Security Stallions Blog "Musings of all things infosec…"

Daily Digs – 08.10.2009

Monday, bloody Monday.  At least we're in the clear!  Some interesting news as of today so with no further announcements let's dig right in.

Our first link is for a tool distributed, for free, from Sophos: Anti-Rootkit software.  It's recently been updated to support 64-bit versions of Windows and the upcoming Windows 7 (which, let's hope, brings the majority of Windows users into the 64-bit world).  No black-tie release event for this version, but at least Sophos is still putting it out there for "free".
[Sophos Anti-Rootkit Updated]

If you're in the Minneapolis / St. Paul area and you're in, well, pretty much any field you've probably heard horror-stories stories of United Health Group.  If we haven't had enough reasons to hate on UHG they're giving us a new one apparently!  Let's see here - they're not only selling the marketing data but also mapping risk ratings for health and life insurance purposes.  Way to go UHG!  You get my swift-kick-in-the-ass award for today.  If you can, do business elsewhere, UHG seems to treat their employees badly on top of the shady business practices.
[Your Prescription Data Has Been Sold For Profit]

Next up is some new functionality that will probably find it's way into Metasploit.  Max's Remote-Exploit blog has all the details on 'psnuffle' including a screencast of the functionality.  Jam out to the techno beats while you watch the module in action!
[Psnuffle Password Sniffer]

I'm all about the Verizon Business Data-Breach Report.  That being said I think big vendors / carriers generally have over-hyped and under-performing security services in general.  Hopefully the security service doesn't share any of the service provisioning speeds that generally are, shall we say, not break-neck?  Anyway, if you're into hiring a big firm to do your due diligence for you Verizon can offer it on a silver-platter with a bill to match I'm sure.
[Verizon Business to Offer Risk-Based Security Service]

I happened to post this one earlier in the day and it got quite a bit more attention than I had expected.  The RedTeam blog has some Gimp pwnage fun that shows you how to embed some sneaky PHP in a GIF.  That and @hdmoore pointed out to me some extra fun to go along with the 'sploit. Double whammy!
[0wning with Gimp]

All your base are belong to...  Committers?  Sure.  Or just go patch Subversion if you haven't already!
[Holes Closed in Subversion]

One of the more prominent elite when it comes to OS X hacking: Dino Dai Zovi has posted to his blog a new article all about, you guessed it, rootkits!  This goes with his recent Black Hat talk and includes the preso, paper and code.
[Advanced OS X Rootkits]

So you want to speak at RSA in 2010?  Well, you better get in gear because the call for proposals is quickly coming to a close.
[RSA Call for Speaking Proposals Due August 14th]

SANS has a rockstar intro up to memory forensics today.  The write up includes looking at Mantech MDD and Volatility (which we've linked previously).  If you're just getting your feet wet in forensics this quick run through definitely won't hurt!
[Memory Forensics: A Practical Example]

I asked myself a couple weeks ago this very question: "Why in the **** is the .NET Framework Extension installed in Firefox?" and now I have a fabulous answer.  Wladimir Palant, of Adblock Plus fame, has a very thorough write up with linkage to other articles in the press.  If you use Adblock, you'll want to read this.  Microsoft up to their shady shenanigans - again.
[The Return of .NET Framework Assistant]

Tsk tsk, reinventing the wheel is BAD.  Especially when dealing with crypto.  And doing crypto in JS!  Don't believe me?  Well, you don't have to take my word for it, but how about going back to the link to Nate Lawson's "Crypto Strikes Back!" Google Tech Talk and you'll understand why.  The devs themselves even say it's only a "base level of security" (uhhh, there's no auth), so why not just save yourself the trouble and avoid it?
[jCryption 1.0 Released]

Fortinet is, apparently, going for the gold.  And in this case "gold" being public shares.  El Reg has a story up regarding the rare happening.
[Fortinet IPO]

Put this link out in mainstream C-Level inboxes and you'll have all kinds of heads rolling on Tuesday afternoon.  SANS has a post up about the consideration of renewing your A/V solution.  If you're not a complete security n00b you probably already knew that A/V is a waste of CPU cycles and whitelisting, not signature based blacklisting, is the only way to really go forward in today's shikata ga nai world.  Duh.
[Don't Renew that Antivirus Contract]

Looks like DHS is in the tubes these days.  Obama has another catastrophic fail on his hands with the latest being Mischel Kwon putting in her resignation to (shocker) go work in the, much higher paying, private sector.  Maybe if I tweet The Prez he'll mention me on Facebook and we can talk about it over Skype later.  Or how about this: maybe stop trying so hard with the communications outlets and focus on doing and not talking for a few months.  Because, we all know, Cash for Clunkers is really helping out!
[Mischel Kwon Resigns]

We end todays string of ranty-posts with the exclusive in-depth that Tom's Hardware has posted of Charlie Miller on the iPhone SMS exploit.  Check it out, I was slightly tickled when I saw reference on the first page to AT commands.  GO GO GADGET MODEM!
[Exclusive Interview with Charlie Miller]

We commented all the good articles today so, don't hold your breath, no grab bag for today!

-windexh8er