http://www.computerworld.com.au/article/346907/auscert_2010_defence_illusion_hack_rooted_reality/ By Darren Pauli Computerworld Australia 18 May, 2010 A government agency was almost crippled after an employee opened a Trojan-infected PDF file, exposing some 40 adminstration passwords to a hacker. That's the hypothetical scenario posited by a Defence Signals Directorate (DSD) cyber security technical investigations expert - who did not wish to be identified - speaking to the AusCert conference in Queensland this week. His job is one of response, where he conducts forensics on a compromised agency to reveal possible data loss or exploit methods used by hackers - essentially maintaining the latter part of the DSD motto "reveal their secrets - protect our own". The scenario was complied from actual breaches and security incidents that the 24 x 7 DSD team had worked on. The fake agency, dubbed govtenders, had come close to suffering a catasophic breach after a user fell victim to a targeted phishing attack - something the agency sees often along with targeted attacks on client-side and third-party applications. Once the rogue PDF was executed, the phoney attack could have exploited adminstration rights, made available by common and large-scale systems and network management tools like HP Openview, the DSD spokesman said. "The point to take home is that if you are running on one machine [both] local adminstration rights and domain adminstration on a management agent, you're stuffed," the DSD spokesman said. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Wed May 19 2010 - 22:35:39 PDT
This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 22:43:40 PDT