Difference between revisions of "Episode240"

From Security Weekly Wiki
Jump to navigationJump to search
Line 26: Line 26:
  
 
== Larry's Stories ==
 
== Larry's Stories ==
 +
 +
#[http://petewarden.github.com/iPhoneTracker/ Iphone tracking] - [Larry] - In light of all of the GPS metadata stuff thet we've covered, no apparently the iPhone actually tracks where you go too, based on some cell phone tower triangulation.  While the iPhone doesn't appear to share that information outside of the iphone, it does include the information in clear text from iphone unencrypted backups.  OSX tool only at the moment, but I bet it could be ported to windows.  Might make for an interesting experiment.  The tool has been artificially reduced for accuracy, but he real backend data has not been.  Interestingly enough, the TOS for the iphone, etc has it clearly defined. (http://pastebin.com/EdFJr6iU0) however I think storing that info in cleartext is probably not a good idea. There is a "workaround" (http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html) but it requires a jailbroken device with SSH access.  Even more info on why they collect the info here: http://www.f-secure.com/weblog/archives/00002145.html
 +
#[http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/229401969/microsoft-issues-first-security-alerts-for-third-party-apps.html Microsoft researches 3rd party bugs] - good deal on MS doing vulnerability research and publishing stuff for third party software,  using responsible disclosure.  However I think that it would make more sense to do the research on their own products and release notifications when their stuff spills on to other products.
 +
#[https://bugzilla.mozilla.org/show_bug.cgi?id=647959 Honest Achmed] - [Larry] - Bug report requesting the installation of another root CA for Honest Achmed's Used Cars and Certificates with the purpose of "The purpose of this certificate is to allow Honest Achmed to sell bucketloads
 +
of other certificates and make a lot of money." In response to Mozilla's CA practices?  "Honest Achmed promises to abide by these practices.  If he's found not to abide by them, he'll claim it was a one-off slip-up in procedures and that policies have been changed to ensure that it doesn't happen again.  If it does happen again, he'll blame it on one of his uncles or maybe his cousin, who still owes him some money for getting the car fixed."  Nice, now, I'm not sure why it was denied, as it seems just as legit practices as any of the other CA's, but Achmed is at least honest about it…
 +
#[http://www.networkworld.com/news/2011/041911-oak-ridge-national-lab-shuts.html?source=nww_rss Get attacked? Shut down your internet!] - [Larry] - That's what the Oak Ridge national lab did.  Looks like they got compromised through some phishing via e-mail with a link for more info with exploited an IE 0day, referred to as APT!.  As a result ONLY 1GB of data was exfiltrated.  Employees wont have internet back for a period of 10 days  or so.  form the article John Pescatore is quoted as saying ""Advanced simply means it got past your defenses and persistent means it took you too long to detect it once it got in."
  
 
== Paul's Stories ==
 
== Paul's Stories ==

Revision as of 17:09, 21 April 2011



Announcements

PaulDotCom Security Weekly - Episode 240 for Thursday April 21st, 2011 - What we learned at Source Boston.

  • Register now for Wednesday's Late Breaking Computer Attack Vectors Webcast Sponsored by Core Security - April 27th at 2PM EDT.
  • PaulDotCom Blackhat Training Part 1 Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
  • PaulDotCom Blackhat Training Part 2 Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
  • Larry is teaching SANS 617 SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses in the only country he is licensed to teach in - Canada! Catch him in Victoria May 9 to May 14th.
  • Register now for the 8th Annual Charlotte ISSA Security Summit featuring the 3 buffest people in InfoSec: PaulDotCom, Ed Skoudis, and Chris Hadnagy, all on May 5th.
  • DerbyCon : Louisville, Kentucky – September 30th to October 2, 2011. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit".

Stories For Discussion

Larry's Stories

  1. Iphone tracking - [Larry] - In light of all of the GPS metadata stuff thet we've covered, no apparently the iPhone actually tracks where you go too, based on some cell phone tower triangulation. While the iPhone doesn't appear to share that information outside of the iphone, it does include the information in clear text from iphone unencrypted backups. OSX tool only at the moment, but I bet it could be ported to windows. Might make for an interesting experiment. The tool has been artificially reduced for accuracy, but he real backend data has not been. Interestingly enough, the TOS for the iphone, etc has it clearly defined. (http://pastebin.com/EdFJr6iU0) however I think storing that info in cleartext is probably not a good idea. There is a "workaround" (http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html) but it requires a jailbroken device with SSH access. Even more info on why they collect the info here: http://www.f-secure.com/weblog/archives/00002145.html
  2. Microsoft researches 3rd party bugs - good deal on MS doing vulnerability research and publishing stuff for third party software, using responsible disclosure. However I think that it would make more sense to do the research on their own products and release notifications when their stuff spills on to other products.
  3. Honest Achmed - [Larry] - Bug report requesting the installation of another root CA for Honest Achmed's Used Cars and Certificates with the purpose of "The purpose of this certificate is to allow Honest Achmed to sell bucketloads

of other certificates and make a lot of money." In response to Mozilla's CA practices? "Honest Achmed promises to abide by these practices. If he's found not to abide by them, he'll claim it was a one-off slip-up in procedures and that policies have been changed to ensure that it doesn't happen again. If it does happen again, he'll blame it on one of his uncles or maybe his cousin, who still owes him some money for getting the car fixed." Nice, now, I'm not sure why it was denied, as it seems just as legit practices as any of the other CA's, but Achmed is at least honest about it…

  1. Get attacked? Shut down your internet! - [Larry] - That's what the Oak Ridge national lab did. Looks like they got compromised through some phishing via e-mail with a link for more info with exploited an IE 0day, referred to as APT!. As a result ONLY 1GB of data was exfiltrated. Employees wont have internet back for a period of 10 days or so. form the article John Pescatore is quoted as saying ""Advanced simply means it got past your defenses and persistent means it took you too long to detect it once it got in."

Paul's Stories

The Interns' Stories

iPhone tracks your iMovements & then syncs to your iTunes!

Carlos' Stories