place, and its this guys job to find them. I really truly believe that Apple will put more resources into tracking down this sort of thing than fixing the security in their own products. I mean, just look at the LDAP bug. Do you think they would make it easy to create fake stores and devices? NO, but its easy to crack into Lion due to a simple bug.
- Bypassing Web Application Firewalls with SQLMap Tamper Scripts
- New Windows worm spreads by attacking weak passwords - I mean really, are we back to the whole weak password thing again? Come ON people. Then again, most of the victims are liklely end users and small businesses. I spoke personally to an end user who was using RDP, and had no idea this worm was running around. Small businesses need help in this area as well, except I can't seem to come up with a good solution for them. We need more secure, easy to use, authentication across multiple services and operating systems. Is that even possible?
- Typo3 Metasploit Modules - Cool stuff from Chris John Riley, he found some bugs in Typo and made exploit modules for that and some other public ones. I'd love to see more of this, being able to easily exploit web application vulnerabilities from within a framework, specific to certain software, would be awesome. There are new web application vulnerabilities produced every day, tons of them hitting the exploit feeds. It would be two-fold: 1) a wake up call to application developers and 2) allow us to exploit them more quickly and show real impacts.
- Software tracking company sued for spying on and taking nude pictures of a 52-year-old woman - I mean, how much more do I need to say here? She bought the laptop second hand, and she didn't know it was "hot". So, she went about using it for well, you know, what everyone uses the Internet for, naked, sexy?, webcam chats with her boyfriend. Absolute software was hired to track this laptop, and rather than recover it, they were enjoying the show and taking pictures. That's just dirty, and I hope their employees are banned from using computers for a long time because they are not able to play nice with others.