Security Now 367

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 367

Contents

Security Now 367: What a Busy Week!

News & Errata

Zero Day Java Vulnerabilities, currently being exploited in the wild.

  • Brian Krebs writes on the topic. https://krebsonsecurity.com/2012/08/java-exploit-leveraged-two-flaws/
    • A pair of previously unknown vulnerabilities are being used to gain unrestricted access to a target machine.
    • Only Java 7 is exploitable, Java 6 is not.
    • These vulnerabilities are exploitable in all browsers and all operating systems. This is because Java is cross platform.
      • Ubuntu users do not have to worry if they use OpenJRE.
    • Using these exploits, any executable can be downloaded and ran on a target machine.
  • If and when you are infected, Windows users will notice a new Portable Media Serial Number Service running named mspmsnsv.dll located in WINDOWS/system32. The service is started through the registry.

Since the discovery of these vulnerabilities, a new version of Java has been released. Oracle released Java 7 Update 7 on August 30th, 2012.

New Malware infects VMware virtual machines.

  • The Windows version of a Malware application known as Crisis, is capable of installing infecting VMware virtual machines, Windows Mobile devices, and removalable USB drives.

Location Privacy Act of 2012, passed in California

Dropbox adds two-factor authentication

  • You may recall the recent leak of email addresses, of Dropbox users. Since the leak, Dropbox is working to add a second layer of security, to it's service.
    • Two-factor authentication works by requiring your password and a unique one time code sent to phone via a text message, or generated by a special app on your phone, to access your account.
      • Two-factor authentication can been enabled by going to the "Security" tab, now found in your Dropbox "Account Settings".
        • Before enabling two-factor authentication, an emergency 16 digit backup code will be generated. It is very important that you keep this code in a safe place. If you are unable to get a one time code, then you will need this code to regain access to your account.

Lego's turned 80 two weeks ago.

Revision3 now detects Ad Blockers. http://twitpic.com/aonpk4

Spinrite Story

Mark Cole writes, "Sue, thank you for your prompt reply and thank you for the explanation. I'm sorry I missed the specific web page you referred me to, but I am so glad you have consultant licenses. I'll work towards purchasing the four copies". Steve notes that, if four copies of Spinrite are purchased and are current, than Spinrite can be used on a clients machine. For example a computer repair shop could use Spinrite to repair a customers drive, if they purchased four copies of Spinrite and they are current. "Also I wanted to share that I went to the location where I was working on the PC with the Blue Screen of Death, and SpinRite comes to the rescue again. It took a couple of reboots after SpinRite did its thing, and Windows XP followed up with doing its own chkdsk, and the PC is up and running like nothing ever happened. The customer is going to be absolutely thrilled when they come in tomorrow morning and their PC will be up and running. Thank you. Mark Cole".

Topic

Cloud Storage Update:

  • Data Locker is a free application by AppSense. http://www.appsense.com/products/appsense-labs/datalocker/
    • Offers a simple drag and drop user interface for encrypting files. Files can be encrypted and stored locally, or encrypted locally and stored in the cloud.
    • Supports Windows, Mac, and iOS.
    • Using Dropbox, files can be encrypted and decrypted on iOS devices.
    • Available free of charge, with no ads.
  • Duplicati is an open source application. http://www.duplicati.com/home
    • Supports Windows, Mac, and Linux.
    • Can be used to backup important files by encrypting them first and then sending them to Amazon S3, SkyDrive, Google Drive (Google Docs), Rackspace Cloud Files, WebDAV, Secure FTP (SFTP), Tahoe-LAFS, FTP, and more.
    • Provides full trust no one encryption by using AES-256 encryption or GPG.
    • Supports full and incremental backups, a command line tool for power users, can backup open or locked files, can backup Outlook while it is running using the Volume Snapshot Service under Windows, Logical Volume Management (LVM) under Linux, powerful file specification, powerful file filtering, and multiple backups.
    • Installing the application takes up 18MB of space on your drive.

Apple vs Samsung: Steve urges everyone to sign the EFF petition to defend patents and innovation.https://defendinnovation.org/

Notable Quotes

Significant Products

  • Link URL and optional brief description

Sponsors

Audible

  • Audible URL

Picks

Audibledotcom.png
TBD by TBD (ABRIDGED/UNABRIDGED)
Narrated by TBD

Other Sponsor

  • Link URL

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.
Personal tools