Episode 0x3A
We Can Do Better
Before we get too far into things this week, I want to draw special attention to Rich Mogull’s $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right – admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along…
Upcoming this week…
- Lots of News
- Breaches
- SCADA / Cyber, cyber… etc.
- finishing it off with DERPs/Mailbag (or Deep Dive)
- And there are weekly Briefs – no arguing or discussion allowed
And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don’t need to speak for anyone except themselves. Ok? Good.
In this episode:
- News and Commentary
- Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets.
- Mandiant gets bought by FireEye
- Infographic: New ISO 27001:2013 – What Has Changed?
- Find security flaw, go to jail?
- Breaches
- Former TIAA-CREF Worker Gets 6 Years for Selling IDs
- OpenSSL Defacement – Not a Hypervisor Thing
- Riverside Health System 4-year-long HIPAA Breach
- Thank Goodness for the NSA! – a fable
- Yahoo infects people with Malware and makes the bitcoin
- SCADA / Cyber, cyber… etc
- DERP
- Mailbag
- We receive some of the most batcrap crazy emails here at LSD. What’s the right response to people who don’t just have a tinfoil hat, but are opting for the full ensemble?
- Dear Mailbag
I’m thinking about not speaking at RSA because of the NSAs, what do you think?
Hugs
Mikko H. (not the other Mikko guy)
- Briefly — NO ARGUING OR DISCUSSION ALLOWED
- Crypto Hardening guide for Sysadmins
- Penetration Testing Lab Contents Mindmap
- sigcheck now with Virus total
- WordPress plugin exploit data
- Skipfish Scanner Used In Financial Sector Attacks
- Liquidmatrix Staff Projects — gratuitous self-promotion
- The Security Conference Library
- Contribute to the Strategic Defense Execution Standard (#SDES) and you’ll be Doing Infosec Right in no time.
- If you’re interested in helping out with openCERT.ca, drop a line to info@openCERT.ca
- Upcoming Appearances: — more gratuitous self-promotion
- Dave: – Shmoocon, SOURCE, Infosec EU, BSides London, HITB EU, Secure360, FIRST…
- James: – At Shmoocon (with a cool surprise), then RSA (sad trombone)
- Ben: – N/A
- Matt: – behind the beard
- Wil: – Gave up, is a car dealer now
- Other LSD Writers: – huh?
- Advertising – pay the bills…
- Signing up for a SANS course? Be sure to use the code “Liquidmatrix_150” and save $150 off the course fee! Or do the math and figure out if 5% off a course would be a better deal with “Liquidmatrix_5”
- Closing Thoughts
- Seacrest Says: My Voice Is My Passport, Verify Me
Download the MP3
Listen:
Subscribe to us using plain old
Also, we’re now available through
Creative Commons license: BY-NC-SA
And here’s the latest batcrap crazy email we’ve received…
Subject: Advanced iMac & Email Security Help
Date: Tue, 7 Jan 2014 20:19:56 -0700
Cc: secwest14@cansecwest.com,
myrcurial@myrcurial.com
To: info@bromium.com
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Please return my email to ((REDACTED))
I am using a borrowed computer due to my iMac being corrupted and partially erased. There is a partition that is locked or grayed out so it won’t erase. Perhaps someone was using it remotely.
I was doing some research and I came across your profile. You seem to be the right person to ask questions. I’ve experienced security issues on my free email accounts & I need your expertise, input, links, or referrals on solutions. Email me with answers. iMac, mac pro, & passwords are never shared, all security measures are in place for wifi setup, 2Step verifications, and all other configurations for the computer. But I still have these problems. What am I missing? What should I look for as far as things/words implanted in my computers. What else should I get to protect me; apps, a programs, software, etc. Is there something I should be looking for in the utilities or the library?
- How to stop a remote person from logging into my email during the time I am checking my email.
- How to prevent a remote person from logging into my email after I log out; the details only show my IP address for logging in.
- How to prevent a remote person from deleting the activity list to hide illegal activity and sending out emails to people I don’t know, not on my contact list, etc.
- Notifications are turned on, but the phone call notifications are illegally turned off and the link is grayed out to prevent turning it back on.
- The 2-Step verification codes are blocked when they are entered &/or copied so I can’t use them to log in.
- phishing log in pages popup for all account links to force entering the password before viewing any page. I don’t enter, I just bring up a new tab or re-log in.
- gmail/cox communication mail/chrome/firefox/safari browser tabs freeze. A new tab or re-log in occurs w/in 30 to 60 seconds. During that time all email is stolen and removed.
- a reconfiguration causes all links on computer to display every file for apps/utilities/computer/network/documents/ etc. Everything in the computer. If I want to attach a file to an email, the attach link displays or opens everything in the computer.
- some computer links are hidden; utilities is empty, etc. I have to do a spotlight search for them.
- input tools have been added. a keyboard icon is visible on login page for computer. I turned these off but the commands are ignored or bypassed
- the log in page should be set up type in computer name and password for security, but all measures are bypassed. The commands are on but they are ignored or bypassed.
- I found the terminal on the screen after login 2 times. Since I am not familiar with what the terminal controls, I did not know what to do. I found a command to bring up the last 100 commands, but nothing shows up. Something was done but I wish I knew what it was.
- Homework reports, final papers, research information, etc. are stolen and prevented to upload to my school for grades. My personal information at school was hacked and looked into. I complained to the tech person and she denied that the school mail and information could be hacked; impossible. I could not get her to understand the problem. This is the work of someone who is an expert.
- I spent hundreds of dollars on security software and EVERY single one of them was dismantled. The programs that could be repaired via updates took longer, but they became useless too.
- The Apple App Store is an app itself. It has been manipulated to demand re-entering of the password for every singe link and download. Apps have been reconfigured or used as backdoors into computer activity. No many how many times the credit card, ID, and password has been changed, there are still problems with getting into my account.
In the past, I had no knowledge beyond logging in and using the computer. I had to learn. Before I was forced to learn the above information, I would created a multitude of gmail accounts in an effort to outrun the abuse. Now I see that I am being stalked via gmail and any other account I open; PayPal, Amazon, Bank Accounts, etc. I can use someone elses computer to log into gmail and notice that the friend’s computer and accounts are not touched; only mine.
It is time I learned more ways to protect myself but I am stuck as to where to get this information. The average tech person I talk to can’t understand or believe I’m having these problems. I learned a lot from reading blogs like LifeHacker and similar sites.
On my computer, I think that very security measure has been turned off but just looks like they are on. My computer and email are not safe. I have erased my computers several times. I have bought both Windows and Mac products, but they are all corrupted. I see that getting new products and using borrowed computers don’t work and are not the answer.
What should I look for to fix this? Is there someplace in my computer that is not readily known that I am missing? Example…I just learned about the library. It is hidden and can only be opened with the go+alt buttons. After I learned this, I was able to ready all lines and erase unfamiliar items. This helped a lot in the past, but now there is something I can’t see or read. Perhaps the terminal is the clue. If so, I need more education or this and anything else I need to know about.
There are other issues. These are the ones I can think of right now. What should I do. How can you help.
Thank you.
((REDACTED))