Null + OWASP + SecurityXploded + Garage4hackjers Meet at Bangalore

1. NewsBytes Aug-Sept Ashwin Patil GCIH,RHCE,CCNA 2+ in Infosec

4. Also works with govt on its PKI implementations

5. Certificate Authority (CA):: Issues Digital certificates a.k.a Trusted third Party

6. Breach discovered in CA infrastructure

7. Damage : Issued fraud certificates for nearly 531 domains

9. Don’t want to break add ons .. -- Mozilla Blog

13. The software installed on the public web servers was outdated and not patched.

14. No antivirus protection was present on the investigated servers.

15. Domain admin Password of CA network shared by Comodohacker: Pr0d@dm1n -- SANS isc diary, pastebin

17. Avg. browser trust more than 600 CAs , bad history of not doing their job correctlyBlackhat/Defcon talk:: SSL and the Future of Authenticity By Moxie Marlinspike: Talk about replacing CA infrastructure Issue with SSL : Authencity Idea : Download the presented SSL certificate directly and then ask a series of trusted notaries to download the certificate and give it to you as well. Convergence : Browser Addon. http://convergence.io/ --Threatpost

19. Doppelganger Domains: Register a domain that`s like your target except for a typo.

20. Over 6 months – Grabbed 1,20,00 emails - 20 GB of data from fortune 500 companies

21. Email with sensitive info sent with typo or missing dot landed in wrong hands

22. Domain MITM : Set up email servers on typosquated domain and relay mail to correct recepient.

23. Targetted Attacks - APT

24. e.g. Orgn: Email domain-> mail.bank.com, Typosquatted registered domain: mailbank.com -- wired, tekblog

25. List of companies (in red) whose sub domains potentially vulnerable to attack --Wired

27. Exploit named: Unitrix by Avast software

28. Abuses unicode for right to left languages

30. IE 9 – Application Reputation : Warns users of potentially dangerous files downloaded from internet.-- Avast Blogs

32. Once infected, starts scanning local network for machines with RDP enabled

33. Try logging in with Administrator through list of common passwords

34. Copy itself to target machines via windows shares

35. Monitor traffic spike in logs on port 3389.-- Sectechno

37. Not so cheap - cost from US$300–540.

38. User must first sent an MMS with malware as an attachment to victim

39. Once Installed, reports about activities will be sent to backend service which can be accessed by customer through portal.

40. Currently for Symbian and windows mobile users, can be provided to android users with NICKISPY malware.

41. NICKISPY android malware: Monitors SMS, phone calls , locations, email messages.-- Trendmicro

43. Inserteda Trojan startup file into the startup scripts rc3.d on one of the servers so that it would run whenever the machine was started.

44. Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified.

45. Kernel source code repositories are not affected

46. Week later linux.com, linuxfoundation.org taken offline due to a security breach-- h-online,linux.com

48. Taken by Cisco employee who runs @CiscoSecuritytwitter account

51. Downloaded utorrent client between 4:10 am to 6:20 am Pacific time on 13thsept- You Are INFECTED with malware

52. Web server compromised, replaced windows executable with malware

53. Mebromi- new Rootkit discovered by Chinese AV vendor 360 targetting mainly Award BIOS users.

54. Persists even if harddrive is physically replaced.

56. Provides trusted view of system event below OS

57. Will embed within ESXi, Xen, KVM and Hyper-V hyperwisors too --theregister, softpedia, h-online news, webroot.com

59. Malware masquerades as a security app and can intercept incoming SMS text messages.

60. Don’t exploit vuln in device, user have to manually download and install the app to get infected

61. Free t-shirt facebook scam takes advantage of email upload

62. Uses users fb email address to upload content from mobile devices

63. QR Tags Can Be Rigged To Attack Smartphones

64. PoC hack showed scanning QR code with embedded URL directed to spoofed site and fed malware.

65. Another update to Apache due to byte range flaw, version 2.2.21

66. Version 2.2.20 fixedsDoS vulnerability

67. Apache Killer tool vulnerability was released to exploit DoS.

68. Windows 8 demonstrated at Microsoft's BUILD conference.

69. Picture passwords, faster boot time, built in AV, boot from usb flash drive and new friendlier blue screen of death

70. Developer preview is available free for download-- h-online news, foxnews, zscaler, theregister

73. AnDOSid : DOS Tool for Android

74. OWADE (Offline Windows Analyzer and Data Extractor) : Cloud based forensics

76. fuzzdb: Open Source database of malicious and malformed input test cases.

77. OSForensics: OS Forensics tool for digital investigations.

78. minibis: Automated malware analysis based on paper "Mass Malware Analysis: A Do-It-Yourself Kit“

80. How Microsoft Develops Security Patches

81. Google Report: How Web Attackers Evade Malware Detection

82. Dissecting Andro Malware

83. A summary of PDF tricks: data encodings, JavaScript, or PDF structure