Lizard Squad’s DDoS for sale, NSA breaks VPNs, our Kickstarter of the week & more!

It’s the last Tech Talk Today of 2014, see you next week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Lizard Squad’s Xbox Live, PSN attacks were a ‘marketing scheme’ for new DDoS service

The service, dubbed Lizard Stresser, launched early Tuesday morning via Twitter (redacted below) and is fully operational, a Lizard Squad member who goes by the alias “dragon” told the Daily Dot via a direct message on Twitter and subsequent conversation through the instant messaging service Jabber. Customers can use the service against any target they wish, including large websites or Internet services, such as PSN or Xbox Live. Dragon, who is listed as co-owner of the service, says the launch of Lizard Stresser will be the group’s last move before they “vanish off back to the caves where we came from.”

Once customers log into Lizard Squad’s new service, they are greeted by a list of the group’s accomplishments:

The cost of attacks range anywhere from $6 to $500, paid for with Bitcoin, the difficult-to-trace cryptocurrency. The most expensive tier offers 30,000 seconds of attack (a little more than 20 days), and costs just $130 per month. For $500, customers can launch unlimited attacks.

With the notoriety achieved from their attacks on Xbox Live and Playstation Network, Lizard Squad plans to utilize their huge social media reach to attract potential customers.

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

The National Security Agency’s Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

When an IPSec VPN is identified and “tasked” by NSA analysts, according to the presentation, a “full take” of its traffic is stored in VULCANDEATHGRIP, a VPN data repository. There are similar, separate repositories for PPTP and SSL VPN traffic dubbed FOURSCORE and VULCANMINDMELD, respectively.

The NSA has a specific repository for capturing VPN metadata called TOYGRIPPE. The repository stores information on VPN sessions between systems of interest, including their “fingerprints” for specific machines and which VPN services they’ve connected to, their key exchanges, and other connection data. VPN “fingerprints” can also be extracted from XKEYSCORE, the NSA’s distributed “big data” store of all recently captured Internet traffic, to be used in identifying targets and developing an attack.

Newly published NSA documents show agency could grab all Skype traffic

The nature of the Skype data collection was spelled out in an NSA document dated August 2012 entitled “User’s Guide for PRISM Skype Collection.” The document details how to “task” the capture of voice communications from Skype by NSA’s NUCLEON system, which allows for text searches against captured voice communications. It also discusses how to find text chat and other data sent between clients in NSA’s PINWALE “digital network intelligence” database.

The full capture of voice traffic began in February of 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request.

KICKSTATER OF THE WEEK: Next Keyboard – The Perfect Keyboard for iPhone by Next Keyboard — Kickstarter

A keyboard that puts more power at your fingertips with super fast editing, predictive typing, instant emojis, and beautiful themes!

The post NSA Skype Trek | Tech Talk Today 111 first appeared on Jupiter Broadcasting.

Sony Pictures’ network is compromised & reports claim employes are locked out, data is being held for ransom, Twitter & Google accounts compromised & that’s just the beginning.

Plus the DOJ claims iMessage will kill kids & our Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Hackers shut down Sony Pictures’ computers and are blackmailing the studio | The Verge

Since this afternoon, computers at the company have been completely unresponsive, showing a glowering CGI skeleton, a series of URL addresses, and a threatening message from a hacker group that identifies itself as #GOP. Dozens of Sony Twitter accounts were also commandeered to tweet out similar messages, although Sony seems to have regained control of those accounts. Early reports from Sony employees suggest the studio has yet to regain computer access.

The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. The message shown on computers mentions “demands” that must be met by November 24th at 11:00PM GMT or the files named will be released.

A source within Sony has anonymously confirmed to TNW that the hack and image that have appeared on computers inside Sony Pictures is real. They said that “a single server was compromised and the attack was spread from there.”

In the meantime, the compromise seems to have brought day-to-day work at the studio to a crashing halt. Employees are reportedly unable to send email, use their computers, or even answer phones. As one employee told Deadline, “We are down, completely paralyzed.” In the official statement, Sony used more measure language: “We are investigating an IT matter.”

• I used to work for Sony Pictures. My friend still works there and sent me this. It’s on every computer all over Sony Pictures nationwide. : hacking

Updated: Hackers replace Sony’s backup app on Google Play — Tech News and Analysis

Sony’s Backup & Restore tool is a pretty straightforward app. It can back up device settings and data to a MicroSD card. It’s pre-installed on a lot of Sony phones, including the new Xperia Z3. But the version on Google Play for several hours on Monday said it was managed by “Nirak Patel Kanudo” and its reviews were terrible. The app description also included several typos.

iMessage encryption will kill kids, DOJ warns | Cult of Mac

The U.S. Department of Justice has issued a chilling warning to Apple executives as a response to increased privacy protections added to iOS 8: Children might die because we can’t hack into bad guys’ iMessages.

Deputy Attorney General James Cole met with Apple executives last month, reports the Wall Street Journal, to discuss privacy issues, but after making the ridiculous claim that the blood of dead children will be on Apple’s hands if it doesn’t give the NSA access to iMessages, the talks have ended in a standoff.

“The No. 2 official at the Justice Department delivered a blunt message last month to Apple Inc. executives: New encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy. A child would die, he said, because police wouldn’t be able to scour a suspect’s phone, according to people who attended the meeting.”

KICKSTARTER OF THE WEEK: 6thfinger: Keep games or apps active without human touch by Danny & Wayne — Kickstarter

The post Patch your Sony | Tech Talk Today 97 first appeared on Jupiter Broadcasting.

A comprehensive study shows that you’re probably taking way too long to patch your box.

Plus research on possible iOS backdoors, TOR’s nasty bug, your questions, our answers, and much much more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Qualys releases “The Laws of Vulnerabilities 2.0”

• Qualys, known for the SSL Labs site where you can test the encryption capabilities of your browser and web server, has released the new version of their “laws”
• Qualys sells an “on demand vulnerability management solution” which does continuous perimeter monitoring of a network and scans servers for vulnerable versions of software and services
• Using the data they have collected they did statistical analysis and came up with some basic laws that cover the “vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services.”
• The average system remains vulnerable for 30 days. Service sector usually patched within 21 days, whereas Manufacturing usually took 51 days
• The most popular vulnerabilities are regularly replaced, leaving some systems almost continuously vulnerable
• “the lifespan of most, if not all vulnerabilities is unlimited and a large percentage of vulnerabilities are never fully fixed.”
• “Eighty percent of vulnerability exploits are now available within single digit days after the vulnerabilities public release. In 2008, Qualys Labs logged 56 vulnerabilities with zero-day exploits, including the RPC vulnerability that produced Conficker. In 2009, the first vulnerability released by Microsoft, MS09-001 had an exploit available within seven days. Microsoft’s April Patch Tuesday included known exploits for over 47 percent of the published vulnerabilities. This law had the most drastic change from the Laws 1.0 in 2004, which provided a comfortable 60 days as guidance”
• Compared to in the past, installing updates in a timely fashion is even more important. The old 60 day window is gone

Payment Card Data Theft: Tips For Small Business

• An article at DarkReading.com by Chris Nutt, Director of Incident Response and Malware at Mandiant, on steps small businesses can take to avoid being the next credit card breach
• Things to consider when processing credit cards via a computer:
• Does the company browse the Internet or read email on the computer used for credit card processing?
• Is unencrypted card data transmitted through any exposed cables or over the internal network?
• Is the card-processing software configured correctly and up-to-date?
• Has the computer’s operating system up to date? has it been hardened?
• Is the computer running antivirus and is it up-to-date?
• Does the company outsource IT management and is there a remote management port open to the Internet?
• Small business often have an advantage in this area, it is easier to upgrade software when there is only a single system involved, not a complex back office system with multiple servers
• Some Recommendations
  • Use a dedicated LAN (or VLAN) or use a cellular connection instead of running the payment system on the same LAN or WiFi that is used for regular business and/or used by customers
• “Do not maintain a Payment Card Industry (PCI) environment or maintain the smallest PCI environment possible”
  • Instead, use a PCI compliant reader like Stripe or Square, data should be encrypted and sent directly to the payment processor, never stored on a device
  • Never store credit card details, a service like Stripe will give you a unique token that can be used for rebilling, refunds etc, without requiring you store the original card details
  • “Do not outsource the maintenance of POS devices to a company that will directly access remote management ports over the Internet.”
  • “Protect the physical security of all systems that store, process, or transmit cardholder information. All security is lost if an attacker can alter or replace your equipment”
  • “Do not allow systems in you PCI environment to connect to the Internet, aside from the connections required to process card transactions or patch the system”
  • “Do not allow systems in your PCI environment to connect to any systems on your network that are not necessary for processing card transactions or patching”
• Some possibly bad advice from the article: Use a mobile device or a tablet, they are more secure than a desktop
• Where possible, offload the processing to a provider, it might be slightly more expensive, but it moves most of the risk to the provider, rather than you

Government Accountability Office report shows shortcomings in incident response procedures

• GAO Report: Agencies Need to Improve Cyber Incident Response Practices
• “Based on a statistical sample of cyber incidents reported in fiscal year 2012, GAO projects that these agencies did not completely document actions taken in response to detected incidents in about 65 percent of cases”
• “For example, agencies identified the scope of an incident in the majority of cases, but frequently did not demonstrate that they had determined the impact of an incident. In addition, agencies did not consistently demonstrate how they had handled other key activities, such as whether preventive actions to prevent the reoccurrence of an incident were taken.”
• “agencies had recorded actions to halt the spread of, or otherwise limit, the damage caused by an incident in about 75 percent of incidents government-wide. However, agencies did not demonstrate such actions for about 25 percent of incidents government-wide.”
• “for about 77 percent of incidents government-wide, the agencies had identified and eliminated the remaining elements of the incident. However, agencies did not demonstrate that they had effectively eradicated incidents in about 23 percent of incidents”
• “agencies returned their systems to an operationally ready state for about 81 percent of incidents government-wide. However, they had not consistently documented remedial actions on whether they had taken steps to prevent an incident from reoccurring. Specifically, agencies did not demonstrate that they had acted to prevent an incident from reoccurring in about 49 percent of incidents government-wide.”
• “In another incident, an agency received a report from US-CERT indicating that login credentials at two of the agency’s components may have been compromised. When contacting the impacted components, agency incident handlers mistyped the potentially compromised credentials for one component and did not respond to an e-mail from the component requesting clarification, and failed to follow up with the second component when it did not respond to the initial alert. Despite these errors, the incident handlers closed the incident without taking further action.”
• “In a malware incident, sensors on an agency’s network recorded an agency computer contacting an external domain known to host malicious files, and downloading a suspicious file. Incident handlers closed the ticket without recording any actions taken to contain or otherwise remediate the potential malware infection”
• The GAO used NIST Special Publication 800-61: Computer Security Incident Handling Guide as a reference
• FireEye, makes of an enterprise security real-time threat protection platform, had some reactions to these findings:
• “Anything less than 100% containment is essentially 0% containment”. “If a government agency fails to completely contain an intrusion, any gaps leave the adversary freedom of maneuver. He can exploit the containment failure to proliferate to other systems and remain in control of an organization’s systems.“
• “If an adversary retains access to even one system, he can rebuild his position and retake control of the victim”
• “If a victim fails to make the environment tougher for the adversary, the intruder will likely return using the same techniques that he utilized to first gain access.” Victims need to learn from intrusions and implement remediation
• It is not clear from the report, but if a machine is compromised, it should be reformatted, rather than merely ‘cleaned’. In light of recent reports about persistent malware, the BIOS should also be flashed before the fresh OS is reinstalled.

Feedback:

• IPSec vs OpenVPN

• Canvas Fingerprinting – A New Threat To Privacy

• Meet the Online Tracking Device That is Virtually Impossible to Block

• ksoftirqd – High Network Throughput

• Why is ksoftirqd/0 process using all of my CPU?

• In the kernel command line (/etc/grub.conf), add “nohz=off” CentOS Forum

• multiple vm’s with 1 ip

• What is a true backup?

Round Up:

• Tails live OS affected by critical zero-day vulnerabilities
• European Central Bank hacked, only founds out after attacker demands ransom. Stolen: database of 20,000 email addresses of people who had registered for ECB conferences, visits and other events
• WSJ website hacked, data offered for sale for 1 bitcoin
• Google announces project zero, “hunt down security vulnerabilities in every popular piece of software that touches the internet”
• Tor Project working to fix weakness that can unmask anonymous users
• New IE vulnerabilities up over 100% since 2013
• How Hackers Hid a Money-Mining Botnet in Amazon’s Cloud
• Researcher finds hidden way to access plaint-text version of encrypted data on iOS devices
• Chromium Switching to BoringSSL.
• Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices
• The Open Source Responsible Disclosure Framework
• How your profile picture can be used against you
• Posh-SSH – Open Source PowerShell module for SSH, SFTP, SCP
• What the feds really know about you
• Australian deals website waits 3 years to tell customers and privacy commissioner. Told police, banks and credit card companies immediately. Only told customers now because “technological advances” mean the old hashes are now easier to crack
• NY Metro Card Terminal still runs Windows NT 4.03
• Sony to pay up to $17.75 million in 2011 PSN hacking settlemen

The post 9 Days to Patch | TechSNAP 172 first appeared on Jupiter Broadcasting.

Rumor has it the playstation network has been hacked again, but we’ve got the real story. Blizzard suffered a nasty database breach, and it might be much worse then they are letting on.

Plus: Automating your server deployments and configurations has never been easier, find out what Allan uses to get the job done!

All that and a lot more, in this week’s TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show: