Week 6 in Review – 2012

Event Related

• ShmooCon Firetalks 2012
• ShmooCon Firetalks 2012 – irongeek.com
  These are the videos I have for the ShmooCon Firetalks 2012.
• ShmooCon Epilogue 2012 – irongeek.com
  These are the videos I have for ShmooCon Epilogue 2012. Georgia recorded the live parts, and my rig was used for the slides. Sorry that there are some missing talks, Georgia may have them on her site.
• ShmooCon 2012 FireTalks – Update 8 (Videos from Saturday) – novainfosecportal.com
  To follow up with Friday’s post re getting a lot of the other awesome ShmooCon Firetalks out there, here is the complete line up from Saturday night. And if you are interested in seeing all the talks from each night, IronGeek has just put out a post with two longer videos from each evening.
• FOSDOM Presentation
• Sandbox applications quickly with KVM or LXC – h-online.com
  In the “Building application sandboxes on top of LXC and KVM with libvirt” FOSDEM presentation, Red Hat developer Daniel Berrange introduced libvirt-sandbox, which confines individual applications in a secured area (“sandbox”) using the KVM (Kernel-based Virtual Machine) virtualisation solution or LXC (Linux Containers).
• DoD Cyber Crime Conference Presentation: Recipes for Remediation – blog.mandiant.com
  Wendi Rafferty and I presented at the DoD Cyber Crime conference in Atlanta, GA. Our presentation, “Recipes for Remediation: Key Ingredients for Building a More Resilient Security Program,” has been posted to the MANDIANT Archive Presentations page here.

Resources

• Malware Analysis Tutorial 1 – VM Based Analysis Platform – fumalwareanalysis.blogspot.com
  This tutorial is intended for those who are interested in malware analysis. We take a step-by-step approach to analyzing a malware named ZeroAccess.
• Research Paper – uscc.gov
  Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
• Tools, Techniques, Procedures of the RSA Hackers Revealed – commandfive.com
  “Details of the tools, techniques and procedures used by the hackers behind the RSA security breach have been revealed in a research paper (PDF) published by Australian IT security company Command Five.
• ClubHack Magazine Issue #25, Feb 2012 Released – chmag.in
  The ClubHack Magazine is the first ‘hacking‘ magazine in India.
• Trustwave 2012 Global Security Report – trustwave.com
  The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends.
• PiOS: Detecting Privacy Leaks in iOS Applications – seclab.cs.ucsb.edu
• DDoS and Security Reports: The Arbor Networks Security Blog – ddos.arbornetworks.com
  A visual sample of Distributed Denial of Service (DDoS or DoS) attack tools & services compiled by Curt Wilson – Research Analyst, Arbor Networks ASERT
• NIST revises computer security incident guide – federalnewsradio.com
  New draft guidance is giving agencies some help in responding to the ever-changing landscape of cyber threats.
• How Offensive Research Drives Down the Cost of Attacks – threatpost.com
  CANCUN–The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels.
• Adventures with Daisy in Thunderbolt-DMA-land: Hacking Macs through the Thunderbolt interface – breaknenter.org
  We security folks often feel like we are regurgitating the same type of security issues over and over again, just in new contexts. So depending on how you look at it, this is “old new” or “new old” news.
• Maximizing Value in Pen Testing – pen-testing.sans.org
  The penetration testing business faces a great danger as more and more people jump into the field offering very low-value penetration tests that are little better than an automated vulnerability scan. In this article, we’ll discuss how to conduct your tests and write up results so that they can provide significant business value to the target organization.
• M86 Security Threat Report for the Second Half of 2011 is Now Available – labs.m86security.com
  We are releasing today our bi-annual Threat Report for 2H 2011. The report relies on M86 Security Labs analysis of spam and malware activity, including the current use of exploit kits, fraudulent digital certificates and social networking schemes.
• What are the differences in Security Certifications? – blog.securestate.com
  What are worthwhile security-related certifications?

Tools

• Qubes Beta 3! – theinvisiblethings.blogspot.com
  A new ISO with the just released Qubes Beta 3 is now available for download here.
• THC-HYDRA v7.2 – thc.org
  “THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows, Cygwin, Solaris, FreeBSD and OSX.”
• TrueCrypt 7.1a – truecrypt.org
  TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention.
• Improving and Adding More Pentesting Tools for BackTrack 5 – theprojectxblog.net
  For BackTrack users out there, I found a good shell script which is bt5-fish.sh that fixes your BackTrack 5 installation and adds more open source penetration testing tools. The tools / packages will be installed / converted to svn installs.

Techniques

• JSON CSRF with Parameter Padding – blog.opensecurityresearch.com
  The JavaScript Object Notation (JSON) format is one of the prominent data exchange formats of the contemporary web applications. When a web application implements JSON, Cross Site Request Forgery (CSRF) payload delivery gets bit tricky because of query string and JSON format mismatch. With couple of tricks however, we can successfully execute CSRF attacks with JSON payloads.
• Quickpost: Disassociating the Key From a TrueCrypt System Disk – blog.didierstevens.com
  TrueCrypt allows for full disk encryption of a system disk. I use it on my Windows machines.
• Direct Shellcode Execution via MS Office Macros with Metasploit – carnal0wnage.attackresearch.com
  scriptjunkie recently had a post on Direct shellcode execution in MS Office macros I didnt see it go into the metasploit trunk, but its there. How to generate macro code is in the post but i’ll repost it here so i dont have to go looking for it elsewhere later.
• Hacking Cradle Point Routers – Obscurity at the Peak – zeroknock.blogspot.com
  Cradle-point wireless routers are used heavily for setting small networks. However, Cradle-point uses interesting MAC specific authentication credentials which are unique for every router because of the MAC address uniqueness.
• MindshaRE: IDAception – dvlabs.tippingpoint.com
  If you’ve ever tried collaborating with other people while reverse engineering a vulnerability your process probably includes some tedious steps, like transferring.

Vendor/Software Patches

• Path uploads your entire iPhone address book to its servers – mclov.in
  Path has released a new version of the app which asks for permission before it sends your address book to its servers and has blogged about the episode.

Vulnerabilities

• Satellite Phone Encryption Cracked – telegraph.co.uk
  German academics said they had cracked two encryption systems used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent. Hundreds of thousands of satellite phone users are thought to be affected.
• Another Serious Security Bug on PHP 5.3.9 – PHP Classes blog – phpclasses.org
  PHP 5.3.9 release was mostly meant to fix a security bug, but it introduced a new more serious bug. PHP 5.3.10 was just released to fix this issue.
• Flaw in Home Security Cameras Exposes Live Feeds to Hackers – wired.com
  A flaw in home security cameras made by Trendnet potentially exposed thousands of customers to hackers who could access the live video feeds without a password.
• ‘CVE-2012-0056 Metasploit Exploit – pastebin.com
  This file is part of the Metasploit Framework and may be subject toredistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use.

Other News

• Critics slam SSL authority for minting certificate for impersonating sites – arstechnica.com
  Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn’t own.
• Google to strip Chrome of SSL revocation checking – arstechnica.com
  Google’s Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company’s top engineers compared it to seat belts that break when they are needed most.
• Hacker Sentenced to 30 Months in Prison – securityweek.com
  A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.
• AntiSec leaks Symantec pcAnywhere source code after $50k extortion not paid – blogs.computerworld.com
  Symantec had said it would pay $50,000 to a group of hackers associated with Anonymous and AntiSec in order to keep its source code from being leaked online.
• Trustwave issued a man-in-the-middle certificate – h-online.com
  Certificate authority Trustwave issued a certificate to a company allowing it to issue valid certificates for any server.
• Hackers hit CIA, UN Web sites – news.cnet.com
  With the CIA site inaccessible, the Twitter account for @YourAnonNews tweeted “CIA TANGO DOWN: cia.gov #Anonymous” and included a link to a news story about the outage on Russian site RT.com.