Oil company breach, a good example of industrial espionage?

Quite an interesting story regarding a breach at three Oil companies where corporate executives in particular were targeted so that the hackers could gain access to competitive data.  Who is to blame is unclear…   http://www.wired.com/threatlevel/2010/01/hack-for-oil/

Virginia healthcare database compromised, ransom demanded

Yikes! What a trend we are seeing with health care related computer intrusions. Apparently it is not good enough for the criminals to just get in and steal the data and then sell it on the black market. http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html?wprss=securityfix

Conficker C detection signatures created

Now easier ways to find Conficker C worm on those pesky Windows machines.

http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/

Malware, using your BIOS as a hosting platform

A chilling technique that uses a computer’s BIOS to store malware so that it can survive a boot. This means you can replace your hard drive, or use software packages such as Deep Freeze (that effectively restore any changes made to your disk – with the intent of having a pristine malware-free image upon reboot) and STILL the malware can rear its ugly head, because it is installed in a persistent state in BIOS.

http://blogs.zdnet.com/security/?p=2962

The actual presentation was given at CanSecWest, it can be found here:

http://i.zdnet.com/blogs/core_bios.pdf

Warvox released

HD Moore released a rather cool tool called WarVox.   You can get more details at his website:  http://warvox.org/

A description from his webpage:

“WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable by leveraging Internet-based VoIP providers. A single instance of WarVOX on a residential broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth and the limitations of the VoIP service. Using two providers with over 40 concurrent lines we have been able to scan entire 10,000 number prefixes within 3 hours.

The resulting call audio can be used to extract a list of modems that can be fed into a standard modem-based wardialing application for fingerprinting and banner collection. One of the great things about the WarVOX model is that once the data has been gathered, it is archived and available for re-analysis as new signatures, plugins, and tools are developed. The current release of WarVOX (1.0.0) is able to automatically detect modems, faxes, silence, voice mail boxes, dial tones, and voices.

WarVOX is intended for legal security assessment, asset inventory, and research purposes only.

Keep in mind that the laws regulating automated dialing can vary by location, it is your responsibility to ensure that your local laws and the laws governing the target telephone range are respected. Information concerning potentially applicable laws can be found in the Laws and Regulations section.”