Sign up to save your podcasts
Or
Share Defensive Security Podcast Episode 9
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Defensive Security Podcast Episode 9
Episode 9 - From Las Vegas
Comments/questions/hate mail to [email protected]
Follow podcast on twitter @defensivesec
DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/
Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised - serving malware, had rudimentary defense against automated analysis
Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
- kudos to bit9 for transparency and disclosure - hopefully works in their favor
New java 0day http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident payload signed by stolen bit9 cert
Meant to cover last week - Facebook, apple and Microsoft hacks tracked back to a java 0 day being served on iphonedevsdk.com - the site owners were made aware by reading a news article on All Things D about the Facebook hack http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html
Hard to say if watering hole attacks are getting more common, or if we just hear about them more in the current sensitized media.
This does highlight, as I mentioned in the last podcast, the dangers of browsing even "legitimate" sites. At a bare minimum, everyone ought to be using a web filtering solution to block known malicious sites - it's not perfect and might not protect those who visit a site right after it is infected, but it will often prevent a lot of infections in 0 day scenarios
Reducing surface area of vulnerability, for instance, by not having Flash, PDF reader or Java, is beneficial, but there are so many components susceptible to attack (including the browser itself).
We should be thinking about how we isolate risky activities from key business applications and data.
This includes email - key lesson from the Mandiant APT1 report is the prevalence of using email as an attack vector.
A version of Mandiant's APT report was being emailed around bundled with the latest PDF reader 0 day exploit. https://isc.sans.edu/diary/Fake+Mandiant+APT+Report+Used+as+Malware+Lure/15226
Kelihos botnet taken down live before an audience at RSA http://threatpost.com/en_us/blogs/latest-kelihos-botnet-shut-down-live-rsa-conference-2013-022613
Miniduke http://au.news.yahoo.com/thewest/business/a/-/tech/16259582/hackers-target-european-governments-researchers/
Phishing strategy - addressing to other addresses at the same domain - training says to not open attachments that you are not expecting, but this illicits curiosity by the recipient.
Symantec announces a variant of stuxnet from 2005 http://news.cnet.com/8301-1009_3-57571384-83/new-stuxnet-whodunit-malware-existed-two-years-earlier-than-anyone-knew/
Cnet seems to not be aware that the US claimed responsibility and is investigating the leak
EverNote password database stolen - emails and salted/hashed passwords http://krebsonsecurity.com/2013/03/evernote-forces-password-reset-for-50m-users/
If you have not gotten the hint that you should be using a different password for EVERY service and web site you use, this is for you!
There are many great password managers, some that will sync across devices. Use them - set them to create long passwords (15-20 characters or more), since you're not going to be able to remember all of the passwords anyway. And most of the password managers will copy passwords to the clip board so you don't have to type them in, either.
View all episodes
By Jerry Bell and Andrew Kalat
4.7
368368 ratings
Episode 9 - From Las Vegas
Comments/questions/hate mail to [email protected]
Follow podcast on twitter @defensivesec
DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/
Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised - serving malware, had rudimentary defense against automated analysis
Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
- kudos to bit9 for transparency and disclosure - hopefully works in their favor
New java 0day http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident payload signed by stolen bit9 cert
Meant to cover last week - Facebook, apple and Microsoft hacks tracked back to a java 0 day being served on iphonedevsdk.com - the site owners were made aware by reading a news article on All Things D about the Facebook hack http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html
Hard to say if watering hole attacks are getting more common, or if we just hear about them more in the current sensitized media.
This does highlight, as I mentioned in the last podcast, the dangers of browsing even "legitimate" sites. At a bare minimum, everyone ought to be using a web filtering solution to block known malicious sites - it's not perfect and might not protect those who visit a site right after it is infected, but it will often prevent a lot of infections in 0 day scenarios
Reducing surface area of vulnerability, for instance, by not having Flash, PDF reader or Java, is beneficial, but there are so many components susceptible to attack (including the browser itself).
We should be thinking about how we isolate risky activities from key business applications and data.
This includes email - key lesson from the Mandiant APT1 report is the prevalence of using email as an attack vector.
A version of Mandiant's APT report was being emailed around bundled with the latest PDF reader 0 day exploit. https://isc.sans.edu/diary/Fake+Mandiant+APT+Report+Used+as+Malware+Lure/15226
Kelihos botnet taken down live before an audience at RSA http://threatpost.com/en_us/blogs/latest-kelihos-botnet-shut-down-live-rsa-conference-2013-022613
Miniduke http://au.news.yahoo.com/thewest/business/a/-/tech/16259582/hackers-target-european-governments-researchers/
Phishing strategy - addressing to other addresses at the same domain - training says to not open attachments that you are not expecting, but this illicits curiosity by the recipient.
Symantec announces a variant of stuxnet from 2005 http://news.cnet.com/8301-1009_3-57571384-83/new-stuxnet-whodunit-malware-existed-two-years-earlier-than-anyone-knew/
Cnet seems to not be aware that the US claimed responsibility and is investigating the leak
EverNote password database stolen - emails and salted/hashed passwords http://krebsonsecurity.com/2013/03/evernote-forces-password-reset-for-50m-users/
If you have not gotten the hint that you should be using a different password for EVERY service and web site you use, this is for you!
There are many great password managers, some that will sync across devices. Use them - set them to create long passwords (15-20 characters or more), since you're not going to be able to remember all of the passwords anyway. And most of the password managers will copy passwords to the clip board so you don't have to type them in, either.
More shows like Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
View all
Hacked
190 Listeners
Security Now (Audio)
2,011 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
CyberWire Daily
1,022 Listeners
Smashing Security
318 Listeners
Click Here
418 Listeners
Darknet Diaries
8,039 Listeners
Cybersecurity Today
181 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
138 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
169 Listeners