Episode303

From Paul's Security Weekly
Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security

Episode Media

MP3 pt. 1

MP3 pt. 2

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 303 for Thursday October 4th, 2012

Interview Mark Russinovich

Mark Russinovich works at Microsoft in the Windows Azure product team as a Technical Fellow, Microsoft’s senior-most technical position. Mark earned a Ph.D. in computer engineering from Carnegie Mellon University and joined Microsoft when it acquired Winternals Software, which he co-founded in 1996. He is author of the Sysinternals administration and diagnostic tools as well as the novels Zero Day and Trojan Horse.

Teasers & Plugs

Stories

Paul's Stories

  1. Tiny Evil Maid CHKDSK Utility Can Steal Passwords | threatpost - I guess they call it the evil maid attack for a reason, because you have to go back and retreive your data. I suppose a more useful attack would be to transmit the password over SSL to somewhere, but maybe that's just me. Also, if you have physical access, why not install a slick payload so you can access the machine from anywhere. I just don't see this type of attack being practical.
  2. JSON Hijacking Demystified - SpiderLabs Anterior - If you are a penetration tester you need to read this and pay attention to this type of application testing. JSON does a nice job of moving data, however it seems to leave itself open to a few variations of attacks, like its own CSRF.
  3. Email Address Harvesting - Email harvesting is fun, and any time we can use tools to collect email addresses for us, its a great thing. Jigsaw is a great tool to do this with, so check it out! Also, if you are doing a phishing attack, make sure the organization has tried to educate its users. This way they get the most benefit out of testing.
  4. Report: Counterfeit electronic parts multiplying at record rate from Sterling - My concern is that is they can make counterfit parts, and a lot of them, they can put backdoors in them, which for the consumer is worse. I supposed its also worse for the manufacturer who now has to account for lost revenue and pwned customers.
  5. Is antivirus dead? Startup launches first 'exploit blocking' program#Security Intelligence Starts With Detecting The Weird - Dark Reading - There are a lot of weird comments in this article, such as "A lot is about seeing weird activity within your network, where machines are talking to the wrong systems, moving large amounts of traffic." What is the wrong system and how do you define "large amounts of traffic"? The wrong system could be a botnet, but the direction of the traffic matters. Are botnet machines connecting to you or are you connecting to them? That mattetrs. And what if I decide to share a VM with a co-worker, is that a lot of traffic? The amounts don't matter and a better measure is a "never before seen event", far more accurate. Also it goes on to say You can look at the network as a whole and detect anomalies. It is better if you can look and see what individual users are doing and what individual devices are doing." Uhm, so, wait, if I have 10,000 users how many people do I need checking the logs? You have to be smart about what you look at, corrlate events, look at trends, then maybe you have something to go on to dig into the details.I'm sure the folks at IBM are really smart, they were just talking to journalists who put the wrong spin on it and take things out of context, which int he end doesn't help you as the reader.

Larry's stories

  1. ALL ATM PINS LEAKED - [Larry] - Ok, the basis was for the LULZ, but the resulting analysys of actual disclosed PINs is really fascinating
  2. Told ya so - [Larry] - CSRF, 2 shell scripts and a 6 month old vulnerability allow for compromise of 4.5 million home routers.
  3. Don't discount the little things - [Larry] - IE, want to know where a company's security failures are? Go troll their websites for SOW and RFPs for security system maintenance, repairs, etc. Why? That's what just happened to the Washington DC area airports…
  4. EPIC HACKIN9 TROLLING

Jack's Historifacts

Allison's Stuff

  1. WHITE HOUSE NETWORK probably not BREACHED YOU KNOW, THAT WHITE HOUSE, WITH THE NUCLEAR LAUNCH CODES, AND STRATEGIC MILITARY INFO, AND THE PRESIDENT? CHINESE HACKERS SENT A lame spearphishing email ATTACK INTO THEIR NETWORK and got caught. ------- The award for second worst infosec journalism ever goes to this article.
  2. Kahu Security blog released new tools I use "Converter v0.4" daily and it's quite useful. I haven't tried the other tools on the page yet
  3. Attackers Engage In 'False Flag' Attack Manipulation An interesting discussion about how difficult attribution is. Oftentimes we have nothing to go on except what the attackers say about themselves.
  4. The Philippines outlawed saying mean things to other people over the Internet. And then the Internet reacts in a predictable manner.
  5. GOP to Obama: No Executive Order for Cyber-Security All I want is legal protections to do terrible things to C&C servers. Is this too much to ask?
  6. Online Criminals' Best Friends What if you had a botnet, but instead of granny's pc, you had servers? This is what happens.
  7. Defcon20 Social Engineering contest results released Very interesting!