gmane.comp.security.funsec

Re: malicious binaries

2012-05-24T12:14:43

i get mine from


VirusWatch mailing list
VirusWatch< at >lists.clean-mx.com
http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch

great feed for research


On May 22, 2012, at 2:40 PM, Daniel Otis <dso< at >moosoft.com> wrote:

Re: Rotten AV proves "free market" false?

2012-05-22T21:54:46

malware/badware makers are better than AV writters. 

On May 22, 2012, at 5:24 AM, Drsolly <drsollyp< at >drsolly.com> wrote:

Re: funsec Digest, Vol 81, Issue 9

Erin Boyle — 2012-05-13T17:00:16

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Re: .secure TLD

Stephanie Daugherty — 2012-05-13T05:41:33

Haha, yeah.

In all seriousness though, I would be all for it if the technical
requirements were a moving target that follows industry best practice and
competent security recommendations

Update the requirements yearly to be as strict as possible and give at most
1 year to be up to par.

Won't be perfect, but if we .secure can force everyone to cut down their
low hanging fruit once in a while, we'd have some step forward rather than
the feel-good joke of a marketing gimmick it's likely to become.




On Fri, May 11, 2012 at 9:23 PM, Ben April <bapril< at >gmail.com> wrote:

Re: funsec Digest, Vol 81, Issue 8

Erin Boyle — 2012-05-12T17:00:21

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Re: funsec Digest, Vol 81, Issue 7

Erin Boyle — 2012-05-11T17:00:21

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Breakpoint 2012 Call For Papers

2012-05-10T11:49:38

                 . ______________________________________
                 ._\\.         Breakpoint 2012           (___.
                 :          Intercontinental Rialto          :
                 :           Melbourne,  Australia           :
                 :             October 17th-18th             :
                 :__                                    . ___:
                    )____________________________________\\
                                                            .
                          www.ruxconbreakpoint.com
                          www.twitter.com/ruxconbpx



Introduction
------------

 Breakpoint is a new security conference to be held on the 17th and 18th of
 October, in Melbourne Australia. The event will show case the work of expert
 security researchers from around the world on a wide range of topics.
 Breakpoint is organised by the Ruxcon conference team and will offer a
 specialised and more professional security conference to complement and lead
 into the larger and

Re: funsec Digest, Vol 81, Issue 6

Erin Boyle — 2012-05-10T17:00:44

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Re: funsec Digest, Vol 81, Issue 5

Erin Boyle — 2012-05-06T17:00:28

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Re: funsec Digest, Vol 81, Issue 2

Erin Boyle — 2012-05-05T17:00:17

I will be out at the office with extremely limited access to email from
April 28th until May 12th.  If you need urgent assistance, please email
pcsupport< at >dcemail.harvard.edu. or call 617-998-8558.  Thank you!

Re: Stolen iPhone posts thief's pics on victim's Facebookaccount

Dr. Neal Krawetz — 2012-05-25T17:34:18

Too bad Facebook strips out GPS information.
This is pretty damning evidence implying theft by a cruise employee.

-Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/


On Thu, May 24, 2012 at 10:00:50AM -0700, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

Stolen iPhone posts thief's pics on victim's Facebookaccount

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-24T17:00:50

K goes on a Disney cruise.

Somebody on staff on the cruise line steals K's phone.

And takes pictures.

The iPhone automatically posts pictures on K's Facebook account.

https://www.facebook.com/media/set/?set=a.4102695045342.2181863.122194859
7&type=3&l=45551c466f

or

http://is.gd/xxkPob

(There is a rather heavy irony in the fact that, in order to get these somewhat 
delicious "turn the tables on the thief" situations, you have to join Facebook or 
some other similarly dangerous soc med site, and set a smartphone app to 
automatically post your pictures there ... which carries privacy dangers ...)

It's also amusing that one of the pics probably identifies one of the ship's officers 
...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
The object-oriented model makes it easy to build up programs by
accretion.  What this often means, in practise, is that it
provides a structured way to write spaghetti code.     - P

malicious binaries

Daniel Otis — 2012-05-22T20:40:27

Many moons ago I ran a site to share malware binaries amongst the people 
on this list.  I'm always looking for a new source of data so I am 
wondering if there is a current free source for sharing malicious 
binaries for analysis.  Thanks!  Also, I wouldn't mind running such a 
service again, the only problem was I was the only one sharing ;)

Daniel

Re: Rotten AV proves "free market" false?

Drsolly — 2012-05-22T11:24:55

"So why are the outcomes of this market so poor? "

Because the job that they're trying to do, can't actually be done.

On Mon, 21 May 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

Rotten AV proves "free market" false?

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-21T18:47:38

(Or lousy OS situation, or pitiful software security in general ...)

http://www.businessinsider.com/when-competition-easy-entry-and-no-government-
produces-lousy-results-a-quick-look-at-the-anti-virus-and-anti-malware-market-
2012-5

or

http://is.gd/yfQXMG

(I do recall some research that indicates "low cost of entry" actually promotes 
monoculture ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
Harold Crick: I'm glad I caught you. I wanted to give you these
Ana Pascal (the baker): What are they?
Harold Crick: Flours.
Ana Pascal: What?
Harold Crick: I brought you flours.
- `Stranger Than Fiction' http://www.imdb.com/title/tt0420223/quotes
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

(Redundant) Backup is good

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-15T22:50:54

An example:
http://www.youtube.com/watch?v=EL_g0tyaIeE

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
         The client interface is the boundary of trustworthiness.
                                             - Tony Buckland, UBC
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Error in Finnish e-prescription software randomly added characters when Return was used

Juha-Matti Laurio — 2012-05-13T09:43:56

Finnish Medical Journal (in Finnish):
http://www.laakarilehti.fi/uutinen.html?opcode=show/news_id=12029/type=1

Google translation:
http://translate.google.com/translate?hl=en?sl=fi&tl=en&u=http%3A//www.laakarilehti.fi/uutinen.html%3Fopcode%3Dshow/news_id%3D12029/type%3D1

It is reported that using Return key in Effica e-prescription software randomly caused the program to add or destroy characters typed by the doctor.
According to the article The National Institute for Health and Welfare ("THL") denied the use of Return key when writing dosage instructions.
Technically the error in the software developed by Tieto company was associated to the message transmission.

Juha-Matti

Re: .secure TLD

2012-05-13T04:24:27

On Fri, 11 May 2012 21:23:01 -0400, Ben April said:

Read between the lines.  The guy scored $9M in startup funding, and
only has to pay ICANN $185K for the .secure TLD. And then he gets to
collect *more* money from anybody silly enough to buy into the TLD.

Step 3: Profit!

PCI DSS and BEAST

Drsolly — 2012-05-12T18:28:35

I just spent two effortful days getting my Secure Server to pass the PCI
DSS. The big problem is the BEAST vulnerability. And it's a corker. What
you have to do to get your certification, is disable most of the strong
crypto that you accept, and only accept some of the weaker ones (a bit of
research on the web will give you that info).

Having done that, and gotten my certification renewed, my QA told me that
some of the big banks haven't passed the PCI DSS tests.

So, naturally, I did my own test. The site I tested (and it's a biggie) 
seems to be vulnerable to MITM attacks.

So here's a freebie to any journos reading this list. Choose a few banks, 
give their Secure Server domain name to a PCI DSS testing facility, and 
see if they pass the standard test.

But only do that if it's legal to do so in the place where you live.

Re: .secure TLD

Bruce Ediger — 2012-05-12T16:35:49


What happened to "The map is not the territory"?

After that, I want to know what happened to "The tap is not
meritorious".

Re: .secure TLD

Nick FitzGerald — 2012-05-12T04:06:54


Well, the whole idea is somewhere between hilarious and blatantly 
ignorant on its face, so that's funny (as in "funny sad" -- these folk 
do seem to think they're doing something useful that will make a 
difference) right off the bat...

If they really want to "assure security" they won't let any of their 
registered domains install any currently-popular web-apps, PHP or, 
realistically, even a web server.

The statement fom the "What is the DPWG?" section of their homepage:

   The introduction of new global Top Level Domains (gTLDs) both poses
   new challenges and offers new opportunities to the information
   security and great Internet communities.  The likely introduction
   of hundreds of new gTLDs has the potential to confuse consumers and
   create new opportunities for malware hosting, phishing and the
   creation of DNS-based control channel networks.  At the same time,
   the new gTLDs give us a chance to start fresh and create portions
   of the Internet where end-users can confidently transa