Week 14 In Review – 2011

Resources

• CanSecWest Vancouver 2011 Presentation Files – cansecwest.com
  Comprehensive list of presentations during the recently concluded CanSecWest 2011
• The Symantec Internet Secuirty Threat Report Volume 16 Is Here! – symantec.com
  We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available.
• Jeremiah Grossman Reveals His Process For Security Research – resources.infosecinstitute.com
  In our ongoing series of interviews, this week Jeremiah Grossman answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.
• Securing IPv6 – cisco.com
  In this post, we’ll talk about some of the things to consider when securing IPv6 compared to IPv4.
• My Review of SANS FOR610: Reverse Engineering Malware – chrissanders.org
  I had the opportunity to take the SANS FOR610: Reverse Engineering Malware course in Orlando a couple of weeks ago and I wanted to write about my experience with the course.
• Rick Hayes – Assessing and Pen-Testing IPv6 Networks – vimeo.com
  IPv6 attack video discussion.
• vSphere 4.1 Hardening Guide released – run-virtual.com
  The guide covers topics from VMX parameters (special VM configuration settings), ESX host settings, vCenter setup and Virtual Networking guidelines.

Tools

• Wappalyzer Web Technology Identifier – darknet.org.uk
  Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites.
• USBsploit v0.6b! – secuobs.com
  USBsploit is a PoC to generate Reverse TCP backdoors, malicious PDF or LNK files.
• MOSCRACK-2.04b! – sourceforge.net/projects/moscrack/
  Moscrack is a perl application designed to facilitate cracking WPA keys on a cluster of computers.
• RETINA Community – eeye.com
  Retina Community is a completely free tool powered by eEye’s renowned Retina Network Security Scanner technology. For up to 32 IPs, the product identifies vulnerabilities (including zero day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.
• Peach v2.3.8 – sourceforge.net/projects/peachfuzz/
  Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.
• THC-HYDRA v6.2 – thc.org
  THC-HYDRA is a very fast network logon cracker which support many different services.
• Skipfish-1.86b – code.google.com/p/skipfish/
  Skipfish is a fully automated, active web application security reconnaissance tool.
• Cain & Abel v4.9.40 released – oxid.it
  This update includes an added Proxy support for Cain’s Certificate Collector, the ability to specify custom proxy authentication credentials for Certificate Collector, and others.
• The Social-Engineer Toolkit v1.3.3 – secmaniac.com
  The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
• Kismet-2011-03-R2 – kismetwireless.net
  Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
• IDA Pro 6.1 Disassemble Android Bytecode – hex-rays.com
  The new version can disassemble Android bytecode (Dalvik). An IDA user kindly contributed the processor module and file loader.

Techniques

• Remotely execute edm.exe commands on multiple computers – gallery.technet.microsoft.com
  This script invokes whatever command you can use in cmd.exe on one or more computers you input the command you’d like to run as a screen input when you run the script.
• SMBRelay Bible 5: SMBRelay attacks on corporate users – dsecrg.blogspot.com
  Today we will talk about client-side attacks. An attack of a network is a progressive action. Usually, we escalate our rights step-by-step from nothing to a domain administrator.
• Another Big One – golubev.com
  Ivan Golubev tests out the new Radeon HD6990 and compares it to the 5970.
• Slack Attack 0Day Windows Network Interception network Vulnerability – resources.infosecinstitute.com
  This article describes a proof of concept of an interesting application of IPv6.

Vendor/Software Patches

• Apple iOS 4.3 adds additional IPv6 user security – intrepidusgroup.com
  In IPv4, there is a requirement to have an external entity handle IP address assignments.
• WordPress 3.1.1 is available (security fixes) – sucuri.net
  Some security hardening to media uploads, performance improvements, fixes for IIS6 support and fixes for taxonomy and PATHINFO (/index.php/) permalinks.

Other News

• Comodo Hack Fallout
  Some opinions on the recent Comodo hack
  • Comodo Hack May Reshape Browser Security – news.cnet.com
  • The Problem of Issuing Certs For Unqualified Names – threatpost.com
• Epsilon Spear Phishing Crisis
  Security experts are warning consumers to be especially alert for targeted email scams in the coming weeks and months.
  • Epsilon breach Raises Specter of Spear Phishing – krebsonsecurity.com
  • List of Companies Hit By Epsilon Breach – threatpost.com
  • Epsilon Data Breach Expands To Inlcude Capital One, Disney, Others – threatpost.com
  • The Epsilon Phishing Model – garwarner.blogspot.com
  • Playcom customers receiving malicious emails, Silverpop blamed – net-security.org
  • After Epsilon: Avoiding Phishing Scams & Malware – krebsonsecurity.com
  • Your Email Address Was Stolen. Now What? – readwriteweb.com
  • How to protect yourself from future Epsilon breach – erratasec.blogspot.com
• EMC (RSA) Buys NetWitness
  It is no surprise that EMC has acquired Netwitness. Looks like they are serious about this security stuff.
  • EMC (RSA) Acquires NetWitness – spiresecurity.com
  • Fool us once… EMC/RSA Buys NetWitness – securosis.com
• Symantec Logged 286 Million New Threats In 2010 – darkreading.com
  Unique malware and variants galore, and more than 40 percent more mobile vulnerabilities than a year ago.
• Conde Nast Got Hooked On $8 Million Spear Phishing Campaign – wired.com
  The alleged swindler failed to withdraw any funds before federal authorities intervened and froze the money, but the case highlights how little effort a scammer needs to invest in order to get a big payday.
• Fixing the SSL cert nightmare – root.org
  In response to this compromise, many people are recommending drastic changes.
• More Spearphishing: RSA breach news
  Security firm RSA announced in March that it had been the victim of a hack that it described as “extremely sophisticated.”
  • Biggest Lesson From Rsa: Security Really Is Hard – terminal23.net
  • Spearphishing + 0day: RSA hack not “extremely sophisticated” – arstechnica.com
• Unqualified Names in the SSL Observatory – eff.org
  Using data in EFF’s SSL Observatory, we have been able to quantify the extent to which CAs engage in the insecure practice of signing certificates for unqualified names.
• Pandora Mobile App Transmits Gobs Of Personal Data – threatpost.com
  The analysis was conducted by application security firm Veracode and found that Pandora’s free mobile application for Android phones tracked and submitted a range of data, including the user’s gender, geographic location and the unique ID of their phone, according to an entry on Veracode’s blog.