Kevin Mitnick to sell zero-day exploits

Kevin Mitnick
Kevin Mitnick

Convicted hacker turned penetration tester Kevin Mitnick has fashioned a new line of business at his security consultancy — selling zero-day exploits for upwards of $100,000, according to a recent Naked Securitybulletin.

Mitnick’s Absolute Zero Day Exploit Exchange will develop zero-day exploits and procure them from developers in an effort to sell them to corporations and governments with budgets big enough to foot the bill.

Mitnick is quoted in a Wired interview as saying he wasn’t aiming at aiding governments in spying on people, but the bulletin speculated as to whether Mitnick might count the National Security Agency among his customers.

The bulletin noted that the agency has drawn the scrutiny of the Electronic Frontier Foundation (EFF) and others for possibly “hoarding of zero days.” Mitnick did prison time for hacking into networks at companies like Motorola and IBM.

src: SCmagazine

Google’s Doubleclick ad servers exposed millions of computers to malware

googleclick

 

 

Last night, researchers at Malwarebytes noticed strange behavior on sites like Last.fm, The Times of Israel and TheJerusalem Post.

Ads on the sites were being unusually aggressive, setting off anti-virus warnings and raising flags in a number of Malwarebytes systems.

After some digging, researcher Jerome Segura realized the problem was coming from Google’s DoubleClick ad servers and the popular Zedo ad agency.

Together, they wereserving up malicious ads designed to spreadthe recently identified Zemot malware.

 

A Google representative has confirmed the breach, saying “our team isaware of this and has taken steps to shut this down.”

                                                                                     

 src: theverge

Cyber attack on Japan Airlines

Japan-Airlines-Network-Breached-Info-Of-Up-To-750-000-Frequent-Flyers-StolenMajor Cyber Security breach on Japan Airlines  (JAL) impacts up to 750,000 customers !

A phishing attack may have resulted in the theft of personal information belonging to customers of Japan Airlines’s frequent flier club.

The data compromised includes names, addresses, genders and places of work of anywhere between 110,000 and 750,000 members of the program, according to the Japan Times.

The leak was due to an “unauthorized access” to JAL’s database by an external server, an airline official told the local news agency Kyodo . The airline claims that malware was installed on some of the airline’s computers causing the unauthorized access to the customers information

Following an investigation – which found that 23 computers contained malware – the airline determined that no credit card or financial information was impacted by the breach. The airline detected the intrusion on Friday and Monday, however, it believes the attacks have gone undetected for more than one month and were introduced to the airline’s network via a phishing email.

This incident follows a similar attack on the airline in February, in which hackers penetrated a different program Japan Airlines offers, which allows customers to trade in mileage points for gift coupons.

The airline said it has taken steps to block further unauthorized access to its database and has launched a full investigation.

300 InfoSec Interview Questions

It’s amimages5azing how one can be under pressure during an interview.

I recently had an interview for an infosec position. Although those in front of me were very friendly, however I stammered when asked to describe the steps involved in Incidence Response.

In fact when  they  finished asking the question, I thought that is easy for me to answer, but as soon as I started to answer, it was like the fog in my head.  I was so surprised to not be  able to clearly answer the question. Which was normal because on my resume, Incidence Response  appears as key competences 😦  .

So to save face, I started explain informally the procedure, instead of clearly list the steps as requested. It was not wrong what I said, but I would preferred better answer.

The more frustrating is when you walk out the door of the company after the interview, that’s when you suddenly come the answers. certainly because of the fresh air of lake right in front 😉 😀mySuperLamePic_218bb67e89ba45ff0ffd1968a924a843

This experience made me think about the file 300 InfoSec Interview questions certainly known by some infosec professionals. I downloaded it  a few months ago on piratebay . I amuse myself to give some answers , some questions are basics and others more subtle.

Let’s Go !!!

Question  253 :  What’s the difference between encoding, encryption, and hashing?

1-Encoding is the process of converting data into a format required for a number of information processing needs, including:

  • Program compiling and execution
  • Data transmission, storage and compression/decompression
  • Application data processing, such as file conversion

In computer technology, encoding is the process of applying a specific code, such as letters, symbols and numbers, to data for conversion into an equivalent cipher.

For example Encoding is used to reduce the size of audio and video files. Each audio and video file format has a corresponding coder-decoder (codec) program that is used to code it into the appropriate format and then decodes for playback

2-Encryption provides confidentiality and prevents unauthorized disclosure of data. Encrypted data is in a cipher text format that is unreadable. Attackers can’t read encrypted traffic sent over a network, or encrypted data stored on a system. In contrast, if data is sent in clear text, an attacker can capture and read the data using a protocol analyzer.

The two primary encryption methods are symmetric and asymmetric. Symmetric encryption encrypts and decrypts data with the same key. Asymmetric encryption encrypts and decrypts data using a matched key pair of a public key and a private key.

These encryption methods include two elements:

  •        Algorithm. The algorithm performs mathematical calculations on data. The algorithm is always the same.
  •       Key. The key is a number that provides variability for the encryption. It is either kept private and/or changed frequently

3-Hashing is an algorithm performed on data such as a file or message to produce a number called a hash (sometimes called a checksum). The hash is used to verify that data is not modified, tampered with, or corrupted. In other words, you can verify the data has maintained integrity.

A key point about a hash is that no matter how many times you execute the hashing algorithm against the data, the hash will always be the same as long as the data is the same.

Hashes are created at least twice so that they can be compared. For example, you can create a hash on a message at the source before sending it, and then again at the destination. If the hashes are the same, you know that the message has not lost integrity. Message Digest 5 (MD5) and the Secure Hash Algorithm (SHA) family are popular hashing algorithms.

Remember this : Encoding involves the use of a code to change original data into a form that can be used by an external process so it  should not be confused with encryption, which hides content and Hashing is an algorithm used to verify data integrity.

Question 71. What’s the difference between a threat, vulnerability, and a risk?

Question 101. Cryptographically speaking, what is the main method of building a shared secret over a public medium?

Question 132. What’s the difference between Diffie-Hellman and RSA?

Question 162. What kind of attack is a standard Diffie-Hellman exchange vulnerable to?

Question 164. Take me through the process of pen testing a system.