Two Factor Fail | TechSNAP 35

Two Factor Fail | TechSNAP 35

Find out how some simple Social Engineering skills can earn you $45k, a drug cartel’s private cell network.

Plus: Are there better alternative’s to Windows Small Business server?

All that and more, on this week’s TechSNAP!

Thanks to: Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Free Private Registration

GoDaddy Offer Code: techsnap17

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:


Show Notes:

Clever criminals defeat two-factor authentication using social engineering attack

  • The criminals accessed the mortgage account of a small business owner and made off with $45,000
  • Normally, sending a large sum of money or otherwise transacting with an account you have not done business with before, prompts the bank to engage its two factor authentication system
  • However the criminals managed to port the victims mobile phone number to their own device, causing them, rather than the victim, to receive the two factor authentication code. With this code in hand, they were able to complete the transfer
  • It seems the criminals made calls to the victims home and workplace, gathering information from him, and his family in order to obtain his mobile phone number, and the basic personal data required by the phone company to verify your identity when porting your phone number (usually only your date of birth)
  • The criminals also sent a text message to the victim, purporting to be his mobile provider, telling him they were having network problems, to try to avoid the victim becoming suspicious when not receiving any incoming calls
  • The victim’s bank has covered the $45,000 loss, as is standard practice for online banking fraud in Australia
  • The banks are seeking legislation giving them access to the telcos live database of number porting activities so they can prevent verification codes from being sent to
    recently ported numbers

New browser cache sniffing attack

  • The new attack allows a website to determine if you have been to specific other websites with a reasonable level of certainty
  • Unlike the older css :visited attacks that levered the browser’s history, the new attack leverages the browser cache. Previous attacks based on this same concept were unreliable because they were destructive, meaning, they caused the url they were probing to be cached, such that if you ran the test twice, it would then return a false positive.
  • The proof of concept creates an iframe pointing to about:blank, then, the javascript changes the source of the iframe to point it to the url it wants to test, If the browser does not instantly return the object from the cache, the source is changed back before navigation can be completed, and a cache miss is recorded. This method allows the script to determine if you have been to the site, without actually loading the site and causing it to be cached.
  • The test does not work against the actual page url, like, but rather cachable objects, such as the CSS files or graphical logo of the site, that are generally cached got long periods of time.
  • This means the tool must constantly be updated as the target sites change their designs
  • There is currently no known resolution to this issue, save for disabling caching, however this is very detrimental to your web browsing performance

Mexican government shuts down Zeta’s private communications network

  • The Mexican military has completed an operation to shutdown a communications network along Mexico’s norther border. The network was used by drug runners to communicate and to track government security forces
  • The military confiscated more than 1,400 radios, 2,600 cell phones and other computer equipment
  • The equipment was often painted green and brown to camouflage it
  • The Mexican government says that this will be a severe blow to the drug runners, as they will no longer be able to track the activities of government security forces working against them
  • The estimated value of the equipment was $350,000
  • This raises the question, could a community effort create a private communications network spanning a large metro area that cheaply, and drive business away from the monopolistic telcos

Intel and Micron announce new 20nm 16gb (128 gigabit) NAND flash chips

  • The new smaller die size did not come with a reduction in the expected lifetime of the flash chips, unlike previous die shrinks

  • Intel attributes this to the use of a Hi-K/metal gate design, the first time this process has been used for NAND flash production

  • These new larger chips mean that we can expect to see SSDs with up to 2TB of capacity coming in the near future. IMFT (Intel Micron Flash Technologies) has already started mass producing 64 gigabit versions of the new chips

  • The 64Gbit chips use a page size of 8,192 bytes, whereas the 128Gbit dies will use 16,384 bytes. This means controllers and firmware and OSs will need to be updated to accommodate the new page sizes

  • The 128Gbit chips will also use the new ONFi 3 interface, allowing 333 MegaTransfers/sec instead of the 200 MT/s of ONFi 2


  • Q: EasyBreeze writes: I was wondering what the songs are you play as the themes for the TechSNAP roundup and feedback?

  • A: The intro and outro theme music was composed by Chris, and is a simple combination of a few stock clips. The feedback (Snap) and the round up (Disorganized Fun) are tracks created, and used by with permission from Ronald Jenkees

  • Q: Having worked as an IT Consultant for years on the Windows side of things, I am very well versed in Microsoft technology. What are my options for open source alternatives to a windows small business server.

  • A:

  • Samba 3
    • Can emulate a Windows NT 4 type domain controller
    • Works (barely) with Windows XP, I’ve not tried to do it with Vista or 7
    • Uses OpenLDAP to store the objects
    • Can only be managed using the Windows NT tools (not the tools that come built in to XP)
    • Allan used a system based on this setup to allow users to login to windows machines using the username and password they had created on our website for an Internet Cafe
    • 389 Directory Server (Open Source LDAP)
  • Samba4
    • Can emulates a full windows 2008 domain controller
    • Provides integration with bind 9 for full AD DNS
    • Build in LDAP with AD Schema to store the objects
    • Internal Kerberos server for authentication
  • Both of these are solutions are quite hacky, and really are not great solutions.

  • You can outsource or cloud source things like exchange servers

  • BizSpark licensing

Round Up:

Thanks to the TechSNAP Subreddit!

Holiday Reading:

[asa default]0307269930[/asa]

Question? Comments? Contact us here!