One Ping Only | TechSNAP 133

One Ping Only | TechSNAP 133

Experian gets caught selling your records to identity thieves, hacking a router with a single UDP Packet, the cloud storage service that deletes your files…

And a huge batch of your questions, our answers!

Thanks to:


\"GoDaddy\"


\"Ting\"

Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Experian credit reporting service sold data to identity theft service

  • An identity theft service that sold Social Security and driver\’s license numbers — as well as bank account and credit card data on millions of Americans.
  • Purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.
  • In November 2011, KrebsOnSecurity ran a story about an underground service called Superget.info, a fraudster-friendly site that marketed the ability to look up full Social Security numbers, birthdays, drivers license records and financial information on millions of Americans.
  • Each SSN search on Superget.info returned consumer records that were marked with a set of varying and mysterious two- and three-letter “sourceid:” identifiers, including “TH,” “MV,” and “NCO,” among others.
  • A KrebsOnSecurity reader said the abbreviations matched data sets produced by Columbus, Ohio-based USInfoSearch.com.
  • Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement.
  • Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.”
  • In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.
  • Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.
  • While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.
  • Experian declined multiple requests for an interview. But in a written statement provided to KrebsOnSecurity, Experian acknowledged the broad outlines of Martin’s story and said it had worked with the Secret Service to bring a Vietnamese national to justice in connection with the online ID theft service.
  • Meanwhile, it’s not clear what — if any — trouble Experian may face as a result of its involvement in the identity theft scheme.

Tenda W302R router can be exploited by sending a single UDP packet

  • The Tenda routers use a modified version of the GoAhead web server, popular for embedded platforms
  • The custom version Tenda uses contains a modification, when the web server starts it creates a UDP socket and bind it to port 7329
  • If a packet is received that starts with the string “w302r_mfg”
  • The next byte of the packet indicates what to do with the rest of the packet:
  • ‘e’ – Responds with a pre-defined string, basically a ping test
  • ’1′ – Intended to allow you to run iwpriv commands
  • ‘x’ – Allows you to run any command, as root
  • This means you can exploit this router and gain remote root privileges with nothing more than the netcat command
  • “the backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting”
  • The device also ship with a default WPA key, which you might want to try first
  • Another Researcher found that this exploit exists in many other versions of the Tenda router firmware

Cloud storage service allows strangers to delete your data

  • Box.com is a cloud storage service like Dropbox and others
  • A reporter had an account that he used from time to time to share images with his Editors
  • His wife also used the account, and at one point had invited an employee from a large PR firm to upload a file
  • That PR firm later signed up for a corporate account with box.com
  • Box.com has a feature, called account roll-in, which allows companies to slurp up all of their employees accounts and grant those users the additional capacity and features of the corporate account
  • This feature can also slurp in accounts that have “deep collaborative relationships” with the company
  • So in this case, the reporters account was sucked into the corporate account of the PR firm, even though the relationship was only a single file
  • Later on, the Administrators of the PR firm saw the account they did not recognize, and deleted it
  • Box.com destroyed the account rather than just unrelating it to the PR firm
  • Eventually, Box.com managed to find the Reporters files and return them to him
  • This just goes to show the risk involved with trusting your files to a cloud storage provider

Feedback:

— Allan’s new router unboxing —

Amazon.com: SanDisk Cruzer Fit 16 GB USB Flash Drive SDCZ33-016G-B35: Electronics


Round Up:


Question? Comments? Contact us here!