Tuesday 25 November 2008

Want to stop a hacker? Handcuff them!



Monday 24 November 2008

Tuesday 18 November 2008

I know I hacked your systems, but I was doing you a favour!

This is not strictly a new argument for defending oneself against charges of hacking: a Romanian hacker claims he was doing a favour to the US Department of Energy, NASA and the Navy by highlighting vulnerabilities in their systems. He managed to escape a custodial sentence in Romania, let's see if that argument is also "heard" by US courts...
http://www.theregister.co.uk/2008/11/11/us_navy_hack_sentencing/
Is there some room at Guantanamo Bay still ?

UK Identities are worth £80.- according to a BBC report

Prices range from £5 to £80 depending on how complete the "package" is:
http://news.bbc.co.uk/1/hi/uk/7732569.stm

Friday 24 October 2008

Best patch this one!

It is not often that Microsoft release so-called "Out Of Band" patches, so best apply this one:
http://support.microsoft.com/kb/958644

There are already worms out there exploiting this particular vulnerability:
http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html?_log_from=rss

Thursday 23 October 2008

Mr-T strikes Back


Just reading the ha.ckers blog and a link was given to the Master Reconaissence Tool (MR-T). http://ha.ckers.org/mr-t/. This is an ace tool that can be used for user education to show how much info is leaked just by going on the net!
Crazy Fool!
dD

Monday 20 October 2008

NSA shows us how to write secure code

The Tokeneer project was commisioned by the NSA, and has now been released to the community. The idea is to show that code can be written to comply with the Common Criteria EAL 5:
http://www.adacore.com/home/gnatpro/tokeneer/

Wednesday 24 September 2008

Schneier in print


The Great God Schneier has released his wisdom of the ages upon us once more. This time he's giving you a withering stare on the front cover.
"The closest the security industry has to a rock star" has combined all his essays together for bedtime reading! Now if only I had £20 ($40) to get a signed copy. Does this mean the last page is a hash of the book encrypted using his private key? :)
dD

CSI Stick me baby

This is sooooooo cool, I want one, I want one, gimme, gimme.
http://news.cnet.com/8301-1009_3-10028589-83.html

Now off to practice my slight of hand and magic fingers so I can connect it to phones without people seeing! :)

dD

"Lloyds is Pants" no good enough PWD

This made me laugh, apparently abusing a service provider via your password is not appropriate: http://news.bbc.co.uk/1/hi/england/hereford/worcs/7585098.stm

However, what is more disconcerting is the apparent ability in some cases, for business users only, Employees of Lloyds can read your complete password. This seems somewhat ridiculous as businesses surely would have more money flowing through their accounts than an individual, so would become a richer target! IT MAKES NO SENSE (as Tim Westwood would say).

dD

P.S. Thanks to Schneier

Bad security by design/stupidity

Heads up to the great god schneier for pointing us to this one. Looks like the Tornado Plus encrypted USB drive is the perverbial pile of poo. Check out this rather scathing write up on Tech republic by Tom Olzak.

http://blogs.techrepublic.com.com/security/?p=573&tag=nl.e019

dD

Monday 8 September 2008

What was that you said about physical security?

Only just picked this up from July: The FT and Sainsbury's online store were affected because of a theft of equipment at their ISP's unmanned facility... The ISP is Cable and Wireless and Norwich Union have just signed a big deal with them...
http://www.techworld.com/security/news/index.cfm?newsID=102128

Tuesday 26 August 2008

Red Hat with a Red Face

Unfortunately writing and maintaining open source does not protect one from malicious minds:
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

It sounds like they are doing the "right" thing by revoking old package signing keys and generating new ones.

Wednesday 14 May 2008

Spammers are going to stop doing it...

MySpace wins a payout against spammers but stand no chance of getting the cash:
http://news.bbc.co.uk/1/hi/technology/7399868.stm
This is going to put off a lot of them, and spam is going to stop...

Thursday 24 April 2008

2008 Information Security Breaches Survey

This survey is published every other year, and the results were published at the Infosecurity exhibition in London this week.

The executive summary and the full report can be found here:
http://www.pwc.co.uk/eng/publications/berr_information_security_breaches_survey_2008.html

Phising for big targets: whaling

This time Japan is not involved...
Over 2000 American execs fell victim to a targeted email asking them to appear before a jury regarding a subpoena:
http://www.theregister.co.uk/2008/04/16/whaling_expedition_continues/

Tuesday 22 April 2008

Privilege escalation in Windows

MS released an advisory last week which makes for interesting reading:
http://www.microsoft.com/technet/security/advisory/951306.mspx

Vulnerable version start with XP all the way to Windows Server 2008.

Cool, Evil Tracking Site

Guys, it has been a while!

Anyways just trawling the Internet highways and byways and came across this little Gem,
http://www.team-cymru.org/
The use of the map from xkcd, gets my vote! Plus they have afew security hardening guidelines and other interesting docs.

Well worth a look.

dD

Tuesday 8 April 2008

Welcome Kraken

According to Dambala researchers speaking at the RSA 2008 conference, a new bigger-and-better-than-Storm called Kraken has over 400,000.- machines under its control.

Only 20% of AV products can detect it, and it appears to be very polymorphic and uses obfuscation. The delivery / infection mechanism is a "picture" file with a .exe extension which is not shown.

http://www.darkreading.com/document.asp?doc_id=150292&WT.svl=news1_1

With the constant increase in malware code out there, how long before current AV mechanisms break?

dD

Monday 7 April 2008

HSBC loses customers' data disc with details of 370,000 customers...

HSBC customers should be reassured that "there were no addresses or bank account details", just their names, dates of birth, and levels of insurance cover:
http://news.bbc.co.uk/1/hi/business/7334249.stm

Thursday 3 April 2008

"Superhacker convicted of international cyber crime"

A bit of a cheesy article title from the New Zealand Herald:
http://www.nzherald.co.nz/category/story.cfm?c_id=30&objectid=10501518

"The crimes carry sentences of up to seven years but there are indications he may serve a community-based sentence."

Who says crime does not pay?!

dD

Monday 31 March 2008

Laura Lab Kit v9.0 released

The ISO for the kit can be downloaded here:
http://www.novell.com/connectionmagazine/laurachappell.html
dD loves Laura...

PS3 users watch your wallets...

It looks like some PS3 PLAYSTATION®Store users have had their details compromised. Judging by the number of forum posts to be found by googling a few people have been affected:
http://uk.playstation.com/home/news/articles/detail/item98438/Notice-to-PLAYSTATION%C2%AENetwork-Users/

Get tickets for Euro 2008, get your machine hacked...

The web site euroticketshop.com contains code that will download a trojan to fans wanting to purchase tickets for euro 2008:
http://www.sophos.com/security/blog/2008/03/1226.html

Apple getting worse at patching

Researchers presenting at Blackhat Amssterdam showed that vendors' response to security vulnerabilities indicate that MS is improving whilst Apple is steadily getting worse:
http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf

Thursday 20 March 2008

SIW

dD just cam accross this fantastic tool from Gabriel Topala:
http://www.gtopala.com/

To quote the web site:
"SIW is an advanced System Information for Windows tool that gathers detailed information about your system properties and settings and displays it in an extremely comprehensible manner. SIW can create a report file (CSV, HTML, TXT or XML), and is able to run in batch mode (for Asset Inventory Tracking, Computer (Software and Hardware) Inventory, PC Audit, Software Audit, Software License Compliance Management)."

There is an installer and also a stand alone executable.
There is also functionality similar to SnadBoy (the password revealer) to reveal any password areas. Just click on the Eureka! button. You can change the machine's MAC address, scan the network 'hood, ....

This one is going straight into dD's toolkit. It beats the pants of msinfo in gathering data from a Windows box!

dD

Tuesday 18 March 2008

Hacking smart cards on Vista

Rather than focussing on the chip , Dan Griffin attacks Vista middleware instead:
http://www.darkreading.com/document.asp?doc_id=148438

Respect to IC for this one again.
dD

my kind of captcha

if only all all captchas were this interesting! It works well though and I wonder if it has any merit. It still boils down to multiple choice.

http://www.hotcaptcha.com/

dD

Monday 17 March 2008

TSA Gangstaz

Airport security gangsta rap:
http://www.youtube.com/watch?v=z7AWw7t5zj0

Goolag scanner from cDc

Scanner / auditing Windows application to look for web apps vulnerabilities using Johnny "I hack stuff".
Download it at:
http://goolag.org/download.html

More information available at:
http://www.cultdeadcow.com/cms/main.php3

dD

Secure Mashups from IBM

Shaping the future of secure Ajax mashups:
http://www-03.ibm.com/press/us/en/pressrelease/23676.wss

SMash keeps the code and data from each mashup source separated, and shares the data using a secured communication channel.

Friday 14 March 2008

SNMP Walking

Really interesting experiment from the GNUCitizen folks: 2.5 million random IP addresses were scanned via SNMP, 5320 IP addresses responded including: Windows 2000 Servers returning a list of usernames, BT Voyager router leaking ISP credentials and password, etc...
http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/

Wednesday 12 March 2008

Microsoft Security Vulnerability Research and Defense blog

dD just came accross this blog from MS which seeks to provide more information about security vulnerabilities and be more open:
http://blogs.technet.com/swi/default.aspx

It is mostly contributed to by member of the Secure Windows Initiative team.
dD

Monday 10 March 2008

USB Hacksaw

Useful to have in one's toolkit, especially for those PCs with Autorun on by default, but wait that's quite a few of them :-) Automatically infect Windows boxes, retrieves documents from USB drives plugged into the infected box and securely transmit them to an mail account.

http://wiki.hak5.org/wiki/USB_Hacksaw

There is a demo available.

dD

Sorry we lost your tax return, could you resubmit...

730,000 poor dutch citizens will have to resubmit their tax return after a "glitch" deleted them. Sorry there was no backup either....

http://www.theregister.co.uk/2008/02/29/sorry_we_lost_your_tax_return/print.html

dD

Friday 7 March 2008

Yankee Group 2007-2008 Operating System Reliability Survey

The report itself seems difficult to find, but the article from Mark Joseph Edwards makes for interesting reading. Windows is bottom of the pile...

What has security got to do with reliability? Read on:
http://www.windowsitpro.com/mobile/Article.cfm?ArticleID=98475

Wednesday 5 March 2008

Hacking Windows XP using firewire

Amdam Boileau first demonstrated this two years ago, but decided to release the tool and code.
http://www.stuff.co.nz/4425376a28.html

Adam Boileau's site is below:
http://www.storm.net.nz/projects/16

dD says: respect to IC for bringing this one to his attention.

Tuesday 4 March 2008

Windows Mobile Trojan

An interesting report about a new trojan. Mobile targeted malware has been spoken of for a while now. We have even seen some proof of concepts; but nothing too worrying, so far as these devices have not been as targeted as their desktop cousin:
http://www.us-cert.gov/current/index.html#microsoft_wince_trojan

There are not too many details above, but it appears the trojan is packed with games and even Google Maps. More info at:
http://www.theunwired.net/?item=alert-wince-infojack-sends-unauthorized-information-and-leaves-device-vulnerable

Monday 3 March 2008

'coldboot' - guidance for your users from SANS

Guidance:
http://isc.sans.org/diary.html?storyid=4043

Vendor reactions to the research paper are here:
http://isc.sans.org/diary.html?storyid=4024

SQL Ninja new version

Just come accross a new-ish version of SQL Ninja at:
http://sqlninja.sourceforge.net/
dD

YouTube hijacking by Pakistan Telecom (AS17557)

An interesting account of Pakistan Telecom BGP route advertisement for YouTube's 208.65.153.0/24:
http://www.ripe.net/news/study-youtube-hijacking.html
There is a high-res mp4 video of the event.
dD

GNU Citizen projects

Hi All,
Just had a chance to start trawling through GNUCitizens project list and the are some really interesting ones here.
For a start the Massive Enumeration Toolset sounds really cool.

dD

social engineering

trawling through a back log of RSS feeds, this interesting little nuget was found on gnucitizen about a side attack for social engineering. Using a pki database you can query for email addresses tied to certain keys. the author, pdp, has some demo code up but it appears to not be working. However it is a really neat idea.

http://www.gnucitizen.org/projects/pki-book/

Thursday 28 February 2008

Offline password and registry editor

The tool is is BackTrack, but there is an interesting floppy, CD or USB version:
http://home.eunet.no/~pnordahl/ntpasswd/
It boots quickly and it is straightforward to follow the step by step instructions.

Wednesday 27 February 2008

CAPATCHA Goooooootcha

It looks like gooles capatcha is under attack with a 20% success rate: http://www.websense.com/securitylabs/blog/blog.php?BlogID=174

That's a lot of accounts to send me stock tips or enlargement pill ads. The more interesting thing would be if the bots could do something cool with all that storage! Say that this process is yeilding 1 account per minute, thats 1440 accounts a day and around 525600 accounts a year. With 6Gb of storage space per account that is 3.2 PB of distributed storage.

check out these tools to mount a single account
http://www.sizlopedia.com/2007/08/11/utilities-to-use-gmail-space-as-google-drive/
If they are clever enough to crack the captcha, they should be clever enough to create something that would mount all of these counts together as some sort of distributed file store with redundancy and resiliency.

Cool.

Friday 22 February 2008

What would dD look like


This is dD as a Simpsons character. Have a go yourself at http://www.simpsonsmovie.com

Cool sites

found these, thought they were cool:
GNUCitizen
The Hacker Webzine

please feel free to add more cool links in the comments

Mobile Phone Sniffing: smells kind of cheesey!

Apparently a couple of guys at the black hat conference over in DC have demonstrated a GSM crypto cracking system in 1/2 and hour and $1,000 of storage.
Take me >>
As dD is impoverished and busy attendendance was not an option. However, the good old blackhat folks will be making the whole things available in there archive in a couple of weeks. Groovey!

Cold Hacking: what we leave behind

It seems that DRAM is not so forgetful after all! It would seem that some plucky researchers over at Princeton have demonstrated how to obtain critical cryptographic keys for disk encryption systems such as BitLocker and TrueCrypt by cold booting a system an having a look at what is left in memory.

They even have a video of the talk and a paper. This is another example of side attacks on cryptosystems which the great might big boss Bruce has been mentioning for some time now.

Monday 18 February 2008

iFrames of Doom! So say Google

Google has now made it offical: iFrames are bad for you! Although they have some figures, and graphs to back this up. Time to show your CIO if you have one, or the dustbin man if you don't.

Let the drive by raids commence!
dD

Wireless: Its a threat official!

Friends of dD will already know our disdiain for all things wireless. However it is now official! It would appear though that dD is at odds with the big boss himself Bruce Schneier himself! bummer.

dD

Hack and Trade: US only version

It seems that stealing insider trading info and then trading on it is ok in the US (at the moment). However, deceiving someone to obtain it is illegal! hmm! Fortunately, the Europeans have already sorted this by declaring that trading on insider information - however it is obtained - is illegal.

Go Team US of A!

dD

CISCO's "Security" agent driver's unfortunate buffer overflow...

http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a008090a445.html

"Cisco Security Agent contains a vulnerability when it processes a specially crafted Server Message Block (SMB) packet. This vulnerability can be exploited remotely without authentication and without end-user interaction. Successful exploitation of this vulnerability may allow arbitrary code execution, cause the affected device to crash, or result in a denial of service (DoS) condition. The attack vector for exploitation is through SMB packets using TCP port 139 and TCP port 445."

Friday 15 February 2008

The Onion on security (fun)

It had been a while since I had checked out The Onion, so I am glad to have come accross this:

We Must All Do Our Part To Preserve This Climate Of Fear, by M. Willard Thornton http://www.theonion.com/content/opinion/we_must_all_do_our_part_to?utm_source=onion_rss_daily

Thursday 14 February 2008

Vista "Lite": Strip out the unwanted stuff

http://www.vlite.net/
Useful tool for:
1. Reducing a Vista box's attach surface,
2. Speed up the OS.

There is also a version for Windows XP:
http://www.nliteos.com/

OpenID

The big boys are now playing nice with OpenID, as IBM, Google, Verisign, Microsoft and Yahoo! (soon to be Microhoo! ?) have joined the board:
http://openid.net/

New version of TrueCrypt

This free open-source disk encryption software works on the following platform: Windows Vista/XP, Mac OS X, and Linux!

You can create virtual encrypted disks, encrypt whole partitions AND even the Windows boot/systems drive. So who needs BitLocker??

http://www.truecrypt.org/

Get infected by your anti-virus maker's web site!

This has to be rather embarrasing:
http://annysoft.wordpress.com/2008/02/06/antivirus-company-website-is-infected/
Also covered at The Register:
http://www.theregister.co.uk/2008/02/08/indian_av_site_compromise/
Another case of the evil iFrame striking, but this time from a "security" company...

Should UK parents get compensation from HMRC?

Alternative Dispute Resolution Services is a Newcastle-based legal firm which is offering a £5.99 pack to help pursue a claim against the government for breach of the Data Protection Act. They claim that 14,000 people have registered with them so far.

The pack is available at:
http://www.compensationpack.com/
News coverage is here:
http://www.thisismoney.co.uk/disc-claim

Don't get too excited: the estimated payout is likely to be between £50-£300, which is way below any losses that may be suffered if the data is in the wrong hands. The interesting question though is whether or not the government actually breached the DPA.

Sophos statistics on spam relaying by countries

The USofA are at the top of the list, followed by Russia:
http://www.sophos.com/pressoffice/news/articles/2008/02/dirtydozfeb08.html

Happy Valentine and watch that electronic evidence, just in case...

Electronic evidence is increasingly being used in divorce cases:
http://www.gpsdaily.com/reports/Nation_Top_Divorce_Lawyers_Note_Dramatic_Rise_In_Electronic_Evidence_999.html
Wether it is electronic or not, it is just "evidence" after all. It is interesting to note the use of GPS data: yes we can prove you were there...

Monday 11 February 2008

God Bless America and their border cops!

I hope that I never get stopped with my phone, laptop, cd bag, notebook, flash drives as 20hours of questioning will seem like a holiday! Just one more reason not to go to the leading light of the free world!

I know something you don't know

It seems the vulnerability disclosure is taking on a new slant. All the previous reports I've seen on this subject have largely been about those researchers who disclose vulns get hammered by law enforcement agencies or big companies. However, this one takes on a new twist. RealPlayer11 has a bug and Evgeny Legerov has found it. However, it appears this guy has a group of "customers" who he sells bugs to but won't disclose to the original developer. In the daniweb blog the author discribes this as blackmail. I'm certain it's not blackmail, but ethically it's difficult. But why should I be ethically bound to notify people of their screw ups? Maybe the fact that big companies carry on producing chronic code is because people find their cock ups and tell them about it. Perhaps this new type of militant action by security researchers will start to force a shift in software development as companise will no longer be able to rely on independants working it out for them.

Firefoxed

Firefox 2.0.0.12 is vulnerable out of the box using a directory traversal! Good lord what is happening here!?
http://www.0x000000.com/index.php?i=515
According to the site listin the vulnerability this will allow you to potentially view every file in the Mozilla directory. Solution a) use another browser b)install a plug in!

Most vulnerabilities are delivered by third party plugins on fixed by them!

Friday 18 January 2008

Personal data found on roundabout...

What is going on in the U.K.?
http://news.bbc.co.uk/1/hi/england/devon/7197048.stm
Is it that incidents like these are being reported more openly or that they are occuring more often?

Is there something in the air in the UK?

To quote the article:
"West Midlands police are investigating the theft of a laptop from a Royal Navy officer which held personal details of 600,000 people, it has been confirmed."

However, it is really not much to worry about; there were only a few NI numbers, passport and a few bank details for good measure.

All of that on a laptop kept in a car overnight??
http://news.bbc.co.uk/1/hi/uk/7197045.stm

Monday 14 January 2008

Only 5% of Windows PCs are fully patched?!

Surprising! However Double D cannot help but wonder if:
1. Windows users still have not turned on automatic update or notification,
2. The users who are "generous" enough to submit their personal machine to a scan from a website (not doubting secunia's reputation in any way, but I would not do it...) are probably not going to be patched and "security" aware anyway?!
http://www.theregister.co.uk/2008/01/09/secunia_insecurity_survey/print.html

Tuesday 8 January 2008

Firefox dialog box authentication spoofing

It looks like it is possible to craft a dialog box with a realm value appearing to be from a "trusted" web site:
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

Dear Jeremy Clarkson...

This one shows Jeremy really is in top gear:
http://news.bbc.co.uk/1/hi/entertainment/7174760.stm
The Double D says Jeremy you're a prat!

Is this the 80's? - Deja Vu at its finest!

Holly crap 2008! And this sounds like a considerable amount of fun. http://www2.gmer.net/mbr/
Basically, hack the MBR on any NT based machine hide you code in a few sectors of disk (really hard to delete something that is not a file), execute code before passing control to ntldr, patch the kernel and then you are done pretty much. And all this from the fun park that is userland. I think!

This is straight out of the DOS days. MBR virus' and attacks. Have OS developers learned nothing since the 80's. Get a grip MS people and sort this out!

Cool site tho. Will have to take a look at GMER and let all you wonderfull people know what the double D thinks. I like the way the site actually goes into assembly, it appeals to my inner (and outer) geek.

DD