common – Jupiter Broadcasting

Evil DNS is Evil | TechSNAP 106

chris — Thu, 18 Apr 2013 16:02:04 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

13 of the most popular home routes are wide open to attack, is your’s one of them? Tune in to find out.

Plus details on the Malwarebytes update that rendered some systems unbootable, the latest on CISPA, your questions our answers…

And so much more, On this week’s episode of… TechSNAP!

Thanks to:

GoDaddy.com

Use our code tech295 to score .COM for $2.95!

35% off your ENTIRE first order just use our code go35off4 until the end of the month!

FauxShow Awards

Catch episode 137 for the TechSNAP 100 T-Shirt awards. Angela and Chris share stroies, pictures, and jokes sent in by the TechSNAP audience!

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Fill out my Wufoo form!

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

Hacking 13 of the most popular home routers

Research firm ISE (Independent Security Evaluators) has published their case study on the vulnerabilities in common SOHO (Small Office / Home Office) routers
The report resulted in 17 confirmed CVEs and 21 candidates
Some of the information has not been disclosed yet, pending fixes from the vendors
They tested 13 different routers and found that each could be taken from from the local network
11 of the 13 could also be taken over remotely, 2 of them without an active management session
Half of the devices they tested that had NAS capabilities turned out to be accessible by a remote attacker
Although it is not enabled by default, if remote management is enabled, a number of these routers can be compromised remotely via authentication bypasses or CSRF (Cross-Site Request Forgery, a form that submits to your router rather than the site the form is on)
Once compromised, the attacker has remote control over your router, allowing them to change the settings, or even overwrite the firmware
If an attacker changes the DNS server settings on a router, that means all devices that receive DNS configuration (via DHCP) from that router, now use the evil DNS servers
These evil DNS servers can be the key to a MITM (Man In The Middle) attack, when you try to visit facebook, they return the IP address of an evil server, that pretends to be facebook, and steals your credentials
Facebook uses HTTPS (SSL/TLS) for login, however the evil server can strip that part from the page you actually receive and do the SSL only on its side as it proxies your requests to the real facebook
A new browser system called HSTS (HTTP Strict Transport Security) which allows websites to send a header saying they will ALWAYS have SSL was designed to solve this problem, however if users do not know any better and ignore the warnings, they can still be vulnerable. Also, the header includes a TTL (Time to live), after that time SSL is no longer required (the TTL is refreshed each time the header is seen, so it only expires if it is not seen for that period of time). The problem with HSTS is that if you have never gotten the header, because you have not been to the site before you were MITM’d, then you are not protected
If an attack has full control over your router, then they can also overwrite the firmware with their own, which might not allow any further firmware updates, meaning the router would have to be physically replaced. They could also purposely write invalid firmware to your router, bricking it
With custom firmware on your router, they could do additional traffic interception and manipulation, blocking your access to software updates (OS Updates, Java, Flash, etc), or injected malware into legitimate websites or downloads
The biggest concern is that most users never update the firmware on their router, so even if these vulnerabilities are patched, most of these devices will be vulnerable until they are replaced
The researchers have some advice for router vendors to make these types of problems easier to fix
- Digitally sign firmware, so the routers will not accept malicious firmware (The downsize of this is that is may prevent projects like DD-WRT)
- Design an automated update system for routers, since most users are not savvy enough to update the firmware themselves, and even if they are, there is no mechanism to notify them that an update is available/required. This should have an opt-out option, so power users can disable automatic updates
- Make sure all requests actually validate the HTTP Authentication data
- Implement Tokens in HTML forms to prevent CSRF
As an administrator of a SOHO router, the researchers recommend the following:
- Never enable the remote administration options
- Upgrade the firmware regularly
- Do not enable unused network services, even on the LAN side (Telnet, FTP, SMB, UPnP)
- Log out from and restart the router after each administrative session, this will ensure the session cannot be hijacked via your browser later
- Clear browser cookies and active logins after you log out of the router (only login to router in private browsing mode)
- Use a non-standard LAN IP range (still an RFC 1918, just something like 192.168.13.0/24) to prevent attacks based on common ranges from malicious sites and software
- Enable HTTPS on your router’s administrative interface if it supports it
- Use WPA2 for your WLAN, if an attack gains access to your wireless, it is much easier to attack your router
- Only install firmware from the router manufacturers websites (there are many ‘driver’ and ‘firmware’ download sites on the internet that are malicious
- Choose a strong administrative password that is at least 12 characters, most routers do not rate limit attacks over the LAN
CNET Interviews Researchers

Malwarebytes issues faulty update that cripples computers

Antivirus vendor Malwarebytes issues a definition update that mistakenly identified legitimate windows system files as Trojan.Downloader.ED
The offending update was v2013.04.15.12, and was only available on their site for 8 minutes before it was pulled when the error was discovered
This is not the first time an AV vendor has made such a mistake, in fact most all vendors have had such an incident
In the constant battle to ensure users are protected against the latest threat, the chances of false positives and faulty updates causing issues is only increasing
MBAM has promised to enact new protocols to ensure updates are tested more thoroughly
MBAM Blog Post

Inside Winnti, the Asian game hackers

Kaspersky Labs has published the results of their 18 month investigation of ongoing attacks against online game publishers and their users
The investigation started when a huge number of computers were found to contain malware, and the common thread between them all was that they were players on a specific online game from a publisher in Japan
It was later determined that the malware was installed on their computers as part of a legitimate update of the game software, from the official update servers
The publishers of the game were originally suspected of spying on their users, but it was quickly determined that it had been an attack on their servers, and that they were just being used as a trusted conduit to their userbase
When Kaspersky was asked to investigate the trojan that was found on the update server, they discovered that is contained a properly signed windows 64bit driver
The digital signature that was used belonged to another game publisher, KOG, from South Korea
Kaspersky notified the KOG and Verisign (who had issued the code signing certificate to KOG) and the certificate was revoked
As the investigation progressed, Kaspersky found that the Winnti group had infact managed to compromise more than a dozen different certificates
The Winnti group also appears to have sold access to these certificates to other attackers, as the certificates were used in attacks against Tibetan and Uyghur activists
The attackers also had three different ways to monetize their attacks:
- The unfair accumulation of in-game currency/“gold” in online games and the conversion of virtual funds into real money.
- Theft of source code from the online games server to search for vulnerabilities in games – often linked to the above
- Theft of source code from the server part of popular online games to further deploy pirate servers
Technical Analysis
95 page PDF Report

Feedback

Payment processing for WordPress site?
- Allan likes Stripe.com and also uses PayPal
- I’ve never used anything out of the box, the Stripe API is so easy I just wrote my own implementation
Finding out What Happened?
- This is called ‘Network Flow Analysis’, and my friend Michael Lucas wrote a book on the subject
PostgreSQL security practices?
How safe is virtualization
Route some traffic through the VPN?

Round Up:

House passes revamped CISPA cybersecurity bill amidst warnings of ‘digital bombs’
Sky (UK ISP) caused headache for users while migrating from Google to Yahoo mail. During migration, it seems Yahoo lost the ‘marked as read’ metadata, all emails showed up as new
ACLU petitions FTC to force wireless carriers to patch/update Android devices, carriers seem happy to leave users vulnerable to malware
Google apps and GMail outage yesterday , has issue same day last year
Linode Hacked, Credit Cards and Passwords Leaked
Wide spread distributed brute force attack against WordPress admin logins
Anonymous raises $54,798 through Indiegogo to kick-start its dedicated news site for Your Anon News
[Intel unveils new server processors, E3s with 13w TDP and enhanced video encoding, plus E7s that can do up to 1.5TB of ram per socket ] ](https://hothardware.com/News/Intel-Unveils-New-Atom-and-Xeon-Processors-and-Future-Rack-Scale-Architecture-at-IDF-Beijing/)
Why you need to be careful when copy/pasting commands from websites

The post Evil DNS is Evil | TechSNAP 106 first appeared on Jupiter Broadcasting.

Saying It Wrong | FauxShow 119

chris — Wed, 05 Dec 2012 22:04:17 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Angela and Chris discuss commonly misused words and phrases followed by things that seem legit, but in fact are not.

Plus is a HUGE mail sack in this FauxShow!

Direct Download:

HD Download | Mobile Download | MP3 Download | YouTube

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Torrent Feed | iTunes Feeds

Fill out my Wufoo form!

Show Notes:

Bacon opening: https://www.folkingmetal.com/pickors/france-is-bacon.jpg

Misused words: https://excelle.monster.com/news/articles/2138-peruse-at-this-commonly-misused-words-and-phrases

More Misused words: https://www.ehow.com/how_5360234_pronounce-commonly-mispronounced-english-words.html

25 Magic Words
https://www.npr.org/blogs/monkeysee/2012/09/17/161277400/the-25-magic-words-of-american-television

Common Wrong Phrases: https://www.onlinedegree.net/15-most-butchered-phrases-in-the-english-language/

Doesn’t make sense: https://sphotos-b.xx.fbcdn.net/hphotos-snc6/178978_462030387196372_713937139_n.jpg

Seems Legit: https://www.vitamin-ha.com/seems-legit-14-pics/

Interesting Facts: https://www.fullpunch.com/random/28-interesting-general-facts.html/

Mail Sack:

Ken Writes:

We are holding the second annual New Year OggCasters Party and we would be thrilled if you could could call in and say hello. Many of our community members subscribe to TLAS so it would be fantastic to have you call in and wish people happy new year.

It starts on Mon, Dec 31 2012 at 12:00 UTC and runs until 12:00 on Tue, Jan 1 2013. This is an open invite to both you and your listeners to join the live session in the HPR room on mumble.openspeak.cc port:64747 or listen along to the live stream.

Don\’t be worried if you can\’t stay up for it all as it will be released in it\’s entirety on HPR during the first two weeks of 2013. If you can\’t make it live, you can always send us a short New Year greeting to play during the show.

For more information see https://hackerpublicradio.org/party/

Iain Writes:

Hey guys, just making a site suggestion from a usability standpoint. I think it would be good if you added a \”Next\” and \”Previous\” button for linking the pages of one show episode to another. I wanted to go though the coder radio episodes to collect the Book of the Week entries and I\’m finding it hard. I can imagine plenty of others would like to skip through the show notes for other reasons and in other shows so maybe you could consider adding the functionality.

Thanks!

Tom Writes:

Just watched your Unfilter show and I\’m so glad there is a show like yours telling of these topics and hidden agendas. I also agree with the email from Ed regarding archive of live chat available on the website for \’all\’ shows on Jupiter Broadcasting. I think this is a great idea, especially for those of us who can\’t always make the live shows, just like myself who live in different time zones. It also gives another reason for people to check out the web site and perhaps click on other shows or remind them of the affiliate links. Anyway, the idea is a great one, if its possible, please put this on your site as I too have looked for this in the past for several different shows.

Also, its great that you have the calendar, but as a foreigner living in Asia, it defaults to Asian language that I cannot easily translate as embedded into the English web page. If this can be sorted, great, or get an additional indicator; Next show is …. in …. hours minutes time.

Actually while I\’m on the subject and since its now December so you probably have nothing better to do; regardless of which JupiterBoradcasting.com page someone lands on, be that a direct link or from a search on Google etc, have a message display that the network in part provides great content because of the support of a great audience, so please consider adding affiliate add-ons or monthly subscriptions to be part or this greatness
Presumably done via a cookie that expires/refreshes every 24 hours, therefore the message would only display once within the 24 hour period. I don\’t think that would be too intrusive at all, I wouldn\’t mind it at all. Perhaps put it to a vote after checking how feasible it is to do.

Cheezit Writes:

I\’m a big fan of several shows on the jb network.

Coder Radio: What do you think of PaaS stacks (i.e. heroku)? do you use/recommend them?

TechSnap/Coder Radio:Will cloud infrastructure/PaaS services eventually replace most systems administrators jobs?

Unfiltered: We are in the process of buying a house with help from a family member. The family member and her siblings recently inherited money from their mother\’s passing (estate sale and savings). We are inching closer to a closing date, but the bank is really putting up roadblocks and insists seeing the complete money trail. The bank claims homeland security is regularly screening large money transactions. One of siblings invested most of his inheritance in oil stock and gold. The trade was put on hold and also screened by homeland security. These family members, AFAIK, are upstanding citizens with no criminal background. This is also all coming second hand. My questions is WTF is going on?

Find FauxShow!

LIVE: https://jblive.tv – 8pm Pacifc – 11pm Eastern – 3am UTC
Facebook: https://www.facebook.com/thefauxshow
Twitter: https://www.twitter.com/angerz
G+: https://www.gplus.to/fauxshow
Dailybooth: https://www.dailybooth.com/thefauxshow
Subscribe to Jupiter Signal: https://www.bit.ly/jupitersignal
Jupiter Radio: https://jblive.info
Affiliates Firefox Extension: https://addons.mozilla.org/en-US/firefox/addon/jupiterbroadcasting/
Affiliates Chrome Extension: https://chrome.google.com/webstore/detail/bjekemhblnilimncanbehhjijdpjgimj
Donations: https://original.jupiterbroadcasting.net/donate
Shows & Shownotes: https://original.jupiterbroadcasting.net/show/fauxshow/

The post Saying It Wrong | FauxShow 119 first appeared on Jupiter Broadcasting.

Leaky Authentication | TechSNAP 12

chris — Thu, 30 Jun 2011 23:18:17 +0000

How many times have your credentials been leaked online? Think your safe? Chris thought he was. In today’s episode he’ll find out how many times his information has been leaked online, and we tell you how you check for your self.

Plus we’ll cover how to build your own layered spam defense, and why you probably want to leave that USB thumb drive, on the ground!

Sneak peek: Next week we’re going to be talking about the future of Cyber Warfare in our special episode #13. Please send us any stories, suggestions or questions you have so we can include them for next week.

Direct Download Links:

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Thanks to the TechSNAP Redditors!

Topic: Groupon India leaks SQL database, plain text passwords

Groupon’s Indian subsidiary Sosasta.com accidentally published an SQL dump of it’s users table, including email addresses and passwords. The file was indexed and cached by google, so even once it was taken down, it was still visible.
This raises the question as to why the passwords were ever stored in plain text, instead of as salted hashes
Does the North American version of Groupon also store user passwords in plain text?
Leaked data was found by a security researching using a google search query for “filetype:sql” “password” and “gmail”
Once Sosasta was notified of the issue, they started sending out emails to their customers recommending that they change their password. This is definitely the wrong approach, the passwords were leaked, in plain text. All accounts should have had their passwords forcibly reset and a password reset email sent to the customer. Otherwise, customers may have their account compromised before they can change their password, and customers who no longer use the service will have their personal information exposed.

shouldichangemypassword.com – Check your address

Submitted by: refuse2speak

Topic: EA Forums hacked, Sega Database Compromised

a “Highly sophisticated cyber attack” was used to compromise the database of the forums for Bioware’s Neverwinter Nights.
Stolen data included username, password, email, and birth date
How many users were effected was not specified
EA says no credit card information was in the stolen database
Sega was also compromised, 1.29 million customers had their data exposed via the website of the European unit’s “Sega Pass” website.
Again, username, password, email and birth date were exposed, but it appears that no financial information was leaked.

TechSNAP reminds you: use a different password for every service. We know it’s hard, but cleaning up behind an identity thief is worse.

Submitted by: Raventiger

Topic: US Government Study shows alarming attack vector

60% of Government or Contractor employees who found a USB stick or CD on the ground outside their office plugging the device in to their computer.
90% of the employees installed the software if it had an official looking logo on it.
This is reminiscent of the StuxNet worm, which targeted isolated computers that were not on the Internet. It is believed that they were infected via a hardware device containing the payload.

Topic: Research reveals that pin numbers are predictable

15% of iPhones could be unlocked in fewer than 10 tries using the most common pin codes
The most common first character in a pin number is 1
The most common second character is 2
The values 1980 through 2000 make up a huge portion of the top 100 pin codes, meaning if you know or can guess a users date of birth, you can increase your chance of cracking their code
Other popular codes include repeating digits or patterns, such as 2222 or 1212, or lines drawn on the input screen, such as 2580, 0852 or 1241
Another popular value is 5683, which didn’t seem to fit any pattern until you realize that is spells ‘love’ with standard phone letter substitution.
This means that if you know the users birthday and relationship status, you can increase your chance of cracking their pin code just by applying a little statistical analysis. If you can shoulder surf them, and further reduce the pool of possible codes, you can almost guarantee success.
Users tend to reuse passwords, if you guess their phone password, there is a good chance that is also their ATM pin. Either way, the exact same techniques can be applied to ATM, Voicemail and other pin codes.