Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 327 for Thursday April 11th, 2013
- Register for both our tracks at Blackhat USA Las Vegas! Defensive Countermeasures: Foundations for Becoming a Devious Defender and Offensive Countermeasures: The Art Of Active Defense July 27-28 & 29-30, register before May 31 for the best price!
- Register for our free webcast Hacking Embedded Systems (No Axe Required) on Tuesday, April 23, 2013 at 2:00 PM EDT to hear Paul talk about hacking embedded systems on the fly, on the cheap no soldering iron required! (we are also looking for sponsors for this webcast so please contact paul -at- hacknaked.tv for details!)
- Come to Security BSides Rhode Island Two-Day Conference on June 14th and 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
- If you are in the Boston area, check out BSides Boston with Keynotes by Dan Geer and Josh Corman on Saturday May 18th!
- The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Sunday nights at 8:30PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here! (Web site experiencing problems, will update link when it comes back)
Interview: Richard Bejtlich
Richard Bejtlich is Mandiant's Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat.
- [JackD] would like to talk about the "haters" who attack every report as marketing spam, regardless of content and value. The APT-1 report got a lot of that.*
- What are some of the things people still don't do (or don't do right) that would improve security"
- Any recommendations for people who want to know if they are victims of an advanced attack or a regular malware attack?
- What are the biggest differences between the behavior of the attacks, and if do you recommend any tools, methods, or docs that people can use to aid in their determination.
- Do you see any advanced attacks coming from nation states other than China.
- Does Mandiant see US created surveillance malware? How about malware from US allies? If it was seen, would it be handled different due to the political situation?
- Does Mandiant see any attacks by organized crime that are impressive enough to be considered advanced, and not just regular fraud attacks?
- Advanced malware is written to be undetectable by AV, but we know that there are other stages of an attack such as recon and exploitation. what detection method has seen the highest success rate against any stage of an APT attack?
- It's generally understood that apt attacks from China are used partly to steal trade secrets or negotiating tactics. There has to be some sort of social network or information market to ferry that info from the bot herders to the businesses that benefit. Is there any insight you can share on this idea? It seems that such a market or network can't be that small, so it would be hard to keep it secret forever.
- Please tell us a cool story about the most interesting intrusion you can talk about.
Guest Technical Segment:
- We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.
- Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May!
- If you are interested in hosting SANS Training in the Boston area via the mentor format, please send us an email at mike -at - pauldotcom.com! We're looking for a location that can host 2 hours in the evening, 1 night a week, for 10 weeks.
- A Sweet Script to Dump Keys from Wlan Profiles - Post Exploitation (or Regular Use) - This is a great example of so many things. First, its a really neat little script (though I imagine the powershell junkies will be excited to convert it). It highlights the importance of post-exploitation. But that is really just a term for us gear heads. What this means for the organization is terrible. It means you can exploit systems that really don't seem to matter, maybe Jane's computer was compromised and didn't have any sensitive data on it and her account does not. However, Jane connects to the same "secure" wireless network as more important people, say Bob from finance. Now, a small little hole, like a missing Adobe patch, just caughed up the keys to your kingdom. It means that vulnerabilities and risk have this weird relationship and its one of the toughest things to understand, until you have a pen test.
- Hacker’s Guide to Stay out of Jail 2: Do’s and Don’ts - There are a lot of good tips for criminals in here, but also some sound advice for those looking at active defense. The author suggests (and references Biggie Smalls!) that there are some rules to not getting caught: Never reveal your operational details; don’t tell people how you do, what you do, or what you are doing. Never reveal your plans: don’t let people know what you plan on doing or what you intend to do. Never trust anyone; this particularly goes for people you’re operating with, they are not your friends, they are criminal co-defendants. All these things hold true for active defense, sorta. At least, you don't want to reveal what you are planning to the bad guys. Then again, we talk about it publically, however you should customize your traps and actions taken against attackers and maybe not share that plan publically.
- Anatomy of an exploit - Linksys router remote password change hole
- Don't Use Linksys Routers - Wow, just wow. Vulnerabilities were found in the WRT54GL router, Cisco only fixed the XSS vuln, not the file upload vulnerability. Then the researcher looked at a different model, and found even more vulnerabilities. Is it just me, or does it seem like there are MORE vulnerabilities in wireless routers than ever before!
- Is Education Key to Closing the Door on Hackers? - Is a large part of the problem with software security solved by educating young programmers?
- U.S. Air Force designates six cyber tools as weapons - I wish they would list which six tools. This is a growing area of concern for me, remember the hacking laws in Germany? You know all those anti-gun laws that are passing now in the US? I hate to put these two thughts together, but I'm not going to be in shock when we start banning "cyber weapons" and "hacking tools". Does anyone know if there is legislation in the works?
- Porn Sites Pose Growing Malware Risk 0 Browsing some of the internet's most popular pornography websites is increasingly putting visitors at risk, research has found. How do I get to participate in this so-called "research"? I bet it was really hard, er difficult. Visiting all those porn websites takes some balls. Okay, Okay, one more: Porn sites need to offer some protection.
- Hackers could start abusing electric car chargers to cripple the grid - Turns out new charging stations are you guessed, embedded systems, and you guessed it, they have vulnerabilities. "If somebody finds a way to confuse the smart car charging system, the denial of service can not only hit charging cars, but also the electricity system,"
- Vulnerabilities in aircraft systems allow remote airplane hijacking - This is a story for Larry...
- SSH an ill-managed mess says SSH author Tatu Ylonen
- This one is worth a panel discussion^^argument^^Episode 350 segment: Spaf on competitions and competence Dr. Spafford says we're working on the wrong skills. Mike Rothman mostly agrees in this post over at Securosis.
- The security job market is so hot... how how is it? So hot it's cooling off? I'm confused.
- and the US military can't find the "cyberwarriors" they need a story which dovetails with the above.
- And in the Captain Obvious department: South Korea says North Korea did it "It" being the recent destructive attack on South Korean computer systems. At least they put a little effort into it after a few false starts.
- Free is good, right? Here's a list of free security tools from Microsoft. Some are familiar, others a little less known.
- Cyber tools as weapons according to the USAF, at least. Sounds more like a CyberCashGrab to me, you can make your own CyberTool jokes.
- A wonkish look at bitcoin economics from Robert Graham. The post is more than "a bit wonkish", but it is a good analysis if you are interested in such things.
- Hackers turn a Canon EOS camera into a remote surveillance tool ha ha, this is pretty cool. It doesn't seem like a very practical attack since your chances of encountering one of these in the wild are low.
- This Man Has Hacked A Thousand Banks And Never Been ArrestedCool article about a guy who does physical pentesting of banks
- ZeroAccess Bitcoin Botnet Shows no signs of slowing I'm surprised people allow this malware to persist on their computer. When I run ZeroAccess on my computer it slows it down so much its unusable.