DBAN – Jupiter Broadcasting

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.
Skimmers that transmit stolen card data wirelessly via GSM text messages and other mobile-based communications methods are not new; they have been present — if not prevalent — in ATM skimming devices for ages.
But this is the first instance KrebsOnSecurity is aware of in which such SMS skimmers have been found inside gas pumps, and that matches the experience of several states hardest hit by pump skimming activity.
see also Gas Theft Gangs Fuel Pump Skimming Scams

Erasing hard drives – dd might be enough – Dan talks about how he erased the drives

I recently upgraded several 3TB drives to 5TB drives and no longer needs the smaller drives. I usually used DBAN, but this time, it failed to run and I have no idea why
I started looking around for upgrades in case my newer hardware didn’t work with this version of DBAN
In September 2012, Blancco of Finland announced its acquisition of DBAN – Windows binary – no use to me
There is an unofficial fork of DBAN that is actively maintained. The dwipe program that DBAN uses has been forked and is available as a standalone program called Nwipe, which is actively maintained.
Appears to be more than one unofficial dban fork
nwipe is included with Parted Magic so I paid my $11 and downloaded UNetbootin and tried to install it
I failed to get my latest version (2017_06_03) of Parted Magic to boot so I resorted to letting UNetbootin download and install Latest_Live and I think that was 2.4
I was told DBAN is drive abuse and that dd is sufficient
Highly recommended NAS configuration – KIds don’t try this at home!
Originally thought to be serial, butlater confirmed to work in parallel
Discussion on: when you power cycle, how long do you want to power on?
Next, tried nwipe but found that that took too long
Going back to Parted Magic, I found the disk erase UI to have a few interesting features
Then, I managed to get my SAS2008 card to work, and started doing 8 drives at a time
dd is always an option, but I found it more convenient to use Parted Magic. Why? I didn’t have to script it and I can use the Secure Erase feature

Feedback

A question about database migrations – apgdiff SQL Manager – SQLFairy – Dan used to use a tool for designing the database, but hasn’t use one lately. Now he constructs the DDL on the fly to amend the database and keeps them aside for upgrading the production database. Dan once kept the DDL for FreshPorts in a repo, but no longer does. Now he just backs up.
ZFS Configuration new System76 Oryx pro
Nigel Brownsey wrote in about Password security all about length
PostgreSQL password hashing & backups

Round Up:

The HDFS Juggernaut – Hadoop Distributed File System
Plans for Partitioning in PostgreSQL v11
debian-policy: Packages should be reproducible
Everything You Always Wanted to Know
About Optical Networking –
But Were Afraid to Ask
slides – Youtube video
Looking at public Puppet servers
Airbnb’s preferred smart lock vendor accidentally bricks 500 door-locks
I Bought a Book About the Internet From 1994 and None of the Links Worked

The post Leaky Pumps | TechSNAP 332 first appeared on Jupiter Broadcasting.

How Malware Makes Money | TechSNAP 31

chris — Thu, 10 Nov 2011 18:18:24 +0000

The FBI shuts down a cyber crime syndicate, and we’ll tell you just how much profit they were bring in.

Plus we’ll cover how to securely erase your hard drive, Xbox Live’s minor password leak, how researches remotely opened prison cell doors, in my own state!

All that and more, on this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:

techsnap7: $7.49 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

Subscribe via RSS and iTunes:

Fill out my Wufoo form!

Show Notes:

FBI takes out malware operation that illicitly made 14 million dollars

The malware was said to have infected as many as 4 million computers in 100 countries
Atleast 500,000 infected machines in the USA alone
Operation Ghost Click resulted in indictments against six Estonian and one Russian national. The Estonians were taken in to custody by local authorities and the US is seeking to extradite them.
The malware, called DNSChanger, changed the users DNS servers, to use rogue servers run by the botnet operators, and allowed the attackers to basically perform man-in-the-middle attacks against any site they wished.
The attackers redirected all traffic related to Apple and iTunes to a site that sold fake apple software and pirated music.
The attackers also stole traffic from legitimate advertising networks and replaced it with their own network, charging advertisers for their ill gotten traffic.
The malware also blocked windows update and most known virus scanners and help sites.

Pastebin of XBox Live IDs and passwords published

The pastebin contained 90 game tags, passwords and possibly email addresses
Microsoft says that they do not believe their network was compromised, and that this list is the result of a small scale phishing attack
The size of the credential dump seems to support that conclusion
Regardless, it is recommended that you change your XBox Live password, and the password on any other service that shared the same password, especially the email address used for your XBox Live.

Researchers Uncover ‘Massive Security Flaws’ In Amazon Cloud

The vulnerability (since fixed) allowed an attacker to completely take over administrative rights on another AWS account, including starting new EC2 and S3 instances, and deleting instances and storage
An attacker could have run up a huge bill very quickly, and it would appear legitimate.
Using EC2 to crack passwords becomes even more effective when someone else is paying for your instances
The vulnerability was exploited using an XML signature wrapping attack, allowing them to modify the signed message while still having it verify as unmodified.
Amazon said “customers fully implementing the AWS security best practices were not susceptible to these vulnerabilities”
Previous Article about Amazon AWS Security
The previous article mostly covers vulnerabilities created by users of AWS, including people publicly publishing AMIs with their SSH keys still in them.

Prison SCADA systems vulnerable to compromise

Researchers have been able to compromised the SCADA systems and open/close cell doors, overload door mechanisms so they cannot be open/closed, and disable the internal communications systems.
The researches worked in one of their basements, spent less than $2,500 and had no previous experience in dealing with these technologies.
Washington Times Article confirms that the research was delivered to state and prison authorities, and that Homeland Security has verified the research
Researchers were called in after an incident where all of the cell doors on death row at once prison opened spontaneously
While the SCADA systems are not supposed to be connected to the Internet, it was found that many of them were.
Some were used by prison staff to browse the Internet, leaving them open to malware and other such attacks.
While others had been connected to the Internet so they could be remotely managed by consultants and software vendors
Even without the Internet, researchers found that the system could be compromised by an infected USB drive, connected to the
SCADA system either via social engineering or bribery of prison employees.

Feedback:

Simon asks about destroying your data before recycling/selling your used hard drives

There are a number of tools that will overwrite the contents of your hard drive a number of times in various patterns. The goal here is to ensure that any data that was on the drive can not be recovered. There is never a guarantee that the data will not be recoverable.
Allan Recommends: DBAN – Darik’s Boot And Nuke
It is still a very good idea to overwrite the data on your disks before you recycle/sell them. The methods are slightly different now, specifically, some methods such as the ‘Gutmann Wipe’ which was designed for a specific type of disk encoding that is no longer users in modern hard drives are no longer effective.
DBAN supports a number of methods:
PRNG Stream (recommend) – literally overwrites the entire drive with a stream of data from the Pseudo Random Number Generator. It is recommended that you use 4 passes for medium security, and 8 or more passes for high security.
DoD 5220.22-M – The US Department of Defence 7 pass standard. The default is DBAN is the DoD Short, which consists of passes 1, 2 and 7 from the full DoD wipe.
RCMP TSSIT OPS-II – The Canadian governments “Technical Security Standard for Information Technology”: Media Sanitization procedure. (8 passes)
Quick Erase (Not recommended) – Overwrite the entire drive from 0s, only 1 pass. This is designed for when you are going to reuse the drive internally, and is not considered secure at all
DBAN also verifies that the data was overwritten properly, by reading back the data from the drive and verifying that the correct pattern is found.
I am not certain about the answer to your question concerning SD cards and other flash storage not in the form of a hard disk. A file erasure utility may be the only option if the device does not actually accept ATA/SCSI commands (careful, some USB devices pretend to accept the commands but just ignore ones they do not understand)
Simon’s method of using the shred utility (designed to overwrite an individual file) on the block device, is not recommended. a proper utility like DBAN uses ATA/SCSI commands to tell the disk to securely erase it self, which involves disabling write caching, and erasing unaddressable storage such as those that have been relocated due to bad sectors.
Special consideration should be given to SSDs, as they usually contain more storage than advertised, and as the flash media wears out, it is replaced from this additional storage. You want to be sure your overwrite utility overwrites the no-longer-used sectors as they will still contain your data. This is why a utility that uses the proper ATA/SCSI commands is so important.
A utility like DBAN is also required if the disk contained business or customer data. Under legislation such as PIPEDA (Personal Information Protection and Electronic Documents Act, Canada), HIPAA and Sorbanes-Oxley (USA), the information must be properly destroyed.

Round UP:

ZFS Server Build Progress:

Finalized Parts List
Parts Summary:
Supermicro CSE–829TQ-R920UB Chassis
- 8 hot swapable SAS bays
- dual redundant 920 watt high-efficiency PSUs
Supermicro X8DTU–6F+ motherboard
- Dual Socket LGA 1366
- 18x 240pin DDR3 1333 slots (max 288GB ram)
- Intel 5520 Tylersburg Chipset, ICH10R
- LSI 6Gb/s SAS Hardware RAID controller
- Intel ICH10R SATA 3Gb/s SATA Controller
- IPMI 2.0 with Virtual Media and KVM over LAN
- Dual Intel 82576 Gigabit Ethernet Controller
Dual Intel Xeon E5620 Processors (4×2.4Ghz, HT, 12MB Cache, 80W)
48GB DDR3 1333mhz ECC Registered RAM
2x Seagate Barracuda XT 2TB SATA 6Gb/s 7200rpm Drives (for OS)
9x Seagate Consellsation ES 2TB SAS 6Gb/s 7200rpm Drives (8x for RAID Z2, 1x cold spare)
Adaptec RAID 6805 Controller (8 Internal drives, supports up to 256 drives, 512mb DDR2 667 cache)
Adaptec AFM 600 Flash Module (Alternative to BBU, provides 4GB NAND flash power by super capacitor to provide zero maintenance battery backup)

The post How Malware Makes Money | TechSNAP 31 first appeared on Jupiter Broadcasting.