News Bytes June 2012

1,847 views
1,786 views

Published on

null Banglore June - 2012 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,847
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

News Bytes June 2012

  1. 1. NewsbytesNull Meet - 16th June 2012Sumeer KumarFreelance RFiD Consultantsumeer.kumar@gmail.com
  2. 2. • 6.5 million LinkedIn passwords apparently leaked ; over 60% of stolen passwords already cracked• Passwords that are reset will now be stored in salted hashed format viz. a string that is added to your password before it is cryptographically hashed.• It means that password lists cannot be pre-computed based on dictionary attacks or similar techniques.
  3. 3. • Google warns Gmail users of state-sponsored attacks ; to offer cyberwar defence advice to Gmail users• The warning:• “We believe state-sponsored attackers may be attempting to compromise your computer”, is intended to spur users to take immediate measures to secure their account.• Such steps include creating a strong password for the account,enable two-step account verification, and keep all software up-to-date.
  4. 4. • Phishing with help from Google Docs• If youre a scammer,you can use Google Docs to phish for passwords and sensitive information.• For example:• An email asks the recipient to confirm their account details or risk having it shut down.• The message reads:• Confirm your e-mail account please enter your Mailbox Details by clicking the link below:• [LINK]• Failure to provide details correctly will result to immediate closure of your mailbox account from our database.• The link points to a page on Google Docs (docs.google.com) that gives the link a false aura of legitimacy.• But what the link cant do is tell you whether the Google account holder is legitimate or up to no good.
  5. 5. • Siemens enhances security of industrial networks• Stuxnet: How USA and Israel created anti-Iran virus, and then lost control of it• Flame worm - Iran claims to discover new Stuxnet-like malware• Kaspersky says Stuxnet and Flame are related• The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.• Kaspersky, the Russian computer security firm credited with discovering Flame last month, said its research shows the two programs share certain portions of code, suggesting some ties between two separate groups of programmers.• A program of the computer virus known as Flame
  6. 6. • Mobile workspace offers a secure Windows OS on any computer• Imation announced Stealth Zone 2.1 boot-from-USB secure mobile workspace.• This new version enhances data security by making it easier and more convenient for business travelers, teleworkers and contractors to carry a secure, managed Microsoft Windows 7 operating system and an encrypted data transfer solution on a single, fully managed USB device.
  7. 7. • Microsoft speaks out on Flame malware certificate forgery• Flame malware tricks you into installing apparently-trusted software signed with a fraudulent digital certificate.• MS has gone public with additional information about the cryptographic trickery used in this case.• For pre-Vista versions of Windows, it seems that the certificate spoofing didnt rely on any sort of cryptographic forgery.• But for Vista and later, the attackers needed to forge a certificate. They did this using an MD5 collision.• Flame malware used man-in-the-middle attack against Windows Update• MS has released an emergency update for all versions of Windows to address a certificate flaw that was used to spread the Flame malware from machine to machine.
  8. 8. • MySQL flaw allows attackers to easily connect to server• Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.• Facebook unveils new mobile security measures• has introduced three security updates for protecting its mobile users: a code generator, the ability to report unwanted content on your phone, and improved mobile recovery flows.• Free mobile security eBook from Veracode• Veracode released a free eBook that outlines the ten steps that can be taken by individuals and organizations to protect against potential security risks brought on by the bring your own device (BYOD) to work trend.
  9. 9. • Worlds first secure private mobile carrier• Gold Line Group appears to be the first company to have developed a completely secure carrier grade switch.• The firm still holds $250,000 in unclaimed gold that was put up as a reward for any hackers, spies or intelligence agencies which could decipher a message encrypted by Gold Lock’s mobile encryption. After attempts by over 5,000 individuals and groups, the challenge ended with none of them able to break the code.• Apples iOS 6 to add privacy controls for user contacts• Apple will offer users a way to manage which applications have permission to access their contact information as part of a new privacy control panel thats coming in iOS 6.
  10. 10. • Researchers Unveil New Way to Trust Certificates• The rise of Tumblr and Google Play spam campaigns• Google, Facebook, Twitter take on bad ads• Facebook account cancellation malware poses as Adobe Flash update
  11. 11. • ATTACKS• Global Payments: data theft compromised fewer than 1.5 million cards• Olympics fans targeted with lottery scam• Fathers Day spam floods in, pointing to gambling websites• Giant snakes eating zookeepers and unwatchable videos - Facebook hit again by clickjacking scams
  12. 12. • League of Legends online game joins the League of the Hacked• Attacks Targeting US Defense Contractors and Universities Tied to China• UGNazi attack 4chan, CloudFlare• Report: North Korea Accused Of DDoS Attack On South Korean Airport• Millions of Last.fm passwords leaked• Tiny New Tinba Banker Trojan Found Stealing Financial Data
  13. 13. • Things to Ponder• People would rather lose their wallet than their phone• A SecurEnvoy study “what people would most fear losing from their back pocket”• 37% said their personal phone, 20% their company phone, 25% said £50, with just 18% citing credit cards. Confirmation that we’re gripped by nomophobia – the fear of being out of mobile contact.• NSA launches cyber security program for college students• The US National Security Agency has launched a National Centers of Academic Excellence in Cyber Operations Program to ultimately yield a larger pool of professionals with expertise in this area
  14. 14. • OOPS!• Yahoo leaks its own private key via new Axis Chrome extension• A new Yahoo browser for iPad and iPhone, dubbed "Axis," is supposed to tightly integrate search with web browsing and has a built-in feature to synchronize ones mobile and desktop experience.• Yahoo mistakenly bundled its private key inside the Chrome extension version of Axis.• Ex MI5 chief gets her laptop stolen at airport• Former Director-General of UKs internal security service MI5 has had her laptop stolen at Londons Heathrow airport Dame Stella Rimington, who headed the agency from 1992 to 1996, has since then become a well-known spy thriller author.• "....seems to have forgotten the tricks of her tradecraft since leaving MI5," commented a source for The Sun.•
  15. 15. • TOOLS / RELEASES / UPDATES• LinkedIn provides breach update -- sort of• Facebook Issues Security Updates for Mobile App• Firefox 13 Fixes Seven Security Vulnerabilities• Firefox 14 Beta promises improved security• Ruby on Rails patches more SQL injection holes• Apple quietly reveals iOS security innards• Absinthe 2.0 Jailbreak for iOS 5.1.1 Devices Released• Microsoft fixes 28 security bugs ; Issues FixIt For XML Flaw ; Automatic Updater for Certificate Revocation Lists, Plans to Invalidate Short RSA Keys• Microsoft says IE10 will support Do Not Track by default ; violates new specs• Oracle Issues Patch to Fix 14 14 critical Java SE holes
  16. 16. • Google Fixes Persistent XSS Flaw in Gmail• Google Patches 13 Flaws in Chrome 19• Adobe delivers sandboxed Flash Player for Firefox users• Patches Photoshop, Illustrator for CS5 Users ; Flash update closes several critical holes• IBM releases software for developing secure mobile apps• McAfee upgrades cloud security and Intel identity kit• AVG spreads its mobile shield• Security analysis tool Trisul 2.4 released• Critical updates for IE, RDP, .NET, Flash and Java• Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode• Dell SecureWorks unveils new managed security services• Lancope unveils new StealthWatch threat intelligence dashboards
  17. 17. UPCOMING EVENTS/CONFERENCES http://securityconferences.netnullcon Delhi 201226-29 Sept 2012http://www.nullcon.net/website/
  18. 18. Acknowledgements• Ashwin Patil - for template,sources etc.• Riyaz Walikar – for template,format etc.• Comments/feedback : sumeer.kumar@gmail.com Cell: 9900 266 539
  19. 19. Quiz Time
  20. 20. Id the person andhis claim to fame.
  21. 21. ANSWER
  22. 22. • Kevin Mitnick• an American computer security consultant, author, and hacker.• In the late 20th century, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.• Tsutomu Shimomura,an American scientist and computer security expert based in the US together with computer journalist John Markoff, tracked down and helped the FBI arrest hacker Kevin Mitnick.• Takedown, his 1996 book on the subject, was later adapted for the screen in Takedown in 2000.
  23. 23. Connect the two pictures.
  24. 24. ANSWER
  25. 25. • On the right is a blue box built by Steve Wozniak, on display at the Computer History Museum,USA.• A blue box is an unauthorized electronic device that generates the same tones employed by a telephone operators dialing console to switch long-distance calls.• Emerging in the 1960s and 70s, it allowed users to route their own calls by emulating the in-band signaling mechanism that then controlled switching in long distance dialing systems.• The most typical use of a blue box was to place free telephone calls.• Steve Wozniak and Steve Jobs, founders of Apple Computer were frequent pranksters using the device.• On one occasion Wozniak dialed Vatican City and identified himself as Henry Kissinger (imitating Kissingers German accent) and asked to speak to the Pope (who was sleeping at the time).
  26. 26. How does this connect with Computer Systems ?
  27. 27. ANSWER
  28. 28. • Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.• MIT developed Kerberos and named it after the character Kerberos (or Cerberus) from Greek mythology which was a monstrous three-headed guard dog of Hades.
  29. 29. Id the group.What’s the story behind the masks?
  30. 30. ANSWER
  31. 31. • Anonymous is a loosely associated hacktivist group that originated in 2003 representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain.• It strongly opposes Internet censorship and has hacked various government websites.• It has also targeted major security corporations.• The Guy Fawkes mask is a stylised depiction of Guy Fawkes, the best-known member of the Gunpowder Plot, an attempt to blow up the English Palace of Westminster in London in 1605.• A stylised mask came to represent broader protest after it was used as a major plot element in V for Vendetta, published in 1982, and its 2006 film adaptation.• After appearing in internet forums, the mask was worn by participants in real-life protests and has become widespread internationally among groups protesting against politicians, banks and financial institutions, such as the Occupy movement.
  32. 32. Id this movie with astellar cast about agroup of hackers.
  33. 33. ANSWER
  34. 34. • Sneakers (1992)• Minor plot element:• "...Martin, now using the alias "Bishop", runs a tiger team of security specialists who use unorthodox methods of testing physical and electronic security for companies in San Francisco.• The team includes: Donald Crease, a former CIA officer and high-strung family man; Darryl "Mother" Roskow, a conspiracy theorist with unsurpassed technical skills and dexterity; Carl Arbogast, a young genius; and Erwin "Whistler" Emory, a blind phone phreak with perfect pitch and an acute sense of hearing..."
  35. 35. Two different covers for the same book. What real lifeincident is it about?
  36. 36. ANSWER
  37. 37. • A first-person account of the hunt for a computer cracker who broke into a computer at the Lawrence Berkeley National Laboratory (LBL) at UC Berkeley.• In 1986,Clifford Stoll (the author) was trying to resolve a USD$ 0.75 accounting error in the computer usage accounts.• He traced the error to an unauthorized user who had apparently used up 9 seconds of computer time and not paid for it, and eventually realized that the unauthorized user was a cracker who had acquired root access to the LBL system by exploiting a vulnerability in the movemail function of the original GNU Emacs.
  38. 38. How are these guys famous in the Cybersecurity World ?
  39. 39. ANSWER
  40. 40. • RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem.• RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman (pictured), who first publicly described it in 1978.• A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key.• The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.• Whether breaking RSA encryption is as hard as factoring is an open question known as the RSA problem.
  41. 41. • The _____ worm or Internet worm of November 2, 1988 was one of the first computer worms distributed via the Internet.• It resulted in the first conviction in the US under the 1986 Computer Fraud and Abuse Act.• It was written by a student at Cornell University and launched on November 2, 1988 from MIT.
  42. 42. ANSWER
  43. 43. • Morris worm by Robert Tappan Morris.• Robert Tappan Morris is an American computer scientist, best known for creating the Morris Worm in 1988• He went on to co-found the online store Viaweb, one of the first web-based applications, and later the funding firm Y Combinator - both with Paul Graham.• He is a tenured professor in the department of Electrical Engineering and Computer Science at MIT.• His father was the late Robert Morris, a coauthor of UNIX and the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA).
  44. 44. • X in computing slang refers to an ethical hacker, penetration tester, cracker or security consolidator.• X hackers are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a companys information systems are secure.• X hackers are also called "sneakers",red teams, or tiger teams.• Y is often used figuratively, especially in computing slang, where it refers to a computer security hacker that breaks into networks or computers, or creates computer viruses.• In Western movies, Y is the villain or bad guy, in which such a character would wear a Y in contrast to the heros X.• Z in the hacking community, refers to a skilled hacker whose activities fall somewhere between X and Y hackers on a variety of spectrums.• It may relate to whether they sometimes arguably act illegally, though in good will, or to how they disclose vulnerabilities. They usually do not hack for personal gain or have malicious intentions, but may be prepared to technically commit crimes during the course of their technological exploits in order to achieve better security.• X,Y and Z ?
  45. 45. ANSWER
  46. 46. • X - White hat• Y - Black hat• Z - Grey hat

×