Difference between revisions of "Episode262"

From Security Weekly Wiki
Jump to navigationJump to search
Line 43: Line 43:
== Paul's Stories ==
== Paul's Stories ==
#[http://news.hitb.org/content/now-ssl-has-been-cracked-should-you-be-worried Now that SSL has been cracked]
#[http://news.hitb.org/content/steve-jobs-dead-apple-has-lost-its-visionary-founder Steve Jobs is dead - Apple has lost its visionary founder]
#[http://news.hitb.org/content/researchers-claim-cloud-security-breakthrough Researchers claim cloud security breakthrough]
#[http://news.hitb.org/content/hackers-sell-paypal-accounts-50-cents Hackers sell PayPal accounts for 50 cents]
#[http://www.rootsecure.net/?p=link&l=28655 Iron Geek: Derbycon 2011 Videos]
#[http://nakedsecurity.sophos.com/2011/10/03/iphone-5-email-malware/ iPhone 5 emails infect Windows PCs with malware]
#[http://it.toolbox.com/blogs/securitymonkey/sometimes-the-security-helpdesk-gets-the-last-laugh-48683?rss=1 Sometimes the Security Helpdesk Gets The Last Laugh]
#[http://www.theregister.co.uk/2011/10/03/bank_of_america_website_outage/ Bank of America website disrupted for 4th day in a row]
#[http://news.hitb.org/content/check-your-machines-malware-linux-developers-told Check your machines for malware]
#[http://news.hitb.org/content/law-enforcement-increasingly-asking-internet-companies-share-data Law enforcement increasingly asking Internet companies to share data]
#[http://news.hitb.org/content/amazon-kindle-tablet-routes-web-traffic-cloud-first Amazon Kindle tablet routes web traffic to cloud first]
== Larry's Stories ==
== Larry's Stories ==

Revision as of 23:14, 6 October 2011

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 261 for Thursday October 6th, 2011.

  • Check out Hack Naked TV - currently at Episode #6 the "SSL is broken-er" edition!
  • We're spinning up a new mini-podcast/videocast (Hack Naked at Night with Larry and Darren) and we and we're looking for topics from our listeners - specifically, what type of pentest device do you want us to build out of a roomba? Send suggestions to psw@pauldotcom.com

Guest Interview: Charlie Miller

7:30 PM EDT


Charlie is a principal research consultant for the Accuvant LABS team and was the first with a public remote exploit for both the iPhone and the G1 Android phone. He won the CanSecWest Pwn2Own competition multiple times and holds a PhD from the University of Notre Dame.

Guest Tech Segment: Alessandro Acquisti

A Acquisti.jpg

Alessandro is an Assistant Professor at Carnegie Mellon University. He's received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award. He's on to discuss his recent talk on Facial Recognition using Augmented Reality presented at Blackhat and some other privacy research.

  1. Tell us about the facial recognition research - how fast were you able to ID users? Were you surprised by the media coverage?
  2. How does Augmented Reality fit in to the research?
  3. What was the inspiration for your Guns, Privacy, and Crime research?
  4. Tell us about your research into The Economics of Privacy.

Stories For Discussion

Blog Round Up

Paul's Stories

  1. Now that SSL has been cracked
  2. Steve Jobs is dead - Apple has lost its visionary founder
  3. Researchers claim cloud security breakthrough
  4. Hackers sell PayPal accounts for 50 cents
  5. Iron Geek: Derbycon 2011 Videos
  6. iPhone 5 emails infect Windows PCs with malware
  7. Sometimes the Security Helpdesk Gets The Last Laugh
  8. Bank of America website disrupted for 4th day in a row
  9. Check your machines for malware
  10. Law enforcement increasingly asking Internet companies to share data
  11. Amazon Kindle tablet routes web traffic to cloud first

Larry's Stories

  1. American Express 0-day - [Larry] - Oh man, how sloppy can you get. This researcher (who allegedly tried to report it responsibly, albeit with limited communication options). The American Express US Admin page was apparently left open to the world without access restriction or password. Access to the admin app gives debug access and the ability to view/steal cookies. Need a little automaton with the "attack"? The debug is vulnerable to XSS, and using some GET requests, it may be possible to create a refresh to inject code indefinitely, and steal cookies with injected jQuery commands. Sloppy, Sloppy, Sloppy.
  2. OMG WIFIJAMMER! - [Larry] - Ok, cook script for automating what is a fairly easy attack…..BUT. Get your terminology right; Jamming would refer to shenanigans at Layer 1 by introducing noise into the air, or reserving access to the medium with RTS/CTS. This is not a "jam", it is a "deauth", an attack that has been around for some time, by spoofing deauth frames from AP to STA. Of course, this may not be completely usable in the current form, as many new wireless drivers specifically ignire deauth sent to broadcast…
  3. Wifi User still at risk - [Larry] - A poll done by the WiFi Alliance (yes the folks that ensure interoperability for WiFi Devices), they noted that while many users now set up appropriately secure wireless networks (with WPA/WPA2 PSK, natch), do not concern themselves with too much else, like non default/non-weak passwords, VPNs at hotspots or even not connecting to non-preferred networks. This is what happens when technology enables security through design, but other technology is in place, and active that allows users to remain blissfully ignorant…and pwned.
  4. The Matryoshka Router - [Larry] - Didier finds open ports of on the WAN of his ADSL router, even though the router was configured properly (ports 2002, 4002, 6002 and 9002). I've seen this on assessments, and not had the same luck as Didier - her reports that even thought the passwords were changed, he was able to log into those unknown ports with telnet and the default username and password (I'm guessing cisco/cisco), which appeared to be bound to various VTY lines. A word to the wise folks, just because it isn;t an "ethernet interface" be sure to apply ACLs to your VTY lines as well. Now, because SHODAN only scans specific ports, I really need to figure out a repeatable nmap command line to quickly (a relative term) scan the entire internet for specific ports. Where's fyodor and Ron Bowes when you need them?
  5. Fail an audit already, will ya? - [Larry] - Yes, it is ok not to be perfect. Here's how you get backing to help fix it. It is ok to fail, 'cause all good security folks would admit that there is no such thing as perfect security, so why are your audits coming back that way? From the article " in the past three years 36% of companies had suffered a breach and yet only 15% had failed an audit".