Security News

For those of you who have been coming to the Social-Engineering Capture the Flag (SECTF) at DEF CON for the past 4 years, you might already know that we try to hold one of the most popular contests around full of Social Engineering Awesomeness. But we also try to make sure there are some presentations and other events in the SECTF room to inform and entertain.

In previous years, we have had notable social engineers like Kevin Mitnick give presentations and demos.  Last year we culminated our little mini-SE-CON with Kevin Mitnick, Sharon Conheady and the Director of the NSA, General Keith Alexander.

What can we do to keep the energy going and make the SECTF even more awesomer than ever before?

Have you heard of a guy who can literally steal the watch off your wrist and phone out of your pocket without you knowing?  If you haven’t, you are going to want to get up on your Apollo Robbins videos.

This year the Social-Engineer Team has invited Apollo Robbins in to the SECTF room to do a little show and be part of our podcast.  Ok, are you as excited as us?

Well, here is the deal; last year when we had our good friend Kevin Mitnick in, the goons made us lock the doors  (thank you DEF CON  Goons for keeping us safe) once the room was beyond capacity.  This year we are sure this is going to happen again – so if you want a seat at this one-time event, get to the SECTF room early.

Now, you know we want you all there all weekend.  Calls start on Friday AM, continuing through Saturday AM, and then Sunday Apollo and the SEORG Crew take the stage and put on one of the most Memorable Podcasts Ever!!

Be there!  Need more info?  Email us at defcon -@- Social-Engineer.org or keep checking back; we will be posting the DEF CON 21 Social-Engineer Village Schedule here.

The post Defcon 21 News: Enter the Apollo appeared first on Social-Engineer.Org.

Installieren Nutzer den USB-Cleaver, können sie Passwörter klauen, die auf Windows-Rechnern gespeichert sind. Das funktioniert aber nur, wenn Autorun aktiviert ist.

Bis zum Ende diesen Jahres will das BSI Richtlinien für das sichere Cloud-Computing erarbeiten. Diese sollen den IT-Grundschutz-Katalogen hinzugefügt werden. Laut BSI bringen sichere Cloud-Lösungen "mehr Wettbewerbsfähigkeit".

Die Empörung in Deutschland ist weiterhin groß, jetzt versprechen die USA zumindest Aufklärung im mutmaßlichen Abhörskandal. Nicht öffentlich, aber über diplomatische Kanäle.

Der US-Geheimdienst NSA steht im Verdacht, EU-Institutionen ausspioniert zu haben. Die gehe aus geheimen Dokumenten im Besitz von Edward Snowden hervor, die der Spiegel teilweise einsehen konnte.

Datenpanne bei Facebook: Laut Symantec verschickt die offizielle Android-App die Telefonnummer des Geräts an Facebook, bevor sich der Anwender überhaupt angemeldet hat.

Heute mit: Einem Virenscanner in der Identitätskrise, leicht verdaulichen Joomla-Cookies und über 1200 Bugs – darunter einem im PDF-Viewer von Google Chrome.

Mehrere Sicherheitslücken werden mit dem neuesten Ruby-Update geschlossen. Unter anderem existiert eine Schwachstelle bei der Auswertung von SSL-Zertifikaten.

Zwei Monate, nachdem c't über hunderte unzureichend geschützte deutsche Industrieanlagen berichtete, ist das Problem noch nicht gelöst – auch wenn das BMI das Gegenteil behauptet. Im Internet stoßen wir noch immer auf neue Fälle – darunter eine Kirche.

Der Chef des IT-Verbands Bitkom fordert schnellsmöglichst Transparenz in der Internetüberwachung. Ansonsten könne das Vertrauen der Nutzer in die Cloud und andere Informationstechnik nachhaltig beschädigt werden.

Der ehemals zweithöchste Offizier des Landes wird laut Medienberichten beschuldigt, geheime Informationen über eine Cyber-Attacke der USA gegen den Iran weitergegeben zu haben.

Join us for PaulDotCom Security Weekly Episode 337. With guest Matt Bergin, age twenty four, works for CORE Security as a Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client's network environments. Also, for our tech segment we are joined by Mike Murray and Kati Rodzon from MAD Security. Katrina Rodzon is a behavioral scientist for MAD Security. Her last 9 years have been spent studying psychology and ways to modify and study human behavior. Mike Murray has spent more than a decade helping companies to protect their information by understanding their vulnerability posture from the perspective of an attacker. They are going to be talking about "Social Engineering War Stories".

Sit back and enjoy the show live or participate in the live chat on our Ustream channel:

Streaming video by Ustream

NOTE: The video will play the most recent show up until we are live!

Don't forget to follow us on Twitter: Paul Asadoorian, Larry Pesce, Jack Daniel, Carlos Perez, John Strand, Allison Nixon and Mike Perez.

Tune in to PaulDotCom Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.

Ende Juni stellt der Antivirus-Hersteller Avira die Vermarktung aller Linux-Produkte ein. Bestehende Installationen will der Hersteller bis 2016 mit Updates versorgen und supporten.

In this episode we talk about the insider. Because right now, there is nothing more important for you to detect. Why? Because you could have an insider. You could also have a compromised user account. From a detection standpoint, they would be indistinguishable.

Links for this episode:

-strandjs

Mit einem alten, abgelaufenen Zertifikat haben Kriminelle Malware signiert und diese womöglich tausenden Opera-Nutzern unterjubeln können. Das Zertifikat wurde bei einem Einbruch erbeutet. Opera will mit einem Update gegensteuern.

Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen.

Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail.

social engineering using dog poop

Here at Social-Engineer we delve into everything to find the social engineering angle…. Yes, I mean everything.  For your reading pleasure we have taken SE to a new height this month.

Over the past few years there have been some apartment complexes in the U.S. and Europe that have used DNA testing and social engineering to identify dog poop left unattended by the pet’s owners. Tenants are required to register their pet’s DNA with the apartment management in order to identify offenders. Fines can then be levied against guilty tenants once the DNA match has been confirmed.

Recently, in Brunete, Spain, a team of volunteers spotted the guilty parties in the act. They then use “social engineering” skills and struck up a friendly conversation with the owners to learn the name of the pet. With that info, the owners could be identified from the city registry and the waste was mailed back to the owners. Officials said the offenses have since fallen by 70 percent.

This idea has been discussed for years by local governments and property owners as a way to deter these kinds of misdeeds. We would like to use this latest example in making a larger point about the nature of data. It isn’t typical for people to think of a pile of dog poop as a source of social engineering information. (A fact that would have served the offenders in Brunete to consider.)

Perspective and creativity are critical to human adaptation. We know from experience, and biology class, that the most adaptive organisms are the organisms that survive and thrive over time. The ability to shift perspective, explore our perceptions and yield creative solutions to problems are some of humanity’s greatest strengths and capabilities. To be a better thinker and therefore more adaptive are useful sets of skills.

Functional Fixedness is a cognitive psychology concept in which a person finds it difficult to think of creative uses for an object aside from its traditional use. A typical functional fixedness exercise requires participants to solve the following problem:

Two strings that are long enough to be tied together hang from hooks on either side of a ceiling. The strings are hung far enough apart that you cannot reach one without holding the other. With a box of nails, matches and a hammer at your disposal how can you manage to hold both strings at the same time so that you may tie them together?

Exercises such as this are useful for strengthening your creativity and opening your mind up to different perspectives in problem solving. Something we call – Critical Thinking.  As a social engineer is it important to continually develop the ability to be creative and to expand your capacity to adapt to any situation. This is applicable for the highly technical as well as agents who largely operate in the physical realm. Critical thinking leads to better execution.

And as the residents of Brunete who failed to clean up after their pets learned, it is important to protect your information. All of it.

The post That’s a pile of… Social Engineering goodness! appeared first on Social-Engineer.Org.

Die neue Version des Virenschutzprogramms enthält zwei wesentliche Neuerungen: eine beschleunigte Scan-Engine sowie einen Passwort-Safe.

Das Smartphone ist gesperrt, pornographische Bilder sollen aufgetaucht sein. Die Testversion des Antivirenprogramms möchte endlich Vollversion werden und dafür Geld sehen. Ransomware, Erpressungstrojaner, machen es sich auch unter Android gemütlich.