All:

The August Late-Breaking Computer Attack Vectors webcast this month will be held on:

Wednesday, July 30, 2008 2:00 pm EDT (GMT -04:00, New York)

Register Here For This Webcast

This month we I will discuss some of the latest attacks, including:

• Post-exploitation techniques & defense
• Fyoder scans the Internet, finds TELNET!
• Attack between the client and the server
• Social Networks - A tool for all attackers
• Web Application Testing Tips
• FAIL Of The Month (FOTM)

This webcast will run about 45 minutes and I will focus on some cutting-edge attacks and defenses. The defensive recommendations will hopefully avoid situations like this:

PaulDotCom

Tonight I will present an updated version of this presentation which will cover some of the interesting research happening in the area of embedded device (in)security. Below is the information:

Things That Go Bump In The Network: Embedded Device (In)Security

Wednesday, August 13 8:00pm - 9:00pm

"Paul Asadoorian will discuss an area of rapidly growing risk from embedded devices. As these devices become ubiquitous, the risks continue to grow. Common devices from iPhones to Linksys routers are vulnerable to attacks which can compromise your data. Most do not realize unique opportunities for attackers to do damage and gain access to your network, and most importantly your information. This talk will focus primarily on common embedded device vulnerabilities. Paul will stroll down memory lane and review some of the vulnerabilities that have been released for embedded devices, how we can use them to gain control of the device, the network, and more importantly the data traveling across it. Example devices will include printers, mobile devices, Wireless Routers, and network-based cameras including live hacking demonstrations!"

I will also present this material at SANS NS2008 in Las Vegas, so if you are, or will be, at either conference come check it out!

PaulDotCom

For a segment on the Typical Mac User Podcast I was asked by the host, Victor Cajiao, to discuss the security (or insecurity) of Mac OS X and some defensive measures. I came up with 5 things that I believe are most important in terms of security, and really they can apply to any operating system.

Encrypt Your Data

Whether you use TruCrypt, the built-in File Vault, or even PGP, encryption is important. If malware were to get on your system, well, yeah they could most likely grab the key to your encrypted data. However, if your system gets stolen, you'll be glad that you have it. I tend to shy away from full-disk encryption, simply because I am afraid of losing any flexibility during backup and recovery. While I know it is technically possible, I am still skeptical. I do find that the built-in encrypted file system is a great way to protect my data. I use Disk Utility (Applications -> Utilities -> Disk Utility) to create DMG image files that have an encrypted file system. Once in Disk Utility I go to File -> New Blank Disk Image and configure it as follows:

Once you click create, you will be asked to provide a password, which will need to be entered each time you mount the volume:

An important thing to note is that I have chosen NOT to store this password in my keychain. If my machine becomes compromised I do not want the password for this file to be stored anywhere on the system, even in the keychain. I tend to store my sensitive documents and files, such as my business documents (proposals, reports) and any sensitive files (such as SSH keys, PGP Keys) on these encrypted values. Of course, if you store SSH and PGP keys, you will need to adjust your configuration to point to the DMG file path (/Volumes/) and have the volume mounted for it to work.

Use Strong User Authentication

While two-factor authentication would be best (such as a finger print reader or smart card), most often just tuning the default settings can greatly improve the security. For example, in OS X make certain that you set a password on your screensaver, and use a hot corner to activate it. Hot corners can be found in System Preferences -> Desktop & Screensaver -> Hot Corners button. To enable a password on your screensaver go to System Preferences -> Security -> General tab:

I always check the box next to "Require password to wake this computer from sleep or screen saver", which, well, is pretty self explanatory. I also disable automatic login, so users must enter the password in order to login to the system when it first starts up, I disable the remote infrared receiver, and use secure virtual memory. I don't like to use the infrared because I don't believe it can stop someone else from controlling my Mac using their remote. The authentication is, at best, weak, and could be easily defeated. I like to use secure virtual memory to prevent malware from diving in and looking at my passwords that might be stored in virtual memory. This may or may not be able to prevent it, but hopefully I've raised the bar by checking this option without having a negative impact on performance.

Don't Run With Administrative Privileges

I believe this is an important step to securing your operating system, especially OS X. While it does not prevent many targeted attacks (for example, on penetration tests I can typically collect the information I need without administrative privileges), it can help defend against malware by not letting malicious programs access restrict areas of the system and do some of the more evil things, like access kernel extensions. First, you must create an admin user (You can call it "admin" if you like) and be certain it has administrative priviliges. Then go to System Preferences -> Accounts, highlight your account (NOT the "admin" account) and uncheck "Allow user to administer this computer".

TIP

Did you know that using the Terminal application you can gain access to the administrative functions using sudo command? Its easy, simple open the Terminal application and then type sudo then a command. For access to the command shell as admin (or root) simple type sudo -s. It will ask you for your password and then grant you access to the System with the highest privileges available.

Keep Your Software Up-To-Date

This is probably one of the most important things you can do to secure your system. Applying patches hits the bottom line most directly when it comes to security, it patches the software that is broken/vulnerable. However, this is not your cure-all solution for everything. Some vulnerabilities do not require software to be vulnerable to a patchable bug (such as weak passwords, or protocol attacks). However, it never hurts to have your system check frequently for updates by going to System Preferences -> Software Update and setting "Check for updates" to "Daily" and checking "Download important updates automatically.

Enable The Firewall

While some may say its "so 90's", a firewall is still an essential part of your defense. It keeps out the unwanted network traffic, which can make it more difficult for attackers to compromise your machine when on wireless networks especially. On these wireless networks attackers could be on the same network segment as you, and without a firewall you are giving them access to your machine. There are many services in OS X that can be abused, for example Bonjour has a long history of being very noisy and insecure. This presents another problem however, the OS X firewall typically allows protocols such as Bonjour to operate! My suggestion depends on your technical ability. If you are a typical mac user (like the pun?), then you might try simply going to System Preferences -> Security -> Firewall and clicking "Allow only essential services". For the more advanced users, I recommend taking a look at Bastille UNIX, a great project that will help you lock down OS X and create the most secure and comprehensive firewall ruleset. The firewall in OS S is a slippery slope, and has a history of problems and ways around the defenses. However, it can't hurt to enable it to stop the more obvious and less sophisticated attacks, leaving you to deal with some of the more advanced ones.

Resources

• Apple OS X Security Guides
• Center For Internet Security OS X Hardening Guide
• NSA Hardening Guide For OS X (10.4)
• Hardening Mac OS X (MacShadows)

Oh, and speaking on fail, I got this error message yesterday:

My guess is that my time on my computer was slightly off, and triggered the error, as subsequent requests did not generate that message. However, nothing like waiting until the minute (literally) to install the new certificate!

PaulDotCom

All:

Thank you to all who listened (and viewed) live this afternoon. The slides from today's presentation are below:

July LBCAV Presentation

I totally dropped the ball and forgot to record the audio (Doh!). However, I will record all subsequent month's and release it on the PaulDotCom feed. Please let me know if you have any questions or comments about the webcast content.

PaulDotCom

All:

The July Late-Breaking Computer Attack Vectors webcast this month will be held on:

Wednesday, July 30, 2008 2:00 pm EDT (GMT -04:00, New York)

Register Here For This Webcast

This month we I will discuss some of the latest attacks, including:

• What you need to know about the DNS bug
• Tips for securing Mac OS X
• Hacked before you know it (without wires)
• Who has the key to your city?
• Nmap: The Book

This webcast will run about 45 minutes and I will focus on some cutting-edge attacks and defenses. The defensive recommendations will hopefully avoid situations like this:

:)

PaulDotCom

Between Larry on vacation and me moving my office around in the house and doing some general clean-up, we will have to skip this week's podcast. I was also traveling to SANSFIRE to do some teaching, which made the week a bit hectic as well.

We will be back to our regular security monkey selves this coming week.

However, check me out on the Typical Mac User Podcast this Sunday, where I will be discussing how to secure Mac OS X!

PaulDotCom

INSECURE Magazine Issue 17 has been released for July 2008 and contains an article written by yours truly. I want to first give credit where credit is due to Charlie Vedda from the Packet Protector project, who was instrumental in putting some firmware together in order to make this project a reality. This is a project I have been tinkering with for quite some time and am excited to finally have it in print. Also, special thanks to Larry who helped me with some early versions of the project as well.

So, how do you build a "secure" wireless network on the cheap? (Note "secure" is in quotes, and I do the double finger quote thing when I say it too). Well, you'll just have to read the article I guess, but here's an excerpt:

"Many organizations are faced with the challenge of providing a “guest” wireless network. This network is intended to provide your guests, such as contractors, visiting faculty, patients, or training rooms, consultants, with wireless access to the network. In most cases guests will require access to the Internet, with little or no need to connect to your organizations private network. There are many ways to solve this problem, with the best being to purchase a separate Internet service and completely separate it from the rest of your network."

The article then goes on to tell how to build the network and various other security tips. This is based on many experiences I've had both attacking wireless networks and having to defend them, so I hope you can put it to good use!

Enjoy!

PaulDotCom

All:

Thank you all for your positive feedback and corrections for our new web site. There is still some clean-up that needs to happen, but for the most part its well under control and moving forward. I made some updates recently that reflect some of the new/updated content that we were planning on:

• About - Now contains pictures, bios, and information about PaulDotCom and how we got started, including mission statement.


• Papers - Contains a complete listing of articles and papers published over the years, including the latest edition of INSECURE Magazine, including abstracts.


• Presentations - Up-to-date listing of all presentations, including the Late-Breaking Computer Attack Vectors webcast, with June 2008 being the latest


• Forum - In other news, Larry has updated our Forum to prevent SPAM using a shiny new CAPTCHA. Say what you will about CAPTCHA, if it prevents bots from posting pr0n and male enhancement links in our Forums, I'm all for it!

Larry is in the process of sending me a list of all his papers and presentations, so look for those updates coming soon! Oh, and seems security is being embedded into everything these days:

Cheers,
PaulDotCom

Live from the PaulDotCom studios, with a soopa secret special guest!

• Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program and sign up for SEC535 - Network Security Projects Using Hacked Wireless Routers Today!
• Sponsored by Core Security, listen for the new customer discount code at the end of the show
• Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more.
• Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
• Full Show Notes

Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian

Email: psw@pauldotcom.com

Direct Audio Download

Audio Feeds: