Business Continuity With Volcanos

I am thinking that most airlines and other companies that rely on air traffic for day to day business did not put too much time planning for a volcanic ash cloud grounding flights for an extended period of time.

I have been seeing reports of this costing airlines 200 million dollars a day, if you need to get freight to NA or from NA to Europe what do you do? Wait? Send it by ship?

This is one of those situations that will happen once in a life time and something that no one really plans for.

Makes you think of what could happen to your business that was ruled out as “never” happening or even though of.

ClamAV EOL of V 0.94

ClamAV is going to be releasing signature files that are going to be too large for version 0.94 to handle, if that is what you are running you need to update.

http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/

ATM Malware – Part 2

There has been an update to the original story I posted the other day, it now appears that there is a dollar value with the thief.  Released court documents put the loss between $200,000 and $400,000! that’s a whole lot of ATM withdraws.

There was some interesting information about the malware and the ATM’s that I did find.  On newer ATM’s (After 2004) encrypt the PIN as it’s leaving the pad, I would like to know the details on how that works.  If a PIN is 4-8 digits that’s only 32 – 64 bits, that should be pretty easy to create a rainbow table with such a small pool of numbers to work with, or even figure out the encryption method if you already have physical access to the ATM.

NSA USB Detector

There has to be more then a few people out there that would really like to get a hold of this application.

http://whatsbrewin.nextgov.com/2010/04/nsa_on_the_flash-media_hunt.php

Being able to detect mass storage devices connected to the network would make more then one security professionals life easier.  Disabling the USB ports is something you can do in most cases, but being alerted when someone who has authority to use a mass storage device connects it is a great audit feature.

ATM Malware – Part 1

A former Bank IT worker has been charged with installing malware on ATM machines with Bank of America, the amount of money that he stole is not posted anywhere that I can find but it is above $5,000.

There is no specific information about the malware that he used to commit the fraud.

On a related note I have found some technical information regarding malware discovered on European ATM’s that is finding it’s way into North America. The primary function of the malware is to capture mag stripe and pin information as customers use the ATM, it also has the ability to arbitrarily dispense cash from the ATM.

The malware appears to be controlled by inserting controller cards into the card reader ( Neat! ) displaying the control interface and allowing the user to preform a variety of functions on the terminal.  It intercepts the information as it’s processed on the system and stores it in the C:\Windows\ dir as a file called ‘kl’.

The story on the Bank of America guy is here http://www.wired.com/threatlevel/2010/04/bank-of-america-hack/

Information on the malware is here http://www.wired.com/threatlevel/2009/06/new-atm-malware-captures-pins-and-cash

And here is the link to the pdf write up about the malware http://www.wired.com/images_blogs/threatlevel/2009/06/trustwave-security-alert-atm-malware-analysis-briefing.pdf

Problems with BGP

From what I would think was a configuration error a small Chinese ISP effectively hijacked part of the Internet.

IDC China Telecommunication announced routes for tens of thousands of 
networks -- about 10% of the Internet. Typically this small ISP 
announces about 30 routes.

The bad routes where configured around 10 AM EST on April 8th and were accepted by the down stream China Telecommunications ( State owned according to ComputerWorld.com ) .

Thanks to the way BGP functions even though the routers at other major ISP around the globe had accepted the routes, they would have selected a route better then sending the traffic to China and back.

You can see the full article at computerworld.com here http://www.computerworld.com/s/article/9175081/A_Chinese_ISP_momentarily_hijacks_the_Internet_again_?taxonomyId=17&pageNumber=1

Also there is information at bgmon.net http://bgpmon.net/blog/?p=282 they are also following the story.

There was also a similar issue a couple weeks ago, you can see that story here http://www.renesys.com/blog/2010/03/fouling-the-global-nest.shtml

Miracle on Thirty-Hack Street

The Ethical Hacker Network has posted the results of the Miracle on Thirty-Hack Street contest.

The answers are posted here.

http://www.ethicalhacker.net/content/view/305/1/

Here are the answers.

1) “What is the name of the following mathematical property? If a=b and b=c, then a=c.”

This is the transitive property of equality. ( http://www.mathwords.com/t/transitive_property.htm ).

2) What FQL query or API call can be used to retrieve information about vacations from Kris Cringle’s (uid 100000565751882) Facebook account?

Information about the API’s to use are here.

* http://wiki.developers.facebook.com/index.php/FQL
* http://wiki.developers.facebook.com/index.php/API#Data_Retrieval_Methods

3) What Facebook privacy setting allowed this data leakage?  What is the default value of this setting?

The privacy option within Facebook that allow such access is the “Friends of Friends” setting on the note when it was posted.

4) What is the text from the decrypted message from the Judge?

By decrypting the PDF with the passphrase of “norway” we get the original PDF which appears to be a Christmas letter from the Judge to Santa.

I’ll leave you to read the bonus question.

The Financial Management of Cyber Risk

This was posted on isc.sans.org a couple of days ago, it’s worth reading but you will have to register.

http://webstore.ansi.org/cybersecurity.aspx

Some of the statistic’s in the report are pretty interesting and the shear amount of financial loss quoted is staggering.

OpenSSL v1.0.0 released

OpenSSL v1.0.0 has been released, this is a major release of OpenSSL.  When they say major they mean major, the list of changes is pages and pages long.

Head over and get a fresh copy http://www.openssl.org/ .

Communication During A Business Continuity Event – Part 1

During a major disaster recovery or a business continuity event maintaining team communication and co-operation can be a great asset during the event.  I have seen several different solutions use from skype, MSN / GTalk or other hosted IM, internal Jabber server and cell phones / black berries.  I think any solution that meets the needs of the company is good but I think they should be concerned of where that data is going when using these systems.  Once data has left the network I really don’t think it’s your data anymore, it can be copied, replicated and recorded with out your knowledge.

Hosting your own solution at your DR site or primary network lets you control where it goes and who sees it.  I have used a jabber solution as the medium before but there is things like screen sharing, video conferencing, and white boarding that would be a great asset to have.

I have found a excellent solution called OpenMeetings.

http://code.google.com/p/openmeetings/

Part 2 will be a installation guide.