Archive for March, 2010

Episode 123 – March 27, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on March 28, 2010 by Habeas Hard Drive

Episode 123 features two interviews, and the show is 72 minutes long.

First — an amazing story about a scareware company that sold hundreds of millions worth of fake antivirus. A big, big, business with offices across the globe, 650 employees, and a tech support operation for the “customers” who bought the fake software. Writer Jim Giles tells the story. Jim’s interview starts about 21 minutes into the show. His article for New Scientist is featured here.

Later in the show – we talk to the Director of Global Electronics Systems Engineering at Ford Motor Company, Jim Buczkowski. Ford has put a firewall between the dashboard, where you jack in with your mobile device, and the car’s computer systems.  The thinking is, if your device is infected,we  wouldn’t want it to cause break failure or something like that! Ford is ahead of the game on this. Ford’s Sync system is multi-functional communication system in the dashboard. Here’s hoping it lives up to its promise. The interview starts approximately 58 minutes into the show.

Our Take on This Week’s News:

Lead story? This article in the U.K.Telegraph touts “typeprint analysis” as as if it were a hot new development, and reports that British researchers are looking for a grant to study it further as a way to monitor whether there are pedophiles online, chatting with the kids. Is anyone else sick of pedophilia and other sex crimes as a frame on which to hang funding requests and tax increases? This article doesn’t read well, and it certainly doesn’t break any technology news. The researchers mention that there are private sector uses for their work. All well and good, particularly since positive ID for banking transactions is among them. So why hide behind the pedophiles?  And why did the reporter not dig deeper into what’s new and different about this use of an established technology?

It’s tax season, and of course, the cybercriminals are focused on whatever preoccupies the rest of us. A new email scam features a fake IRS email notice… which leads to a zeus attack. NOTE TO EMPLOYERS AND I T ADMINS: This could show up in your employees’ inbox as an email from your company…. as in: “we have overcalculated your social security tax, and we need to fix it before April 15.” Or some such nonsense. You should write a memo immediately, alerting employees that they are to ignore any email that induces them to action regarding taxes.

Federal employees have received 12 months probation and community service as punishment for viewing (collectively) 900 confidential passport applications. Nobody appears to have been fired for this. At least the justice department press release doesn’t mention any firings.

Here’s a story we picked up at RSA in San Francisco. Tom Murphy, Chief Strategy Officer of  Bit9,  discusses (among other things) targeted attacks that are narrower than spam, viruses and botnets. They are customized to specific organizations to steal specific information. Bit9 has some free security tools that could help.

CanSecWest hacking contest: The predictions were correct. iPhone fell first (it took 20 seconds). Then Apple Safari. Then IE8 on Windows 7. See references below.


Apple OSX and Apple Safari:;post-5855

Windows7 IE8:;col2

Nonetheless, your employees will be bringing their new iPads to work. Tony Bradley offers a lot of security questions businesses need to ask. Ask them this week, before the iPad hits the stores. (Tony Bradley is co-author of Unified Communications for Dummies . He tweets as @Tony_BradleyPCW . You can follow him on his Facebook page , or contact him by email at .

Security training can be – well – boring. The employees sit in a seminar and listen to abstract descriptions of attacks. And they never get a chance to practice what they learn. So that’s why researchers at Carnegie Mellon University decided to try training that includes “microgames.” Little games employees can play in a few minutes. The objective is to teach them about phishing attacks…. How to discern a “good URL” from a “bad URL.” Then the researchers measured whether the gamers retained the information. And most did. The fun interaction with the phishing lesson made a difference. CMU’s Dr. Jason Hong directed the research. We have posted an interview with him on the conference notes page. His team is marketing their training games now. The company is called Wombat Security.

Virtual Machines – an attractive solution in these times when money is tight. But before you virtualize, update your security plan. Here are some tips from F5 Netorks.

Hate to say we told you so…. Airport worker given police warning for ‘misusing’ body scanner. If by “misusing” you mean “taking a picture of your co-worker as she walks through it.”

March 20, 2010 – Episode 121

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, eMail Security, Exclusive, Show Notes, web server security with tags , , , , , , , , on March 20, 2010 by Habeas Hard Drive

Episode 121 is 70 minutes long. Our interview segment is a major highlight- not to be missed! Patrick Peterson, Cisco Fellow, explains how modern web attacks work, amd why anti-virus and firewalls are failing. The interview is about ten minutes long, and it starts about 22 minutes into the show. You may go to listening options to download the program or find other options to hear the program; or you may stream the program using the flash player below:

Our Take on This Week’s News:

MySpace user data is offered for sale on This lengthy blog post on ReadWriteWeb contemplates the state of “big data.”  PC world reports it, too.

Annual report from the internet crime complaint center (IC3) was released this week. The FBI’s cybercrime investigation unit – which was launched in 2000 — reports that complaints were up 22 percent in 2009 over 2008… and that the loss from all cases referred was more than half a billion dollars… descriptions of top scams start on page 13 of the report.

Madoff’s computer programmers indicted.

Ponemon Institute study on the level of trust in the banks by commercial customesr. A wakeup call to the banking industry: Get serious about Zeus or you customers will walk.

CanSecWest (Canadian Security conference) starts Wednesday: Microsoft’s Internet Explorer 8 will be easily penetrated in the Pwn2Own hacking challenge.

Plus Chmapion hacker Charlie Miller says he has 20 vulnerabilites to bring down Apple Safari browser on Mac OS X.

Hancock Fabrics – Bad guys swap PIN pads at cashier desks. Here’s a letter from the President and CEO of the stores:

Vodafone distributes Mariposa botnet attack.

Remember the former auto dealership employee who hacked the remote communication system and started disabling customer vehicles?   We interview executives from the company that makes the system,  Pay Technologies.  Jim Kreuger and David Ronisky are the co-founders.

Teen hacks code for Walmart public address system, makes racially charged announcement to customers.

Episode 118 and 119 – March 14, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , on March 13, 2010 by Habeas Hard Drive

Episode 118 is the ‘su root’ episode,  our unedited interview with Joe Weiss, author of the forthcoming book, “Protecting Industrial Control Systems from Electronic Threats.” Joe says there’s a  lack of trained personnel to manage system controls in the Smart Grid, and indeed in the entire insdustrial infrastructure.  The results of this understanding gap could be catastrophic. The full-length interview is 24 minutes.

Episode 119 is the weekly podcast of The CyberJungle. Listen by clicking below. This week’s show is 69 minutes long.

Here are the shownotes:

Met Matt Carpenter at RSA. He works as a consultant for InGuardians and specializes in penetration testing for electrical utilities. Pen testing is a complex process of thinking like an attacker, and then simulating what an attacker would do. Matt was a panelist in a number of smart grid sessions, and he brought up some alarming scenarios that highlight the possible hazards of the electrical smart. The interview is about 21 minutes into the show.

This week’s news:

TSA agent injects terrorist watchlist server with destructive code after being given termination notice. He’s been indicted by a federal grand jury on two violations of the Computer Fraud and Abuse act. And he’s out on bail. (We question the wisdom of letting an employee know in advance that he’ll be fired, and then giving him two weeks’ access to systems affecting national security.)

EFF files PUC guidelines for smart meter privacy, as California rolls out the program. Read the comments as they were filed. (Read the 49-page legal document, PDF)

Father and Son Plead Guilty to Selling Counterfeit Software Worth $1 Million.  Why this matters: Malware hidden in the software, you gave permission for the malware to be installed! If the sales are traced back to you, you have to delete the software, and buy it again. You can’t keep car!

How Microsoft’s URL reputation system works: [from]

Mariposa botnet attack distributed via some Google Android Phones

Posted in Breach, criminal forensics, darkweb, Vulnerabilities with tags on March 8, 2010 by Habeas Hard Drive

Today, Panda researcher Pedro Bustamante is reporting that the Mariposa botnet attack is being distributed via some mobile phone with Google’s Android operating system. When some versions of the phone are plugged into a computer via USB, a malicious file tries to execute on the PC. A quick analysis of the malware reveals that the malware is in fact a Mariposa bot client, but this time, the botnet is being run by a newly discovered Dark Web group. Mariposa has a USB spreading mechanism.

The forensics on the Mariposa botnet are very interesting, with a number of stealthy elements. You can listen to details on this attack on this ‘su root’ episode of The CyberJungle. This interview talks about the forensic elements of this attack, in the context of the take down last week. It appears that another group is using the same attack, with similar “stealthy elements.”  Ira Victor of The CyberJungle drilled down into those element in this interview. Su root editions are more technically in-depth special editions of The CyberJungle.

The su root episode (#116) of The CyberJungle can be downloaded from the listening options page, or streamed here:

You can read Pedro’s blog post here for more forensics.

Episodes 116 and 117 – March 7, 2010

Posted in Breach, Conference Coverage, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, The CyberJungle, Vulnerabilities with tags , , , , , on March 6, 2010 by Habeas Hard Drive

The CyberJungle episode 117 is a special RSA Security Conference coverage. It includes an interview with Juan Santana, the CEO of Panda Security on the take down of the Mariposa Botnet. This botnet impacted people in just about every county in the world, and stole in part, bank credentials. Ira mentioned Christopher Brown’s forensics book, Computer Evidence: Collection & Preservation.

In “Tales from the Dark Web” we explore how cybercrime gangs recruit and use money mules to move cash after they’ve stolen it out of bank accounts.  Bank of America Senior Vice President David Shroyer.

We attended a Cloud Security Alliance Security Summit at RSA, where we discovered  the

The CyberJungle full episode 117 can be downloaded from the listening options page, or streamed here:

Plus, as our “su root” edition this week, we have posted an interview on the incident response related to the Mariposa Botnet with Pedro Bustamante from Panda Security. We caught up with him at the RSA Security Conference.

We spoke with Gerry Brown and Christopher Brown on forensics and evidence collection for electric smart grid attacks. The su root interview is always longer and more technically sophisticated than the podcast versions, which have been edited for radio.

This su root episode (#116) of The CyberJungle can be downloaded from the listening options page, or streamed here:

From the Expo Floor at RSA – And you thought your computer was buggy…

Posted in Uncategorized on March 2, 2010 by Habeas Hard Drive

If this doesn’t get the point across, we don’t know what would.  (They’re real, and they’re spectacular.) Someone in the eset marketing department deserves a raise and a promotion for this exhibit.  To see and hear more serious reports about the RSA Security Conference  in San Francisco, see our Conference Notes page. We’ll post new material several times daily. The Conference Notes page also has its own RSS feed, so if you’re interested, you can be notified whenever there’s a new post.