gmane.comp.security.funsec

Breakpoint 2012 Call For Papers

2012-05-10T11:49:38

                 . ______________________________________
                 ._\\.         Breakpoint 2012           (___.
                 :          Intercontinental Rialto          :
                 :           Melbourne,  Australia           :
                 :             October 17th-18th             :
                 :__                                    . ___:
                    )____________________________________\\
                                                            .
                          www.ruxconbreakpoint.com
                          www.twitter.com/ruxconbpx



Introduction
------------

 Breakpoint is a new security conference to be held on the 17th and 18th of
 October, in Melbourne Australia. The event will show case the work of expert
 security researchers from around the world on a wide range of topics.
 Breakpoint is organised by the Ruxcon conference team and will offer a
 specialised and more professional security conference to complement and lead
 into the larger and

Stolen iPhone posts thief's pics on victim's Facebookaccount

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-24T17:00:50

K goes on a Disney cruise.

Somebody on staff on the cruise line steals K's phone.

And takes pictures.

The iPhone automatically posts pictures on K's Facebook account.

https://www.facebook.com/media/set/?set=a.4102695045342.2181863.122194859
7&type=3&l=45551c466f

or

http://is.gd/xxkPob

(There is a rather heavy irony in the fact that, in order to get these somewhat 
delicious "turn the tables on the thief" situations, you have to join Facebook or 
some other similarly dangerous soc med site, and set a smartphone app to 
automatically post your pictures there ... which carries privacy dangers ...)

It's also amusing that one of the pics probably identifies one of the ship's officers 
...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
The object-oriented model makes it easy to build up programs by
accretion.  What this often means, in practise, is that it
provides a structured way to write spaghetti code.     - P

malicious binaries

Daniel Otis — 2012-05-22T20:40:27

Many moons ago I ran a site to share malware binaries amongst the people 
on this list.  I'm always looking for a new source of data so I am 
wondering if there is a current free source for sharing malicious 
binaries for analysis.  Thanks!  Also, I wouldn't mind running such a 
service again, the only problem was I was the only one sharing ;)

Daniel

Rotten AV proves "free market" false?

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-21T18:47:38

(Or lousy OS situation, or pitiful software security in general ...)

http://www.businessinsider.com/when-competition-easy-entry-and-no-government-
produces-lousy-results-a-quick-look-at-the-anti-virus-and-anti-malware-market-
2012-5

or

http://is.gd/yfQXMG

(I do recall some research that indicates "low cost of entry" actually promotes 
monoculture ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
Harold Crick: I'm glad I caught you. I wanted to give you these
Ana Pascal (the baker): What are they?
Harold Crick: Flours.
Ana Pascal: What?
Harold Crick: I brought you flours.
- `Stranger Than Fiction' http://www.imdb.com/title/tt0420223/quotes
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

(Redundant) Backup is good

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-15T22:50:54

An example:
http://www.youtube.com/watch?v=EL_g0tyaIeE

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
         The client interface is the boundary of trustworthiness.
                                             - Tony Buckland, UBC
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Error in Finnish e-prescription software randomly added characters when Return was used

Juha-Matti Laurio — 2012-05-13T09:43:56

Finnish Medical Journal (in Finnish):
http://www.laakarilehti.fi/uutinen.html?opcode=show/news_id=12029/type=1

Google translation:
http://translate.google.com/translate?hl=en?sl=fi&tl=en&u=http%3A//www.laakarilehti.fi/uutinen.html%3Fopcode%3Dshow/news_id%3D12029/type%3D1

It is reported that using Return key in Effica e-prescription software randomly caused the program to add or destroy characters typed by the doctor.
According to the article The National Institute for Health and Welfare ("THL") denied the use of Return key when writing dosage instructions.
Technically the error in the software developed by Tieto company was associated to the message transmission.

Juha-Matti

PCI DSS and BEAST

Drsolly — 2012-05-12T18:28:35

I just spent two effortful days getting my Secure Server to pass the PCI
DSS. The big problem is the BEAST vulnerability. And it's a corker. What
you have to do to get your certification, is disable most of the strong
crypto that you accept, and only accept some of the weaker ones (a bit of
research on the web will give you that info).

Having done that, and gotten my certification renewed, my QA told me that
some of the big banks haven't passed the PCI DSS tests.

So, naturally, I did my own test. The site I tested (and it's a biggie) 
seems to be vulnerable to MITM attacks.

So here's a freebie to any journos reading this list. Choose a few banks, 
give their Secure Server domain name to a PCI DSS testing facility, and 
see if they pass the standard test.

But only do that if it's legal to do so in the place where you live.

.secure TLD

Ben April — 2012-05-12T01:23:01

http://www.darkreading.com/authentication/167901072/security/security-management/240000187/new-i-secure-i-internet-domain-on-tap.html

If they really wanted to be secure they would require the
implementation of RFC 3514

Terrorist toddlers (Toddler terrorists?)

Robert Slade — 2012-05-11T17:49:07

http://www.vancouversun.com/travel/toddler+JetBlue+employees+pull+month+from+flight+over+list/6606185/story.html

As you were ...

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-10T22:03:41

Apparently the Mayan's were as bad as anyone else changing their minds on the 
date of the end of the world ...

http://www.sciencedaily.com/releases/2012/05/120510141905.htm

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
The evening news is where they begin with 'Good evening,' and
then proceed to tell you why it isn't.
            - http://twitter.com/judybishop/status/25012495785664512
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

7 Ways Oracle Puts Database Customers At Risk

Juha-Matti Laurio — 2012-05-10T15:19:56

A very good coverage:

http://www.darkreading.com/database-security/167901020/security/news/232901381/7-ways-oracle-puts-database-customers-at-risk.html

Juha-Matti

Cost/benefit?

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-05T19:36:43

http://www.cbc.ca/news/world/story/2012/05/05/japan-nuclear-power-shut-off.html

Boy, this came as a bit of a shocker.  Yeah, I know people are afraid of nukes (and 
power companies are often more careless than they should be.  Even so, you would 
think that some people would realize the huge risks and (invisible) costs of coal 
and oil.

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
A lot of good arguments are spoiled by some fool who knows what
he is talking about.                             - Miguel de Unamuno
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Seriously?

Jeffrey Walton — 2012-05-05T19:18:39

Seriously? The "new threat of user-initiated drive by downloads"?

===============================================

Don’t Install Android Security Updates While Browsing the Web,
http://www.gottabemobile.com/2012/05/04/dont-install-android-security-updates-while-browsing-the-web/

Surfing the web on Android is relatively safe, but a new threat tricks
users into installing a trojan that calls itself a security update.

Symantec discovered the Android.Notcompatible threat this week,
calling attention to the new threat of user-initiated drive by
downloads.

Malware is a problem on Android smartphones, but it is typically
reserved for infected fake games and apps found on third-party
marketplaces. This new attack can happen on any infected webpage, and
relies on tricking the user into installing the malware.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Phecal photo forensics

Robert Slade — 2012-05-04T21:32:22

I suppose I really can't let this one ... pass ...

Last weekend a young woman fell to her death while on a tandem hang glider ride with an experienced pilot.  The pilot, owner of a company that takes people on hang gliding rides for kicks, promises video of the event: the hang glider is equipped with some kind of boom-mounted camera pointed at the riders.

Somehow the police investigating the incident suspected that the pilot had swallowed the memory card from the video camera.  (Presumably the video was running, and presumably the pilot knew it would show something unfortunate.)  This was later confirmed by x-rays.

So, this week we have all been on "memory card movement" watch.

And it has cr... I mean, come out all right.

http://www.cbc.ca/news/canada/british-columbia/story/2012/05/04/bc-hang-glider.html

====================== rslade< at >computercrime.org  slade< at >victoria.tc.ca  rslade< at >vcn.bc.ca "If you do buy a computer, don't turn it on."     - Richards' 2nd Law ============= for back issues: [Base

The Facebook Commandments

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-05-02T19:03:44

I've always been interested in "netiquette."  (Almost 25 years ago I created a set of 
"rules of Internet Order" which can still be found, although mostly on mailing list 
archives.)  Recent research has found a number of "commandments" common to 
Facebook users, and quantified them:
http://www.vancouversun.com/technology/Facebook+Commandments/6552868/sto
ry.html

The result?

The REAL 10 Commandments of Facebook

Of the 36 friendship rules identified by researchers, these were the most followed. 
Listed in order of endorsement.

1. Thou shalt expect a response after posting on someone's profile.

2. Thou shalt refrain from being disrespectful.

3. Thou shalt consider how a post might negatively affect someone's relationships.

4. If a post is deleted by someone, thou shalt not repost it.

5. Thou shalt communicate with Facebook friends outside of Facebook.

6. Thou shalt present oneself positively but honestly.

7. Thou shalt not let Facebooking with someone interfere with work.

8. Thou shalt not post info

Buy it! You need it!

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-04-27T18:43:29

http://www.icanbarelydraw.com/comic/1810

Not to jump on the current "AV is useless" bandwagon, but I've definitely heard 
this type of thing often enough from vendors ...

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
Security is difficult, President.  Anyone who says differently is
selling something.                              - The Paranoid Guide
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Flash! TSA bans bread!

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-04-26T17:28:36

Following the explosions in two BC sawmills, which experts are speculating may 
have been caused by fine sawdust caused by excessively dry wood, the TSA has 
banned any particulate materials, such as sawdust, flour, and icing sugar, to be 
banned from all flights.

http://www.cbc.ca/news/technology/story/2012/04/25/bob-mcdonald-science-
sawmill-fires.html

Also included in the ban are any objects made from particulate materials, such as 
particleboard, bread, and icing sugar dusted donuts.  (The union representing TSA 
workers had argued, unsuccessfully, against this last item.)  The TSA's Director Of 
Really Dangerous Stuff also noted that materials with larger particle sizes, such as 
table salt and sand, were also being included in the ban.

At press time, we were still awaiting word on whether computer equipment was to 
be included in the ban, since silicon chips are commonly said to be made of sand.

(Yeah, yeah, I know, don't give the TSA ideas ...)

(Dust explosions used to be common, and still happen

That oozing you hear is the sound of world domination byathersclerosis ...

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-04-25T23:43:10

Apparently, Al Queda and the Islamists were right.  America *is* the Great Satan.  
They were just wrong about which particular "weapon of mass destruction" would 
be involved ...

http://npr.tumblr.com/post/21788479559/gifhound-pizza-hut-introduces-the-
crown-crust

======================  (quote inserted randomly by Pegasus Mailer)
rslade< at >vcn.bc.ca     slade< at >victoria.tc.ca     rslade< at >computercrime.org
To make no mistake is not in the power of man; but from their
errors and mistakes the wise and good learn wisdom for the future
                                                          - Plutarch
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Public presentation of complex issues

Rob, grandpa of Ryan, Trevor, Devon & Hannah — 2012-04-25T22:52:31

http://www.bbc.co.uk/news/technology-17838798#

I came across this by accident, and was disappointed that I'd hit the video clip 
rather than an actual story.  (The fact that this clip is nominally about porn is not 
really the point.)

What I found increasingly disturbing as the clip went on was how the deck was 
loaded against reality.  The "criminologist" with the better jacket, better shirt, and 
better haircut, who was in the studio, shot in part profile, and in front of a colour 
background, was the guy blowing smoke.  (If you are going to say that the ISPs 
should be responsible, they aren't the ones controlling your "rooter" [sorry].  Or, 
if they did set it once, they don't do anything to it on an ongoing basis.)  The guy 
who actually knows what he is talking about has made poor fashion choices (and 
that's *his* fault), but he's also shot in full-face mugshot format, in front of a dull 
grey background (and gets cut off at one point).  If they had deliberately set out to 
relieve parents of respon

[HITB-Announce] HITB Magazine Issue 008 (now with printedition!)

Hafez Kamal — 2012-04-23T14:19:11

The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 - Malaysia.

http://conference.hitb.org/hitbsecconf2012kul/

For the first time ever though, we're making print editions of the
magazine available (courtesy of HP MagCloud) - A print edition of the
HITB Quarterly is a perfect addition for your coffee table or office
reception area and we'll be making past issues also available for print
over the next couple of weeks.

We're hoping that print sales will allow us to pay our authors and
contributors for their articles, so ordering a print copy is a way for
you to help support them! Putting together content for the magazine is
practically a full time job and it would be nice to offer authors some
form of compensation for the time and energy taken to produce the high
qu

Preventing Widespread Automated Attacks in iOS

Jeffrey Walton — 2012-04-21T22:29:07

A real nice three part article by Jonathan Zdziarski on abusing
programs in memory using Objective C.

Preventing Widespread Automated Attacks in iOS,
https://viaforensics.com/iphone-forensics/preventing-widespread-ios-application-infection.html

With a hundred million end users, the notion of a widespread attack on
Apple iOS devices is tempting to any criminal. The dream (or
nightmare) of an attacker somehow targeting potentially millions of
always-on, always-connected iOS devices using a large-scale automated
attack is quite disconcerting.
...

While I’ve discussed a number of ways to circumvent these technologies
in my book, this article is going to dig a bit deeper and address
automated techniques to steal data from a common place in iOS: memory.
What if I told you that I could steal personal information that you
don’t even store on your phone, from your phone, while you were using
your phone, and be a thousand miles away? The reality is much worse
than this, in fact. Should an attacker craft such an