Thus ends the busiest four weeks I have had since joining Securosis. A few conferences – AWS Re:Invent was awesome – a few client on-site days, meeting with some end customers, and about a half dozen webcasts, have together left me gasping for air. We all need a little R&R here and the holidays are approaching, so Firestarters and blog posts will be a bit sporadic. Technically it is still Friday, so here goes today’s (slightly late) summary.
I am ignorant of a lot of things, and I thought this one was odd enough that I would ask more knowledgable people in the community for assistance in explaining how this works. The story starts like this: A few months ago the new Lamborghini Huracan was introduced. Being a bit of a car weenie I went to the web site – http://huracan.lamborghini.com – in a Safari browser to see some pictures of the new car. Nice! I wish I could afford one – not that I would drive it much. I would probably just stare at it in the garage. Regardless, I had never been to the Lamborghini web site before. So I was a little surprised the next morning when I opened up a new copy of Firefox, which was trying to make a request to http://media.lamborghini.com. WTF? As I started to dig into this, I saw it was a repeating pattern. I visited http://www.theabsolutesound.com, and when I opened my newly installed Aviator browser, it tried to connect to http://media.theabsolutesound.com. Again, I had never been to that site in the Aviator browser, but recently visited it from FF. Amazon Web services, Tech Target, and a dozen or so requests to connect to media.sitename.com
or files.sitename.com
popped up. But the capper was a few weeks later, when my computer tried to send the same request to media.theabsolutesound.com
from an email client! That is malware behavior, likely adware!
So is this behavior part of an evercookie Flash/Java exploit through persistent data? I had Java disabled and Flash set to prompt before launch, so I thought a successful cross-browser attack via those persistence methods was unlikely. Of course it is entirely possible that I missed something. Anyway, if you know about this and would care to explain it – or have a link – I would appreciate an education on current techniques for browser/user tracking. I am clearly missing something.
As a side note, as I pasted the huracan.lamborghini.com
link into my text editor to wrote this post, an Apple services daemon tried to send a packet to gs-loc.apple.com
with that URL in it. Monitor much? If you don’t already run an outbound firewall like Little Snitch, I highly recommend it. It is a great way to learn who sends what where and completely block lots of tracking nonsense.
Puppy names. Everybody does it: before you get a new puppy you discuss puppy names. Some people even buy a book, looking for that perfect cute name to give their snugly little cherub. They fail to understand their mistake until after the puppy is in their home. They name the puppy from the perspective of prepuppy normal life. Let me save you some trouble and provide some good puppy names for you, ones more appropriate for the post-puppy honeymoon:
- “Outside!” – the winner by a landslide.
- “Drop-It!”
- “Stinky!”
- “No, no, no!”
- “Bad!”
- “Not again!”
- “Stop!”
- “OWW, NO!”
- “Little bastard”
- “Come here!”
- “Droptheshoe!”
- “AAhhhhrrrr”
- “F&%#” or the swear word of you choice.
Trust me on this – the puppy is going to think one of these is their name anyway, so starting from this list saves you time. My gift to you.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Securosis Posts
- Ticker Symbol: HACK.
- Incite 11/12/2014: Focus.
- Building an Enterprise Application Security Program: Recommendations.
- Changing Pricing (for the first time ever).
- Monitoring the Hybrid Cloud: Emerging SOC Use Cases.
Favorite Outside Posts
- Mike Rothman: Open Whisper Systems partners with WhatsApp to provide end-to-end encryption. The future will be encrypted. Even WhatsApp! Much to the chagrin of the NSA…
- Rich: Secure Agile Development. Think like a Developer. Maybe I have been spending too much time coding lately, but I love this concept. Needless to say we have lately been spending a lot of time on this area.
- Adrian Lane: Experimental Videogame Consoles That Let You Make One Move a Day. In a world of instant gratification, getting back to a slow pace is refreshing and awesome.
Research Reports and Presentations
- Securing Enterprise Applications.
- Secure Agile Development.
- Trends in Data Centric Security White Paper.
- Leveraging Threat Intelligence in Incident Response/Management.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
- The Security Pro’s Guide to Cloud File Storage and Collaboration.
- The 2015 Endpoint and Mobile Security Buyer’s Guide.
- Analysis of the 2014 Open Source Development and Application Security Survey.
- Defending Against Network-based Distributed Denial of Service Attacks.
- Reducing Attack Surface with Application Control.
Top News and Posts
- Microsoft patches critical bug that affects every Windows version since 95
- Google Removes SSLv3 Fallback Support From Chrome
- Nasty Security Bug Fixed in Android Lollipop 5.0
- Amazon Web Services releases key management service
- U.S. Marshals Using Fake, Airplane-based Cell Towers
- Facebook’s ‘Privacy Basics’ Is A Privacy Guide You May Actually Want To Read
- Hiding Executable Javascript in Images That Pass Validation
- UPnP Devices Used in DDoS Attacks
Reader interactions
One Reply to “Friday Summary: November 21, 2014”
I don’t really have anything to say, but am super-curious about the behavior, and want to see followups.