Before It Bytes!

SecuraBit Episode 55: 10000 Tubes of KY and a Case of Dog Biscuits!

Sponsored by Sunbelt Software! Creators of the Sunbelt CWSandbox, for all your malware analysis needs! Visit their website for more details!

Anthony Gartner @anthonygartner
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Andrew Borel @andrew_secbit

Missing Hosts:
Jason Mueller – @securabit_jay

Joshua Wright – @joswr1ght

– Josh talks about the MiFi hack
– Bluetooth Hacking
– Barcode scanner hacking including the Bluetooth scanner hacks
– SANS SEC617 SEC617 Course
– 617BIT Discount Code for $500 off the vLive! Course
– Upcoming courses taught by Josh Wright
– Pentest summit – Baltimore, MD – Josh will be speaking there.  His talk will be about essential crypto for pentesters.

General topics:
Mcafee Released a failed (fubar) virus definition Discussion thread
Gmail authentication code stolen
Someone we know was owned

SEC617 Course
Bruce Schneier’s book list
Dark Reading – Taking Penetration Testing In-House

Chat with us on IRC at #securabit

Merchandise and a Contest! Win a ticket to Thotcon!

The link to the Merchandise page is back!  For now we’d like to sell our stock of t-shirts from Shmoocon.  After those are all gone we are going to work on getting some other kinds of schwag, stuff that you guys will love!

If you’d like to attend Thotcon but don’t have a ticket, we have one to give away!  Keep in mind that Thotcon is on April 23rd in Chicago.

Starting now and running until 6PM Eastern on Friday, April 16th anyone who leaves us feedback via iTunes, comments on a blog post will be entered into a drawing.  The names will be put onto a spreadsheet in no particular order, and then sorted in reverse.  Each name will then have a number in front of it, and we will use in order to randomly select the winner.

You must use the iTunes client to leave feedback in iTunes.  If you leave a comment on a blog posting it must not be spam, and it must make some sort of sense, submissions that just go “Hi” or “asdfjkl;” will be disregarded.


SecuraBit Episode 54: Lions and Tigers and Banking Trojans, OH MY!

Sponsored by Sunbelt Software!  Creators of the Sunbelt Sandbox, for all your malware analysis needs!  Visit for more details!

Anthony Gartner @anthonygartner
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Jason Mueller @securabit_jay
Andrew Borel @andrew_secbit

Sean-Paul Correll – @lithium -
Threat researcher at Panda Security

According to the Panda Annual security report, 66% of all malware are trojans:

Definition of a Banking Trojan.

Mariposa bot net take down:

Virus Total Web:

Appeared at Security B-side in San Francisco
Playing with Fire – Live Demonstration of Today’s Most Dangerous Malware

Chat with us on IRC at #securabit

0days for Java Deployment Toolkit

Two researchers, Rubén Santamarta (@reversemode) and Tavis Ormandy have both posted proof of concept code today for exploiting a vulnerability in the Java Web Start functionality included in Sun’s Java since Java 6 Update 10.  The functionality is designed to make it easier for developers to deploy applications to end users.

In both cases the researchers were able to exploit the insufficient validation of parameters which are passed to the javaws command when used to deploy an application via a web page.  The end result is that an attacker would be able to launch a .jar file of their choice, almost silently on the user’s machine.

The exploits appears very simple, and Tavis did contact Oracle regarding the issue, but was told that the vulnerability is not severe enough to justify releasing and out-of-band patch for the issue.

Mitigation for the vulnerability can mean setting ActiveX killbits for Internet Explorer, or using file system permissions to block access to the Java Deployment Toolkit (npdeploytk.dll) from running.  More information on mitigation is available in the links below.

Currently the vulnerability is only exploitable on Windows versions of Java, but Rubén points out:

Although Linux contains vulnerable code, I was unable to exploit it in the same manner. It likely can be exploited by using the proper sequence of command-line arguments, but the sudden release didn’t allow me to research into this issue.I was focused on Windows at the moment of the disclosure.

So that may only be a matter of time.

More information and the POC code can be found here:
Full Disclosure Mailing List – Java Deployment Toolkit Performs Insufficient Validation of Parameters

Reverse Mode – [0DAY] JAVA Web Start Arbitrary command-line injection – “-XXaltjvm” arbitrary dll loading

SecuraBit is now sponsored by Sunbelt Software!

SecuraBit is proud to announce that we have secured a Gold level sponsorship agreement with Sunbelt Software effective immediately.  By joining forces with Sunbelt, SecuraBit will continue to build upon its listener base and promote products which we’ve personally used and believe the security community will also benefit from.   If you recall, Brian Jack from SunbeltLabs joined us on EP51 to talk about CWSandbox.  If you haven’t had a chance to listen, we highly recommend you take time out to listen to the functionality of CWSandbox and how it could potentially help your organization automate malware analysis when lack of personnel is a major issue.

Sunbelt Software was founded in 1994 and is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE® and CounterSpy® product lines, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™.

Tune into the show tonight to find out more!