Risky Business #159 -- Skimmers pay massive bribes downunder
On this week's show we take a fresh look at the insider threat in light of the news, here in Australia, that criminal syndicates are paying up to $40,000 to bribe service station attendants into helping them skim cards.
If the bad guys are willing to pay $40k for someone that low on the food chain, what will they pay to get at someone in your organisation?
To find out we'll be joined by Gartner research director, AusCERT co-founder and former Commonwealth Bank security big-wig Rob McMillan.
Also this week we chat with Kaspersky's Vitaly Kamlyuk in the sponsor interview.
Some more details have percolated out about the Windows .lnk bug we discussed in the news. Looks like its a .lnk that points to a .dll, and the dll's init code gets executed during load to get it's icon resource. Its a feature!
Microsoft has an advisory:
and proof of concept code turned up on exploit db:
So, we can assume this is going to get used quite extensively to target the desktop market, but if you want to explain why this could be bad for the Enterprise consider this common scenario.
System admin is logged into a server and has to go fix something in someones network home directory (quotas, restoring a file etc etc). Now if a malicous Shortcut and malware has been copied to the users home directory without triggering AV, then the sys admin may have just infected their server. Now sys admins would never be logged in with Domain admin privs while doing this would they?
Unless I am not reading the current known info regarding the bug correctly, this is a realistic situation. Maybe we can ween sys admins off their mice by requiring them to use the CLI as a mitigation :)
This is sounding really bad. I'm hearing that this can now be delivered via Web Site, Office Document and Email. Pat, are you covering this in any depth any time soon?
Yeah, but I don't have any information on this being exploitable that way... I don't think that's right. Got a link?
Ok, so web page exploit requires webdav?
This vulnerability can also be exploited remotely through a malicious website, or through a malicious file or WebDAV share.
Yeah I did spot that in the end... but I figure if you're running WebDAV you can probably be owned about 600 other ways as well. :)
It's mostly of concern because it can spread via shares or USB keys. Maybe someone will turn it into Conficker 2?
Public satellite imagery yields a wealth of intelligence...2 days 21 hours ago
Awesome feature track this week. Check it out here!2 days 21 hours ago
Special guests The Grugq, Singe, Charl and Andrew...1 week 3 days ago
Pwnage! Malware! Cats and dogs living together!1 week 3 days ago
All your herp derps are belong to RPTs...3 weeks 3 days ago
- Love the Das Efx tribute.
10 weeks 4 days ago
- LOL so no comment by Adobe's
11 weeks 6 days ago
- Welcome back, great stuff as
14 weeks 2 days ago
- AEDs are very accurate and
20 weeks 5 days ago
- I did see that after we
21 weeks 1 day ago
- Great podcast, a small
21 weeks 6 days ago
- Peck of pickled peppers? We
24 weeks 5 days ago
- Link to Sophail: Applied
27 weeks 3 days ago
- Fixed. I got autocorrected...
29 weeks 4 days ago
- it's jduck, not duck
29 weeks 4 days ago