123652050
submission
rye writes:
Researchers discovered that Netgear is distributing two valid private TLS keys in publicly available firmware, facilitating MITM attacks, DNS cache poisoning and other attacks. âoeThese certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly,â the researchers wrote. The Internet is broken... again... :-(Link to Original Source
84857587
submission
rye writes:
Today, researchers at LMG Security released a video of the "Jigsaw" ransomware spreading across the "HackMe, Inc." corporate network in their "Play Lab," starting with the very first click on a phishing email, all the way to the encryption of HackMe, Inc's cloud repository. Watch as the ransomware spreads to the company's networked file share and OneDrive cloud repository. A perfectly creepy "Billy the Puppet" head pops up as the ransom note is printed in green letters across the desktop.
Want your colleagues or management to understand the true potential damage of ransomware? Just show them this video. Then, unplug your network cable, crawl under your desk and hide.
"What does it actually LOOK like when ransomware encrypts all the files on an employee workstation and then moves on to encrypt your company’s file share, and even cloud-based documents?"
59703707
submission
rye writes:
Montana is positioning itself as the next hub for big data and cyber security. With companies like Symantec and IBM investing heavily in high-tech development, the opening of University of Montana's new Cyber Innovation Laboratory, and statewide competitions such as this weekend's Montana Cyber Triathlon (which had the coolest trophy ever), the momentum is strong. Cheap labor, cheap space and the Northern Tier backbone (with stretches over 600 miles across the width of Montana) are all contributing to the new tech growth. Even Congress is jumping on the bandwagon: Montana Rep. Steve Daines, a member of the House Subcommittee on Cybersecurity, Infrastructure Protection and Security, recently said "Technology has removed geography as a constant." Is the Last Best Place poised for a tech boom?
49448499
submission
rye writes:
Researchers at LMG Security have released the source code, parts list and instructions for building a "do-it-yourself cellular IDS" capable of inspecting CDMA cellular traffic-- for just $285. They hacked a
Verizon femtocell, modified the GPL software and redirected smartphone traffic to Snort (and oh yes, also figured out how to remotely control the Android.Stels bot in the process).
DIY Cellular IDS may revolutionize security for smartphones in BYOD environments. Privacy issues are a big concern, though. Sherri Davidoff writes, "Good guys need to be able to inspect their own cellular network traffic to effectively detect malware and other attacks [on smartphones]. Personal communications have already moved to the Internet... there is no reason to treat cellular traffic differently than Ethernet or 802.11 traffic."
49325259
submission
rye writes:
For $285, researchers at LMG Security have created a proof-of-concept cellular intrusion detection system by modifying a Verizon Samsung femtocell and redirecting traffic to Snort. They've released instructions and a parts list, as well as the source code, so you can build one, too.
Researcher Sherri Davidoff writes: "Infected smartphones can record surrounding audio, intercept text messages, capture location and usage data, and send all that stolen data back to an attacker... LMG’s project demonstrates that low-cost cellular intrusion detection systems (CIDSs) are not only possible, they are an inexpensive and effective way to combat mobile malware."
47107073
submission
rye writes:
What is your computer actually DOING when you click on a link in a phishing email? Sherri Davidoff of LMG Security released these charts of an infected computer's behavior after clicking on a link in a Blackhole Exploit Kit phishing email. You can see the malware "phone home" to the attacker every 20 minutes on the dot, and download updates to evade antivirus. She then went on to capture screenshots and videos of the hacker executing a man-in-the-browser attack against Bank of America's web site. Quoting:
"My favorite part is when the attacker tried to steal my debit card number, expiration date, security code, Social Security Number, date of birth, driver’s license number, and mother’s maiden name– all at the same time. Nice try, dude!!"
47103803
submission
Gunnery Sgt. Hartman writes:
"3M announced today it is in the final stages of scale-up for its new 3M Quantum Dot Enhancement Film (QDEF). The new film allows up to 50 percent more color than current levels in liquid crystal display (LCD) devices. 3M has teamed with Nanosys, Inc., to produce the 3M QDEF solution specifically to deliver more color, and to make devices such as smart phones, tablets and televisions, lighter, brighter and more energy efficient."
46950679
submission
rye writes:
Check out these screenshots and videos of a Blackhole phishing attack in action-- complete with charts of the network traffic, where you can see the infected desktop "phone home" to the attacker every 20 minutes on the dot. After 48 hours, the malware executed a man-in-the-browser attack against Bank of America's web site, which you can also see.
Great technical writeup from Sherri Davidoff of LMG Security. Watch hackers execute the man-in-the-browser attack and steal 'Linda's' debit card number, expiration date, security code, Social Security Number, date of birth, driver's license number, and mother's maiden name (yes, all at the same time). Lots of nice screenshots that are great to show your friends so they know how not to get pwned!
Quoting: "Unbeknownst to Mrs. Miller, her infected computer silently initiated a wire transfer from the company’s account for $49,500... Curious, I extracted copies of the phishing emails and malware from each infected workstation. What did it LOOK like when these companies were infected? What were their computers actually doing under the hood? Most of all, I wanted to actually SEE the Man-In-the-Browser attack in action!"
46937777
submission
rye writes:
After two of her corporate clients got hacked, Sherri Davidoff of LMG Security spent three days in her malware lab capturing videos of a real Blackhole Exploit Kit phishing attack and subsequent Man-In-the-Browser attack targeting Bank of America customers.
Quoting: "Unbeknownst to Mrs. Miller, her infected computer silently initiated a wire transfer from the company’s account for $49,500... Curious, I extracted copies of the phishing emails and malware from each infected workstation. What did it LOOK like when these companies were infected? What were their computers actually doing under the hood? Most of all, I wanted to actually SEE the Man-In-the-Browser attack in action!
"The two videos below show a real Man-In-the-Browser attack against Bank of America’s web site. Note that this is NOT a flaw in Bank of America’s web site! This attack works because YOUR DESKTOP is infected. Show these videos to your friends and co-workers so they know what to watch out for."
46258293
submission
rye writes:
Even the tiniest snippets of network traffic reveal a lot-- not just about viruses and botnets, but also about the malware research lab setup inside corporations like RSA. Watch as Sherri Davidoff of LMG Security tears apart a teeny tiny snippet of gh0st RAT traffic released by RSA during their investigation of the VOHO "watering hole" attack.
24588482
submission
rye writes:
The Network Forensics Puzzle Contest has opened their DEFCON 2011 contest for public competition, and it's AWESOME. Six rounds, five packet captures, one Truecrypt volume, and a prize for the Most Elegant Solution. Check it out:
"The lead chemist of a high-profile pharmaceutical company was involved in a serious accident, leaving him in a coma days before the release of the company’s highly publicized '133t pill.' The chemist was the only person in possession of the list of ingredients required to produce the wonder drug, and it is not known if he will ever recover. All chemical evidence of the drug has been destroyed, but the company believes that the missing ingredients may have been stored electronically. You have been hired as a forensic investigator, to recover the final ingredient of their 133t pill. Can you find the missing ingredient?"
