Is he related to Long Duck?
So completely random Dave is testifying at congressional hearing(healthcare gov security) and all attempts will be made to work in the HIV
How about the fact that china is buying record amounts of gold every month as i guess they are trying to back their currency with gold. Just last month or so bought another 500 TONS, yes tons of gold.
Well if you are going to be the next world currency…
Dave spoke in Raleigh at infosecon and raleigh b-sides. guy is really smart, I don’t know how he finds time in his days to do everything that he does. he has a really cool new tool coming out soon.
Yes he is a cool dude you’re right about finding the time I hit him up to fix a bug in SET the other night and he fixed it right away.
We were working on this https://www.trustedsec.com/august-2012/new-tool-pyinjector-released-python-shellcode-injection/ and a couple other fun things
To buy all this gold they are most certainly diluting their currency. Basically every developed nation is in a race to print to 0 it sounds. Some are turning their wet ink into metals, others are turning it into DHS/NSA etc…
Cool stuff! I’ll be honest I totally thought I was in for another boring C-level snooze fest when he took the stage at infosecon. Very pleasantly surprised!
He is hilarious
Watch this start at the 3min mark he trolled the fuck out of one of his buddies in front packed room(where Penn and Teller do their show)
omg that shit is funny. nothing like being embarrassed as fuck in front of a huge room of your peers.
edit: also, I really want to start attending Defcon/Blackhat
more like vaChina …am i right guys?
So Dave managed to mention the HIV in front of congress today :lol:
He was on Fox News tonight. He mentioned when he was speaking today he received texts about 30 more vulnerabilities.
Edit: maybe in your link. (Didn’t see your link at first.)
maybe this can be the official hacking thread?
In that link off Reuters they talk about the BlackPOS software used to get info from Target, Nieman and at least 3 other major retailers that have not yet been made public.
Interesting thing is they are able to find the origins of the BlackPOS software to a 17 year old kid in St. Petersburg Russia going by the handle of “Ree4” who sold the software to various other cyber criminals.
The news is reporting this is some new technique its been happening for years…
The entire attack was made possible by multiple failures in their security posture which isn’t that surprising.
While this is annoying the exposure for a consumer is pretty low banks will cancel and reissue a CC and refund all charges.
In Targets example the credit card was transmitted down to the POS system and encrypted but if you dump/access the memory of the POS application before the card is encrypted you can capture all the card info.
The ideal situation is chip/pin or encryption/tokenization at swipe that being said even credit card readers can be hacked since their embedded devices running Linux.
One of the guys I work with spend the past week hacking those Veriphone readers you see everywhere.
Nerd content but cool either way
Since this is semi public now - http://artemonsecurity.com/20140116_POS_Malware_Technical_Analysis.pdf
"This advisory was prepared in collaboration with the National Cybersecurity and Communications
Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing
and Analysis Center (FS-ISAC), and iSIGHT Partners. The purpose of this release is to provide relevant
and actionable technical indicators for network defense.
USSS, US-CERT and iSIGHT Partners have been working together to characterize a newly identified
malware associated with point-of-sale (POS) data breach investigations1
. This characterization included
determining malware functionality and scope, reverse engineering and proprietary research and analysis
of threat marketplace activity. The new malware variant, dubbed “Trojan.POSRAM” is designed to
extract payment card details from POS systems. At the time of discovery and analysis, the malware had a
zero percent anti-virus detection rate, which means that fully updated anti-virus engines on fully patched
computers could not identify the malware as malicious.
Trojan.POSRAM malware was used in conjunction with a variety of other tools. While some components
of the POS data breaches were not technically sophisticated, the operational components were. The cyber
criminals displayed innovation and a high degree of skill in orchestrating the various components of the
Financially motivated cyber criminals around the world have used POS malware at an accelerating pace
for several years. Significantly, POS malware that includes memory scraping capabilities has been
available for some time.
China hacking China???
The target POS systems were running Windows XP embedded too, apparently stole the CC numbers by doing a memory scrape as you stated. Stored the data for 6 days then uploaded it to the Target servers, which apparently were using easily guessable passwords. It was then transferred to the malicious attacker IP running an FTP server, if I understand this correctly.
Also they’ve apparently identified but not released a list of 6-8 other retailers that are affected by this…LOLZ
Pretty much XP is very common on POS systems/ATMs
Egress filtering isn’t very common and even if it is you could just exfiltrate data over HTTPS most companies don’t do deep packet inspection and can’t tell whats actually going over 443 or if its meets the RFC. Common example of this is running a SSH server on port 443 and being able to get out of a network that only allows 80/443 out but 80 is over a proxy.
They should have been keeping the PCI network extremely segmented with little to no internet access and extremely tight ruleset/filtering/alerting.
I was sitting on a copy of this http://artemonsecurity.com/20140116_POS_Malware_Technical_Analysis.pdf for a while but its out to the public now it hits a few other key concepts like not having two factor authentication for VPN access.
They make this out to be a super complex attack but a likely scenario was
Someone was phished
Attackers jumped on VPN with creds
Escalated privileges on the domain/machines
Jumped on the PCI network
Reused creds to get on POS machines
Purchased commonly found POS malware off the internet
x32908092384 to all of this