Windows XP Lifecycle Sunset: It’s The Final Countdown

Our friend and colleague, Walt Conway, posted a great column on the Windows XP sunset over at StorefrontBacktalk in February. For those of you who aren’t aware, the support lifecycle for Windows XP comes to an end one year from today. Twelve months may seem far off, but if you depend on these systems within a secure environment, or one subject to any sort of regulatory compliance, you’d better have had a transition plan in place yesterday.

We hope to make enough noise about this issue that nobody can ignore it. There are a few particular points regarding this looming date that we’d like to raise a clamor about:

Read More

How to Decompress an LZMA-Compressed Squashfs on BackTrack 5

If you’re trying to extract a Squashfs and get a zlib::uncompress failed, unknown error -3 error, you may be running into an unsupported compression type as I did recently. Ultimately, I discovered the compression used on my Squashfs was LZMA. I wanted to share just how I was able to decompress the LZMA-compressed Squashfs.

Read More

HIPAA Gets a Second Wind

On January 17th, the U.S. Department of Health and Human Services (HHS) announced several changes to the Health Insurance Portability and Accountability Act (HIPAA). These changes, also known as the Omnibus Rule, amend and expand upon the Health Information Technology for Economic and Clinical Health (HITECH) and the Genetic Information Nondiscrimination Act of 2008.

Read More

Exynos Vulnerability on Samsung Devices

I recently purchased a Samsung Galaxy Note II and have been thoroughly enjoying it. The number of diverse applications is pretty amazing.

Unfortunately, a few days ago, a colleague passed an article along detailing an exploit associated with my brand of phone. The exploit is connected to the Exynos processor and the capability to obtain access to all physical memory.

Read More

Potential LogMeIn, DocuSign Email Leaks

On Friday, December 14, Brian Krebs posted an entry titled, “LogMeIn, DocuSign Investigate Breach Claims” to his blog, Krebs on Security.

Without completely repeating what he said, it appears several users of LogMeIn remote access software, as well as users of DocuSign electronic signatures, have reported an increase in malicious spam emails to the email addresses associated with the aforementioned products.

Read More

Attackers Specifically Targeting Mac OS Point of Sale (POS) Systems

As a Payment Card Industry Forensic Investigator (PFI), 403 Labs is constantly examining the latest attacks targeting POS systems. Of recent note is the discovery that criminal organizations are shifting their focus to target POS systems running on the Apple Macintosh platform.

In the past 60 days, our active trending has seen a significant upswing in attacks on non-Windows POS systems. One of the attacks we’ve seen targeting the Mac platform has left it just as exposed as its Windows-based counterpart. Before I start a “Windows versus Mac” religious uproar, though, let me put some facts on the table.

Read More

A Potential New Leash on the Data-Mining Monsters

Yesterday, the Senate Judiciary Committee gave approval to a privacy bill sponsored by Sen. Al Franken (D-Minn.), known as the Location Privacy Protection Act. This bill, a revamped version of one Franken attempted to push forth in 2011, is aimed at putting control over your location data into your own hands.

Read More

PCI Council Releases Risk Assessment Guidelines

PCI DSS Requirement 12.1.2 tells merchants and service providers that they must prepare a formal risk assessment to identify threats and vulnerabilities that can impact the security of cardholder data.

Unfortunately, at least based on my experience, many merchants struggle to respond properly to this requirement. The PCI Council has come to the rescue, however, by releasing the PCI DSS Risk Assessment Guidelines detailing what should be in a well-designed risk assessment.

Read More

pgpass_creds – A new Metasploit Post Module

I recently contributed a module, pgpass_creds, to the Metasploit Framework. It is a post module that grabs cleartext PostgreSQL credentials when applications that utilize libpq, such as pgAdmin3, store their credentials. You can grab the module by updating to the latest version of Metasploit using msfupdate.

PostgreSQL is a popular, open source database. PostgreSQL offers a C programming interface, libpq, that allows clients to pass queries to the PostreSQL backend server.

Read More

P2PE Challenges – Looking at Endpoint Devices

The Payment Card Industry Security Standards Council (PCI SSC) made several significant developments in their point-to-point encryption (P2PE) program this year, with assessor training, releasing the program guide, and opening up their report submission portal for P2PE assessment reports.

Somewhat interestingly, the market hasn’t shown much enthusiasm for this. I think we can attribute this to a few particular factors, most of which center around endpoint devices. This proves somewhat convenient, as I said in my last blog post that I’d discuss the first of the six domains in my subsequent post.

Read More