Archive for DNS

August 8, 2010 – Episode 160 and 161 from DefCon 18

Posted in Conference Coverage, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , , , on August 7, 2010 by datasecurityblog

Episode 161 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 160 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of three conversations  from DefCon 18.  Scroll down to the end of this batch of shownotes to find it.

Episode 161:

This week’s regular episode of  The Cyberjungle  is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 161 via the flash player:

Interview:

Security Researcher Craig Hefner offers an alarming discovery about the consumer grade routers you buy at the big box store.  He’s found major flaws in these router/firewalls.  This interview is about 8 minutes long, and it begins at 59 minutes into Episode 161.  Or you can just listen to the interview by going to our conference notes page.  Also, here are some links to more information about Craig’s work:

Craigs Hefner’s White Paper on this attack

Craigs Hefner’s DefCon18 presentation slides

Craigs Hefner’s Proof-of-Concept code

Tales from the Dark Web:

Our dramatic audio taken at a DefCon 18 press conference, in which the host of the press conference begins (quite out of the blue) to describe his personal relationship with Adrian Lamo, one of the central characters in the Wikileaks incident.  We posted this story, and six minutes of audio featuring cybersecurity researcher and self-described white-hat hacker Chet Uber on the last day of DefCon. In it, Uber discusses how he persuaded Lamo to turn in accused leaker Pfc Bradley Manning.  There is a disputed fact in Uber’s account. Uber said he helped Lamo determine that documents in his possession were classified.  Lamo now denies that he ever had possession of top secret documents.  The facts will come out at Bradley Manning’s trial. No matter who is correct, the sound file offers some interesting insight into how a high-level meeting with federal law enforcement is arranged, and what top secret documents look like. The file is at the bottom of this story, if you want to hear it.

Our Take on This Week’s News:

The National Science Foundation has a porn problem according to Senator Chuck Grassley.  Seems the science guys are passing around porn despite technical measures taken by the agency to block it.  Oh, and there’s one guy who reportedly spends 20 percent of his time looking at porn, at an estimated cost to the taxpayer of $58,000.  So do the math.  This guy makes $290k per year???  WTF!!!

BlackBerry Ban – RIM Coming To Agreement With Middle-Eastern and Asian Nations on Eavesdropping. The question that we are still researching: What about a foreigner that uses BES in one of the nations? Is the traffic routed to one of these local RIM servers, or back to Canada?

Apple remote jailbreak flaw. Major Flaw Uncovered in Apple iPhone/iPad/iPod

Salute to the Wall Street Journal for its series this week on web tracking, cell tracking and other privacy issues.

We stumbled over the Social Engineering contest at DefCon18.   A super fun event to watch, as contestants placed phone calls to major U.S. corporations, and charmed employees into revealing a wide range of information about company operations — everything from the name of the dumpster service to the details of the IT architecture. (We posted a story about it here, describing a call to Apple that yielded a whole lotta info.  Boy, Steve’s gonna be mad. There’s also an audio file with a three-minute explanation of the contest by its organizers, an group called Social-Engineer.  The audio file is located about half-way through the story.)  Read about the Social Engineering organization here.

The annual session on physical lock security is always a hit. (This year there was more than one.)  We attended the presentation by Marc Weber Tobias.  His team demonstrated flaws in five different locks, from the plain-vanilla pin tumbler lock on your back door, to the $200  fingerprint biometric, the electronic RFID military lock and even a personal safe.  You can see the videos here, demonstrating how the locks were breached.

Speaking of physical security — a state agency head in California sent an email message to 175 employees announcing that the lock at the south end of their office building was malfunctioning, and there was no budget to fix it. This column in the Sacramento Bee offers an unintentionally comical account of the way this broken lock was broadly communicated to the world when one of the employees faxed a copy of the email to a state worker newsletter. The info apparently ended up — we’re not sure how — on the desk of the SacBee reporter who wrote the column.  The major point of the story is that California has no money, and even getting approval to fix a broken lock on a state building in a bad neighborhood is a tough uphill climb. But the funny part is how nobody ever stopped to consider that inside this building, where unemployment benefit checks are written, there is a whopping amount of personal information about the citizens of the State Formerly Known as Golden.  Wow… If we were bad guys we’d probably keep an eye on this place even after the lock is fixed, because it might be a really easy target.

Adobe plans emergency patch for critical Reader bug

If we don’t laugh, we’ll probably cry.  For laughs – a national association of perverts has offered an endorsement of body scanning machines in airports.  Now read this and weep – The feds love these machines so much that they’ve decided to deploy them at federal courthouses as well as airports. Where next, the public library?  And yes, they do store images, the feds now admit, after repeated denials that the machines had such capabilities.  Duh.  Did we think they would perform a visual inspection for contraband, and then fail to store the image for evidence during prosecution?

Episode 160 – su root edition:

This is our unedited edition, featuring three interviews straight from DefCon 18.  The audio file is 34 minutes long. This is a special DefCon18 edition featuring interviews with David Bryan on building a network to withstand thousands of hackers, and using low-cost equipment and volunteers. He has lessons for anyone building a network today. Then we have an interview with Chris Drake of Firehost web hosting on web application security. Finally the third interview is with Suhil Ahmed of Airwave Security about his discovery of a flaw in the WPA WiFi security protocol that can reveal confidential information, and has no patch. But, there is a workaround.

You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to su root edition (episode 160)  via the flash player:

Data Security Podcast Episode 86, Dec 21 2009

Posted in Breach, Podcast, Vulnerabilities with tags , , , , , , , , on December 20, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Twitter’s DNS hijacked

* Fingerprinting credit card mag strips

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 86 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 86 of the Data Security Podcast

* Ira talks with Dr. Robert Morley  about the unique digital fingerprints on every credit card and ATM magnetic strip, and how that fingerprint can fight card cloning fraud. Read about Dr. Morley.  Dr. Morley’s work has been commercialized into products like MagnePrint,  mentioned in the segment.

* Tales From The Dark Web:  Ira gave his take on the reporting by Brian Krebs in the Security Fix blog at the Washington Post site.

* From Our Take on The News: Ira gave his take on the very interesting blog posting by Robert Graham entitled SkyGrabber vs. Predator .

* From Our Take on The News:  Why did a department of health worker in Detroit have electronic copies of thousands of birth certificates in her car? That’s where the records were (on a flash drive) when they were stolen. We give our take on this story in the Detroit Free Press.

* From Out Take on The News:  A program that allows Seattle Area employers to subsidize commuting — it saves employees a lot of money.Only problem is, your travel records are available to your boss. All he has to do is ask.

The Identity Theft Prevention Stamp

The Identity Theft Prevention Stamp

* The Wrap:  A rubber stamp that renders printed personal information illegible (pictured) .  Read more.

Data Security Podcast Episode 66, Aug 17 2009

Posted in Breach, Court Cases, darkweb, eMail Security, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , on August 16, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* Like stealing candy from a baby….is Adobe making it that easy for attackers to get into computers?

* The Clampi Trojan is cleaning out bank accounts, and AV usually doesn’t see it.

* Researcher says that Palm is acting like Big Brother, tracking its users.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 66 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 66 of the Data Security Podcast

* Conversation: Ira talks with Joe Stewart. Technical Director of Malware Research at SecureWorks about the Clampi/Ligats/Ilomo Trojan.  AV usually won’t see it, and targets bank account log-ins, insurance log-ins, and other log-ins that allow attackers to steal.

* Tales From The Dark Web: Security researchers at Trustee are claiming that attacks in the wild targeting unpatched Adobe Flash and Adobe PDF Reader are appearing. And Adobe is making the problem worse. Read the report, and then see what happens when you check the patch level of a system using Adobe’s own Flash version checker. This attack impacts Windows, Mac, Linux and Solaris usres.

*From the News:  Sheriff’s Office explains why it took over county computers

*From the News: Fake Search Engines for Twitter, from Karthik at BlogrPro.

* From the News:  Joey Hess wrote a blog posting where he reveals that Palm is acting like Big Brother to PalmPre users.  Deter Bahn wrote a related posting with more information.

*From the News: Mac OS Trojan.  Read the posting,  and blacklist the .com domain names that are listed here.

Mac Trojan called Mac Cinema

Mac Trojan called "Mac Cinema" - Looks Legit, Doesn't It? Well, it's not.

Data Security Podcast Episode 46 – Mar 30 2009

Posted in Breach, darkweb, Vulnerabilities with tags , , , , , , on March 29, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: New broadband gear botnet ;What will happen with Conficker on April 1st?  And the week’s news.

–> Stream, subscribe or download Episode 46 - Listen or subscribe to the feed to automatically get the latest episode sent to you to your  Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 46 of The Data Security Podcast

-From The News: NASCIO publication mentioned by Samantha, in her story on security and the stimulus plan.

- From The News: Ransom-ware attacks mentioned by Ira. See FireEye’s Blog posting on the topic for more details, including how to de-crypt files without paying the Dark Web’s ransom.

-From The News: RSPlug-F Mac Trojan horse distributed via HDTV website. See the video of an attempted attack. No such thing as malware for the Mac, eh?

. -Tales From The Dark Web: New psyb0t malware targets certain Linux broadband networking equipment. DroneBL has extensive information, scroll down to a post by Crichton for instructions on how to apply defence in depth security to networking gear that does not allow you to change factory default usernames. Unfortunately, many gear makers fall into that category. One also needs to update firmware on networking gear, not just desktop PCs, servers and handheld devices.

- Conversation: Ira talks with Paul Royal of PureWire Security about Conficker and what might or might not happen on April 1st, 2009.

- Wrap Up: Lauren buys a PC. Comments are from YouTube post, not from Data Security Podcast

Data Security Podcast Episode 41 – Feb 23 2009

Posted in criminal forensics, darkweb, Podcast, Vulnerabilities with tags , , , , , on February 22, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Confiker Sequel hits hard; Demand for computer forensics training soars, SANS Institute fills the gaps;  Plus, this week’s news.

–> Stream, subscribe or download Episode 41 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 40

-From The News: Adobe PDF Zero Day. We suggest that you delete Adobe PDF reader, and install a non-Adobe PDF reader. Try PdfReaders.com , and the LostInTechnology.com blog for alternatives to Adobe PDF readers. Read details on the threat at The Shadowserver.org site, including how to disable JavaScipt on Adobe PDF reader. Here is the instructions for a GPO to disable Adobe PDF reader JavaScript.

-From The News: Nigerian 419 scams are more complex than you might think. One example, from the Salt Lake Tribune: Nigerian web scam bilked Utah out of $2.5M.  And, there is this excellent article at 419Eater.com that includes an analysis of some of the variations and motivations of these “poor people who are just trying to get by” when they steal and defraud innocent people of millions of dollars/euros/pounds/yen.

419Eater.com Counter-Scam Site

From 419Eater.com Counter-Scam Site

- Tales From The Dark Web:  Conficker / Downadup strikes back….a newer, stronger variant is out. See details in this blog posting by Ira Victor.

- Conversation: Ira Victor talks with Rob Lee, computer forensics Grand Poobah of The SANS Institute computer forensics program , and the SANS Forensic Blog.

Data Security Podcast Episode 39 – Feb 9 2009

Posted in Breach, darkweb, Podcast, Vulnerabilities, web server security with tags , , , , , , on February 8, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program:  Using DNS to neuter Conficker/Downadup; A new, free VPN helps secure RDP and wireless; Evil traffic “cops” give tickets with malware; And, this week’s news.

–> Stream, subscribe or download Episode 39 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

Program Notes for Episode 39

-From The News: Withinwindows.com blogger Rafeal Rivera scores a victory in the battle to lock down UAC

-From The News: Consumer Electronics Company Agrees to Settle Data Security Charges; Breach Compromised Data of Hundreds of Consumers

Evil parking cops spread malware

Evil parking "cops" spread malware

- Tales From The Dark Web: Malware attacks via fake parking tickets.

- Tales From The Dark Web: OpenDNS will block outbound botnet connections to the Conficker/Downadup master. Blocking will work with free unregistered and free registered users.  You can set your computer’s DNS settings, or your router/firewall/UTM DNS settings to these IP addresses to start using OpenDNS right away: 208.67.222.222 , and 208.67.220.220.

- Conversation: Ira Victor speaks with Egeman Tas, the Senior Research Scientist with Comodo Security, about a free VPN application he is working on. This app is a peer to peer application to make VPNs easy, and yes, free. If you are using RDP, WiFi in a public hot spot, or other relevant applications, you need to use a VPN. The software is still in Beta. It’s only for Windows at this time, but Egeman reports that a MAC and LINUX version is in the works.

-Wrap Up: Congressman Twitters an Iraq Security Breach, revealing details of his location in Iraq . Hoekstra’s spokesman Dave Yonkman, said, “We never agreed to anything as far as not discussing it (beforehand) or during…Congressman Hoekstra believes in giving people in West Michigan as much information as possible.”

Data Security Podcast Episode 32 – Dec 22 2008

Posted in darkweb, Podcast with tags , , , , , , , on December 22, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: A viscous new DNS attack – it’s not easy to tell if you’re a victim. Plus, the data security news.

–> Stream, subscribe or download Episode 32 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System.

Program Notes for Episode 32:

Linux WiFi Photo Frame

Linux WiFi Photo Frame

Who wants a factory-fresh, worm infected photo frame for Christmas? Not you, we hope!  Read the SANS Internet Storm Center report about the lastest malware infested photo frame, the Samsung SPF-85H. Here is one of many safer alternatives .  The safer alternatives  (example of just one, pictured left) use WiFi and Linux to download photos from email accounts or online photo accounts. The safer alternatives don’t require a connection to a local computer to transfer photos to the frame. This lowers the the threats of malware infecting the local computer due to plugging a factory-fresh, but malware infected, digital  frame into a computer.

Tales From The DarkWeb: Ira has a conversation with Bojan Zdrnja of the SANS Internet Storm Center about a  viscous new DNS attack.

Follow

Get every new post delivered to your Inbox.

Join 1,139 other followers