7MS #175: Infosec News and Links Roundup
3 min read Podcast

7MS #175: Infosec News and Links Roundup

Training

  • Check out this Beyond the Shell Webcast from Secure Ideas coming up Thursday, April 7 from 2:00 p.m. - 4:00 p.m. CST. Their training modules are fantastic, and fairly priced at just $25 a pop. Collect 'em all! Webinar summary:

Are you comfortable with the basics of Metasploit, but still struggle with using it efficiently? Do you feel like there's much more there that you haven't taken the time to learn? This webinar will take you beyond individual exploits and explore some of the more advanced features of Metasploit.

In this webcast we will talk about where a new and enterprising security team should start. We will focus on the 20 Critical Controls because they are not insane and can be mapped to all other security-related controls. We will cover, month-by-month, what a new team/program should focus on.

General News

To be fair, the FBI probably doesn't know what the vulnerability is. And I wonder how easy it would be for Apple to figure it out. Given that the FBI has to exhaust all avenues of access before demanding help from Apple, we can learn which models are vulnerable by watching which legal suits are abandoned now that the FBI knows about this method.

On that note, it appears the FBI might indeed have hands-on knowledge of the hack, as they are helping unlock an iPhone 6 and iPod for an Arkansas murder trial.

  • A water treatment plant was popped and that sorta makes me poop myself. The plant name/location are anonymous - the article refers to the plant as Kemuri Water Company, or KWC. Some highlights from the article:

The hack – which involved SQL injection and phishing – exposed KWC's ageing AS/400-based operational control system because login credentials for the AS/400 were stored on the front-end web server.

Also:

During these connections, the threat actors modified application settings with little apparent knowledge of how the flow control system worked. In at least two instances, they managed to manipulate the system to alter the amount of chemicals that went into the water supply and thus handicap water treatment and production capabilities so that the recovery time to replenish water supplies increased. Fortunately, based on alert functionality, KWC was able to quickly identify and reverse the chemical and flow changes, largely minimizing the impact on customers. No clear motive for the attack was found.

  • Facebook is trying to stop account impersonation but the article author asks a great question: What if an account impersonator joins FB before the real account user?

  • Windows is gonna run Linux and that's weird/sexy/cool/scary/fun...depending on how you look at it.

Tools/Scripts

  • Heralding lets you setup a simple cred-catching honeypot:

Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently the following protocols are supported: ftp, telnet, ssh, http, pop3 and smtp.

The main idea behind GoAccess is being able to quickly analyze and view web server statistics in real time without having to generate an HTML report (great if you want to do a quick analysis of your access log via SSH).

Misc/Humor