In the security world, attacker physical access means game over; so what happens if you can’t trust your electronic door system?
Video at: www.mefeedia.com/watch/30048963
El documento analiza tres situaciones de riesgo en una bodega de almacenamiento. La primera involucra a un empleado que sufrió lesiones en la cara al cortar metal sin protección adecuada. La segunda describe los riesgos ergonómicos para empleadas que empacan productos en posiciones incómodas por largos períodos. La tercera involucra a una empleada que sufrió lesiones graves por caída de mercancía mal apilada mientras usaban un montacargas sin señalización adecuada. El documento
A presentation on the state of cyber security, current threats and opportunities at the national level.
An overview of current readiness analysis for countries, along-with a recommended strategic approach to developing capabilities and partnerships locally, regionally, and globally.
US military report on cyber guard use of National GuardDavid Sweigert
The document summarizes the findings of a Reserve Forces Policy Board task group on the Department of Defense's approach to using the National Guard and Reserve in the Cyber Mission Force. The task group found that USCYBERCOM, service cyber organizations, and the Joint Staff have made exceptional progress in developing training programs and guidance to field a fully operational Cyber Mission Force. However, initial plans did not embrace reserving integrating, and the task group makes several recommendations to better leverage reserve capabilities and experience.
This document provides an overview of the Office of Small Business Programs and Technical Industrial Liaison Office (TILO) at USSOCOM. It discusses the importance of small businesses to the economy and outlines USSOCOM's mission. It then provides details on opportunities for small businesses to work with USSOCOM, including information on upcoming contracts, existing contract vehicles, and points of contact.
Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instan...Jaime Sánchez
Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, and Line) and will put our focus on WhatsApp.
WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 350 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We've discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message), or how to spoof messages manipulating sender address information.
We'll also release a new version of our tool with different protection layers: encryption, anonymity, and using a custom XMPP server. It's necessary to implement additional measures until WhatsApp decides to take security seriously.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
Shodan Search Engine: Amphion Forum San Franciscoshawn_merdinger
Shawn Merdinger gave a presentation on Shodan, a search engine for internet-connected devices. He explained that Shodan scans the internet and indexes banners from devices to make them searchable. This allows users to find unprotected devices like IP cameras, industrial control systems, and medical devices. Merdinger showed examples of sensitive devices he discovered, including traffic lights, TV station antennas, and gas station pumps. He emphasized that while concerning, the visibility provided by Shodan can encourage better security practices.
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
This document summarizes Shawn Merdinger's presentation on weaponizing consumer devices like the Nokia N900 smartphone. Some key points:
1) The Nokia N900 is highlighted as a powerful open platform that can run security tools like nmap, Kismet, and Ettercap out of the box.
2) Wireless attacks demonstrated on the N900 include rogue access point deployment, packet injection, MITM attacks, and wireless sniffing.
3) Other attacks discussed include using the N900 for voip attacks, Bluetooth/Zigbee attacks, SMS command and control, and digital forensics avoidance.
4) Running alternative operating systems on the N900
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
The document summarizes poor man's network espionage devices and tactics that could be used by attackers. It describes small, low-cost devices like the Linksys WRT54G router, Nokia 770 phone, and Gumstix and PicoTux mini-computers that run Linux and can be used to conduct network attacks. These network espionage devices are hard to detect forensically since they use ephemeral filesystems in RAM. The document also provides examples of how these devices could be concealed on a target's network and used to conduct wireless and Bluetooth attacks, establish covert communication channels, and passively sniff network traffic. Countermeasures discussed include knowing network devices and traffic, user education, security policies, and
This document summarizes a presentation about low-cost devices that can be used for network espionage. It describes various small, inexpensive devices like wireless routers and PDAs that have been modified to perform attacks and surveillance through their networking capabilities. Examples like the Linksys WRT54G wireless router and Nokia 770 PDA are provided. The presentation outlines how these network espionage devices (NEDs) work, potential attacks they enable, and recommendations for security countermeasures.
Shodan Search Engine: Amphion Forum San Franciscoshawn_merdinger
Shawn Merdinger gave a presentation on Shodan, a search engine for internet-connected devices. He explained that Shodan scans the internet and indexes banners from devices to make them searchable. This allows users to find unprotected devices like IP cameras, industrial control systems, and medical devices. Merdinger showed examples of sensitive devices he discovered, including traffic lights, TV station antennas, and gas station pumps. He emphasized that while concerning, the visibility provided by Shodan can encourage better security practices.
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
This document summarizes Shawn Merdinger's presentation on weaponizing consumer devices like the Nokia N900 smartphone. Some key points:
1) The Nokia N900 is highlighted as a powerful open platform that can run security tools like nmap, Kismet, and Ettercap out of the box.
2) Wireless attacks demonstrated on the N900 include rogue access point deployment, packet injection, MITM attacks, and wireless sniffing.
3) Other attacks discussed include using the N900 for voip attacks, Bluetooth/Zigbee attacks, SMS command and control, and digital forensics avoidance.
4) Running alternative operating systems on the N900
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
The document summarizes poor man's network espionage devices and tactics that could be used by attackers. It describes small, low-cost devices like the Linksys WRT54G router, Nokia 770 phone, and Gumstix and PicoTux mini-computers that run Linux and can be used to conduct network attacks. These network espionage devices are hard to detect forensically since they use ephemeral filesystems in RAM. The document also provides examples of how these devices could be concealed on a target's network and used to conduct wireless and Bluetooth attacks, establish covert communication channels, and passively sniff network traffic. Countermeasures discussed include knowing network devices and traffic, user education, security policies, and
This document summarizes a presentation about low-cost devices that can be used for network espionage. It describes various small, inexpensive devices like wireless routers and PDAs that have been modified to perform attacks and surveillance through their networking capabilities. Examples like the Linksys WRT54G wireless router and Nokia 770 PDA are provided. The presentation outlines how these network espionage devices (NEDs) work, potential attacks they enable, and recommendations for security countermeasures.
4. Learning outcomesAwareness of security issues in EDAC systemsMajor players, vendors, resellersPen-testing knowledgeResearch and testing methods
5. Choice quotations“When hackers put viruses on your home computer it's a nuisance; when they unlock doors at your facility it's a nightmare.”John L. Moss, S2 Security CEO STAD, Volume14, Issue 1. 1 January, 2004Q . About security of buildings around town….what was your response? ATTY GEN. RENO: “Let's do something about it.”Q. Is this a good thing that has happened? ATTY GEN. RENO: I think any time you expose vulnerabilities, it's a good thing. Department of Justice Weekly Media Briefing, 25 May 2000
6. EDAC Technology OverviewTrend is towards IP from proprietary solutionConvergence of IP, VideoAdding other building systems (HVAC, elevators, alarms)Cost savings, integration, increased capabilities Most controllers use embedded LinuxWide range of vendors in EDAC spaceS2 SecurityHoneywellHID Global VertxIngersoll-RandBosch SecurityReach SystemsCisco Systems (Richards Zeta)BrivoDSX AccessRS2 TechnologiesSynergistics
7. EDAC DeploymentOften you’ll seeManaged by building facilities peopleStuck in a closet and forgottenLong lifecycles of 5-10 yearsDistanced from IT SecurityPhysical security is not your domain. It’s ours.Patching, upgrades, maintenance. What? Huh?Policies regarding passwords, logging don’t apply3rd party local service contractor adds doors, hardware configuration
9. S2 Security NetBoxBuilt by S2 Security7000+ systems installed worldwideSchools, hospitals, businesses, LEA facilities, etc.Same box is sold under multiple brand namesBuilt by S2 SecurityNetBoxDistributed by LineareMerge 50 & 5000Resellers’ re-brandingSonitroleAccess
12. S2 Security: Reading upPreparation and information gatheringS2 Security case studies, press releases“The Google”Lexis-Nexis Academic Universe, ABI-Inform, etc.Example: able to determine from http://tinyurl.com/s2mysqlSamba clientMySQL, MyISAMLineo Linux distribution (just like Zarus! )Processor is ARM Core IXP 425 chip @ 533 MHzOnly 15 months from design to 1st customer shipping“S2 did not have much prior experience with open source”“MySQLis used to store everything from reports, user information, customized features, facility diagrams, and more”
15. NetBox Component: HTTP ServerGoAheadWebserverTCP/80Poor choice Sixteen CVEs CVE-2003-1568, CVE-2002-2431, CVE-2002-2430, CVE-2002-2429, CVE-2002-2428, etc.No vendor responseTypical example in CVE-2002-1951Vendor response:GoAhead….contacted on three different occasions during the last three months but supplied no meaningful response."Data security is a challenge, and unfortunately, not everyone has risen to it.“ John L. Moss, S2 Security CEO
16. NetBox Component: MySQLMySQL server listening on 3306Outdated SQLVersion 2.X uses MySQL version 4.03.X uses PostgresJust how old is MySQL 4.0? WTF? End of DOWNLOAD?
17. NetBox Component: NmCommService listening on TCP/7362Performs multicast discovery of nodesDaemon coded by S2 SecurityPatent issued 15 December, 2009“System and method to configure a network node”http://tinyurl.com/s2patent “Gentlemen, start your fuzzers!”
18. NetBoxComponent: FTP & telnetCleartext protocols for a security deviceTelnet to manageFTP for DB backupsPoor security-oriented documentation"We see some vendors fitting their serial devices with Telnet adapters, which simply sit on the network transmitting unsecured serial data.”John L. Moss, S2 Security CEO
19. NetBoxComponents: Features!Lots of extras and licenses optionsElevators, HVAC, BurglarVoIPIncreases complexityExpands attack surfaceDaemonsLibraries
22. NetBoxUnauth Access to BackupVU#228737 (not public)Unauth attacker can dload DB backupsNightly DB backup is hardcoded CRONJOBFile name is “full_YYYYMMDD_HHMMSS.1.dar”Predictable naming convention with timestampUncompress the.dar formatBackup DB is in “var/db/s2/tmp/backup/all.dmp”Attacker gets backup DB = Game OverEntire system data in DB!
23. NetBoxUnauth Access to BackupExtraction of administrator MySQL_64bit hashAffects NetBox 2.X (mysql) and 3.X (postgres)Hash is trivial to crackAttacker now has admin access
25. NetBoxPwnage: CamerasBackup file contains IP camera informationName, IP address, admin username and passwordNetBox 2.X and 3.X systems vulnerableAttacker now owns IP cameras"Most hackers don't care about watching your lobby. If they gain access to the network, they're going to go after financial data and trade secrets.” Justin Lott, Bosch security marketing
26. NetBoxPwnage: DVRsUser/Pass to DVRs in backup DBPoor setup guides for DVRsRecommends keeping default user/passOn-Net Surveillance Systems Network Video Recorder document
31. Recommendations: VendorVendorConduct security evaluations on your productsProvide secure deployment guidesTighten-up 3rd party integration ImproveLoggingMore details: changes, auditing, debug levelsAbility to send to log serverHTTPUse a “better” HTTP daemonEnable HTTPS by defaultModify banners, reduce footprint, etc.FTPChange to SFTPTelnetChange to SSH
32. Recommendations: CustomersDemand better security! From vendor, reseller, and service contractorExpect fixes and patchesManage your EDAC like any other IT systemPatching, change management, security reviewsTechnicalIsolate eMerge system componentsVLANs, MAC auth, VPN, restrict IP, etc.