Visit www.cdfs.org for more information.

Joe

Apple has gone and updated iOS to fix a security issue relating to PDF’s.  The vulnerability had to do with how iOS Mobile Safari handles fonts that are embedded into PDF’s.  iOS version 4.2.9 covers CDMA iPhone 4′s, while version 4.3.4 covers the iPhone 4 (GSM), iPhone 3GS, iPad & iPad 2 and iPod Touch 3rd & 4th Generation.

So fire up your iTunes & get a patchin’

Joe

Don’t know if you perused through your inboxes this morning, but you should have received an email from Dropbox letting you know that they changed their Terms of Service (TOS).  The email should have looked a little something like this:

Dropbox TOS Change 7/15/2011

So as I know, most users probably just hit the delete button and didn’t think twice about it.  You might have thought “Dropbox just probably added some new features that changed their TOS in some small way, right?”.

WRONG!!!  They added this little tidbit:

Dropbox TOS Change

 
So basically what this means is that whenever you upload a document, photo, video, audio or anything for that matter, you are giving them permission to distribute, display or make a derivative of that file however they wish, as they feel necessary for their service (whatever that means). Oh, and they don’t need to compensate you in anyway for it either.

Most of you should be picking your jaws up off of the floor right now.

Did they really think that no one would actually read this. I slept in a bit late this morning and awoke to a flood of emails, tweets and other masses of information regarding this. Services like Dropbox should know that the Information Security community is quite vigilant. We live to check up on things that affect our security and freedoms

This goes far beyond their compliance with Law Enforcement requests to have access to your data, which in itself caused an uproar against Dropbox. At least with a Law Enforcement request (Subpoena or Search Warrant), their is a checks and balances system in place, which they will just say Ok to. Being an LEO myself I cannot just call or email Dropbox and tell them to give me access to anyone’s files willy nilly. I have to prepare a Subpoena request or a Search Warrant application, which then gets reviewed by a law clerk or Assistant District Attorney. It then gets brought before a Judge or similar legal authority who ultimately decides if this request should be granted in the form of a Subpoena or Search Warrant. This keeps a rogue LEO from just gaining access to your data.

So my recommendation is to delete you Dropbox account as soon as you are done reading this and worry about finding an alternative later.

Joe

Show Notes:

Sony/PBS Hacks links:

http://arstechnica.com/tech-policy/news/2011/06/sony-hacked-yet-again-plaintext-passwords-posted.ars

http://arstechnica.com/tech-policy/news/2011/05/hacktivists-scorch-pbs-in-retaliation-for-wikileaks-documentary.ars

http://www.informationweek.com/news/security/attacks/229700188

Mac Defender, Apple Security Update and Avast A/V Free for Mac:

http://www.tuaw.com/2011/05/19/macdefender-malware-protection-and-removal-guide/

http://www.tuaw.com/2011/05/31/mac-security-update-2011-003-now-available-for-download/

http://www.macrumors.com/2011/06/02/apple-responds-quickly-to-evolving-mac-defender-threat-with-updated-malware-definitions/

http://support.apple.com/kb/HT4657

http://www.tuaw.com/2011/06/01/avast-free-antivirus-for-mac-beta-now-available/

Using TrueCrypt with Dropbox:

http://lifehacker.com/5794486/how-to-add-a-second-layer-of-encryption-to-dropbox

2011 SANS Forensic & Incident Response Summit:

http://www.sans.org/forensics-incident-response-summit-2011/agenda.php

2011 Forensic4Cast Awards Voting:

http://www.forensic4cast.com/forensic-4cast-awards/

2011 Sleuth Kit & Open Source Digital Forensics Conference:

Upcoming SecurityBSides Events (June):

http://www.securitybsides.com/w/page/12194156/FrontPage

With that said, Cyber Crime 101 has been nominated for the “Best Digital Forensics Podcast” category.  I was floored to find out that the show made it to the finals.  I would first like to thank those that nominated the show and helped it become a finalist.   I also want to thank those who will vote for the show in advance.  It will be much appreciated.  Fingers crossed that the show can pull out a win.

I have a great time putting together the show for you all and finding some way to give back to the community.  I hope to continue to do so in the future.

I also want to wish all of the nominees from all of the categories good luck.

FOR408: Computer Forensic Essentials
vLive! course starts March 1 and meets Tue/Thu evenings

http://www.sans.org/info/66203

MGT414: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam
vLive! course starts February 28 and meets Mon/Wed evenings

http://www.sans.org/info/66198

SEC560: Network Penetration Testing and Ethical Hacking
vLive! course starts February 7 and meets Mon/Wed evenings

http://www.sans.org/info/66193

ANY 4-, 5-, or 6- Day Course offered via OnDemand

https://www.sans.org/registration/register.php?conferenceid=1032

To get your free iPad(TM), enter discount code 0112_iPad when you
register for a qualifying course.  Your iPad(TM) will arrive in about
four weeks.  It’s that easy!

For complete information please visit:
http://www.sans.org/online-security-training/specials.php .

Why Take SANS Online Training?
* Learn from SANS’s Top Instructors, including Ed Skoudis, John Strand,
Eric Conrad and Rob Lee

* Eliminate travel expenses and time away from the office

* Receive a complete set of books, course materials and downloadable
.mp3 audio files

* vLive! courses feature LIVE instruction from a top instructor in an
interactive virtual classroom

* OnDemand courses are available at any time and feature integrated
assessment tools

To learn more about our online training options, please visit
http://www.sans.org/online-security-training/ .  Not sure which online
training method is best for you? View a demo of vLive! at
https://www.sans.org/vlive/demo.php or test-drive OnDemand at

http://www.sans.org/ondemand/demos.php.

To receive your free 16GB iPad(TM) with Wi-Fi, you must register and pay
for a qualifying course by February 2, 2011. Qualifying courses include
any 4-, 5-, or 6- OnDemand course and the following vLive! courses:
SEC560 beginning 2/7/11, MGT414 beginning 2/28/11, and FOR408 beginning
3/1/11.  Students are responsible for paying any applicable duties,
taxes or customs fees.  The offer may not be combined with any other
offer or discount program.  Allow up to four weeks for iPad(TM)
delivery.  iPad(TM) is a registered trademark of Apple, Inc..  Apple,
Inc. is not a sponsor of this promotion nor is it affiliated with the
SANS Institute.

Lenny Zeltser is putting finishing touches on the next version of REMnux (v 2.0), which is an Ubuntu-based Linux distribution for analyzing malware.  It is set for release this month.  Lenny uses it in the SANS FOR610 course, but it has also been well received by the malware analyst community, and is available at http://REMnux.org.  If you haven’t tried it yet, make sure to give it a spin.

The new version is an incremental update. The goal of this release is to mostly to update the existing tools and to add a few new ones. Most notably:

•    Update Volatility 1.3 to Volatility 1.4 RC1. The version 1.4 includes a different plugin architecture, and has a more streamlined feel from a usability perspective. Also, it includes (partial) support for Windows Vista and 7.
•    Migrate from MHL’s Volatility Analyst Pack plugins to use the Malware Plugins library (malware.py), which is compatible with Volatility 1.4 and includes additional features.
•    Install the latest version of Jsunpack-n, which includes a number of new features, such as proxy support, improved handling of encrypted PDFs, and other updates.
•    Install stunnel to assist with the interception of SSL sessions (is this actually useful?)
•    Install pyOLEScanner.py to assist with malicious Office document analysis
•    Install Tor and Torsocks to ease anonymizing access to malicious websites
•    Install libemu to obtain its sctest tool for analyzing shellcode
•    Install RABCDAsm, a toolkit for reverse-engineering SWF files. (Anyone interested in taking on a project to showcase this tool, btw?)
•    Fix a libnet-dns (Net::DNS) issue related to the operation of INetSim
•    Include some tools from the Malware Analyst’s Cookbook DVD

The goal is not to install every malware analysis tools out there, but to only include those tools that are useful and work well. Also, Lenny is sticking with Enlightenment as the X window manager, because it’s lightweight and it’s very easy to install GNOME or KDE with apt-get when the user wants it.

If you have any recommendations for tools to include in the upcoming version of REMnux, please drop him a note on Twitter (@lennyzeltser) or via http://zeltser.com/about/contact.html

Joe

Unlike other USB duplication tools, ImageUSB can preserve all unused and slack space during the cloning process, including the Master Boot Record (MBR). ImageUSB can perform flawless mass duplications of all UFD images, including bootable UFDs.

It is in Beta as of this writing.  As always, make sure you test applications/utilities out prior to using in a production situation.

Joe

I just wanted to wish you all a Merry Christmas and a healthy holiday season.  I also wanted to thank all of you for your support in making the show great.  I hope the show continues to evolve and get better in 2011.

Joe