Global
ToorCon 11 a Success!
October 30th, 2009 by Dennis BrownThere are two things one can count on every year at ToorCon: the amazing San Diego weather and excellent presentations about new and emerging security research. This year’s ToorCon 11 did not disappoint, and delivered a lot of great content and new security research throughout the weekend.
The conference started with a non-traditional keynote address from Vernor Vinge, an award-winning science fiction author, who presented his thoughts, insight and concerns about the future of ubiquitous computing. As a nice follow-up to this theoretical presentation, Dan Kaminsky spoke next about his research into the flaws behind X.509 public key infrastructure, which he previously spoke about at Black Hat USA 2009 / DEFCON 17 this past summer. These presentations set the tone for this year’s ToorCon, showing that anything and everything is open for discussion.
Saturday’s session featured in-depth one-hour presentations which ran the gamut of security-related topics. Brandon Enright presented an excellent summary of various botnets and how they work and stay operational, which can be a very confusing topic to people who aren’t in the trenches with botnets on a regular basis. Julia Wolf provided a mountain of data about various viruses and other malware that have been in the news, and the kinds of things security geeks dream about at night. A Hollywood-style presentation by Jason Ostrom and Arjun Sambamoorthy demonstrated their freshly released UCSniff tool for IP video eavesdropping and injection by performing a “theft” on stage reminiscent of something out of “Sneakers.” Later in the day, Josh Wright released a framework for the ZigBee wireless protocol, which is appearing in more and more places such as home automation and hospital care.
Last on Saturday, but not least, the CTU’s own Ben Feinstein presented an in-depth analysis of the Koobface malware which has plagued social networking sites throughout 2009, exposing its capabilities, problems and other data that has been gathered over the past several months. Two other CTU members presented on Sunday at this year’s ToorCon. Kevin Stevens spoke about the “pay-per-install” industry, how it has changed over the years and recent “reforms” players in this industry have made. Dennis Brown presented on the underground economy of trading video game currencies for real money which is driving the popularity of game password stealers.
Sunday focused on quick, 20-minute presentations, consisting mostly of new or in-progress research, but there was no decline in the quality of these presentations. One of the presentations that stood out was by Ron Bowes, who released some great information about scanning with nmap over SMB/RPC to obtain detailed system information. Another presentation of note was by Joel R. Voss who presented a new method for static code analysis, and demonstrated its effectiveness in finding flaws in common software. There were many other presentations that contained a wealth of information, as well as a couple impromptu Q&A sessions with Dan Kaminsky and others which were as humorous as they were informative.
Year after year, ToorCon continues to deliver, while still feeling like a smaller conference. One of the great things about ToorCon is that the presenters, and everyone else for that matter, is very accessible and usually happy to talk about what they’ve been working on and share their insight into what’s going on in security. This is often hard to do at the larger conventions, and makes ToorCon special in that regard. It’s definitely worth the trip!
Share This Information | ToorCon 11 a Success!
|
| Other SecureWorks Blog Categories: |
Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images
September 29th, 2009 by Jason MilletaryThe SecureWorks Counter Threat Unit (CTU) has been carefully monitoring the activity of the Monkif/DlKhora botnet. This bot is an example of a Downloader trojan, in that its primary purpose is to receive instructions to download and execute other malware. The trojan also attempts to disable anti-virus and personal firewall software to maintain its foothold on the system.
Continue Reading "Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images" >>|
Share This Information | Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images
|
| Other SecureWorks Blog Categories: |
Skype Eavesdropping Trojan
September 25th, 2009 by Dennis DwyerRecently, programmer Ruben Unteregger released the source code for a Trojan that allows an attacker to listen in on a victim’s Skype conversations. For approximately seven years, Unteregger has worked as a software engineer for ERA IT Solutions AG where he developed the trojan. Skype traffic is encrypted using a 256-bit AES block cipher, the kind approved by the US Government to protect “TOP SECRET” information.
Continue Reading "Skype Eavesdropping Trojan" >>|
Share This Information | Skype Eavesdropping Trojan
|
| Other SecureWorks Blog Categories: |
Twitter-Based Botnet Command and Control
September 4th, 2009 by Dennis DwyerTwitter is a social networking and microblogging service launched in late 2006. Once logged in, users post small updates to the site frequently throughout the day. These short update messages, known as “tweets,” may not exceed 140 UTF-8 encoded characters.
Continue Reading "Twitter-Based Botnet Command and Control" >>|
Share This Information | Twitter-Based Botnet Command and Control
|
| Other SecureWorks Blog Categories: |
Crypto Attacks: It’s the implementation stupid
August 27th, 2009 by Hunter KingBlack Hat USA 2009 brought us the latest release of Moxie Marlinspike’s sslstrip tool. sslstrip is a tool for performing man-in-the-middle (MITM) attacks against TLS/SSL sessions. The previous version simply terminated the TLS connection at the MITM point and forwarded on an unencrypted connection to the client.
Continue Reading "Crypto Attacks: It’s the implementation stupid" >>|
Share This Information | Crypto Attacks: It’s the implementation stupid
|
| Other SecureWorks Blog Categories: |
Browser Memory Models – Firefox Catching Up?
July 24th, 2009 by Dennis DwyerRecently announced was a radical change to Firefox’s memory model. A new project called Electrolysis aims to outfit Firefox with multi-process capabilities. This is great news for Firefox fans. The Electrolysis page states that a future goal of the new memory model may be to provide security enhancements as well.
Continue Reading "Browser Memory Models – Firefox Catching Up?" >>|
Share This Information | Browser Memory Models – Firefox Catching Up?
|
| Other SecureWorks Blog Categories: |
Zango decision offers legal safeguards to the security community
June 30th, 2009 by Nick ChapmanOne of the provisions of the Communications Decency Act (Section 230 of the US Code) established a safe harbor for ISPs so that they couldn’t be held liable for the speech of their users. If you take umbrage at something someone said on the Internet, your remedy is to sue the speaker, not their ISP or telephone company.
Continue Reading "Zango decision offers legal safeguards to the security community" >>|
Share This Information | Zango decision offers legal safeguards to the security community
|
| Other SecureWorks Blog Categories: |
SHA-1 Collision Attacks Now 252
June 3rd, 2009 by Dennis DwyerEurocrypt 2009 was recently held from April 26-30 in Cologne, Germany. Sponsored by the International Association for Cryptologic Research (IACR), the website states that “It is devoted to all aspects of cryptology.” This year’s Eurocrypt rump session was held on April 28, which featured a talk entitled “Automatic Differential Path Searching for SHA-1″.
Continue Reading "SHA-1 Collision Attacks Now 252" >>|
Share This Information | SHA-1 Collision Attacks Now 252
|
| Other SecureWorks Blog Categories: |
On The New Cybersecurity Bill
May 20th, 2009 by Joe StewartOn April 1, 2009, while the rest of the cybersecurity world was largely focused on the Conficker worm, Senators John (Jay) Rockefeller and Olympia Snowe introduced the Cybersecurity Act of 2009. Since the hype over Conficker has died down now, I’ve had a chance to review the text of this somewhat controversial bill and add my two cents to the discussion.
Continue Reading "On The New Cybersecurity Bill" >>|
Share This Information | On The New Cybersecurity Bill
|
| Other SecureWorks Blog Categories: |
Following the Trojan Trail
May 12th, 2009 by Kevin StevensIn this post I will go over the latest botnet making the headlines. The “Finjan botnet” appears to be large and strikes fear into many. As an average computer user, should you be afraid of the botnet, or should you be scared of being compromised by a Trojan? How bad can one piece of malware be?
Continue Reading "Following the Trojan Trail" >>|
Share This Information | Following the Trojan Trail
|
| Other SecureWorks Blog Categories: |
