High school teen arrested on felony hacking charges after breaking through WiFi security
An interesting article from our content partners at HackersNewsBulletin.com:
TEXAS: A student named Marshall Williams,18 allegedly hacked into a secure school network and printing sensitive data, earlier this year student complained that his English teacher would not accept a report on guns.
Williams has been arrested on felony charges on Thursday for allegedly hacking into a secure school network and printing sensitive data.
Local police in Denton, Texas, arrested Marshall Williams, 18, and charged him with the breach of government computer security, My Fox 4 in Dallas-Fort Worth reported.
Blackhat USA 2013 Summary – Part 3 of 3
An interesting note from this presentation was the percentage of already compromised mobile devices identified during the study. Out of the 608 compromised phones identified the majority were Apple IOS phones. Not Android as I would have expected. The main take away from the briefing was that BYOD is a new market and the security solutions are not fully developed. Encrypting data at rest can’t be the beginning and end of the solution. The entire phone needs to be secure and the devices need to be the monitored to the same extent we would monitor any other device on the network.
The second day’s keynote was given by Brian Murihead from NASA and was titled, “Take Risk but Don’t Fail”. Let’s be honest here. Giving a keynote on the second day of Blackhat after the director of the NSA is a tough job. Brian’s keynote was more traditional Blackhat keynote. It was uplifting material about overcoming obstacles, taking risk and innovation. However, for me it was pretty boring and I almost fell asleep half way through. That being said it was interesting to hear the amount of ingenuity that went into the development of the Mars rovers. I was piqued by the skycrane. The reentry vehicle uses jets to hover over the landing spot and lowers the rover to the ground using a crane. Once the rover is lowered the reentry vehicle jets off to a safe distance and crashes leaving the rover safely on the ground. That’s pretty innovative by itself but when you think it happened automatically on planet 225 million kilometers away, that’s pretty cool.
I also caught a presentation from a former coworker Alva “Skip” Duckwall, “Pass the Hash II”. Yes, I am biased towards speakers who are friends or former co-workers. The talk centered on how pass the hash was still a viable attack method. The presentation hammered home the fact that pass the hash simply utilized the Microsoft authentication process as intended. As is traditional, many pot shots were lobbed at Microsoft who actually had a representative sheepishly in attendance.
Beyond the traditional Microsoft bashing, Skip pointed out flaws in Microsoft’s Group Policy Preferences (GPP). GPP allows admins to set passwords across the domain easily. It’s a great tool for administrators and an even better tool for hackers. Because all of the passwords are set the same they have the same has h and that means you only need to get one and pass it gleefully along to access all the others. He also pointed out a similar issue with Smart Cards. When enabled, the accounts create hashes that never change. They don’t expire either. Ever. He did end on a positive note offering scripts for changes the hashes and configuration tips to avoid these problems.
The last presentation I will mention was a very high level discussion of security incidents by Jason Healey, titled “Above My Pay grade: Cyber Response at the National Level”. Jason made the very interesting point that at a certain level a cyber incident stops being cyber and simply becomes a national incident. At that point it is treated like any other disaster or crisis and the decision makers may make some surprising decisions. In one insightful example, Jason described an exercise where his team proposed the ability to hack into the financial markets and destroy a week’s worth of data. When presented with this information, the decision makers responded that they would simply restore from the previous weeks data. There would be financial winners and losers but the market would survive. Jason noted that these are the same people who have to make snap decisions on recessions, natural disasters and other crisis. For them the cyber aspect starts to fade at a certain level and they are left with a crisis that needs an answer.
Jason provided a very detailed flow of how an incident can go from your SOC all the way up to the president. It was definitely not a ones and zeros presentation but it was a pretty insightful journey into how national incidents are handled.
Lastly, I’ll talk about the overall setup of the conference this year. Each attendee was issued a RFID card with their name on it. This card was used to provide vendors information and also to sign up to provide feedback on speakers. In each presentation room there was a RFID reader setup. If you badged in you were emailed a feedback form for that presentation. Blackhat seemed very interested in getting feedback on the presentations from attendees. The vendor area was moved to a larger space and was very slick. There were a lot of huge LCD displays, presentations and even a full out racing simulation complete with cars and steering wheels. The swag was plentiful and creative. I saw everything being given away from tiny RC helicopters all the way up to Iphone controlled AR Parrot 2.0 quadcopters. Even more noteworthy, were the many help wanted signs vendors were displaying. I’ve never seen that at Blackhat.
I learned a lot, got see some old friends and met some new ones. If you’ve never been, I highly recommend the experience. If you have been I want to repeat some advice I’ve seen several times online. Given the chance to see a briefing or have a cup of coffee with an experienced Infosec professional, take the cup of coffee!!
Blackhat USA 2013 Summary – Part 2 of 3
Quite frankly the keynote alone was worth the price of admission. However, I did see some other presentations. As I mentioned earlier, being more of a manager these days I focused less on some of the splashier briefings and drifted towards those on a more managerial track. The first I caught was by Patrick Reidy, formerly the CISO of the FBI. I was partial to this speech because I had worked with Patrick before and I was really curious what he had to say.
Patrick’s presentation centered on lessons learned at the FBI concerning how to combat and detect insider threats. Patrick homed in on some interesting points. He noted that you can’t use traditional IDS to track or detect an insider. He also noted that simple base lining and assigning equal value to all actions would fail to identify insider based anomalies. His solution was to analyze the history of insider breaches at the bureau and other organizations. He used that information to create a different baseline. Interestingly, he was very candid about the initial failures of the monitoring system the bureau initially setup. He stated that only when they clearly defined what insider threat was and the actions that an insider would take did they stand a chance of detecting them.
Even more interesting was his ultimate conclusion that detection was not the most effective approach. After a few years, Patrick finally settled on what he called “positive social engineering”. This basically consisted of a combination of training users and reinforcing positive behavior. The Data Loss Prevention (DLP) software installed on user’s computers was used to provide warning to users who were moving sensitive data. He noted a significant drop in incidents once the staff was forced to acknowledge the transfer of sensitive data through the DLP notification system.
One other interesting piece of information he provided was an Insider Threat Kill Chain. This model differs from the traditional model Lockheed Martin created. It covers Recruitment, Search & Recon, Acquisition and Exfiltration. Creation of this insider threat kill chain was necessary in the development of detection strategies. The most impressive part of the presentation was the admission of failure, rethinking of strategy and research that went into developing a successful insider threat program. On a side note there was an awesome moment of levity when Patrick showed a slide that said a kitten dies every time someone mentions BYOD. I’m not a fan of BYOD either.
I also sat in on “Practical Attacks against Mobile Device Management Solutions”. Like I said, I’m not a fan of BYOD. However, like just about every other security professional I have to deal with it a work. This talk identified some serious flaws with the majority of major device management solutions used for BYOD. If you use Airwatch or Good yes, they were talking about you. The vulnerability centers on the fact that despite having encrypted partitions, at some point the data needs to be decrypted and presented. At that point the data can be intercepted and extracted. Given the fact that just about every major smart phone platform has at least one vulnerability that can be exploited for root access. It’s not farfetched. The talk noted that after a phone had been rooted it was trivial to either extract the data from memory or from storage after it had been decrypted.
Blackhat USA 2013 Summary – Part 1 of 3
SecurityOrb.com contributor Chris Carpenter take on the BlackHat USA 2013:
I just returned from attending Blackhat USA 2013 in Las Vegas and it was quite the experience. Overall, I felt this year’s conference was a lot slicker and well polished if that’s possible. The presentations seemed to cover a broader swath of the security community and didn’t solely focus on the latest exploits. I personally spend more time managing security staff and less on the keyboard hacking. So the wider variety of presentations was a welcome change for me.
Before I go too deeply into the presentations and overall conference I have to mention the opening keynote. I was very excited to hear the director of NSA, General Alexander speak. I’m not sure what I was expecting but it was not the presentation that he gave. The Blackhat keynotes I have attended in the past are usually informative, entertaining and leave you with a sense of pride in the security community. This keynote however, was tense from the moment the general took to the podium. Not wasting any time he got straight to the point that he was there to set the record straight on the NSA monitoring programs. He felt the press had not presented all the facts and he wanted to rectify that. He did do just that in a crisp and military manner. The keynote was far less welcome to Blackhat and way more military brief.
The audience was riveted. True to his, word the general stepped through a series of detailed slides that highlighted the differences between two main NSA programs in question. I won’t go into the gory details because you can see the entire presentation online. Suffice it to say it was educational. The thing that stood out the most to me was that the general was making a VERY concerted effort to convince the audience that everything was legitimate. To that end I think he reached most of the audience but there was definitely a vocal minority that disagreed.
General Alexander was heckled around the middle of his presentation with cries of “Freedom!” and “bull*hit!” He was also asked some very direct questions such as why Al Qaeda wants to attack us. He kept his cool and stayed mostly on message. I give him a lot of credit for how he handled it. I know immediately after the keynote a lot of the press zoomed in on the heckling. The one point that I feel was not well covered was the overall reaction when the General suggested one of the hecklers should read the constitution his self. There was overwhelming applause. I think there was definitely some uneasiness and distrust in the room but overall I think General Alexander got his message across. If nothing else he got everyone’s attention and got the conference started with a bang. I only hope that this does not represent an end to high level government officials attending the conference. I feel that the relationship between the government and hacker community is crucial to an improved security posture for this country.
InfoSecurity Russia 2013: Problems associated with Cloud Computing
Cloud computing systems represent an emerging technology which allows users to pay as you need using high performance computing systems. Cloud computing is generally a heterogeneous system as well and it holds large amount of application programs and data. Many difficult and complex optimization and learning problems arise in Cloud computing systems.
Security is one of the most major issues of cloud computing. Being entirely based on the Internet makes it vulnerable to hack attacks. But logically speaking, all the modern IT systems today are invariably connected to the Internet. Hence, the level of vulnerability here is much the same as everywhere else. Of course, the fact that cloud computing is a distributed network also makes it easier for companies to quickly recover from such attacks.
As the goal of the InfoSecurity Russia-2013 is to bring together the leading professionals, researchers and practitioners in the area of computer security the exhibition organizers couldn’t stay away from the subject of Cloud Computing and organized Cloud Computing conference to discuss and share the latest findings in the field of Cloud Computing protection and to exchange ideas that address real-world problems with practical solutions.
Registration: http://isr2013.eventbrite.com/?ref=etckt
| The Tenth Anniversary International Exhibition InfoSecurity Russia’2013 will be held on September, 25 – 27 at Crocus Expo, Moscow.
Secure your participation in the Infosecurity Russia-2013 by the booth and/or seminar time-slot reservation at int@groteck.ru to provide full potential of your service and products.
GROTECK Business Media International Team Infosecurity Russia 2013 25-27-th September, Moscow, Crocus Expo, Pavilion 2 eng.infosecurityrussia.ru |
TB Forum 2014: advanced technologies of access control market in the exposure
49% of TB Forum visitors pointed their interest in Access Control products and systems. The players on the Russian access monitoring and control system market have mentioned the positive dynamics of this segment developement in the Forum 2013 exposure.
According to the information from IMS Research such trends as encryption and multi-technology readers are taking center stage in the access control market.
The global multi-technology reader market was worth an estimated $33 million in 2012, up from $30 million in 2011, according to the latest access control research from the agency.
“Although multi-technology readers have been around for many years, these devices are now being installed in more applications than ever before,” said Blake Kozak, senior analyst for access control, fire and security at IHS.
Multi-technology readers are expected to be one of the key sections of interest at TB Forum 2013. Following the latest trends and request of the market TB Forum exponents aim to present their latest developments.
Participating in TB Forum you’ll definitely draw the attention of worldwide access control suppliers, buyers and related practitioners.
Find reliable partners and distributors.
Reduce risks of entering the Russian market.
Anders Johansson, Milestone Systems:
«The exhibition is excellent. A great amount of attendants. All our partners, who works on stands, are satisfied with results. It worth mentioning the number of specialists who cur
rently consider projects, search equipment and are interested in novelties».
Over 250 exhibitors from 15 countries
50+ events within Workshop and Keynote Theathers
Supported by:
20+ ministries and national departments
70+ Russian and global media
Contacts:
Show Director
Olga Inshakova
