gmane.comp.security.funsec

Stolen iPhone posts thief's pics on victim's Facebookaccount

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-24T17:00:50

K goes on a Disney cruise.

Somebody on staff on the cruise line steals K's phone.

And takes pictures.

The iPhone automatically posts pictures on K's Facebook account.

https://www.facebook.com/media/set/?set=a.4102695045342.2181863.122194859
7&type=3&l=45551c466f

or

http://is.gd/xxkPob

(There is a rather heavy irony in the fact that, in order to get these somewhat 
delicious "turn the tables on the thief" situations, you have to join Facebook or 
some other similarly dangerous soc med site, and set a smartphone app to 
automatically post your pictures there ... which carries privacy dangers ...)

It's also amusing that one of the pics probably identifies one of the ship's officers 
...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
The object-oriented model makes it easy to build up programs by
accretion.  What this often means, in practise, is that it
provides a structured way to write spaghetti code.     - Paul Graham
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

malicious binaries

Daniel Otis — 2012-05-22T20:40:27

Many moons ago I ran a site to share malware binaries amongst the people 
on this list.  I'm always looking for a new source of data so I am 
wondering if there is a current free source for sharing malicious 
binaries for analysis.  Thanks!  Also, I wouldn't mind running such a 
service again, the only problem was I was the only one sharing ;)

Daniel

Re: Rotten AV proves "free market" false?

Drsolly — 2012-05-22T11:24:55

"So why are the outcomes of this market so poor? "

Because the job that they're trying to do, can't actually be done.

On Mon, 21 May 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

Rotten AV proves "free market" false?

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-21T18:47:38

(Or lousy OS situation, or pitiful software security in general ...)

http://www.businessinsider.com/when-competition-easy-entry-and-no-government-
produces-lousy-results-a-quick-look-at-the-anti-virus-and-anti-malware-market-
2012-5

or

http://is.gd/yfQXMG

(I do recall some research that indicates "low cost of entry" actually promotes 
monoculture ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
Harold Crick: I'm glad I caught you. I wanted to give you these
Ana Pascal (the baker): What are they?
Harold Crick: Flours.
Ana Pascal: What?
Harold Crick: I brought you flours.
- `Stranger Than Fiction' http://www.imdb.com/title/tt0420223/quotes
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

(Redundant) Backup is good

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-15T22:50:54

An example:
http://www.youtube.com/watch?v=EL_g0tyaIeE

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
         The client interface is the boundary of trustworthiness.
                                             - Tony Buckland, UBC
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Error in Finnish e-prescription software randomly added characters when Return was used

Juha-Matti Laurio — 2012-05-13T09:43:56

Finnish Medical Journal (in Finnish):
http://www.laakarilehti.fi/uutinen.html?opcode=show/news_id=12029/type=1

Google translation:
http://translate.google.com/translate?hl=en?sl=fi&tl=en&u=http%3A//www.laakarilehti.fi/uutinen.html%3Fopcode%3Dshow/news_id%3D12029/type%3D1

It is reported that using Return key in Effica e-prescription software randomly caused the program to add or destroy characters typed by the doctor.
According to the article The National Institute for Health and Welfare ("THL") denied the use of Return key when writing dosage instructions.
Technically the error in the software developed by Tieto company was associated to the message transmission.

Juha-Matti

Re: .secure TLD

2012-05-13T04:24:27

On Fri, 11 May 2012 21:23:01 -0400, Ben April said:

Read between the lines.  The guy scored $9M in startup funding, and
only has to pay ICANN $185K for the .secure TLD. And then he gets to
collect *more* money from anybody silly enough to buy into the TLD.

Step 3: Profit!

PCI DSS and BEAST

Drsolly — 2012-05-12T18:28:35

I just spent two effortful days getting my Secure Server to pass the PCI
DSS. The big problem is the BEAST vulnerability. And it's a corker. What
you have to do to get your certification, is disable most of the strong
crypto that you accept, and only accept some of the weaker ones (a bit of
research on the web will give you that info).

Having done that, and gotten my certification renewed, my QA told me that
some of the big banks haven't passed the PCI DSS tests.

So, naturally, I did my own test. The site I tested (and it's a biggie) 
seems to be vulnerable to MITM attacks.

So here's a freebie to any journos reading this list. Choose a few banks, 
give their Secure Server domain name to a PCI DSS testing facility, and 
see if they pass the standard test.

But only do that if it's legal to do so in the place where you live.

Re: .secure TLD

Bruce Ediger — 2012-05-12T16:35:49


What happened to "The map is not the territory"?

After that, I want to know what happened to "The tap is not
meritorious".

Re: .secure TLD

Nick FitzGerald — 2012-05-12T04:06:54


Well, the whole idea is somewhere between hilarious and blatantly 
ignorant on its face, so that's funny (as in "funny sad" -- these folk 
do seem to think they're doing something useful that will make a 
difference) right off the bat...

If they really want to "assure security" they won't let any of their 
registered domains install any currently-popular web-apps, PHP or, 
realistically, even a web server.

The statement fom the "What is the DPWG?" section of their homepage:

   The introduction of new global Top Level Domains (gTLDs) both poses
   new challenges and offers new opportunities to the information
   security and great Internet communities.  The likely introduction
   of hundreds of new gTLDs has the potential to confuse consumers and
   create new opportunities for malware hosting, phishing and the
   creation of DNS-based control channel networks.  At the same time,
   the new gTLDs give us a chance to start fresh and create portions
   of the Internet where end-users can confidently transact their
   online lives.

is just laughable in its naivety about actual internet crime and 
malware, which nowadays, and for most of the last 5+ years, has had 
nothing to do with faking domain names and like.

The level of lockdown controls they would have to require of 
prospective members would scare off (or necessarily prohibit) all but 
the staunchest few dozen domains and they are doing what they do so 
well now, that they would see no actual real-world value in adding or 
moving to a specially-named TLD.



Regards,

Nick FitzGerald

.secure TLD

Ben April — 2012-05-12T01:23:01

http://www.darkreading.com/authentication/167901072/security/security-management/240000187/new-i-secure-i-internet-domain-on-tap.html

If they really wanted to be secure they would require the
implementation of RFC 3514

Terrorist toddlers (Toddler terrorists?)

Robert Slade — 2012-05-11T17:49:07

http://www.vancouversun.com/travel/toddler+JetBlue+employees+pull+month+from+flight+over+list/6606185/story.html

Re: As you were ...

Paul Ferguson — 2012-05-10T21:17:52

I knew it! :-)

- ferg

- Sent from my Android device.
On May 10, 2012 4:10 PM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <
rMslade< at >shaw.ca> wrote:

As you were ...

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-10T22:03:41

Apparently the Mayan's were as bad as anyone else changing their minds on the 
date of the end of the world ...

http://www.sciencedaily.com/releases/2012/05/120510141905.htm

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
The evening news is where they begin with 'Good evening,' and
then proceed to tell you why it isn't.
            - http://twitter.com/judybishop/status/25012495785664512
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

7 Ways Oracle Puts Database Customers At Risk

Juha-Matti Laurio — 2012-05-10T15:19:56

A very good coverage:

http://www.darkreading.com/database-security/167901020/security/news/232901381/7-ways-oracle-puts-database-customers-at-risk.html

Juha-Matti

Re: Seriously?

Nick FitzGerald — 2012-05-06T04:32:08


But of course -- everyone knows that Android is based on Linux and 
_everyone_ knows Linux, _like all other Unix-y OSes, BSDs and thus 
Apple-OSes_, are inherently virus-immune.

Fred Cohen sure made those early PC users look stupid...

   http://all.net/books/Dissertation.pdf

Oh, wait, I was misremembering that, wasn't I???

...

Android, like Apple-OSes, shows the fallacy of all that historic BS.  
Make a "Unix like" machine anywhere near as "usuable" as Windows, for 
your run-of-the-mill "typical computer user" and guess what?  Mostly 
the same security issues, as once the non-truly-expert users are using 
such OSes _and_ the manufacturers are in a competitive bidding war for 
sales, guess what turns out to most easily removed or at least watered-
down?

And before all the fan boiz get upset, notice that that is not a 
defence of MS doing it exceptionally _and deliberately_ crappily for 
their first two decades or so.  It is just (part of) the explanation 
for why any given fan boiz' favourite nix-ish OS was never anywhere 
near as popular as Windows.



Regards,

Nick FitzGerald

Re: Seriously?

Nick FitzGerald — 2012-05-06T04:13:55


The numbing incoherence in the use of language?

Absolutely!

Let's allow a bunch of semi-quasi-literate, recent, CompSci or SW Eng 
graduates write the technical bits of a press release about some 
"exciting" new [or not] malware development _then_ have the marketing 
wonks "tidy it up" for release.

What could _possibly_ go wrong with that?



Regards,

Nick FitzGerald

Re: Seriously?

2012-05-06T03:59:28

I was actually referring to the type of article that claims "XYZ is a new threat".... I remember recently along with this "drive by is new" that there was a "memory viruses are the new threat"....

There are too many "security professionals" that get their recent news from C-net or information week :-(

Mike B

From: Blanchard, Michael (InfoSec)
Sent: Saturday, May 05, 2012 11:55 PM
To: 'dan< at >doxpara.com' <dan< at >doxpara.com>
Cc: 'noloader< at >gmail.com' <noloader< at >gmail.com>; 'funsec< at >linuxbox.org' <funsec< at >linuxbox.org>
Subject: Re: [funsec] Seriously?

I'll bet A/V detects this... BUT, I'll also bet it's rare to find AV running on the 'droids :-)

Mike B

From: Dan Kaminsky [mailto:dan< at >doxpara.com]
Sent: Saturday, May 05, 2012 11:08 PM
To: Blanchard, Michael (InfoSec)
Cc: noloader< at >gmail.com <noloader< at >gmail.com>; funsec< at >linuxbox.org <funsec< at >linuxbox.org>
Subject: Re: [funsec] Seriously?

So what's your bet on whether AV detects it?

On Sat, May 5, 2012 at 7:40 PM, <michael.blanchard< at >emc.com<mailto:michael.blanchard< at >emc.com>> wrote:
I LOVE stuff like this....  Just because of the "security professionals" that come running out of the woodwork to us asking us "...  Hey you see this new thing?!?!  It's totaly OH-day and I'll bet A/V doesn't detect it too!!..."

  I use it as a gauge of how much those folks actually know, and try to avoid them in the future....

 It really sucks when it's folks that work with you too!   Used to happen in another gig years ago... Would never happen where I a now!  LOL

 Mike B

----- Original Message -----
From: Jeffrey Walton [mailto:noloader< at >gmail.com<mailto:noloader< at >gmail.com>]
Sent: Saturday, May 05, 2012 03:18 PM
To: FunSec List <funsec< at >linuxbox.org<mailto:funsec< at >linuxbox.org>>
Subject: [funsec] Seriously?

Seriously? The "new threat of user-initiated drive by downloads"?

===============================================

Don’t Install Android Security Updates While Browsing the Web,
http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/

Surfing the web on Android is relatively safe, but a new threat tricks
users into installing a trojan that calls itself a security update.

Symantec discovered the Android.Notcompatible threat this week,
calling attention to the new threat of user-initiated drive by
downloads.

Malware is a problem on Android smartphones, but it is typically
reserved for infected fake games and apps found on third-party
marketplaces. This new attack can happen on any infected webpage, and
relies on tricking the user into installing the malware.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: Seriously?

2012-05-06T03:55:24

I'll bet A/V detects this... BUT, I'll also bet it's rare to find AV running on the 'droids :-)

Mike B

From: Dan Kaminsky [mailto:dan< at >doxpara.com]
Sent: Saturday, May 05, 2012 11:08 PM
To: Blanchard, Michael (InfoSec)
Cc: noloader< at >gmail.com <noloader< at >gmail.com>; funsec< at >linuxbox.org <funsec< at >linuxbox.org>
Subject: Re: [funsec] Seriously?

So what's your bet on whether AV detects it?

On Sat, May 5, 2012 at 7:40 PM, <michael.blanchard< at >emc.com<mailto:michael.blanchard< at >emc.com>> wrote:
I LOVE stuff like this....  Just because of the "security professionals" that come running out of the woodwork to us asking us "...  Hey you see this new thing?!?!  It's totaly OH-day and I'll bet A/V doesn't detect it too!!..."

  I use it as a gauge of how much those folks actually know, and try to avoid them in the future....

 It really sucks when it's folks that work with you too!   Used to happen in another gig years ago... Would never happen where I a now!  LOL

 Mike B

----- Original Message -----
From: Jeffrey Walton [mailto:noloader< at >gmail.com<mailto:noloader< at >gmail.com>]
Sent: Saturday, May 05, 2012 03:18 PM
To: FunSec List <funsec< at >linuxbox.org<mailto:funsec< at >linuxbox.org>>
Subject: [funsec] Seriously?

Seriously? The "new threat of user-initiated drive by downloads"?

===============================================

Don’t Install Android Security Updates While Browsing the Web,
http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/

Surfing the web on Android is relatively safe, but a new threat tricks
users into installing a trojan that calls itself a security update.

Symantec discovered the Android.Notcompatible threat this week,
calling attention to the new threat of user-initiated drive by
downloads.

Malware is a problem on Android smartphones, but it is typically
reserved for infected fake games and apps found on third-party
marketplaces. This new attack can happen on any infected webpage, and
relies on tricking the user into installing the malware.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: Flash! TSA bans bread!

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-06T03:44:23

Date sent:      Sun, 6 May 2012 10:54:21 +0900
From:           peter evans <peter< at >ixp.jp>


*Don't* mention the scanners!

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
I have to inform you that my mind is registered as a deadly
weapon with the RCMP Commercial Crimes Squad, Computer Crimes
Division.
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Re: Seriously?

Dan Kaminsky — 2012-05-06T03:08:44

So what's your bet on whether AV detects it?

On Sat, May 5, 2012 at 7:40 PM, <michael.blanchard< at >emc.com> wrote: