Difference between revisions of "Episode273"

From Security Weekly Wiki
Jump to navigationJump to search
Line 111: Line 111:
  
 
= Paul's Stories =
 
= Paul's Stories =
 +
 +
#[http://krebsonsecurity.com/2012/01/flying-the-fraudster-skies/ Flying the Fraudster Skies] - So for all of you "cyber criminals" out there, or maybe even just regular criminals (are they like non-cyber crimanls or analog criminals?). Anyway, you can get a plane ticket by proxy and travel as someone else, if you're into that sorta thing.
 +
#[http://www.ashimmy.com/2012/01/how-come-my-blogpodcast-wasnt-nominated.html How Come My Blog/Podcast Wasnt Nominated?] - I had this whole thing about this for the show, but Alan summed it up.  If you have a security related blog or podcast, you can vote, so get out and vote! If your favorite blog or podcast is not listed, you can write in on certain nominations, or just email Alan directly.
 +
#[http://taosecurity.blogspot.com/2012/01/its-time-to-name-winner-of-best-book.html Best Book Bejtlich Read in 2011] - I always make it a point to go out and get this book and read it, as every year its usually really good.
 +
#[http://research.zscaler.com/2012/01/example-of-likejacking-facebook.html An example of likejacking (Facebook clickjacking)] - If you enclose your clickjacking in a circle, is it "circleclickjacking"? I hate the Facebook like feature, its for lazy people who don't want to think of something to type. In any case, attackers are using it, to, well, jack your likes.
 +
#[http://1raindrop.typepad.com/1_raindrop/2012/01/google-renews-push-into-china.html Google Renews Push Into China] - Remember how this started APT? Okay, after you drink, think about all those people that are like "oh well Google should pull out of China". Yea right, this is business, and Google is back in business in China, because business decisions based on the fact that China is one of the strongest world economies usually win, even if you did get pwned.
 +
#[http://blog.spiderlabs.com/2012/01/honeypot-alert-extensive-setupphp-scanning-detected.html [Honeypot Alert] Extensive ‘setup.php Scanning Detected] - Some people are scanning for setup.php. Its a good scanning strategy as most CMS will have a setup page. And likely you will be able to log into it with a stupid username and password or SQLi vulnerability. This means you can change content on the web site, which means you can plant malware, and, so on.
 +
#[http://blog.rootshell.be/2012/01/12/show-me-your-ssids-ill-tell-who-you-are/ Show me your SSID’s] - Neat little script that looks for SSIDs and counts the packets, script included!
 +
#[http://www.networkworld.com/news/2012/011212-pastor-254843.html?source=nww_rss How a Baptist pastor in Florida became the go-to IT guy] - Gotta be one of the hardest jobs on the planet, IT security for a small shop.  You'll need more than awing and praryer, how about some MS small business software and a cloud?  What's wrong with this picture? I believe that folks in this situation have some short-term wins, but in the long run the attackers are victorious.
 +
#[http://packetstormsecurity.org/news/view/20442/Robot-Makers-Not-Thrilled-To-Be-Stuck-Next-To-Justin-Bieber.html Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm] - The worst part is, he's stuck next to Justin Beiber. The best part is, he tried to navigate his robot over the the Beib, and it was removed by security, I hope he got it back :)
 +
#[http://www.theregister.co.uk/2012/01/09/apple_rim_indian_government_backdoor/ Apple To RIM Indian Backdoor?] -  I'm really confused about this story.
  
 
= Larry's Stories =
 
= Larry's Stories =

Revision as of 19:47, 12 January 2012


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 273 for Thursday January 12th, 2012.

  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being relesaed and talk "Stogie Tech".


Guest Technical Segment: Chris "loganWHD" Hadnagy on Framing

Chris Hadnagy, aka loganWHD focuses on the "human" aspect of technology such as social engineering and physical security. Chris is also the lead developer of Social-Engineer.Org as well as author of the best-selling book Social Engineering: The Art of Human Hacking and has co-authored a ground breaking course on Social Engineering to be given in the UK, Seattle, and Vegas. He's on tonight to give us a taste of one of the topics on the course: Framing in Social Engineering.

Hadnagy.jpg

Chris was last on PaulDotCom in Episode 216, October 2010

Training Info

Registration link

Class Syllabus

  1. What is framing?
  2. Give us some examples of how you use Framing in an SE engagement.
  3. How can you 'teach' framing in a course?
  4. How do you adjust your framing once you dentify the target’s dominant communication style?
  5. For your Social Engineering podcast on Framing, you interviewed Sam Yagan of www.okcupid.com. Do you think statistical analysis is accurate and can be used in Social Engineering? Have you used any of their research in your SE engagements?
  6. What have you learned about Framing and Social Engineering from your course partner, Robin Dreeke?
  7. What was your favorite section of the course?
  8. We've heard there are homework assignments, specifically, getting the brasize of a stranger at the mall in a non-sexual way. Will you do a writeup of the student failures? :)
  9. Is it true students who fail assignments have a make-up assignment that consists of dumpster diving? :)
  10. How do you 'certify' one is a Social Engineer?
  11. Does the FBI conduct any SE training for its agents?

Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point

TIP: For the segment on how we built my pfsense firewall, see this document.

I wanted a new access point. I have stacks of WRT54G series routers, and they are good, but often aren't up to the task. They are low in memory and processing power, and share one single 10/100 Ethernet bus. This limits their usage for things like streaming HD. Can you do it? Sure. My other problem was the WRT54G I had was constantly needing to be power cycled. All my old ones either went to friends and family members, bricked, or are in pieces somewhere. I bought a shiny new Dlink Dir-655, but after about a year it crapped out on me, actually the wireless radio itself died, which turns out to be a common problem. So, I wanted to build something myself out of really good hardware, and use real software like pfsense, and have an access point that would just kick ass.

Hardware List

All hardware for this project came from www.netgate.com:

  1. ALIX.6F2 Kit Black Unassembled - $188 - This kit comes with the board, power supply, CF card, and enclosure.
  2. Atheros WLM54G-HP mini PCI Card, U.FL to RP-SMA pigtails (two), 5.5 dbi rubber duck antennas (two) - $88 - This is the wireless card, with all the fixings!
  3. 2.4 GHz 9 dBi Rubber Duck Omni Antenna RP-SMA - Bigger is better, right? I want to cover my entire house with one 802.11g access point.

Total cost: $305.77

Get pfSense and Install on CF Card

For the embedded version, make sure you get the NanoBSD images.

Important, verify that you are installing the operating system on the correct disk image:

# df -h
Filesystem      Size   Used  Avail Capacity  Mounted on
/dev/disk0s2   465Gi  425Gi   40Gi    92%    /
devfs          185Ki  185Ki    0Bi   100%    /dev
map -hosts       0Bi    0Bi    0Bi   100%    /net
map auto_home    0Bi    0Bi    0Bi   100%    /home
/dev/disk1s1   7.5Gi  805Mi  6.7Gi    11%    /Volumes/AVST

On OS X, for example, the OS disk is "disk0", try not to overwrite that one (even though you'd likely get an error that its already in use, however I did not test that!). Then use the following command to dump the image on the CF card:

# gzcat pfSense-2.0.1-RELEASE-2g-i386-nanobsd.img.gz | dd of=/dev/disk3 bs=16k

Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.

Configure an IP address in the Serial Interface

I used OS X for this, and used the following tools:

  1. zTerm - Excellent serial interface software, works well.
  2. Plugable USB to RS-232 DB9 Serial Adapter (Prolific PL2303HX Chipset) - USB serial adapter was $11 on Amazon, handy to have. I had to connect another serial cable to it from some of my old Cisco gear (those connectors should say "Terminal" on them).
  3. Prolific drivers for OS X Lion - I had to get updated drivers to work with the serial adapter that have been updated to work with OS X Lion.

Once you have all that, Follow Mike's instructions located here on setting up the LAN IP address.

Setup the Wifi Interface using the Web UI

Make sure you add the interface on this page by clicking the "+" symbol
Add the LAN and Wifi interface to the same bridge
Set a static IP
Set an SSID and choose your security, I chose "WPA"
More WPA settings
Define your channel settings, choose one not so much in use!
Configure the firewall or the Wifi interface will drop all packets from wireless network to the LAN by default!

Paul's Stories

  1. Flying the Fraudster Skies - So for all of you "cyber criminals" out there, or maybe even just regular criminals (are they like non-cyber crimanls or analog criminals?). Anyway, you can get a plane ticket by proxy and travel as someone else, if you're into that sorta thing.
  2. How Come My Blog/Podcast Wasnt Nominated? - I had this whole thing about this for the show, but Alan summed it up. If you have a security related blog or podcast, you can vote, so get out and vote! If your favorite blog or podcast is not listed, you can write in on certain nominations, or just email Alan directly.
  3. Best Book Bejtlich Read in 2011 - I always make it a point to go out and get this book and read it, as every year its usually really good.
  4. An example of likejacking (Facebook clickjacking) - If you enclose your clickjacking in a circle, is it "circleclickjacking"? I hate the Facebook like feature, its for lazy people who don't want to think of something to type. In any case, attackers are using it, to, well, jack your likes.
  5. Google Renews Push Into China - Remember how this started APT? Okay, after you drink, think about all those people that are like "oh well Google should pull out of China". Yea right, this is business, and Google is back in business in China, because business decisions based on the fact that China is one of the strongest world economies usually win, even if you did get pwned.
  6. [Honeypot Alert Extensive ‘setup.php Scanning Detected] - Some people are scanning for setup.php. Its a good scanning strategy as most CMS will have a setup page. And likely you will be able to log into it with a stupid username and password or SQLi vulnerability. This means you can change content on the web site, which means you can plant malware, and, so on.
  7. Show me your SSID’s - Neat little script that looks for SSIDs and counts the packets, script included!
  8. How a Baptist pastor in Florida became the go-to IT guy - Gotta be one of the hardest jobs on the planet, IT security for a small shop. You'll need more than awing and praryer, how about some MS small business software and a cloud? What's wrong with this picture? I believe that folks in this situation have some short-term wins, but in the long run the attackers are victorious.
  9. Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm - The worst part is, he's stuck next to Justin Beiber. The best part is, he tried to navigate his robot over the the Beib, and it was removed by security, I hope he got it back :)
  10. Apple To RIM Indian Backdoor? - I'm really confused about this story.

Larry's Stories

  1. You know what really grinds my gears? - [Larry] - Not truly security related, but I think that the response from Stratfor was , well, strained. They claim that Anonymous is creating censorship, some of that based on the fact that there is no accountability on the internet. Hrm, no accountability. I seem to recall hearing several raids and arrests. I'd also argue that the lack of accountability goes both ways. I mean who was holding Stratfor accountable for having poor security and cleartext CC numbers? Discuss.
  2. Social Engineering on the rise - [Larry] - yeah, no kidding. Why, oft times we find that the internal network is still of the very chewy variety. Best way to get there? Have some code you want there? The human is the last frontier, weakest link and I'd argue, the hardest to secure.
  3. Hacking SCADA going mainstream? - [Larry] - In a politically motivated event, Anonymous publishes IP addresses and login details for Israeli SCADA systems after being branded as terrorists. My argument is that is Anonymous can do it, it has hit the big time.
  4. Shark? We jumped that shit. - [Larry] - Oh, that module that you use to prevent XSS, due to a flaw ALLOWS XSS. Ugh.
  5. Koobface OSINT - [Larry] - Dancho Danchev puts together the pieces to identify the alleged Koobface author. How? The author got sloppy and registered a domain with a phone number used elsewhere in ads for kittens and a BMW for sale. It just goes to show, if you don't want to get caught you need to be meticulous. It also proves that there is no such thing as a perfect crime.

Jack's Stories