Boston, Massachusetts and Barcelona, SpainSomewhere between
DEFCON and RSA, you find the Source Conferences. A relative newcomer to the
security scene, these multi-track annual shows in Boston and Barcelona blend
industry focused sessions from venture capitalists and executives with presentations on
vulnerabilities and exploits that frequently grab headlines. http://www.sourceconference.com/
Boston, Massachusetts and Barcelona, SpainSomewhere between
Kuala Lumpur, Malaysia
Booked as “Asia’s Premier Deep Knowledge
Security Conference,” HITB is in its 8th year and has since expanded
into other countries in the Middle East and Europe. Modeled on shows like Black Hat, HITB offers both training sessions
and a multi track security conference and draws top security professionals from
around the world.
Vancouver, British Columbia, Canada
San Diego, California, U.S.
Southern California’s premiere hacking event,
ToorCon is in its 12th year, after being launched by San Diego area
2600 user group members David Hulton (aka h1kari) and Ben Greenberg in
1999. No industry event, ToorCon is for serious security practitioners, offering detailed presentations on everything from protocol analysis to tools and attacks, as well
as standard security con fare like the Lock Picking Village.
You could be excused for thinking that the world of security
conferences was limited to industry shin-digs like the RSA show in San Francisco, and mega events
like the Black Hat Briefings and Defcon conferences in Las Vegas.
HED: New Passwords Not Enough to Secure Hacked E-mail AccountDEK: Google’s Advice to Owners of Compromised Accounts Woefully Inadequate, Says Web Security ExpertBY CALEB SIMA, CEO, Armorize TechnologiesThreatpost reported recently on a wave of warnings about Gmail account compromises linked to IP addresses in China. IN at least one case, the account in question belonged to a prominent UK online privacy activist that has been critical of censorship of the Internet by China’s ruling Communist Party. While declining to comment on the specific attacks, a Google spokesman noted the company’s seven month old policy of notifying users when their accounts have been accessed from suspicious IP addresses and the company’s advice to users to change their passwords after a compromise. But merely changing the password on a compromised account doesn’t even begin to repair the damage, says Caleb Sima, a Web application security expert and CEO of Armorize. In this column, Sima explains why and provides guiance on what users should do to secure their account after a compromise. I recently read an article warning of attacks against Gmail accounts being conducted by the Chinese government. [http://threatpost.com/en_us/blogs/google-warning-gmail-users-china-spying-attempts-092310]. The article provided one solution to fix a hacked Gmail account. Change your password. Changing your password is good advice, but its extremely insufficient. Any decent attacker will have at least one backdoor to regain control of your account so quickly that it will make your head spin. People are baffled when their Gmail account is re-compromised and often have no idea how it keeps happening. I’ve laid out some of the more obvious items that need to be checked to ensure that your Gmail/Google account is locked down. >Disable any malicious forwarding and filters The best method for an attacker to get back into your account is to keep reading your emails even after you’ve changed your password. So the basics of any Gmail backdoor will be to setup some email forwarding rules that send him or her a copy of your messages as they arrive – including password reset messages. Make sure you disable these following any compromise. Under Settings->Forwarding and POP/imap ensure that disable forwarding is selected and that your incoming email is not being forwarded to the attacker. Next, check your filters list in Gmail and make sure there are not any rules setup that forward email to the attacker.>Check the Password Recovery SettingsThe next best method of a backdoor is for the attacker to have the ability to recover or reset your password. This is not the sneakiest of routes but it accomplishes the job well. Ensure an additional recovery email address was not added to your account.This will allow an attacker to get the password reset link straight to his email.Go to settings->Accounts and Import->Google account settings->Change password recovery options->Email. Make sure the SMS number has not been changed in Google account settings. Also, make sure your security question has not been changed to a question known by the attacker. Sneaky attackers will leave your question the same but change the answer to one they know. Go ahead and change your question and answer. >Watch out for rogue applications. Gmail isn’t just an email program, its part of an entire Web based application ecosystem. Check your authorized applications to see if the attacker added their own malicious application to be allowed on your account. This is my personal favorite. Everyone today adds social applications and gives permission to their Facebook/Google accounts through third party applications. Most people don’t even look at what permissions the third party applications have. In Gmail applications can pretty much do everything an attacker would want to do. Even better, from the attacker’s stand point, is tha no one even knows where how to revoke or check permissions on these applications once they’ve been approved, they’re forgotten. There are open source applications will grant full IMAP/SMTP access using OAUTH. (The Python scripts from the open source google-mail-xoauth-tools project are an example). [http://code.google.com/p/google-mail-xoauth-tools/wiki/XoauthDotPyRunThrough]. Once the Gmail account is hijacked, an attacker can run this script and grant access to the application for full privileges. Even if you change your password multiple times, a rogue application can continue reading your email and accessing your personal data.>Think beyond e-mail Not only backdoors allowing full access to read email should be considered. Attackers have several options to obtain your data in the world of open social collaboration that is easier then ever. If you have Google voice, go into voice settings and make sure voicemail and text messages are not being sent to additional email addresses. If you have important Google documents in Google Docs, ensure the attacker has not enabled sharing. Google calendar is a very nice backdoor. I’m sure you don’t want someone unexpectedly dropping in and listening on your next board meeting. If so, there are a couple areas you need to check.In the Calendar Settings, click on your calendars to display the detailed view and make sure you click “reset private URLs” in the private address section. This will change the private address that can be used to retrieve your calendar feed. As an attacker I can easily just copy this URL and monitor your calendar. Next, click ‘Share this calendar’ tab and make sure that no email addresses are added that you don’t recognize.Google says owners of compromised Gmail accounts should change their
password. But Web security expert Caleb Sima says that advice is
woefully inadequate. Read his thoughts on how to secure your e-mail
account after a compromise, prevent snooping and keep your account from
getting hijacked all over again.
[img_assist|nid=6918|title=|desc=|link=none|align=right|width=100|height=100]In the latest attempt to allay consumers’ rising fears about the massive amounts of data that online advertisers collect about them, an amalgamation of industry groups is planning to launch a new self-regulation effort meant to let users decide not to be tracked by advertisers.
[img_assist|nid=6279|title=|desc=|link=none|align=left|width=100|height=100]Stuxnet Redux and The
Wire: United States
Governments, the Internet and security were the theme as Internet wiretapping, trans national cyber laws and the further
proliferation of Stuxnet – a computer virus believed to have state backing – topped this week’s news.
A security expert at a managed services provider
has kicked off a project to expose and blacklist the networks hosting
VoIP attacks against his and other companies’ VoIP PBX servers. Read the full article. [Dark Reading]
[img_assist|nid=6911|title=|desc=|link=none|align=left|width=100|height=100]Adobe is moving up the release date for the patch for the critical bug in Reader and Acrobat and will now push the fix out on Oct. 5 instead of the following week. The flaw was disclosed last month and has been the target of attacks for several weeks now.