Complimentary Webcast: Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches
In the current threat environment, the chances of getting breached are pretty high. What are the steps you’ve taken to reduce that risk? In the event it does happen, what actions will you take to act quickly?
Join Marcus Carey, Security Researcher at Rapid7, for a free webcast, “Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches,” on Thursday, June 14 at 2:00 pm EDT. The webcast will discuss what we can learn from recent high profile breaches, including LinkedIn and Global Payments.
Marcus will identify:
- Attacker profiles and their modus operandi
- Common security miscues
- Cryptography and cryptanalysis best practices
- Incident response and business continuity best practices
Attendees of this webcast will gain practical advice on best practice approaches to minimizing the risk and potential business impact of a breach.
SummerCon 2012 Day 1 – Friday, June 8
SummerCon 2012 a hacker’s conference being conducted in beautiful downtown Brooklyn started today June 8th. Doors opened at noon, with opening remarks from organizer redpantz and Mark Trumpbour.
Fermin Serna conducted the first talk titled “CVE-2012-0769, the case of the perfect info leak”. The talk focused around why ASLR is a key mitigation and the need of info leaks for reliable exploitation.
Jon Oberheide and Charlie Miller followed Serna’s talk with a presentation titled “Space Pope on Android” that focused on Android security. They also graced attendees with a verity of dance moves.
Other presentations were conducted by Collin Mulliner (Binary Instrumentation for Android) that investigated how bug hunting on Android based systems are becoming more difficult as well as Dr. Raid & Aaron Portnoy (The Busticati 0xC Step Program to Program Recovery) that looked into instructing attendees on structured program recovery.
The event also ended with a Super Mega Happy Go Lucky party featuring DJ Keith and sponsored by IOActive.
Let’s see what day 2 has in store with talk from Julien Vanegue (Modern Static Security Checking of C/ C++ programs), Travis Goodspeed (Exploting Radio Noise for Remote Frame Injection), Alex Sotirov (Analysis of the MD5 collision in Flame), Invisigoth Kenshoto (Probably Something About Vtrace) and Gillis Jones (Show Me the Money: Why Security Still Isn’t Taken Seriously by Business).
How to Protect Your WordPress wp-config.php File and Your .htaccess File
The wp-config.php file contains all the confidential details of your site. So it’s pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess file itself? Don’t worry, we can use the same .htaccess file to protect itself from being preyed upon. You just need to place below code in your .htaccess file:
order allow,deny
deny from all
</Files>
Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections
Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.
Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.
The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad.
Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office, and promptly report it to the IC3’s website at www.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.
SummerCon Academic Rate FREE – Sponsored by Facebook
NOT VALID WITHOUT ACADEMIC ID.
SummerCon organizer stated, we were poor students once too. Thanks to Facebook, we can offer our academic rate tickets, normally $30 each, for FREE.
That’s right, Facebook is doing students and faculty a solid by offering them free tickets.
We take a pretty broad view of what “academic” means, but proof of registration with an academic institution is required or the full rate applies.
So bring your academic ID!
@summerc0n
Fast analysis of large pcap files with CapLoader
Are you working with large pcap files and need to see the “whole picture” while still being able to quickly drill down to individual packets for a TCP or UDP flow? Then this is your lucky day, since we at Netresec are releasing our new tool CapLoader today!
Here are the main features of CapLoader:
- Fast loading of multi-gigabyte PCAP files (1 GB loads in less than 2 minutes on a standard PC and even faster on multi-core machines).
- GUI presentation of all TCP and UDP flows in the loaded PCAP files.
- Automatic identification of application layer protocols without relying on port numbers.
- Extremely fast drill-down functionality to open packets from one or multiple selected flows.
- Possibility to export packets from selected flows to a new PCAP file or directly open them in external tools like Wireshark and NetworkMiner.
CapLoader with files from Honeynet SOTM 28 loaded. The application layer protocol from the rootkit backdoor on TCP 5001 is automatically identified as “SSH”.
The typical process of working with CapLoader is:
- Open one or multiple pcap files, typically by drag-and-dropping them onto the CapLoader GUI.
- Mark the flows of interest.
- Double click the PCAP icon to open the selected sessions in your default pcap parser (typically Wireshark) or better yet, do drag-and-drop from the PCAP icon to your favorite packet analyzer.
In short, CapLoader will significantly speed up the analysis process of large network captures while also empowering analysts with a unique protocol identification ability. We at Netresec see CapLoader as the perfect tool for everyone who want to perform analysis on “big data” network captures.
More information about CapLoader is available on caploader.com.
