SecuraBit
SecuraBit Before It Bytes!

SecuraBit Episode 80:  Our 8080 Episode
April 20, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Dan Mitchell - @danmitchell

Guests:
int80 - @dualcoremusic
DualcoreMusic

General topics:
http://dualcoremusic.com/nerdcore/
http://www.youtube.com/watch?v=CMNry4PE93Y

NEWS:

Patch Tuesday April 2011 64 patched:
http://www.microsoft.com/technet/security/current.aspx
http://isc.sans.edu/diary.html?date=2011-04-11

Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Verizon 2011 Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Barracuda
http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/
http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter
http://www.flyingpenguin.com/?p=11513
“Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters.  After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market.  As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees.  The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later.  We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”

Texas
http://www.txsafeguard.org/
http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html
“Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”

Michigan Police taking your phones
http://www.thenewspaper.com/news/34/3458.asp
http://www.geekosystem.com/cellebrite-cellphone-hacker/
“The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”

Wordpress
http://en.blog.wordpress.com/2011/04/13/security/
http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter
http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311

Georgian woman cuts off web access to whole of Armenia
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access

Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice
http://www.f-secure.com/weblog/archives/00002134.html
“Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”

Quick Mentions:
FBI take down botnet
http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411
Facebook adds 2 factor
http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Flash 0 day:
http://www.adobe.com/software/flash/about/
Anything below version 10.2.153.1 is vulnerable

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
http://dualcoremusic.com/nerdcore/

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP80.mp3
Category:podcasts -- posted at: 8:00am EDT

SecuraBit Episode 79:  Back to the basics with Marcus Carey!
April 6, 2011

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman – @myne_us

Guests:
Marcus J Carey- @iFail
http://hackersforcharity.org/

General topics:

NEWS:
Epsilon:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411
http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3

"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said.

LizaMoon:
http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511
In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports.

https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111
“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code”

Pandora.com data leak:
http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3
“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “

RSA attack:
http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111
“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html

¾ Energy Firms Had Data Breach over last year:
http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511
Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said.

Comodo what really happened:
https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311
http://pastebin.com/uSdKNDN5
“ I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “

FBI asks for help on cracking code:
http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html

Other Stories:
http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml
http://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
ThotCon (15 Apr 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Direct download: SecuraBit_EP79.mp3
Category:general -- posted at: 11:43pm EDT