CUISPA Podcast #32 – Meh
http://www.flickr.com/photos/obeyken/4869449359/
Panelists: John Brozycki and Alex Rams
Recorded: 08/09/2010
New Stories
Jailbreak Your iOS to Protect PDF Exploit?
The one-click Jailbreakeme.com – F-SecureÕs blog suggests a jailbreak app
called PDF Loading Warner (search Cydia) will alert when a PDFs are loading.
As of 8/8/2010 Apple is working on a patch that will be released Òin an
upcoming software update.Ó If you do jailbreak which is not a violation of the
Digital Millennium Copyright Act (DMCA); remember to change your SSH Password!
Apple and the iPhone patching process needs improvement; why
do I have to download the entire OS ever few months? Anyone remember Conficker?
http://www.f-secure.com/weblog/archives/00002004.html
http://www.bloomberg.com/news/2010-08-05/apple-develops-fix-for-iphone-flaw-that-allowed-attackers-to-read-e-mails.html
Phishing, old style and new, makes a comeback
WeÕve seen an increase in phishing lately, including a old-style survey phish
appearing to come from the NCUA. Mostly, weÕre seeing phone phish, primarily
automated, trying various ploys to get members to enter their card number,
expiration date, and PIN. We have discussed before how phishing seems to
Òsweep through geographical areasÓ but we wonder if theyÕre not also giving
people time to ÒforgetÓ so they can fall for the same trick all over again.
Incognito? – Private Browsing Mode can be Bypassed
(gasp)
A study from Stanford UniversityÕs Security Lab in the Computer Science
Department shows that the private browsing modes standard on most browsers can
be circumvented. While the study refers to adult Web sites, the WSJ had two
recent cover stories regarding online privacy. What Ôbread crumbsÕ are you
leaving behind?
ÒPrivate browsing mode usually works by not saving things like cookies and
history files to your hard drive. Think of it like browsing the Web using a
live Linux distribution: you turn the computer off and all your data is gone.
Woo! The mode works as advertised unless you come across Web sites that
encrypt data—letÕs say a shopping site. That data could still be on your
hard drive.Ó
Extensions may also cache data without your knowledge which include: Firefox,
Safari, Chrome, and Internet Explorer. Our recommendation is to use a VM to do
your secret browsing.
http://www.crunchgear.com/2010/08/06/study-your-browsers-private-browsing-mode-may-not-always-be-so-private-after-all/
http://online.wsj.com/article/SB10001424052748703748904575411530096840958.html
http://online.wsj.com/article/SB10001424052748703467304575383530439838568.html
http://blogs.computerworld.com/16663/hack_pinpoints_where_you_live_how_i_met_your_girlfriend
Mumba Botnet and Zeus
Mumba botnet infiltrated by security researchers. Used 4 variations of Zeus.
http://avg.typepad.com/files/revised-mumba-botnet-whitepaper_approved_yi_fv-2.pdf
WhatÕs the First Rule of Fight Club?
Back Story: Neil Weiner did not like his boss, Eddie Thompson. Mr. Weiner
allegedly sent London police a CD filled with 177 pictures of child pornography
which Mr. Weiner clamed came from Mr. ThompsonÕs computer. Only catch, Mr.
Weiner told people about his plan a month before at a barbecue. First rule of
framing someone: You don't tell anybody how you're going to frame them.
http://arstechnica.com/tech-policy/news/2010/08/disgruntled-brit-plants-child-porn-on-bosss-computer-calls-cops.ars
As little as 19% of malware picked up by AV products
Does antivirus do more than slow down the CPU?
http://www.theregister.co.uk/2010/08/09/anti_virus_effectiveness_analysis/
Credit Union SECURITY and TECHNOLOGY News from Blogspot.com
Posted on July 22, 2010 By Bill Rogers says, 21% of all credit union
respondents have either suffered a security breach during the past two years or
donÕt know. 35% have been a victim of a phishing attack during the past year.
61% do not test their Incident Response Plan annually. 73% assess themselves
as ÒaverageÓ to ÒfailingÓ when it comes to security awareness efforts with
customers.
http://cusecurity.blogspot.com/2010/07/what-credit-unions-are-saying-or-doing.html
Unpatched Windows kernel
http://www.theregister.co.uk/2010/08/06/unpatched_windows_kernel_vuln/
Cooltility (Cool + Utility = Coolitily)
BackTrack 4 R1 – BlackHat Edition
After 6 months of being in production the
release of BackTrack was released at BH Vegas. The update log includes: A New
Kernel (2.6.34), massively improved hardware support, support for new wireless
drivers, official FluxBox support, and a battery of new tools added.
Download the BackTrack 4 R1 BlackHat Edition: http://www.backtrack-linux.org/downloads/
Quasi-technical segment
How to view websites that may contain malicious content:
* Use a disposable Virtual Machine
* Use Unix/Linux tools CURL (Copy URL) or WGET (Web Get)
* Use NetCat (or possibly built-in (CMD) as follows:
nc TargetIP 80
{press ENTER}
HEAD / HTTP/1.0
{ENTER, ENTER}
Checking for Malware:
YouÕve got a file, attachment, or a link that you need to check. Maybe your boss wants to open it and you have to check first. Maybe itÕs already been opened and you want to see if it was malicious. Here are some tools and resources that will help.
Test attachments and executables for malware against many
AV products:
http://www.virustotal.com/
What about Javascript?:
jsunpack.jeek.org
What about Base64 encoded data?:
http://www.opinionatedgeek.com/dotnet/tools/base64decode/
What about shortened URLs?:
http://security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html
Smarter U.
Are you backing your stuff up? Use Dropbox or Mozy, just a friendly reminder.
In the meantime, have you read the Verizon 2010 Data Breach Investigation
Report yet? You can get a copy at this link:
http://www.verizonbusiness.com/go/2010databreachreport/