The whole gang is in studio tonight! Of course Paul and Larry are here but we also have Allison Nixon, fresh off her presentation at Black Hat 2013. Also back in studio are Jack Daniel and Expert Steve, after their "two men, one truck" trip back and forth across the US. After that much time alone together, there's no question that Steve is a changed man. On to the stories of the week!
Are you not keeping your firmware up to date? Any chance that you're setting yourself up to be hit by the HP Integrated Lights-Out authentication bypass? If you're not going to be diligent about updating firmware and must have these things on the internet, then as Paul says, firewall the hell out of it and keep it away from the rest of your network.
Using a new scanning interface from Paul and Jack's employer, Tenable, you're able to see if your desktop software is out of date. Everyone's browser seemed to need updates and as we learned with some help from Carlos, you even need to update your pooty (PuTTY).
One of the many good lessons that can be gained from watching Security Weekly is "Don't screw with people's kids." Let's go one step further and say it's probably in poor form to call some random stranger's two year old a "slut". Larry and Paul tell us about a story where one of those baby monitor camera systems was "hacked" because it was on the internet and using the default (ie. no password) password. So someone was able to log in to the camera and shout expletives through the speakers, at the sleeping child and eventually at the parents. Ok, first as Jack already mentioned, don't screw with people's kids. Second, as Larry mentioned, why put this thing on the internet? Third, if you are going to put it on the internet, make it easier or more obvious that a default password needs to be changed. Or finally, as Jack mentions, it might be a little harder to support, but go with a handful of default passwords and put a sticker on the system to let people know what it is. That's a whole lot better than no password when this thing goes on the internet.
Leave it to Expert Steve to start a fire right in the Security Weekly studios.
Rob Graham over at Erratasec gives a nice behind-the-scenes account of the Blaster worm as it was already 10 years ago that the outbreak first happened. Rob talks about how he found out about the possibility, was soundly mocked even in his own company about the upcoming outbreak and even how he launched his own bloodless coup in his company. He simply told the CEO that a major problem was coming, that he knew how to fix it and he was taking over immediately. In spite of much preparation for a big fight, the CEO simply said "ok" and Rob was off and running. While it only took his in-house developers to create an exploit for the vulnerability, it took much longer than expected for it to be seen in the wild. It was eventually first seen on August 11, 2003. And Rob was vindicated.
So the Transcend SD WiFi Card is completely vulnerable to all kinds of bad things. The tiny little card runs Linux and even has netcat installed! There's a web server on there where you can upload more fun scripts that let you do all kinds of things you shouldn't be able to. Things like see the user's password in the web page source code or remote file includes. But to leave netcat installed and leave open the ability to get a shell on an SD card? As Larry asks "The smaller the device, the less attention that is paid to security??"
While out at Black Hat, Allison got to play with the Hot Plug. No no, in spite of the name this is not some kind of sex toy. Instead, it's a great device that allows you to remove the power plug from a wall socket but still leave the device powered on. According to Allison, it's a male-to-male plug where you just slightly remove the plug from the socket, connect the Hot Plug and then remove the plug from the socket.
There are more discussions and articles but finally, Paul brought up this Dark Reading article by Maxim Weinstein called The More Things Change. This article goes into how many millions of malware variants we've seen through the years, but in the end, all of these hacks require at least one of three things: "exploiting a vulnerability, compromising user credentials, and/or tricking the user." The real question is how we fix these?
Ok, one more. There's an add-on to the Leap Motion device where you can simply use hand (or other) gestures to log in to your Windows machine. Oh so many ways that we could log in...
There are all these stories and more this week on the Security Weekly Drunken Security News!