Founder and iCEO of WhiteHat Security Jeremiah Grossman to Speak at ISSA-LA Sixth Annual Information Security Summit on Cybercrime Solutions
Jeremiah Grossman, founder and interim CEO of WhiteHat Security, will be a featured speaker at the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) Sixth Annual Information Security Summit on Friday, May 16, 2014 at the Hilton Universal City Hotel in Los Angeles. The theme of the one-day summit, The Growing Cyber Threat: Protect Your Business, highlights the financial impact cybercrime has on all organizations: business, not-for-profits, government agencies, schools, healthcare and others. The summit advances ISSA-LA’s core belief that ‘It takes the village to secure the village’ SM.
“We are excited to have Jeremiah speak at our Summit. We are especially grateful that he is taking the time from his new responsibilities to be with us.” said ISSA-LA President Stan Stahl, PhD. “Jeremiah is one of the special people in our industry. He combines a deep understanding of what it takes to defend against advanced cyberattacks with a commitment to supporting the information security community. This is why he’s one of the most sought after speakers at industry events and why the media so often turns to him to explain Internet security challenges.”
A world-renowned expert in web security, Mr. Grossman founded WhiteHat Security in 2001. Prior to founding WhiteHat Security, Mr. Grossman was an information security officer at Yahoo!, responsible for security reviews on the company’s hundreds of websites. He’s also a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld’s Top 25 CTOs.
Mr. Grossman has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of “XSS Attacks: Cross-Site Scripting Exploits and Defense.” He is frequently quoted in major media such as USA Today, The Washington Post, The Financial Times, InformationWeek, InfoWorld, PC World, Dark Reading, SC Magazine, CNET, CSO, and NBC Nightly News.
The ISSA-LA Summit is the only educational forum in Los Angeles specifically designed to encourage participation and interaction among all four vital information security constituencies: (1) business and nonprofit executives, their boards and their trusted advisors; (2) technical IT personnel with responsibility for information systems and the data they contain; (3) law enforcement; and (4) information security practitioners with responsibility for ensuring the security of sensitive information.
Registration is open to anyone interested in learning more about information security but is particularly recommended for business and nonprofit executives and senior managers; business professionals in law, accounting, insurance and banking; technical IT personnel; law enforcement professionals fighting cybercrime; faculty and students in college and university cybersecurity programs; and information security practitioners.
The Information Security Summit is part of ISSA-LA’s important community outreach program. The goal of the program is to help the community stay safe from cybercrime by enabling the necessary collaboration between business, nonprofit and community leaders, technical IT professionals, law enforcement and the information security community.
ISSA-LA is the premier catalyst and information source in Los Angeles for improving the practice of information security. The Chapter provides educational programs for information security and IT professionals. The Chapter also conducts outreach programs to businesses, financial institutions, nonprofits, governmental agencies, and consumers. ISSA-LA is the founding Chapter of the Information Systems Security Association, an international not-for-profit organization of information security professionals and practitioners. For more information on the Sixth Annual Information Security Summit, please visit www.issala.org/summit and follow them on Twitter at @ISSALA.
WhiteHat Security was founded in 2001 and is headquartered in Santa Clara, California. WhiteHat Security provides end-to-end solutions for Web security. The company’s cloud website vulnerability management platform and leading security engineers turn verified security intelligence into actionable insights for customers. Through a combination of core products and strategic partnerships, WhiteHat Security provides complete Web security at a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line, currently manages thousands of websites – including sites in highly regulated industries, such as top e-commerce, financial services and healthcare companies. For more information visit www.WhiteHatSec.com.
The “Heartbleed Bug” 101
What is the “Heartbleed Bug”?
Heartbleed bug is a vulnerability in the popular OpenSSL (Open Secure Socket Layers) cryptographic library that allows hackers the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the software. OpenSSL provides the valuable service of keeping user information safe during web transmission, the Heartbleed bug is a memory leak in the software that allows that information to be captured in a readable format when is should be encrypted.
How/When did it start?
Earlier releases of the OpenSSL software is fine, but the in the March 2012 release of OpenSSL 1.0.1 is where the vulnerability was introduced which equates to two years.
Why is it such a threat?
The Heartland bug is a threat because it allows a malicious individual the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the affected OpenSSL software. This accumulates to two-thirds of all websites on the Internet since March of 2012. Furthermore, companies do not know if their users were affected by the OpenSLL vulnerability because exploitation of the bug does not leave any traces a malicious activity occurred.
How does it affect internet users?
It affects internet users due to the compromise of their online IDs to popular sites such as LinkedIn, Gmail and Yahoo to name a few. This will allow the malicious individual to use those accounts to further malicious acts. Also, with credit card information also one of the information that can be retrieved, there is a high chance for fraudulent activities.
What steps should users take to protect themselves?
First check to see if the site you visited were one of the affected sites, also when going to a site, check to see if the patches were installed on that site. Once you have identified the site as being patch and safe, changing your password is the next step. If you change your password before the site owner has applied the patch you should consider yourself still compromised. Lastly, do not reuse your password across other online accounts, if you do, you have created in a digital skeleton key that can be used to access your other online accounts.
Anything else people need to know about this issue?
Users should consider their information compromised if they have used one of the affected sites, with that said, they should monitor and read notices from the sites they visit. In addition, they should be aware of potential phishing scams since the malicious individual may have some personal information about you. Be sure to visit well known and reputable sites and lastly, since credit card information may have been compromised, check your banks records for any irregular activities.
What and When Did NSA Know About Heartbleed Bug?
Bloomberg published an article claiming that two people close to the NSA had informed them that the infamous government agency had known about Heartbleed for as long as two years – using it to gather critical intelligence, obtain passwords, and grab other basic data that ultimately became the foundation for its recent-unveiled hacking operations.
Knowledge of the Heartbleed flaw supposedly allowed the agency to bypass strong encryption systems – the same systems that had been hailed by Edward Snowden as “one of the few things that you can rely on” in a Q&A session with British newspaper The Guardian in June 2013.
Read the rest here.
2nd Annual HackMiami 2014 Hackers Conference in Miami Beach, FL
It’s that time of year again, the 2nd annual HackMiami Conference is approaching, taking place May 9 – 11, 2014 at the Holiday Inn Oceanfront Hotel on Miami Beach, FL. Last year landed in Rolling Stone, who the hell knows what’s gonna happen this year.
Buy your tickets not before we fill up – https://www.hackmiami.com/buy/
SPEAKERS
Just for starters:
Presentations will be hosted by Dave Marcus, the head of threat intelligence at Intel Security, who will examine the latest trends in bulk malware campaigns, such as infection vectors, methods, and tools. Christopher Elisan, lead malware scientist at EMC RSA Threat Labs will also showcase the latest MacOS trojan infection samples as they relate to ransomware campaigns.
A special presentation by Dave Monnier, the Director of Threat Intelligence and Outreach at Team Cymru will examine the case of hundreds of thousands of compromised routers being used for botnet style DDoS attacks. These particular attacks may have had a potential connection to organized crime groups, and the evidence will be examined and analyzed.
TRAINING
We also got training courses from some of the top people in the industry:
Training courses take place on Friday, May 9, 2014 at the Holiday Inn Oceanfront Hotel in Miami Beach, FL.
Enterprise Penetration Testing Methods with Rod Soto – Friday – May 9, 2014 – This comprehensive course will go over the tools and methodologies that are used during penetration tests in enterprise network environments. The course will utilize a lab environment for hands on instruction of manual penetration testing methods, as well as training on the use of exploitation frameworks, such as Metasploit.
This course will focus on methodology, processes, tools, and techniques. By the end of the course, the student will have an understanding of the underlying workings of network exploitation, and will have experience in the successful execution of attacks.
The course is perfect for those seeking to enter the information security career field, as well as those seeking to develop the skills and experience needed to succeed as a penetration tester.
The course is taught by Rod Soto, co-founder of HackMiami and creator of the Kommand and Kontroll (K&&K) CTF Hacking Tournament.
https://hackmiami.com/training/enterprise-penetration-testing-methods/
Secure Coding Bootcamp wth Jim Manico – Friday – May 9, 2014 – This course will provide an highly intensive and interactive 1-day course provides essential application security training for web application, webservice and mobile software developers and architects.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.
The Secure Coding Bootcamp is taught by Jim Manico, world renowned author, Secure-Coding Instructor, and OWASP Global Board Member
https://hackmiami.com/secure-coding-bootcamp/
Web Application Hacking and Server Takeover with Matias Katz – Friday – May 9, 2014- This course will examine methods used to compromise and use web servers making use of different tools and methods. Students will understand how to make use of chained exploitation against multiple vulnerabilities in a realistic lab environment.
The Web Appication and Server Takeover course is taught by Matias Katz, the founder of Andsec and a known speaker who has presented at BlackHat, Ekoparty, H2HC, Campus party, OWASP and many other information security conferences.
https://hackmiami.com/training/web-application-hacking-and-server-takeover/
RFID/NFC workshop for fun (and profit?) – May 9, 2014 Enter the world of the RFID technology (Radio Freq. ID), focusing on highfrequency NFC standard. Also, the low frequency band will be reviewed because of its well-known use in individual physical access to buildings.
From the use of traditional NFC 13.56Mhz readers, their API and proprietary software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other uses and practical ideas.
The course is taught by Nahuel Grisolía, owner of Cinta Infinita. He has delivered trainings in multiple conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia), etc.
https://hackmiami.com/training/rfidnfc-workshop-for-fun-and-profit/
==================
BUY YOUR TICKETS TODAY
Buy your ticket here: https://www.hackmiami.com/buy/
Buy your training here: https://www.hackmiami.com/trainings/
If you are a student, and can prove it, you have a discount code here: https://hackmiami.com/STUDENTSGA75/
Need a place to stay? Check AirBnB before you check any hotel – https://www.airbnb.com/tell-a-friend?airef=7mf7vzf1e23zz5
LIMITED AVAILABILITY – ACT NOW
==================
-Alex Heid-
@alexheid – Twitter
alex@hackmiami.info
www.hackmiami.org
www.hackmiami.com
The HeartBleed Vulnerability: The Next Step for Users
On Monday, April 7, 2014, the information security community received news about a vulnerability in the OpenSSL (Open Secure Socket Layers) cryptographic library called the “Heartbleed” bug that can allow hackers the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the software.
OpenSSL is a very popular tool used on many websites such as LinkedIn, FaceBook, Gmail and many others sites and it is estimated about two-thirds of all websites on the Internet were exposed to this vulnerability for the past two years.
Many security professionals and researcher are describing the Heartbleed bug as one of the biggest security threats the Internet has ever been exposed too and should be taken very seriously.
The main issues with the event stems from the time duration of the vulnerability was in place in conjunction with the vulnerability being unknown for so long. Furthermore, companies do not know if their users were affected by the OpenSLL vulnerability because exploitation of the bug would have left no trace of occurrence.
The positive side of this matter is a patch was released that got rid of the vulnerability, but it is imperative users conduct the following tasks to ensure their security and privacy:
- Change your passwords immediately.
- Do not use the same passwords on multiple online identities.
To check and see if a site you use or plan to use is or was vulnerable to the Heartbleed vulnerability use one of the links below:
or
https://lastpass.com/heartbleed/
Also, below is a quick reference chart courtesy of Mashable.com.
Social Networks
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| Unclear | Yes | Yes Yes | “We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password.” | |
| No | No | No | “We didn’t use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties.” | |
| Tumblr | Yes | Yes | Yes Yes | “We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.” |
| Unclear | Unclear | Unclear | Twitter wrote that OpenSSL “is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation.”Twitter has not yet responded to Mashable‘s request for comment. |
Other Companies
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| Apple | Unclear | Unclear | Unclear | Apple has not yet responded to a request for comment. |
| Amazon | No | No | No | “Amazon.com is not affected.” |
| Yes | Yes | Yes Yes* | “We have assessed the SSL vulnerability and applied patches to key Google services.” Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected; Google Chrome and Chrome OS were not.*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. | |
| Microsoft | No | No | No | Microsoft services were not running OpenSSL, according to LastPass. |
| Yahoo | Yes | Yes | Yes Yes | “As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.” Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says. |
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| AOL | No | No | No | AOL told Mashable it was not running the vulnerable version of the software. |
| Gmail | Yes | Yes | Yes Yes* | “We have assessed the SSL vulnerability and applied patches to key Google services.”*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry. |
| Hotmail / Outlook | No | No | No | Microsoft services were not running OpenSSL, according to LastPass. |
| Yahoo Mail | Yes | Yes | Yes Yes | “As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.” |
Stores and Commerce
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| Amazon | No | No | No | “Amazon.com is not affected.” |
| Amazon Web Services (for website operators) | Yes | Yes | Yes Yes | Most services were unaffected or Amazon was already able to apply mitigations (see advisory note here). Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront were patched. |
| eBay | Unclear | Unclear | Unclear | “The vast majority of our services were not impacted and our users can continue to shop securely on our marketplace.” |
| GoDaddy | Yes | Yes | Yes Yes | “We’ve been updating GoDaddy services that use the affected OpenSSL version.” Full Statement |
| PayPal | No | No | No | “Your PayPal account details were not exposed in the past and remain secure.” Full Statement |
| Target | No | No | No | “[We] launched a comprehensive review of all external facing aspects of Target.com… and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability.” |
Banks and Brokerages
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| Bank of America | No | No | No | “We’re currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past.” |
| Chase | No | No | No | “These sites don’t use the encryption software that is vulnerable to the Heartbleed bug.” |
| E*Trade | No | No | No | E*Trade is still investigating. |
| Fidelity | No | No | No | “We have multiple layers of security in place to protect our customer sites and services.” |
| PNC | No | No | No | “We have tested our online and mobile banking systems and confirmed that they are not vulnerable to the Heartbleed bug.” |
| Schwab | No | No | No | “Efforts to date have not detected this vulnerability on Schwab.com or any of our online channels.” |
| Scottrade | No | No | No | “Scottrade does not use the affected version of OpenSSL on any of our client-facing platforms.” |
| TD Ameritrade | No | No | No | TD Ameritrade “doesn’t use the versions of openSSL that were vulnerable.” |
| TD Bank | No | No | No | “We’re currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past.” |
| U.S. Bank | No | No | No | “We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk.” |
| Wells Fargo | No | No | No | No reason provided. |
Government and Taxes
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| 1040.com | No | No | No | “We’re not vulnerable to the Heartbleed bug, as we do not use OpenSSL.” |
| FileYour Taxes.com | No | No | No | “We continuously patch our servers to keep them updated. However, the version we use was not affected by the issue, so no action was taken.” |
| H&R Block | Unclear | No | Unclear | “We are reviewing our systems and currently have found no risk to client data from this issue.” |
| Healthcare .gov | Unclear | Unclear | Unclear | Healthcare.gov has not yet responded to a request for comment. |
| Intuit (TurboTax) | Yes | Yes | Yes Yes | Turbotax “has examined its systems and has secured TurboTax to protect against the “Heartbleed” bug.” Full Statement |
| IRS | Unclear | Unclear | Unclear | “The IRS continues to accept tax returns as normal … and systems continue operating and are not affected by this bug. We are not aware of any security vulnerabilities related to this situation.” |
Other
| Was it affected? | Is there a patch? | Do you need to change your password? | What did they say? | |
|---|---|---|---|---|
| Dropbox | Yes | Yes | Yes Yes | On Twitter: “We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe.” |
| Evernote | No | No | No | “Evernote’s service, Evernote apps, and Evernote websites … all use non-OpenSSL implementations of SSL/TLS to encrypt network communications.” Full Statement |
| LastPass | Yes | Yes | Yes Yes | “Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys.” |
| Minecraft | Yes | Yes | Yes Yes | “We were forced to temporary suspend all of our services. … The exploit has been fixed. We can not guarantee that your information wasn’t compromised.” More Information |
| Netflix | Unclear | Unclear | Unclear | “Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact.” |
| OKCupid | Yes | Yes | Yes Yes | “We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread.” |
| SoundCloud | Yes | Yes | Yes Yes | “We will be signing out everyone from their SoundCloud accounts … and when you sign back in, the fixes we’ve already put in place will take effect.” |
| Spark Networks (JDate, Christian Mingle) | No | No | No | Sites do not use OpenSSL. |
| Wunderlist | Yes | Yes | Yes Yes | “You’ll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist.” Full Statement |
Cuckoo Malware Analysis by Digit Oktavianto and Iqbal Muhardianto: A Review
I had the opportunity to review and conduct some interesting hands-on examples from Packt Publishing’s “Cuckoo Malware Analysis” by Digit Oktavianto and Iqbal Muhardianto. This book was divided into five intuitive chapters consisting of:
- Preface
- Chapter 1: Getting Started with Automated Malware Analysis
using Cuckoo Sandbox - Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
- Chapter 3: Analyzing the Output of Cuckoo Sandbox
- Chapter 4: Reporting with Cuckoo Sandbox
- Chapter 5: Tips and Tricks for Cuckoo Sandbox
- Index
In chapter one, titled “Getting Started with Automated Malware Analysis
using Cuckoo Sandbox” provided information pertaining to malware analysis methodologies, basic theory in Sandboxing and detailed information on installing the Cuckoo Sandbox framework. The process was not easy, but if directions are followed precisely, then outcome should be favorable. In chapter two “Using Cuckoo Sandbox to Analyze a Sample Malware”, the authors discussed the process of starting Cuckoo as well as submitting various malware samples such as MS Word, MS Excel and PDF documents. In addition, examples to submitting malicious URL, binary files and conducting memory forensics were also demonstrated.
Chapter three “Analyzing the Output of Cuckoo Sandbox” and Chapter four “Reporting with Cuckoo Sandbox”, covered using the processing module and analyzing an APT attack. In addition, the process to creating a built-in reports and exporting data report analysis from Cuckoo to another format were covered.
The last chapter, “Tips and Tricks for Cuckoo Sandbox” pertained informative information about hardening Cuckoo Sandbox against VM detection and other interesting tips I was not to concerned about as a novice in the craft of malware analysis.
Overall, I thought the book was well written as a hybrid tool to learning the process of conducting malware analysis. Chapter one, provided the necessary foundation about malware analysis, while the remaining chapter provided detailed instructions to installing, conducting and reporting malware analysis.
I found this text to be very useful and beneficial for anyone task in conducting the process of malware analysis. In addition, I this text would also provide valuable value in academia as a supplemental text or lab manual.
You can get additional information as well as purchase the book at Packt Publishing website here.
