Risky Business #159 -- Skimmers pay massive bribes downunder
On this week's show we take a fresh look at the insider threat in light of the news, here in Australia, that criminal syndicates are paying up to $40,000 to bribe service station attendants into helping them skim cards.
If the bad guys are willing to pay $40k for someone that low on the food chain, what will they pay to get at someone in your organisation?
To find out we'll be joined by Gartner research director, AusCERT co-founder and former Commonwealth Bank security big-wig Rob McMillan.
Also this week we chat with Kaspersky's Vitaly Kamlyuk in the sponsor interview.
Some more details have percolated out about the Windows .lnk bug we discussed in the news. Looks like its a .lnk that points to a .dll, and the dll's init code gets executed during load to get it's icon resource. Its a feature!
Microsoft has an advisory:
and proof of concept code turned up on exploit db:
So, we can assume this is going to get used quite extensively to target the desktop market, but if you want to explain why this could be bad for the Enterprise consider this common scenario.
System admin is logged into a server and has to go fix something in someones network home directory (quotas, restoring a file etc etc). Now if a malicous Shortcut and malware has been copied to the users home directory without triggering AV, then the sys admin may have just infected their server. Now sys admins would never be logged in with Domain admin privs while doing this would they?
Unless I am not reading the current known info regarding the bug correctly, this is a realistic situation. Maybe we can ween sys admins off their mice by requiring them to use the CLI as a mitigation :)
This is sounding really bad. I'm hearing that this can now be delivered via Web Site, Office Document and Email. Pat, are you covering this in any depth any time soon?
Yeah, but I don't have any information on this being exploitable that way... I don't think that's right. Got a link?
Ok, so web page exploit requires webdav?
This vulnerability can also be exploited remotely through a malicious website, or through a malicious file or WebDAV share.
Yeah I did spot that in the end... but I figure if you're running WebDAV you can probably be owned about 600 other ways as well. :)
It's mostly of concern because it can spread via shares or USB keys. Maybe someone will turn it into Conficker 2?
A chat with Bromium co-founder and CTO Simon Crosby...5 days 10 hours ago
What does one do with USD$100m in stolen Bitcoins?5 days 10 hours ago
$600 million buys you a lot of fail, apparently...1 week 5 days ago
Get your fill of the week's news!1 week 5 days ago
The Grugq spitballs some secure IM ideas...2 weeks 5 days ago