Episode143

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!


Announcements & Shameless Plugs

Welcome to PaulDotCom Security Weekly, Episode 143, for Tuesday March 3, 2009 Live from SANS Orlando!

You can listen to us live each week, we typically record on Thursday nights, 7:30PM EST. We provide both audio (icecast) and video+audio (ustream) feeds to you can listen and watch us. We make available the recording in mp3 format via our web site and through iTunes. We also do a monthly webcast:

And all sorts of other fun stuff, including how-to videos from Hack Naked TV. You can find out about all of our events at http://pauldotcom.com/events/

  • SANS Saskatechewan - Larry is teaching the 6 day wireless track (SEC 617) in Regina on March 23 - 28, 2009.
  • SANS@Home - SEC517 Cutting-Edge Hacking Techniques - March 23 & 25, 2009 7PM-10PM EST Registration Coming Soon Here - Paul Asadoorian (Use the discount code "PaulDotCom" and save 20%!)

Episode Media

mp3

Tech Segment: (In)Security Moments: Traveling Edition

I've been doing quite a bit of traveling this year, and I've noticed that, well, the world is an insecure place. Hotels seem to be pretty bad, and after last week's discussion of a major data breach of a hotel chain, I wanted to spend some time talking about it. I've collected quite a ew pictures that will walk you through the scary, insecure, world around us when we travel.

Presentation is here:

http://pauldotcom.com/InsecurityMomentsTraveling.html

Credits:

"B"

Airports & Hotels that will go unnamed

People who leave stuff lying around in public

Retailers with Ethernet jacks for devices

Wifi "standards"

Tech Segment: Where to now? An adventure in GPS tracking

Presentation is here

http://pauldotcom.com/GPSTracking-SANS2009.html

Of course the story has been sanitized to protect the innocent/guilty.

Stories For Discussion

1) Vulnerable On Purpose Web Apps - [PaulDotCom] - It seems that there is a healthy amount of vulnerable by design web apps out there and Irongeek gives us a nice list. I have recently been playing around with DVL (Damn Vulnerable Linux) which contains a healthy (or unhealthy) amount of vulnerable web applications. They have custom ones with full tutorials on how to attack them, and some off the shelf ones. You could setup your own environment, all you'd need is Joomla!, phpbb, and wordpress :)

2) Analyzing PDF Documents - [PaulDotCom] - This is an interesting post that links to resources on how to pick apart a PDF document, and in this case pull the exploit from the PDF. We talked about this on a previuos episode, but now with so many exploits coming in the form of PDFs, isn't it high time someone created a program to check if exploits are embedded in PDFs? The reason this is such a successful attack vector is because the defensive technology is lacking and/or not widespread.

3) Tiny Media - Big Data Breaches" - [PaulDotCom] - We are all paranoid about evil USB thumb drives, and don't get me wrong we should be. However, Verisign's 500 data breach cases don't show that its a major threat (however, how would you know if someone taped an 8GB micro SD card to the bottom of their foot and walked out with company secrets?). If you don't control the access to the data, its game over because technology has evolved and media is small and cheap:

"It is far easier to control what data is copied than to control where it is copied or what happens to the copy."

This means getting back to basics and setting strict internal controls around your data. If these controls are breached, it should be logged, and logs should be audited. So that at least if your data leaves, you know which data and whose foot it was taped to.

4) New Google CSRF Attack - Change Password - [PaulDotCom] - It appears that that change password feature in Google's Gmail is vulnerable to CSRF. This means if an attacker can het you to open a web page, or load some HTML, the GET requests are sent to Gmail to change your password. If you are already logged into Gmail this happens automatically without your knowledge. The log says that Google has no plans to fix and that this vuln. has been available since August 2007! Now, I have not confirmed that this vulnerability still works either, but this just broke this morning so we'll see what the fallout is.

5) Airport Wireless security - [Larry] - The folks from Airtight Networks (including friend of the show Zero_Chaos) performed wireless assessments of several large metropolitan airports. Needless to say the state was pretty sad - the wireless was intended to be easy to use for all of the travelers, but as a result, often use less secure methods. Not to mention potential rogues, and ad-hoc networks.

6) Hotel Internet - [Larry] - Yes, more travel related stories. The folks over at the RedTeam blog noted some interesting security notes on their hotel in-room high speed ethernet connection. The notes included "tap-proof" and free of radiation". Interesting, so by that assertion ethernet is not tappable. So how about a little arp spoofing and cleartext protocols? That sounds like fun for me...erm, Bob to check out.

7) P2P Sharing a little too much? - [Larry] - It would appear that a defense contractor had a p2p application installed, and accidentally shared the plans for Obama's helicopter to an Iraninan IP address. So, do you have P2P applications on your network? Are you sure? Waht are they sharing? If it is blocked on the corporate side, what happens when the mobile worker goes home without the same protections? I used to love the old project at seewhatyoushare.com, which would search (and take submisions) of files found on P2P networks that shared sensitive (but redacted) documents. It is a great exercise to hop on P2P networks and search for interesting file types: .doc, .xls, .csv

8) L0phtCrack Revisited - [Larry] - the original authors have reacquired the IP behind the tool, and are releasing a new version.