PaulDotCom Security Weekly - Episode 241 for Thursday April 28th, 2011.
- El primer Episodio de PaulDotCom Espanol esta disponible aqui
- PaulDotCom Blackhat Training Part 1 Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
- PaulDotCom Blackhat Training Part 2 Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" July 30-31 or August 1-2
- Larry is teaching SANS 617 SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses in the only country he is licensed to teach in - Canada! Catch him in Victoria May 9 to May 14th.
- Register now for the 8th Annual Charlotte ISSA Security Summit featuring the 3 most adorable men in InfoSec: PaulDotCom, Ed Skoudis, and Chris Hadnagy, all on May 5th.
- DerbyCon : Louisville, Kentucky – September 30th to October 2, 2011. Catch Carlos Perez's training session - "Automating Post Exploitation with Metasploit".
Guest Tech Segment: Andrew Case
Andrew Case is a security researcher at Digital Forensics Solutions where he is responsible for source code audits and pen testing. Andrew's primary research focus is physical memory analysis, and he's on the show today to give an update on his recent BlackHat presentation on De-Anonymizing Live CDs
- Before we get started, tell us a little about the recent blog posts on the 2.0 release of the Scalpel tool and the Windows 7 Registry backup.
- What are the challenges with gathering evidence from live CDs?
- Tell us about AUFS
- Why is file carving useless?
- What did TAILs do to mitigate forensics analysis?
Stories For Discussion
- Supporting Unmaintainable Applications - I'm sure many of you have run into this situation before. Your company, or company you are helping, bought an application 5+ years ago, and it seems to work. However, it was delivered and no structure was put in place for updates. So now, you've got legacy technology behind it (Visual Studio 6.0 anyone?). I've seen this a lot. Rafal brings up good questions: Do you have the source code, the compiler, the developers, or the libaries to support this application? Usually the answer is no, and often the vendor has either gone out of business or written a new application that costs more money, forces you to transition your data (if its compatible, re-train your users, and purcahse new technology (servers, software, licenses). You options according to Rafal? Re-write the application in house, retire the application, try to apply modern protections (Weak), or do nothing and hope you don't get hacked. Unfortunately, I see people doing nothing.
- Sony Playstation Network Hacked - Sony confirms that the PlayStation Network's security mechanisms were fully circumvented, and that at least one of its most sensitive databases was breached and accessed sometime between April 17 and 19. Everybody drink :) They got not just emails, but passwords and likely credit cards of all PSN users. Was it SQL injection? Was it through Rebug, the developer network that can be enabled by hacking firmware? We don't know for sure, but its clear that large companies need to do their part to secure their own networks and your data. Clearly we are not learning from others mistakes. I agree we need to hold companies accountable for these breaches, they get off way too easy.
- Random Network Problems - Some think this could be "hackers", some blame the routers, and other blame solar flares. In this case it was a network camera in use by a developer. Doh! I've been in this situation, analyzing logs, looking for the "intrusion", working with networking as the vendor tells them to upgrade firmware because there was a bug report that mentioned something that they claimed was close to the problem (even though it wasn't). You can spend a lot of time debugging these problems, comes down to process for your end users. Knowing whats on your network is important, not letting users plug in switches and cataloging devices goes a long way to both network stability and security.
- Logging Data in Enterprise Networks is easy - doing something with it harder - This is a common problem, storage is cheap and we have tools that collect data very well. Devices, such as SCADA and embedded systems, can generate data like there is no tomorrow. The problem is analyzing it. Most people blame the tools, but I argue this is a people problem. The network is a beast, constantly changing and moving around, and keeping up with analyzing logs is a tough task. It takes people with the right skills and the time to get this done. Its not a once a week or once a month thing, its a daily thing. Empoying an analyst or two goes a long way, take notes Sony.
- China's Proxies suffer from default config flaw - I think its funny that instead of allowing only connections from 127.0.0.1, they allow connections from anywhere, allowing people to use them as an open proxy! This is the default config, and turns out these proxies are bing abused. Go figure. Configuration management is key to success!
- Why you should lock down your Wifi - A Buffalo man's home was raided, fully armed agents dragged him out on charges of child pornopraghy. Why? His neighbor used his Wifi to download child pornography. A similar case was logged in Floriday. They took all his computers, iPad, and iPhone. Three days later everything was cleared up.
- Creepy Facebook Feature: Facial Recognition - This is scary, Facebook will now use technology to suggest the names of people in photos that you upload. New privacy settings, that are not straight forward, allow you to disable the feature. Awesome! Now I can take pictures of cute girls at the grocery store or at the park, upload them and Facebook will tell me who they are! (I'm pretty sure thatøs not [how] it works but Iøm sure it will get there.)
- Easy Wireless Setup? - I was curious what the latest was on the SES, Secure Easy Setup. This is where you get a wireless adapter and a wireless router, and they sync the key. Before every device had its own wireless card you could buy a linksys router and a linksys adapter and have them sync a key (SES). That was replaced by something else, don't remember, supposed to be vendor agnostic. Now everything has its own wireless, so they came up with Cisco Connect software, and Easy Setup Key. Some routers come with a USB drive with the setup software, some do not. So using the Cisco connect software you can create an Easy Setup Key using any USB thumb drive. Confused yet? I sure am, and I can't imaging how someone like grandma will figure this out. So, we're back to everyone having insecure access points...
- YOUR OUT! - This is what you get for being a Yankees fan. Also sometimes you don't need a vuln just a dumb employee. We all know there is no patch for human stupidity.
- Hold on Larry I'm a let you finish, but Google has the best hacker space of all time.
- Kapersky is free, err umm freed that is... in a follow up to last weeks story the son of Kapersky has been freed with no ransom paid.