Xyberpix's Insanity

Exciting Times!

2010-09-28T08:25:00.000+01:00

Wow! I just had a look at this blog and realized that the last time I wrote anything was back in May this year. Things have been rather manic and interesting these last few months, I have been blogging, just not here. All the blogging that I've done lately has been for SecuriTeam, if you've never read any of the articles on the SecuriTeam site, now is a good time to start.

From my side, I probably won't be updating this blog as often as I'd like to going forward, as I have some really interesting news. I've now finished with the company that I was working for, 6 years is a long time to be working for someone, and now it's time for something new.

The "something new" is what I'm really excited about, I've decided to try my hand at a start-up again, now anyone who knows me will know that some of my best working times have been at start-ups, so I'm going to be doing that all over again. Only this time, with a bit of a difference, you see the start-up in question this time is mine.

If you haven't seen it yet, check out IT Security Geeks. This is my new pet project and we have some really exciting things coming to the site, but be sure to check the site regularly for updates. I'll also be spending a fair amount of time updating the IT Security Geeks blog with any relevant news as well, and all going well there should be a fair bit of interesting news.

The thought process behind starting IT Security Geeks went something along the lines of the following:

Why is it that a lot of IT Security consultancies(including the Big 4) never do things right?

Why is it that consultants never listen and deliver exactly what is required of them?

Why the hell are they so damn expensive, for not much work?

Why is it that every security consultancy wants to come in and change the way that we do business? We understand that they know security, but they don't understand our business model.

We wondered if we could change all those things, and deliver a truly client focused security experience, and that's how IT Security Geeks was born.

So keep an eye on the web site and keep checking the blog for updates.

As always all comments are welcome.

Good Books on Wireless Security

2010-05-21T01:20:00.000+01:00

Following on from my previous post, I'd just like to recommend a few decent books for anyone interested in wireless security.

So here you go, I can personally vouch that they are all a worthwhile read, and if you're going to buy any, please click through. TIA

Backtrack WiFu and the OSWP certification

2010-05-21T01:08:00.001+01:00

So, I've been playing with wireless networks for a few years now, as have most people.
However I think that our definitions of playing may vary somewhat, my idea of playing, is setting up a wireless network, and breaking into it. Yeah I'm a geek, but hey, I can't help it if I get excited about high powered wireless cards, or directional antenna's.

So it should come as no suprise to those who know me, that something like Offensive Security's Backtrack WiFu course would grab my attention, and that it did. Granted it may have taken me a while to get around to actually doing the OSWP challenge, what can I say, life gets in the way sometimes.

I'm kind of at a loss for words on where to start on this one to be honest, yes I know that I wrote an article on this one for SecuriTeam blogs, but this one is a bit more personal. For starters I would say that this should be a pre-requisite course for anyone learning wireless network penetration testing, and anyone involved in networking and planning on deploying a wireless network in the near future. If I had my way, I'd even pay for my my friends to do this course and take the challenge, it really is that good! I know a lot of people that work in the IT industry, and well going round their houses, and seeing that they're running a wireless network named "Netgear", and encrypted with WEP drives me nuts!

The course is amazing value for $350, which in the UK currently equates to £243, which for a training course of this stature is well worth the money. To be honest, it's worth a lot more. Damn, all TJ Maxx networking and security staff should be forced to pass the challenge for this one!

So what's the course cover then?

It starts off with the terms and concepts of wireless networking, which is not the easiest to get through, but this is the stuff that you need to know if you want to be any good at wireless security and at deploying wireless networks. Trust me, getting through this section of the material may be tough, but it's a hell of a lot easier that reading RFC's. To anyone taking the course, make sure that you understand the concepts thoroughly before you move on.

You then dive into what I like to refer to as the "fun stuff", the Aircrack-ng suite of tools, and how you can use these to crack WEP and WPA, replay packets onto the network, deauthenticate clients, and so on. Other extremely useful tools are also covered in the course, so bear in mind that this is a wireless security course and not just an Aircrack-ng course.

I read through the help files and man pages for the Aircrack-ng suite, and I was able to use them to get the job done before I took this course, now I feel that I have truly mastered them.

The courseware is presented in an easy to understand format, you get a PDF and video training, and they compliment each other perfectly. There is always someone available for help should you need it in the #offsec channel on the Freenode servers, so you have all the support you could ask for, even that of past and present students.

The challenge itself is way too much fun, even though you feel the exam type of pressure, you still end up loving it. Challenge is the correct word for it though, and I would recommend that you purchase the recommended hardware and practice until you can do all that you've learned in you sleep.

If you want to learn about securing and cracking wireless networks, this is THE course!

I'm looking forward to taking the next step in Offensive Security training, which is the CTP course, as if the last two have been anything to go by, it's going to be damn tough, and I'm going to love every minute of it!

To the guys at Offensive Security, thank you, and to Muts, thank you (you know what for)

Later world, time for sleep.

Details of Web App Vulnerabilities Removed

2010-02-23T07:42:00.000Z

Hey all,

Just to let you know I've removed all the details of the vulnerabilities identified on the following sites:

www.bt.com
www.nhs.uk
www.sony.com
www.three.co.uk
www.linksys.com

Window Of Vulnerability (courtesy of OWASP TGv3)

2010-02-15T22:18:00.000Z

The Web Application Hacker's Handbook: A book that that every penetration tester should have on their desk!

2010-02-05T12:25:00.003Z

I've been meaning to write a review on this book for a while now, and I just never seem to be able to get around to it for some reason.

To be honest, if you're into web application hacking, then I'm pretty sure that you've probably already purchsed this tome of knowledge, if you haven't, what are you waiting for?

This covers a lot of the intricacies of web application penetration testing, and really has proved to be an invaluable resource to me. Let's put it this way, I actually have 2 copies, one for the office and another for home.

This is also an amazing read for any web application developers, as it shows you the kind of things to look out for, and how to mitigate against them, thus you help us to help you!

In the interest of full disclosure

2010-02-05T12:02:00.003Z

Over the next couple of days I will be publicly releasing the information and screenshots of some XSS vulnerable sites that I identified and notified at the beginning of January. Some of these have now been fixed, and others have ignored my e-mails and LinkedIn contact attempts. So I will be naming, shaming and sharing all the gory details in the next few days! --Full disclosure is responsible disclosure

Just realized that if I am going to get anywhere, I need a new website

2010-01-06T19:43:00.000Z

So watch this space, as over the next few weeks, I'm going to be completely redesigning xyberpix.com.

Once the site is redone, I will update here, so please feel free to post comments.

Full Disclosure Policy 2.0

2010-01-06T19:41:00.001Z

Okay so for the last couple of days, I’ve spent what feels like a lifetime trying to track down the relevant people to report some various web application security vulnerabilities, and it’s been a living hell!

I’m posting this, so that hopefully someone will read this from a vendor, and realise the way that things are supposed to work. This work is originally posted here .

—————————————————————————————————-

////// Full Disclosure Policy (RFPolicy) v2.0 //////
This policy is available at http://www.wiretrip.net/rfp/policy.html

\\ Executive overview for vendors and software maintainers \\

This policy states the ‘guidelines’ that an individual intends to follow. You basically have 5 days (read below for the definitions and semantics of what is considered a ‘day’) to return contact to the individual, and must keep in contact with them *at least* every 5 days. Failure to do so will discourage them from working with you and encourage them to publicly disclose the security problem.

This policy is not set in stone—in fact, it is encouraged that all parties regularly communicate with each during the process, adjusting as situations arise.

\\ Table of contents \\

Purpose of this policy

Policy definitions

Policy

Detailed/commented explanation of policy

Difference between version 1 and version 2 of RFPolicy

RFPolicy FAQ

Using this policy

Credits
\\ Purpose of this policy \\

This policy exists to establish a guideline for interaction between a researcher and software maintainer. It serves to quash assumptions and clearly define intentions, so that both parties may immediately and effectively gauge the problem, produce a solution, and disclose the vulnerability.

First and foremost, a wake-up call to the software maintainer: the researcher has chosen to NOT immediately disclose the problem, but rather make an effort to work with you. This is a choice they did not have to make, and a choice that hopefully you will respect and accept accordingly.

The goal of following this policy, above all else, is education:

Education of the vendor to the problem (ISSUE, as defined below).

Education of the researcher on how the vendor intends to fix the problem, and what caveats might cause a solution to be delayed.

Education of the community of the problem, and hopefully a resolution.
With education, through continued communication between the researcher and software maintainer, it allows both parties to see where the other one is coming from. Coupled with compensation*, the experience is then beneficial to the researcher, vendor, and community. Win/win/win for everybody. :)

(*Compensation is meant to include credit for discovery of the ISSUE, and perhaps in some cases, encouragement from the vendor to continue research, which might include product updates, premier technical subscriptions, etc. Monetary compensation, or any situation that could be misconstrued as extortion, is highly discouraged.)

\\ Policy definitions \\

The ISSUE is the vulnerability, problem, or otherwise reason for contact and communication.

The ORIGINATOR is the individual or group submitting the ISSUE.

The MAINTAINER is the individual, group, or vendor that maintains the software, hardware, or resources that are related to the ISSUE.

The DATE OF CONTACT is the point in time when the ORIGINATOR contacts the MAINTAINER.

All dates, times, and time zones are relative to the ORIGINATOR.

A work day is generally defined in respect to the ORIGINATOR.
\\ Policy \\

New Adobe 0-Day Added To Metasploit

2009-12-16T00:38:00.001Z

via HDM's Twitter feed:

Adobe PDF 0.9-day added to Metasploit: [msf> use exploit/windows/fileformat/adobe_media_newplayer.rb] (via jduck/pusscat/myself) SVN r7881

Next Target Acquired - Twitter

2009-08-20T20:53:00.002+01:00

So, I'm going on holiday in a little while and will be afk for about 3 weeks, and I can't wait. In the interim though, I have decided to focus my sites on a new target, with a hope of finding something new and fun, namely Twitter. I'll update if I do manage to find anything interesting, and I hope that they're response is as good as Facebook's if of course I find anything.

Facebook and responsible disclosure

2009-08-20T20:50:00.002+01:00

Okay, so a few nights ago, I decided to spend some time finding some vulnerabilities on Facebook, and lo and behold, I found one. Once I managed to find a contact for the security team at Facebook, I dropped then an e-mail on what I found, and I got a response the same evening. All I can say on the topic of a quick response from a company in response to Facebook is WOW! These guys really are serious about security. I was planning on publishing the details on what I found over at SecuriTeam, but I have decided against it, purely because of the response that I received from Facebook. Thank you Facebook, you have restored my faith in social networking. A huge thanks to Gerry.Eisenhaur and Technocrat for their help in testing, couldn't have done this without you guys.

SQL Injection Cheat sheet

2009-08-12T00:22:00.001+01:00

SQL Injection cheat sheet
[From SQL Injection Cheat sheet: Esp: for filter evasion - by RSnake]

----------------

Been meaning to blog this one for a while, hope it helps someone out.

Pirate Party UK - The party is registered!

2009-08-12T00:19:00.000+01:00

The party is registered! Submitted by Andy_R on 11 August 2009 The long-awaited news has finally arrived, the Pirate Party UK is now officially registered as a political party! This means we can raise funds, have Pirate Party Candidates at the next general election, and do all the other things that political parties do. Getting to this stage has been a long process, we've had to elect officers, raise funds, fill out forms, meet with some (very helpful) people at the Electoral Commission, and learn far more about electoral law and the special party funding rules that apply to Gibraltar than any same person would ever want to. Andrew Robinson, Party Leader and Eric Priezkalns, Party Treasurer at the Electoral Commission offices in Westminster. Andrew Robinson, Party Leader and Eric Priezkalns, Party Treasurer at the Electoral Commission offices in Westminster. Now the party can really start. It's time for us to tell the world that we exist, to recruit members, raise funds and gear up to fight the General Election. The officers and web team have built the framework that the party needs to get going, now it's time for YOU to make things happen. Join the party, tell the media about the party,tell your friends about the party, take part in policy and news debates on the forum, join our Facebook group, donate or set up a regular payment to provide financial support, set up a branch in your constituency, school or workplace, join the specialist workings groups for members with key skills like lawyers and journalists and volunteer to take part in canvassing and campaigning in your constituency at the general election... The success of Britain's newest party depends on you, the members!
[From Pirate Party UK - Blog - The party is registered!]

Half A Million Intercepts of Communications Data in 2008

2009-08-12T00:11:00.000+01:00

Via eff.org

This week, the United Kingdom's Interception of Communications commissioner, Sir Paul Kennedy, announced his latest statistics for Britain's phone and email surveillance systems, to generally shocked responses by the British Public. In 2008, law enforcement, local authorities and the secret services in that country demanded "communication data" — the "who, how, when and where", but not the actual content of messages — 504,073 times. That's 1,381 times a day; or one inquiry every year for every 78 people in the UK.

Sir Kennedy's report is, in many ways, all the public oversight these half a million requests get.
In the United Kingdom, there is no judicial review of these requests; law enforcement together with the Information Commission regulate their own regime, and are bound only to a government "code of conduct".

Communications data continues to be viewed by lawmakers as non-invasive and therefore not regarded as requiring strict regulation, despite the growing range of personal information that can now be revealed by a communications data intercept request. These orders can reveal lists of websites visited, email headers, name and address lookups, and, perhaps most controversially, the real-time location of a particular mobile telephone.

Such a breadth of information so readily available make these intercepts increasingly tempting for law enforcement; modern technology makes them far easier to capture and process en masse; and with no probable cause or other conditions on obtaining such data, these numbers will keep rising. To guard against the misuse of these invasive powers, we need more than just aggregate statistics presented at the end of the year. Across the world, these frequent invasions of privacy need full judicial oversight, once case at a time.

-----------------

This has got to stop soon!

Linux SCTP Vulnerability

2009-04-30T23:18:00.001+01:00

Well, what's to say really?

Code here.

Plan To Monitor All Internet Usuage

2009-04-27T22:01:00.001+01:00

From the BBC

Communications firms are being asked to record all internet contacts between people as part of a modernisation in UK police surveillance tactics.

The home secretary scrapped plans for a database but wants details to be held and organised for security services.

The new system would track all e-mails, phone calls and internet use, including visits to social network sites.

The Tories said the Home Office had "buckled under Conservative pressure" in deciding against a giant database.

Announcing a consultation on a new strategy for communications data and its use in law enforcement, Jacqui Smith said there would be no single government-run database.

But she also said that "doing nothing" in the face of a communications revolution was not an option.

The Home Office will instead ask communications companies - from internet service providers to mobile phone networks - to extend the range of information they currently hold on their subscribers and organise it so that it can be better used by the police, MI5 and other public bodies investigating crime and terrorism.

Ministers say they estimate the project will cost £2bn to set up, which includes some compensation to the communications industry for the work it may be asked to do.

"Communications data is an essential tool for law enforcement agencies to track murderers, paedophiles, save lives and tackle crime," Ms Smith said.

"Advances in communications mean that there are ever more sophisticated ways to communicate and we need to ensure that we keep up with the technology being used by those who seek to do us harm.

"It is essential that the police and other crime fighting agencies have the tools they need to do their job, However to be clear, there are absolutely no plans for a single central store."

Computer Spies Breach Fighter-Jet Project

2009-04-21T22:16:00.001+01:00

This just scares the hell out of me, but at the same time, it makes me really glad that I'm working in this industry.

------------------------------

Via Washington Post

WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.

The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad.

Attacks like these -- or U.S. awareness of them -- appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going."

Many details couldn't be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren't able to access the most sensitive material, which is stored on computers not connected to the Internet.

Former U.S. officials say the attacks appear to have originated in China. However it can be extremely difficult to determine the true origin because it is easy to mask identities online.

A Pentagon report issued last month said that the Chinese military has made "steady progress" in developing online-warfare techniques. China hopes its computer skills can help it compensate for an underdeveloped military, the report said.

The Chinese Embassy said in a statement that China "opposes and forbids all forms of cyber crimes." It called the Pentagon's report "a product of the Cold War mentality" and said the allegations of cyber espionage are "intentionally fabricated to fan up China threat sensations."

The U.S. has no single government or military office responsible for cyber security. The Obama administration is likely to soon propose creating a senior White House computer-security post to coordinate policy and a new military command that would take the lead in protecting key computer networks from intrusions, according to senior officials.

The Bush administration planned to spend about $17 billion over several years on a new online-security initiative and the Obama administration has indicated it could expand on that. Spending on this scale would represent a potential windfall for government agencies and private contractors at a time of falling budgets. While specialists broadly agree that the threat is growing, there is debate about how much to spend in defending against attacks.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into. The Air Force has launched an investigation.

Pentagon officials declined to comment directly on the Joint Strike Fighter compromises. Pentagon systems "are probed daily," said Air Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman. "We aggressively monitor our networks for intrusions and have appropriate procedures to address these threats." U.S. counterintelligence chief Joel Brenner, speaking earlier this month to a business audience in Austin, Texas, warned that fighter-jet programs have been compromised.

Foreign allies are helping develop the aircraft, which opens up other avenues of attack for spies online. At least one breach appears to have occurred in Turkey and another country that is a U.S. ally, according to people familiar with the matter.

Joint Strike Fighter test aircraft are already flying, and money to build the jet is included in the Pentagon's budget for this year and next.

Computer systems involved with the program appear to have been infiltrated at least as far back as 2007, according to people familiar with the matter. Evidence of penetrations continued to be discovered at least into 2008. The intruders appear to have been interested in data about the design of the plane, its performance statistics and its electronic systems, former officials said.

The intruders compromised the system responsible for diagnosing a plane's maintenance problems during flight, according to officials familiar with the matter. However, the plane's most vital systems -- such as flight controls and sensors -- are physically isolated from the publicly accessible Internet, they said.

The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, according to people who have been briefed on the matter. Lockheed Martin is the lead contractor on the program, and Northrop Grumman Corp. and BAE Systems PLC also play major roles in its development.

Lockheed Martin and BAE declined to comment. Northrop referred questions to Lockheed.

The spies inserted technology that encrypts the data as it's being stolen; as a result, investigators can't tell exactly what data has been taken. A former Pentagon official said the military carried out a thorough cleanup.

Fighting online attacks like these is particularly difficult because defense contractors may have uneven network security, but the Pentagon is reliant on them to perform sensitive work. In the past year, the Pentagon has stepped up efforts to work with contractors to improve computer security.

Investigators traced the penetrations back with a "high level of certainty" to known Chinese Internet protocol, or IP, addresses and digital fingerprints that had been used for attacks in the past, said a person briefed on the matter.

As for the intrusion into the Air Force's air-traffic control systems, three current and former officials familiar with the incident said it occurred in recent months. It alarmed U.S. national security officials, particularly at the National Security Agency, because the access the spies gained could have allowed them to interfere with the system, said one former official. The danger is that intruders might find weaknesses that could be exploited to confuse or damage U.S. military craft.

Military officials declined to comment on the incident.

In his speech in Austin, Mr. Brenner, the U.S. counterintelligence chief, issued a veiled warning about threats to air traffic in the context of Chinese infiltration of U.S. networks. He spoke of his concerns about the vulnerability of U.S. air traffic control systems to cyber infiltration, adding "our networks are being mapped." He went on to warn of a potential situation where "a fighter pilot can't trust his radar."

Blackout Europe

2009-04-20T20:36:00.001+01:00

Everyone really needs to help out on this one, the link to the website can be found here.

Please take action!

---------------------------

The European open internet is under imminent threat

URGENT - VOTING IN EU PARLIAMENT 5th of MAY 2009

Don't let the EU parliament lock up the Internet! There will be no way back!

Act now!

Internet access is not conditional

Everyone who owns a website has an interest in defending the free use of Internet... so has everyone who uses Google or Skype... everyone who expresses their opinions freely, does research of any kind, whether for personal health problems or academic study ... everyone who shops online...who dates online...socialises online... listens to music...watches video...

The internet as we know it is at risk because of proposed new EU rules going through end of April. Under the proposed new rules, broadband providers will be legally able to limit the number of websites you can look

at, and to tell you whether or not you are allowed to use particular services. It will be dressed up as ‘new consumer options' which people can choose from. People will be offered TV-like packages - with a limited

number of options for you to access.

It means that the Internet will be packaged up and your ability to access and to put up content could be severely restricted. It will create boxes of Internet accessibility, which don't fit with the way we use it today. This is because internet is now permitting exchanges between persons which cannot be controlled or "facilitated" by any middlemen (the state or a corporation) and this possibility improves the citizen's life but force the industry to lose power and control. that's why they are pushing governments to act those changes.

The excuse is to control the flow of music, films and entertainment content against the alleged piracy by downloading for free, using P2P file-sharing. However, the real victims of this plan will be all Internet users and the democratic and independent access to information, culture goods.

Think about how you use the Internet! What would it mean to you if free access to the Internet was taken away?

These days, the Internet is about life and freedom. It's about shopping, booking theatre tickets ... holidays, learning, job-seeking, banking, and trade. It's also about the fun things - dating, chatting, invitations, music, entertainment, joking and even a Second Life. It is a tool to express ourselves, to collaborate, innovate, share, stimulate new business ideas, reach new markets - thrive without middlemen..

Just think - what's your web address? Unless people have that address in their "package" of regular websites - they won't be able to find you. That means they can't buy, or book, or register, or even view you online. Your business won't be able to find niche suppliers of goods - and compare prices. If you get any money at all from advertising on your site, it will diminish. Yes, Amazon and a select few will be OK, they will be the included in the package. But your advertising on Google or any other website, will be increasingly worthless. Skype could be blocked. (As it is in Germany in the use from iPhone, already). Small businesses could literally disappear, especially specialist, niche or artisan businesses.

If we don't do something now - we could lose free and open use of the internet. Our freedom (of choice in information, market, culture, pleasure) will be curtailed. The EU proposals hold an enormous risk for our future. They are about to become Law - and will be virtually impossible to reverse. People (even the members of the European Parliament who are voting on it) don't really seem to understand the full implications and the legal changes are wrapped up in something called "Telecoms Package" which lulls people into thinking it is just about industry.

However, in reality, hiding from public view, the amendments are about the way the Internet will operate in future! Text that expresses your rights to access and distribute content, services and applications, is being crossed out. And the text that is being brought in, says that broadband providers must inform you of any limitations, or restrictions to your broadband service. Alternative versions use the word ‘conditions' - and it is seriously being proposed that you will be told the conditions of use of Internet services. This is made to sound good - it is dressed up as ‘transparency' - except that of course it means that the broadband providerwill have the legal right restrict your access or impose conditions,otherwise why would they need tell you? If the Telecoms Package amendmentsare voted in, the changes will not be reversible.

We all have a stake in the Internet! You need to act now to save it!

What can you do about it?

Tell the European Parliament to vote against conditional access to the Internet! Remind them that they need your vote in June and that internet still give us the tools to be watching and judging what they are doing! (link a la quadrature du net) You must know you are not alone: hundreds of organizations are working on that and thousands of people have already contact their parliamentarians about this issue.

So, act now:

1 - Email, write to or phone your MEP - follow this link to get theirdetails - a suggested template letter is attached. You can also use the following software that send the letter directly to all the parliamentarians. Believe, they will really receive it and they will really feel the pressure. You are welcome to personalize the letter and include information that will make MEPs wake up, take note and take appropriate action.

2 - Forward this email to everyone you know so that they can take action.

3 - Syndicate this page so that you keep been informed: disinformation is what they count on, we must be aware. Text for people to cut and paste to MEP: The coalition version needs to have instructions for people from each country. coalition members need to get a translated version online in their own languages and link to the LQ site for their own MEPs.

The Hacker Manifesto

2009-04-19T03:01:00.001+01:00

The time to post this one just seems fitting all things considered recently, for those of you that remember this one, drop me a line, let's catch up somewhere.

-------------------------------------

The Hacker Manifesto

+++The Mentor+++

Written January 8, 1986

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

Pirate Bay Verdict Guilty!! -- WTF???

2009-04-17T14:25:00.003+01:00

This is wrong on so many levels! Via Torrentfreak Just minutes ago the verdict in the case of The Pirate Bay Four was announced. All four defendants were accused of ‘assisting in making copyright content available’. Peter Sunde: Guilty. Fredrik Neij: Guilty. Gottfrid Svartholm: Guilty. Carl Lundström: Guilty. The four receive 1 year in jail each and fines totaling $3,620,000. While only a few weeks ago, it seems like an eternity since the trial of The Pirate Bay Four ended and the court retired to consider its verdict. The prosecution claimed that the four defendants were ‘assisting in making copyright content available’ and demanded millions of dollars in damages. The defense did not agree, and all pleaded not guilty - backed up by the inimitable King Kong defense. Today, Friday April 17, the court issued its decision: article continuously updated “The court has found that by using Pirate Bay’s services there has been file-sharing of music, films and computer games to the extent the prosecutor has stated in his case,” said the district court. “This file-sharing constitutes an unlawful transfer to the public of copyrighted performances.” brokep Peter Sunde (born September 13, 1978) alias ‘brokep’: Verdict: Guilty - 1 year in prison, damages to pay: $905,000 Peter Althin, brokep’s lawyer said, “I spoke to Peter and he wasn’t very surprised. A journalist he’d spoken to knew an hour before it was public that all four would be convicted. The verdict was leaked from the court. I have to think about what effects that can have on the sentence. It is unacceptable that the court is leaking.” TiAMO Fredrik Neij (born April 27, 1978) alias ‘TiAMO’: Verdict: Guilty - 1 year in prison, damages to pay: $905,000 ‘ ‘ ‘ ‘ Anakata Gottfrid Svartholm (October 17, 1984) alias ‘Anakata’: Verdict: Guilty - 1 year in prison, damages to pay: $905,000 Anakata’s lawyer Ola Salomonsson said, “We’re appealing. It’s very surprising that the court has chosen to treat the accused as a team.” Carl Lundstrom Carl Lundström (born April 13, 1960) Verdict: Guilty - 1 year in prison, damages to pay: $905,000 ‘ ‘ ‘ ‘ The court said that the four defendants worked as a team, were aware that copyrighted material was being shared using The Pirate Bay and that they made it easy and assisted the infringements. It categorized the infringements as ’severe’. The judge said that the users of The Pirate Bay committed the first offense by sharing files and the four assisted this. While the court did not agree with the plaintiff’s exaggerated estimates of losses, it still set the damages at 30 million SEK ($3,620,000). This a hugely significant amount and the court has ordered that the four should pay this amount between them. The judge also stated that the usage of BitTorrent at The Pirate Bay is illegal. Rest assured, other torrent sites hosted in Sweden will be keeping a close eye on developments. The defense put it to the judge that he had folded under intense political pressure. The judge denied this stating that the court made its decision based on the case presented. At one point the judge was asked if he was concerned for his personal safety after handing down this decision. The judge said he hadn’t received any harassment and was quite surprised at the question. While the judge won’t be getting any flowers for this verdict, Roger Wallis who spoke in favor of The Pirate Bay at their trial and received a mountain of floral tributes in return, noted, “This will cause a flood of court cases. Against all the ISPs. Because if these guys assisted in copyright infringements, then the ISPs also did. This will have huge consequences. The entire development of broadband may be stalled.” Peter Sunde has already explained that this decision does not mean the end of the line in this case. There will be an appeal which means we are still far away from the ultimate decision - possibly years away. Any appeal from either side must be submitted to Sweden’s higher Court by 9th May 2009. Rasmus Fleischer, one of the founders of Piratbyrån commented, “The sentence has no formal consequence and no juridical value. We chose to treat the trial as a theater play and as such it’s been far better than we ever could have believed.” As for the fate of the site, Peter has already promised that The Pirate Bay will continue. The site itself was never on trial, only the four individuals listed above. This is a breaking news story, please check back frequently for updates.

PIN Crackers Nab Holy Grail of Bank Card Security

2009-04-15T15:05:00.001+01:00

From Wired.com Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches. The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States. "We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks." The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side. But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process. Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers." But until now, no one had confirmed that thieves were actively cracking PIN encryption. Sartin, whose division at Verizon conducts forensic investigations for companies that experience data breaches, wouldn't identify the institutions that were hit or indicate exactly how much stolen money was being attributed to the attacks, but according to the 2009 Data Breach Investigations report, the hacks have resulted in "more targeted, cutting-edge, complex, and clever cybercrime attacks than seen in previous years." "While statistically not a large percentage of our overall caseload in 2008, attacks against PIN information represent individual data-theft cases having the largest aggregate exposure in terms of unique records," says the report. "In other words, PIN-based attacks and many of the very large compromises from the past year go hand in hand." Although there are ways to mitigate the attacks, experts say the problem can only really be resolved if the financial industry overhauls the entire payment processing system. "You really have to start right from the beginning," says Graham Steel, a research fellow at the French National Institute for Research in Computer Science and Control who wrote about one solution to mitigate some of the attacks. "But then you make changes that aren't backwards-compatible." PIN hacks hit consumers particularly hard, because they allow thieves to withdraw cash directly from the consumer's checking, savings or brokerage account, Sartin says. Unlike fraudulent credit card charges, which generally carry zero liability for the consumer, fraudulent cash withdrawals that involve a customer's PIN can be more difficult to resolve since, in the absence of evidence of a breach, the burden is placed on the customer to prove that he or she didn't make the withdrawal. Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs. Sartin says the latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper-resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur. According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. "Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device." Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network. Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction. During that period, the data is briefly held in the system's memory in unencrypted form. Sartin says some attackers have created malware that scrapes the memory to capture the data. "Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability." He says the stolen data is often stored in a file right on the hacked system. "These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system." Information about how to conduct attacks on encrypted PINs isn't new and has been surfacing in academic research for several years. In the first paper, in 2003, a researcher at Cambridge University published information about attacks that, with the help of an insider, would yield PINs from an issuer bank's system. The paper, however, was little noticed outside academic circles and the HSM industry. But in 2006, two Israeli computer security researchers outlined an additional attack scenario that got widespread publicity. The attack was much more sophisticated and also required the assistance of an insider who possessed credentials to access the HSM and the API and who also had knowledge of the HSM configuration and how it interacted with the network. As a result, industry experts dismissed it as a minimal threat. But Steel and others say they began to see interest for the attack research from the Russian carding community. "I got strange Russian e-mails saying, Can you tell me how to crack PINs?" Steel recalls. But until now no one had seen the attacks actually being used in the wild. Steel wrote a paper in 2006 that addressed attacks against HSMs as well as a solution to mitigate some of the risks. The paper was submitted to nCipher, a British company that manufactures HSMs and is now owned by Thales-eSecurity. He says the solution involved guidelines for configuring an HSM in a more secure manner and says nCipher passed the guidelines to customers. Steel says his solution wouldn't address all of the types of attacks. To fix the problem, would take a redesign. But he notes that "a complete rethink of the system would just cost more than the banks were willing to make at this time." Thales-eSecurity is the largest maker of HSMs for the payment-card and other industries, with "multiple tens of thousands" of HSMs deployed in payment-processing networks around the world, according to the company. A spokesman said the company is not aware of any of the attacks on HSMs that Sartin described, and noted that Thales and most other HSM vendors have implemented controls in their devices to prevent such attacks. The problem, however, is how the systems are configured and managed. "It's a very difficult challenge to protect against the lazy administrator," says Brian Phelps, director of program services for Thales-eSecurity. "Out of the box, the HSMs come configured in a very secure fashion if customers just deploy them as is. But for many operational reasons, customers choose to alter those default security configurations — supporting legacy applications may be one example — which creates vulnerabilities." Redesigning the global payment system to eliminate legacy vulnerabilities "would require a mammoth overhaul of virtually every point-of-sale system in the world," he says. Responding to questions about the vulnerabilities in HSMs, the PCI Security Standards Council said that beginning next week the council would begin testing HSMs as well as unattended payment terminals. Bob Russo, general manager of the global standards body, said in a statement that although there are general market standards that cover HSMs, the council's testing of the devices would "focus specifically on security properties that are critical to the payment system." The testing program conducted in council-approved laboratories would cover "both physical and logical security properties."

Tracking via Cell/Mobile phones

2009-04-14T13:42:00.003+01:00

Really interesting article on the Reg about how using the various mobile phone cells along with your phone can be used to track your every movement, it makes perfect sense and is part of the technology, but it does make matters more interesting when you read my recent articles on the whole 1984 thing. This is pretty common knowledge, but is seems that a lot of people aren't really aware of this fact, also a lot of phones still transmit for a while when you take the battery out of your phone, removing the SIM card is the only way to stop this. Read more here

XSS Prevention Cheat Sheet

2009-04-14T13:27:00.003+01:00

Following on from my previous post, OWASP have done an amazing job of writing a XSS Prevention cheat sheet, to me this is one of those things that all Web App developers should be made to read and understand before they actually start coding any new applications. Here it is XSS Prevention Cheat Sheet

XSS Cheat Sheet

2009-04-14T13:25:00.004+01:00

I've been meaning to put a link up to this one for a while, as it really is a handy little cheat sheet when trying to perform XSS attacks on new web apps, and has really helped me to prove a point a number of times. So here is is the ha.ckers.org XSS Cheat Sheet

V for Vendetta!

2009-04-12T00:47:00.002+01:00

Ok, we need to do something now, things are getting out of hand!

From the BBC

New CCTV cars to catch drivers using their mobile phones or being otherwise distracted at the wheel are being piloted by Greater Manchester Police.

The small Smart cars, which have a 12ft (3.6m) mast with a camera attached, are parked at junctions to monitor traffic.

Mike Downes of the Greater Manchester Casualty Reduction Partnership said the scheme was successfully "driving the number of accidents down".

But the AA's Paul Watters said drivers "might regard it as Big Brother".

Proportionate and fair

Two cars are currently being piloted in Greater Manchester, the first of their kind in the UK.

Anyone seen driving while distracted - eating at the wheel, playing with the radio or applying make-up for instance - is filmed by the cameras.

Later, a letter is sent to the owner of the car, in many cases along with a fine.

Anyone caught using their mobile will be asked to pay £60 and have three points added to their licence. Fines could also be handed out to anyone who is thought to be driving without due care and attention, or similar offences

According to the Partnership - also known as Drivesafe - there have been 406 collisions in Greater Manchester in the past two years which can be attributed to distracted drivers.

Of those, 51 were said to involve the use of a mobile phone as a significant factor.

Mr Downes said the cars would only trace people who are committing an offence.

"The camera is only trained on the vehicle to secure the evidence," he said.

"I would say the actions we are taking are reasonable, proportionate and fair in light of the fact that we are trying to save lives."

'Lacks connection'

The scheme is only a few weeks into the pilot, so figures on the numbers of people who have been caught using this technology are unavailable.

But the CCTV cars have already attracted criticism from people who argue they are an infringement of people's privacy.

Paul Watters from the Automobile Association (AA), said he had reservations about the cars, and would watch the pilot scheme with interest.

"CCTV enforcement lacks connection with the driver until after the event and some drivers might regards it as Big Brother.

"We think that most drivers would prefer police in cars to dish out tickets on the spot and instil better driving behaviour," he said.

If the scheme is seen to be a success in reducing the number of accidents, those behind it hope it could be rolled out across the UK.

Some councils already use Smart cars with cameras to track parking and bus lane offences.

More on the BBC botnet issue!

2009-03-15T03:31:00.001Z

Securiteam has a very good post on this issue, well worth a read.

Read it here here

When the BBC does it's not illegal...

2009-03-14T02:24:00.000Z

This really gets to be, as if any security researcher were to do this in the UK, we'd loose our jobs, and probably be locked up for a minimum of ten years, but yet when the BBC does it, it's fine?

Taken from http://news.bbc.co.uk/1/hi/programmes/click_online/7938201.stm

"For a short time in February, I had complete control over 21,696 personal computers around the world. These were machines whose owners had not taken the basic security precautions necessary to stay safe online.

While their owners were busy checking their e-mails, or playing Solitaire, or doing their accounts, I could have made their computers do anything I wanted without anyone knowing.

I could have ordered the machines to log keystrokes as they were typed, and then send me anything that looked like a banking user name and password.

I could have redirected the users to fake shopping websites - identical to the originals, apart from the fact that come point of sale, the credit card and security numbers would have been delivered to me.

Or I could have used them to spread spam and phishing e-mails to thousands of other computers.

I did not, of course. That would have been illegal. "

So, let me get this straight, it's fine to have control of 21,696 PC's from around the world, and to gain access to them illegally, and some of these may have even been corporate PC's, so other laws could have been broken here as well.

It's fine though for Spencer Kelly to do this, and have the British Broadcasting Centre air this on a show on national television though, but yet he feels it's illegal to do the things mentioned above, is he serious?

I'd like to see documented proof that nothing was changed on any of these PC's that were under control, and were all the owners of these PC's made aware of what was going on?

Yet Gary Mc Kinnon hacks into some PC's in the US in search of UFO's, and they wanted to press charges of terrorism, and put him in Guantanamo bay.

What the hell is happening to this country?

Blogging

2009-03-07T00:45:00.000Z

Must blog again sometime, but Twitter's been way too much fun lately!

I also need to spend some time doing some major Facebook research, more to come soon, tee hee!

UK = 1984

2008-10-19T19:21:00.001+01:00

I know that I've mentioned this issue countless times before, but seriously, the UK government really is going to far, with their whole anti-terrorism kick.

As humans we have rights, and I don't care which way they dress it up, someone has either been watching or reading 1984 way too many times, to the point that they're now recommending it to everyone!

From The Times Online:

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance.

Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say.

The move is targeted at monitoring the owners of Britain’s estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details.

OSCP Certification Challenge (The Most Intense 24 Hours I've Had This Year)

2007-08-17T06:43:00.001+01:00

I signed up for the Offensive Security 101 training back at the beginning of May, and I actually got around to going though the course material towards the middle of July. At a first glance, I really wasn't too sure what to make of it, as reading through the index of the training, I was thinking that I know most of the coursework, and maybe I had just wasted some of my bosses budget. To be honest I kind of felt this was even while I was going through the training, kinda that something was missing. Ok, so I have been in this industry for probably about 10 or so years now, and with that comes experience, but still, I enjoy learning something new. The one thing that I would say about this course though is that if you just go through the course slides and the PDF, and leave it at that, not only will you not be ready for the certification challenge if you want to try it, but there's a good chance that you won't make it. The course is a brilliant overview into the tools of penetration testing, and how to use them, but you've really got to do quite a bit of work outside of the course ware to get real benefit from it. Which really is understandable, this is a security course, not a learn Python, Perl, C++, Networking, Windows, Unix, Linux and security course. I think that the guys at Offensive Security have done an amazing job on this course and I can't wait to try their next offering! Now, onto the challenge, obviously I can't mention too much about it here, but I can say that out of all the certifications that I hold, this has got to be the one that I am the most proud to have obtained. I started the challenge at 15:00, by about 16:30 I had already gotten through the first of five hosts. I though things were going well, then I only managed to get through the second host at about 23:45. I had a couple of hours sleep between 05:30-07:30 and then carried on until 15::00. It's the most intense exam that I've ever done for a certification, and I would happily recommend it to anyone. Also having one of the Offensive Security team around to reboot the servers when needed was a godsend, so thank you for your patience ;-) I got news about 18:30 that I'd made it through, and am now OSCP (Offensive Security Certified Professional) certified! Anyone even thinking about doing this course, just take the plunge and do it, you won't regret it.

Technorati Tags: Exploits, Hacking, Training, Security, Vulnerabilities

New Beast

2007-08-13T07:04:00.000+01:00

Well, driving around in a sports car has been great for the last couple of years, but I decided that I wanted something that's, well a bit more me shall we say ;-)
This is my new baby, with all the mod-cons that I could ever ask for, it does need a bit of work doing to it, but hey, I'm really looking forward to it. Yeah I know, anyone who knows me probably will laugh at the thought of me working on a car, let alone getting all greasy and the like, but I'm actually really excited it.

It's got 3 monitors already built in, the only catch is that they're all hooked up to a DVD player at the moment, which would be great if we had kids, but as we don't, in time the DVD player will be getting replaced with a Mac Mini, and then I'll be adding an omi-directional antenna onto the roof as well. I'm sure that you can see where this is going, so I'll leave it at that.

Facebook

2007-08-05T20:47:00.001+01:00

Okay, so I've had a Facebook account for a while now, maybe a month, but it's only this weekend that I've actually started making use of it, well the way that it's intended anyway. I know that I'm not the only person on the planet that can see the security issues with Facebook, Christ, there have even been posts online about how identity theft is getting a not so little helping hand from Facebook. I won't argue that I've been hooking up with people that I lost contact with about 10 or so years ago, and exchanging photp's with family members, but still, this really is a bomb waiting to go nuclear. I know that web developers in particular are getting smarter day by day to the ways of the the wiley hacker, but I still think that no matter how good your developers are, there is someone out there who is going to find a hole, and a major way to exploit it, and if they're lucky sell it on. So, even though I do have a bit of personal information on there, it's nothing anyone who actually knows how to use Google couldn't find, I say let the games begin!! Ozzy Osbourne - Diary Of A Madman

Technorati Tags: Hacking, Identitiy Fraud, Security, Web Applications

VoIP Security

2007-07-27T14:51:00.000+01:00

Securing VoIP, now there's a interesting task! Over the last couple of months, I think that I have almost read everything that there is to read about VoIP and securing it. I must say that I'm all for VoIP technology, but after deciding that I really needed to learn about what's happened in regard to VoIP over the last few years, as I hadn't touched it for a while, I'm shocked to say that the risks have increased a hell of a lot, but it seems that most vendors,(aside from one), haven't really catered for these risks, and still have the same old slap dash security in place. Also, finding buffer overflows that no-one has reported really worries me, as things like this should have been fixed ages ago, and trust me, it really wasn't a difficult one to find at all, no fuzzers, just a string of random characters and boom! One of the other things that really bugs me, is who in their right mind, this day and age still uses telnet on their kit, and who allows this to be used on their network, when will people wake up? Well, I could rant on about VoIP for ages, but I'm not going to, I'm going to stick to using a normal phone as little as possible, e-mail and Instant Messaging as much as possible, and all other comms can be done on IRC, the way that they were supposed to be. Speaking of IRC, here's a nice little titbit from bash.org yay I fixed my laptops battery! it was so dead, nothing would charge it so I gave it the electronic equivalent of a kick in the head, by shorting the +/- terminals for 5 minutes don't they have stickers on them that say they could explode or catch fire by doing that? yeah but it's ok, I took them off first.

AACS encryption key T-Shirts

2007-05-07T16:55:00.001+01:00

I've gotta get me one of these!!! http://www.jinx.com/scripts/details.asp?productID=992 Just another reason that I love Jinx. More info on the whole AACS encryption key controversy can be found over at WikiPedia here. Bed Of Razors from the album "Hatebreeder" by Children Of Bodom

Technorati Tags: DRM

Passed SSP-DRAP (Defeating Rogue Access Points) With 100%

2007-05-07T16:46:00.001+01:00

I just sat and passed the above exam, so I'm now going to spend the rest of the day relaxing. I was invited to become a SANS Stay Sharp Instructor, and this is the first course that I opted for teaching, I had to get over 85% though to be able to teach this one, seems that I managed that one okay though ;-) I'm not going to even try to schedule when I will be teaching this one until I get back from my holiday though, once I do though, I will post an update on here for anyone who's interested in attending it though. After going through the course ware myself, I can definitely say it'll be a fun and interesting course. The good thing about it as well though, is that I think that just about anyone could walk away with some added knowledge after attending it. I do plan on doing as many of the SANS Stay Sharp Courses as possible though, as this will put me in a better position to cater for different peoples training needs, and help me get the word out about SANS in the UK a bit more hopefully. SANS may be really huge in the US, but it seems that their UK presence is severely lacking, and I really want to do something about that. You can get more info on the SSP-DRAP course from the SANS site here. Silent Night, Bodom Night from the album "Hatebreeder" by Children Of Bodom

Technorati Tags: SANS, Security

Month Of .......Bugs

2007-05-04T15:58:00.000+01:00

Okay, so there have been all sorts of Month Of security findings lately, but I really wish that people would ramp this up a little bit to the major vendors aside from Apple and Microsoft. I mean where are the Cisco, Sun and IBM bugs? I've been meaning to spend some time on Solaris 10 myself, but it would take more than just me to pull this one off (any takers?) Also, there has been a Month Of Myspace Bugs, but what about other social networking sites, or webmail sites? Also what about applications, like Citrix, Oracle, MS-SQL Server I know that a lot people have been complaining that the whole Month of thing is going a bit far, but it does seem to be waking up certain vendors quite a bit. Just my thoughts, that I'm probably going to get a load of criticism for, but hey. We're all after the same goal here, making the Internet more secure, the sooner we discover these bugs, the better off everyone will be.

The Number...

2007-05-03T12:27:00.000+01:00

09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0 There you have it, talk about generating a lot of noise on the Internet ;-) More info here.

Apple Patches QuickTime Security Flaw

2007-05-02T22:31:00.001+01:00

From TheRegister.co.uk QuickTime one of four popular apps currently at risk By Dan Goodin in San Francisco → More by this author Published Wednesday 2nd May 2007 02:04 GMT Apple has patched a high-profile vulnerability in QuickTime eleven days after the flaw allowed a hacker to publicly hijack a brand new MacBook Pro. The Apple media player is just one of four popular applications suffering from security defects that currently require the urgent attention of those who use them. The three other applications include Adobe Photoshop, the Winamp media player and Trillian, a client that combines the functionality of IRC, AOL Instant Messenger, MSN Messenger and other chat programs. Today's update from Apple means that two of the four applications have patches (Trillian's patched download is here.) Users who care about the security of their machines should install them promptly. According to an advisory from Secunia, the current version of Winamp contains a flaw in the way the program handles MP4 files that could allow a booby-trapped file to execute arbitrary code on a victim's machine. Secunia rates the flaw highly critical, the site's second most serious rating. Until there is a patch, Winamp users may want to think twice about playing MP4 files unless absolutely sure they originated from reputable sources. Secunia has also warned of at least two serious vulnerabilities in Photoshop that are also labeled highly critical. One flaw, a buffer overflow vulnerability, affects Adobe Photoshop CS2 and Adobe Photoshop CS3 and involves their handling of Bitmap files. The other affects the same two Photoshop versions as well as Adobe Photoshop Elements 5.x and leaves users open to attack if they open malformed PNG graphics files. Users are advised not to open untrusted PNG or Bitmap files pending the release of a security update from Adobe. Version 3.1.5.0 of Trillian carries three vulnerabilities related to IRC that could allow for the interception of private conversations or the execution of code with the same privileges as the currently logged on user, according to iDefense Labs. The security provider didn't assign a rating to the vulnerabilities. Apple describes the patched vulnerability in QuickTime for Java as an implementation issue that "may allow reading or writing out of the bounds of the allocated heap." By luring a victim to a malicious website, a miscreant could hijack a user's machine, Apple warns. The update is available for Mac and Windows platforms. The QuickTime vulnerability was discovered by Dino Dai Zovi, who spent about nine hours to write code that exploited it and submitted it as part of a contest at the CanSecWest security conference. His discovery, first reported to affect Safari, was later shown to target QuickTime. In either case, the exploit allowed him to take control of a 15-inch MacBook Pro when it visited a website that hosted the malicious code. ® ------------------------------------------------------------------------------------------- Well, 11 days isn't record time, but it's still pretty quick in the grand scheme of things, so well done to Apple, now they just need to learn to release patches even quicker. Like I said, 11 days isn't that bad at all, but it's still 11 days to exploit what appears to be a rapidly growing market share.

Technorati Tags: Apple, Exploits, Vulnerabilities

Nine Inch Nails - Year Zero: A Post-Iran War American Dystopia Set in 2020

2007-05-02T21:57:00.001+01:00

From Jonesreport.com "I thought about what was at the forefront of my concern...the state of being an American citizen, a lot of concern about the direction our country is headed in. Kind of the erosion of freedoms that it seems like we're experiencing and the way we treat the rest of the world and our own citizens felt like something I needed to comment on." -Trent Reznor Best-selling industrial rock band Nine Inch Nails' latest album, Year Zero, delves into new ground. For the first time, the group's front man and primary writer, Trent Reznor, focuses mainly on politics. He seems to be jumping headfirst into a game of politics with the resistance party. However, he does so not just with the album's music, but also numerous accompanying multimedia-- Reznor has thrown a private concert, scattered random tracks in random locations, made websites, all above and beyond the album itself. And it’s all about his message of resistance. Reznor covers nearly all the bases: The war on terror, the military industrial complex, the death of America from the loss of liberty, and the resultant New World Order. Reznor even had a flag made to represent the resistance against the NWO (see top). The video to the album's first single, Survivalism, shows, in all its Orwellian glory, cameras in black and white strategically located around town displaying people in the bathroom, watching TV, having sex, preparing to vandalize a wall with graffiti, and finally, there’s Nine Inch Nails performing the song in a dingy room. There are CCTV cameras everywhere now, not just in public places. What should be private is public and worse, the people either don't realize they are being watched or have become accustomed to living without privacy. The video to the first single-- Survivalism-- featuring a dystopic world viewed through invasive and completely pervasive CCTV cameras (note: this external link contains some graphic imagery and that of a nightmarish police state) It seems that in this world-- projected 15 years into the future, in 2022-- the USA has turned into Nazi Germany and privacy is a thing of the past. After a minute into the video, a police force wearing all black uniforms can be seen working their way around town, as if they are preparing to foil some terrorist plot. Meanwhile, a group of vandals can be seen, slowly working out the details of their plan, each step recorded on film. It seems the graffiti artists have it coming to them. When the Gestapo force finally counters the insurgents, it turns out it was actually NIN the police were after. The video concludes with a member of the band dragged out with a line of blood following him. The cameras in the room the band was playing in have been destroyed or shut off. This is the way this dystopia deals with insurgency and resistance. It’s how the USA might deal with resistance if we ever start enforcing the Patriot Act and the Military Commissions Act. Some people may say that it will never get that bad. People would start listening before it got too bad. I’d have to disagree. Most contemporary news reports concerning some kind of defeat of the Constitution or liberty either side with the government or take a neutral stance. Groups that speak out about liberty such as the ACLU, CASPIAN, and the EFF are routinely labeled "privacy advocates" and written off in a paragraph or two, and a lot of the time it’s near the end, after most people have either stopped reading or already made up their minds. The mainstream media acts as if only certain groups of people care about privacy and freedom, like it’s not what the USA was founded upon. This is their way of filtering and spinning a report to make people feel that the ‘normal’ or ‘sober’ approach is not that of privacy, a way of alienating Americans from the essence of what it means to be American. Loss of Liberty This opensourceresistance image shows how America is dying and that loss of liberty is the key to one-world government. Now looking at the album itself, the lyrics seem to be obsessed with premonitions of the future and Reznor's resistance to it. The setting is the USA, in the year 2022. As evidenced by the video for Survivalism, the Constitution has been eviscerated and a new dark age of oppression has emerged. In My Violent Heart, Reznor defiantly screams, “on hands and knees we crawl, you scan not stop us all,” and in Survivalism, “I got my propaganda, I got revisionism, I got my violence, in hi-def ultra-realism. All a part of this great nation; I got my fist I got my plan I got survivalism.” Translation: the constant lies fed to the people by the media are devoured by the masses and you have to fight it just to survive. Reznor forecasts the year 2022 seemingly in an attempt to make people aware of the end point. The incremental, systematic collapse of our Constitution today makes it difficult to see what is happening. Just do a search on Google for “population reduction” or “echelon” or “Patriot Act” and you’ll discover Reznor is not dreaming too deeply. The album is dark with a grinding, synthetic industrial sound-- typical of Nine Inch Nails, yet it is full of substance and energy. It has its highpoint with Hyperpower!, a progressive chant that grows and grows until it roars like millions of screaming people, and its low point with Another Version of the Truth, a melodic and calmingly enchanting piece with simple sounds of a piano and a synth. There is a consistent underlying theme maintained throughout the record of a gloomy future dystopia and all its minutiae. Songs are rife with sentiments long held by 9/11 truthers and anti-establishment types, such as Capital G: Don't give a sh*t about the temperature in Guatemala Don't really see what all the fuss is about Ain't gonna worry bout no future generations and a I'm sure somebody's gonna figure it out Here Reznor marginalizes global warming, stating that if and when a real problem develops, we'll take care of it. This is very contrary to articles like those in the Washington Post forecasting , “…global temperatures will probably rise 4 degrees Celsius over the next century. If so, catastrophic flooding, famine and water shortages may follow, along with the extinction of up to half of existing animal species...fortunately, there is such a solution…It’s called a carbon tax, and it should be applied across the board to every industry that uses fossil fuels, every home or building with a heating system, every motorist, and every public transportation system.” How dare Reznor defy the mainstream media? It’s not like the global warming scare is torn to shreds in films like the Great Global Warming Swindle or anything. No, people should believe the nightly news. They are not fear mongers. They have “top” scientists. The continual warfare of Orwell’s 1984 is alive and well in Year Zero. In The Good Soldier, Reznor sings about his terror-filled vision of America in the future: Gun fire in the street Where we used to meet Echoes out a beat and the bass goes Bomb right over my head Step over the dead Reznor also imagines a Bureau of Morality, a branch of the government that will monitor behavior and thoughts to a whole new level. With this new Bureau, imagines Reznor, the government will truly begin to act as the parent, telling citizens what is right and wrong, especially concerning thoughts about the government. Ironically, Reznor has put a warning from the "USBM" mocking the FBI’s anti-piracy warning on the back of the Year Zero CD case: Interestingly, the number actually dials, connecting to a recording: “This is a message from the United States Bureau of Morality, pursuant to statute 24-12-2, Disclosure of Surveillance. Citizen: by calling this number, you and your family are implicitly pleading guilty to the consumption of anti-American media and have been flagged as potential militants. The United States Bureau of Morality has activated the tracking system embedded in your personal media, and initiated citizen surveillance. United States surveillance law gives us the right to search and seize information relating to subversive activities from your person, vehicle, workplace or home. Any attempt to hinder or prevent our investigation will be met with all necessary force. You are now part of the problem. Your reeducation is about to begin. God bless America.” But everything up to this point is soft compared to the website that the CD links a buyer to, exterminal.net. The consumer incentives are chocked full of artsy gimmicks-- the CD has a special thermo-chrome heat-sensitive coating that changes its face when heated (see video demonstration), displaying binary code that translates roughly into exterminal.net. The website contains lots of political tidbits about the hellish future where everyone is a terror suspect, and people who have alternative viewpoints are criminals. It also talks about Guantanamo Bay or, as it calls it, "the Extrajudiciary Federal Detainment Camp, Guam." Police and surveillance state Interrogation sessions are on the site as well, chronicling what it would be like to be sent there. The interrogation for J. Markakis refers to a drug put into the water called Parepin, alluding to the Soma tablets in a Brave New World by Aldous Huxley. For those not familiar, Soma was the drug distributed by the government to ensure people kept in line with the system, the opiate of the masses. Exterminal.net also includes random documents, such as a letter from the Bureau of Morality, notifying Elliot Carraig that his "citizenship total" has been decreased and that he has lost his "credit." It seems that Reznor envisions a world in which the government can take anything away from you at any time for any reason, and that everything will be connected by a points system. This could be a possible cashless society. All in all, Reznor seems to have taken the world from Orwell's 1984 and Huxley's Brave New World and modernized it with things like the internet and Guantanamo Bay (Ministry of Love anyone?). If there is any doubt up to this point that Reznor is serious, let the website http://opensourceresistance.net/ be examined. True to its name, much of the content is user generated, and the band's concept album seems to support the content more than the other way around. Filled with posters and slogans about freedom and resistance, there is a video available in QuickTime or streaming flash formats, “rescued raw footage,” in which around 50 people are brought into a warehouse setting wherein a man gets up on stage and schools the people about the Military Commissions and Patriot Acts. Then he tells them to "wake up," which is a phrase distinctly 9/11 truth (and lifting imagery from the equally dystopic A Clockwork Orange). What does this have to do with Trent Reznor? After about 20 minutes or so, the people are whisked away and then music starts playing. Suddenly, a stage can be seen and the wall opens up to allow for a private concert by Nine Inch Nails, which is eventually broken up by police. Let it be known this is not a coincidence; this is clearly orchestrated largely by NIN. There is no denying the message of opensourceresistance.net: the government desires to take our freedoms away supposedly to fight terrorism, but they are not trustworthy. Really, it’s about the introduction of the terrorism concept to then expand on it until it replaces the concept of crime completely, turning everyone into a terrorist, ushering in new treatment of would be criminals, in that all of their rights are lost and everything is a privilege arbitrarily given by the government, not God given and government protected. Posters can be found in the broadcasts and submitted sections that delve further into the sentiment of the Year Zero project. One poster demonstrates how an idea can be spread by just one person, infesting the entire world. This example shows the New World Order, the one-world government idea. Information is Infectous There are 10,000 (as of 2005) of these in London's central business district alone and about 4,000,000 in the UK. This means many Londoners are taped up to 300 times a day whether they are aware of it or not, like it or not. This site is just replete with evidence of anti-NWO sentiment; there is no way to cover it all. Just this one website covers many of the issues that Americans should be concerned about: the loss of privacy thru the use of cameras, government propaganda, America's death, the birth of the NWO, warnings from history and dystopic novels, the paranoia of the US citizens and their government, China's one-child policy, freedom of speech and religion, nonviolent resistance, prisoner abuse, and making a difference by waking up and voicing concerns. Please join the war on tyranny. Please “wake up and give a sh*t.” Reznor's Nine Inch Nails are commendable for speaking out-- as few truly huge music acts have been doing in this era. Other such mainstream music groups in this vein include Muse (who have stated their belief that 9/11 was an inside job) and Radiohead's Thom Yorke, who has not been quite so explicit, but has called for Tony Blair's immediate resignation. Perhaps NIN's interactive method of disseminating relevant info will help fight the New World Order before our world meets this grim vision-- perhaps as soon as 15 years into the future. While there have been talks of a movie, a follow-up release, tentatively titled Year Zero Part 2, is due out sometime in 2008.

Technorati Tags: Music

Bad Vista

2007-05-02T21:45:00.001+01:00

So I've been playing with Vista on and off at work for abut a month now, and well, I hate the damn thing. To be really honest there isn't one thing that I like about it at this point, I'm willing to give it some more time, but I'm dual booting my AlienWare laptop with Fedora Core 6 and Vista Ultimate, and well, Vista is painful to use. So this site seems to sum up my feelings perfectly.

A Letter To Warner Chairman Edgar Bronfman

2007-05-02T21:16:00.001+01:00

Ok, so as many of you will know I am really into Open Source, and freedom of information, and our rights as Human beings, and well, I love music as well. I've been against DRM from the onset, and doing as much as possible to put an end to it as well, the guys over at Defective By Design have been really doing a great job of getting the message out there as well, so go and visit their site and sign up, they do send out news e-mails every now and then, but it's certainly not spam. At the moment there is an letter to Warner's Chairman, Edgar Bronfman, and I'm really urging anyone reading this, to please go over and sign it. Both Apple and EMI have now committed to selling DRM free music, and Warner refuses to budge, I'm not saying that this letter will do the job, but it may help. You can read the letter and sign it here. C'mon people, do it for the music!

Technorati Tags: DRM, Rights

Mod_Auth_OpenPGP

2007-05-02T20:29:00.001+01:00

This has got to be one of the coolest projects out there, and I seriously take my hat off to Arturo "Buanzo" Busleiman for developing this. The blurb on this project off of Freshmeat.net is the following: "Mod_Auth_OpenPGP is an Apache module that implements access authorization to servers, vhosts, or directories when incoming requests' HTTP OpenPGP signatures are valid and known by the local keyring. It's the Apache companion for Firefox's extension "Enigform". There is also a really worthwhile interview with Arturo over on the FreeSoftwareMagazine site, which can be read here, I would definitely recommend taking a read if you're into security, Open Source software or Apache, as this has seriously got to be one of the coolest extensions out there for Apache at the moment. I'm really hoping that some big financial companies see this and start using it, it could save us all a lot of trouble.

Technorati Tags: Financial Industry, Open Source, Apache, Security, Web Application

Writing Exploits With Perl ---> Book

2007-04-21T00:10:00.001+01:00

Found this while browsing today, seems like a really worthwhile read. I'm going skip through it this w/end. http://www.securitydb.org/Warpboy/Learning_Perl_-_Writing_Exploits.rar

Technorati Tags: Exploits, Perl, Security

InfoSec Europe Next Week

2007-04-20T23:54:00.001+01:00

w00t!!

Technorati Tags: Security

ABN Amro Phishing attack bypasses Two Factor Authentication

2007-04-20T23:52:00.001+01:00

This is actually pretty troubling, now to see what other attacks on two factor auth come out. Via Out-Law.com A two-factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from the online accounts of customers who fell for a phishing scam. Advert: Infosecurity Europe, 24-26 April 2007, Grand Hall, Olympia, London, UKTwo-factor authentication for online banking usually involves passwords and tokens which provide synchronised, constantly changing numbers to use as additional evidence of identity. The security industry has promoted the tokens as a preventative measure against hacking for users of remote corporate or banking systems. However, experts have warned that they are still vulnerable to phishing attacks, where fraudulent emails lure recipients to bogus websites that are set up to gather security details. Four customers who used two-factor authentication have been compensated by ABN Amro for undisclosed amounts taken from their bank accounts. "We are taking this incident very seriously and, in addition to informing our clients, are also implementing all of the technical measures that are at our disposal to stop criminals in their tracks," said Johan van Hall of ABN Amro Netherlands. "Safe usage of home and office computers is an essential requirement for secure online banking, and we plan to remind our clients even more frequently and urgently than before of that fact." Hackers sent the customers emails falsely claiming to be from ABN Amro. If recipients opened an attachment, software was installed on their machines without their knowledge. When customers visited their banking site, the software redirected them to a hacker-controlled mock site that requested their security details. As soon as the hackers received these details they were able to log into a customer's account at the real ABN Amro site, before the expiry of the fob-generated number. They could then transfer the customer's money. Security experts have warned that such 'man in the middle' attacks cannot be prevented by security tokens. At the E-Crime Congress in London last month, several experts spoke out about the limitations of the systems. "Even when all the banks have it [hackers] will still attack them," said Mikko Hypponen, chief research officer of security firm F-Secure, at the Congress. "'We see them using 'man in the middle' already." "There are a whole bunch of things that can go wrong with two-factor authentication," Ross Anderson, a professor of security engineering at Cambridge University, told the same conference. "Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten."

Technorati Tags: Financial Industry, Security

Apple Security Update 2007-004

2007-04-20T23:46:00.001+01:00

From Apple.com Installed this and it works perfectly, takes a couple of reboots though on Intel Macs, I think that it may have freaked Mail.app out a bit though, as I can't seem to see the sender ID anymore, oh well. It may not be this update though, I may have changed some setting ;-) This document describes Security Update 2007-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key." Where possible, CVE IDs are used to reference the vulnerabilities for further information. To learn about other Security Updates, see "Apple Security Updates." Security Update 2007-004 * AFP Client CVE-ID: CVE-2007-0729 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: Under certain circumstances, AFP Client may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands. * AirPort CVE-ID: CVE-2007-0725 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may be able to execute arbitrary code with elevated privileges Description: A buffer overflow vulnerability exists in the AirPortDriver module which processes control commands for AirPort. By sending malformed control commands, a local user could trigger the overflow which may lead to arbitrary code execution with elevated privileges. This issue affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems equipped with an original AirPort card. This issue does not affect systems with the AirPort Extreme card. This update addresses the issue by performing proper bounds checking. * CarbonCore CVE-ID: CVE-2007-0732 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may be able to execute arbitrary code with elevated privileges Description: The CoreServices daemon could allow a local user to obtain a send right to its Mach task port, which may lead to arbitrary code execution with elevated privileges. This update addresses the issue by through improved checks in the CoreServices interprocess communication. This issue does not affect systems prior to Mac OS X v10.4. * diskdev_cmds CVE-ID: CVE-2007-0734 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Opening a maliciously-crafted UFS disk image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption vulnerability exists in fsck. It is possible to cause fsck to be run automatically on a disk image when it is opened. By enticing a user to open a maliciously-crafted disk image, or to run fsck on any maliciously-crafted UFS filesystem, an attacker could trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of UFS filesystems. * fetchmail CVE-ID: CVE-2006-5867 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: fetchmail may send passwords in plain text, even when configured to use TLS Description: fetchmail is updated to version 6.3.6 to fix a vulnerability that could allow authentication credentials to be sent in plain text, despite being configured to use TLS. This issue is described on the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt * ftpd CVE-ID: CVE-2006-6652 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 Impact: FTP operations by authenticated FTP users may lead to arbitrary code execution Description: lukemftpd has been updated to version tnftpd 20061217 to address a buffer overflow vulnerability in the handling of commands with globbing characters that could lead to arbitrary code execution. This issue does not affect Mac OS X Server v10.3.9 or Mac OS X Server v10.4.9. Credit to Kevin Finisterre of DigitalMunition for reporting this issue. * GNU Tar CVE-ID: CVE-2006-0300 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Listing or extracting a maliciously-crafted tar archive may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow vulnerability exists in the handling of PAX extended headers in GNU tar archives. By enticing a local user to list or extract a maliciously-crafted tar archive, an attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by performing additional validation of tar files. This issue does not affect systems prior to Mac OS X 10.4. * Help Viewer CVE-ID: CVE-2007-0646 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Opening a help file with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution Description: A format string vulnerability exists in the Help Viewer application. By enticing a user to download and open a help file with a maliciously-crafted name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-30-01-2007). This update addresses the issue by eliminating any format string processing of file names. * HID Family CVE-ID: CVE-2007-0724 Available for: Mac OS X v10.4 through Mac OS X v10.4.9, Mac OS X Server v10.4 through Mac OS X Server v10.4.9 Impact: Console keyboard events are exposed to other users on the local system Description: Insufficient controls in the IOKit HID interface allow any logged in user to capture console keystrokes, including passwords and other sensitive information. This update addresses the issue by limiting HID device events to processes belonging to the current console user. Credit to Andrew Garber of University of Victoria, Alex Harper, and Michael Evans for reporting this issue. This fix was originally distributed via the Mac OS X v10.4.9 update. However, due to a packaging issue it may not have been delivered to all systems. This update redistributes this fix in order to reach all affected systems. * Installer CVE-ID: CVE-2007-0465 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Opening an installer package with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution Description: A format string vulnerability exists in the Installer application. By enticing a user to download and install an installer package with a maliciously-crafted file name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This issue has been described on the Month of Apple Bugs web site (MOAB-26-01-2007). This update addresses the issue by eliminating any format string processing of file names. This issue does not affect systems prior to Mac OS X v10.4. * Kerberos CVE-ID: CVE-2006-6143 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges Description: An uninitialized function pointer vulnerability exists in the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-002-rpc.txt. This issue does not affect systems prior to Mac OS X v10.4. Credit to the MIT Kerberos Team and an anonymous researcher working with iDefense for reporting this issue. * Kerberos CVE-ID: CVE-2007-0957 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Running the Kerberos administration daemon or the KDC may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A stack buffer overflow vulnerability exists in the MIT Kerberos administration daemon (kadmind), as well as the KDC, which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt. Credit to the MIT Kerberos Team for reporting this issue. * Kerberos CVE-ID: CVE-2007-1216 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A double-free vulnerability exists in the GSS-API library used by the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt. Credit to the MIT Kerberos Team for reporting this issue. * Libinfo CVE-ID: CVE-2007-0735 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Visiting malicious websites may lead to an unexpected application termination or arbitrary code execution Description: In some cases, Libinfo does not correctly report errors to applications that use it. By enticing a user to visit a maliciously-crafted web page, an attacker can cause a previously deallocated object to be accessed, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing appropriate error reporting in Libinfo. Credit to Landon Fuller of Three Rings Design for reporting this issue. * Libinfo CVE-ID: CVE-2007-0736 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if the portmap service is enabled Description: An integer overflow vulnerability exists in the RPC library. By sending maliciously-crafted requests to the portmap service, a remote attacker can trigger the overflow which may lead to a denial of service or arbitrary code execution as the 'daemon' user. This update addresses the issue by performing additional validation of portmap requests. Credit to the Mu Security Research Team for reporting this issue. * Login Window CVE-ID: CVE-2007-0737 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: Login Window does not sufficiently check its environment variables. This could allow a local user to execute arbitrary code with system privileges. This update addresses the issue by through improved validation of Login Window environment variables. * Login Window CVE-ID: CVE-2007-0738 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: The screen saver authentication dialog may be bypassed Description: Under certain conditions, the user's preference to "require a password to wake the computer from sleep" is ignored, and a password is not required to wake from sleep. This update addresses the issue by through improved handling of this preference. * Login Window CVE-ID: CVE-2007-0739 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: The loginwindow authentication dialog may be bypassed Description: Under certain conditions, the software update window may appear beneath the Login Window. This could allow a person with physical access to the system to log in without authentication. This update addresses the issue by only running scheduled tasks after the user login. This issue does not affect systems prior to Mac OS X v10.4. * network_cmds CVE-ID: CVE-2007-0741 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if Internet Sharing is enabled Description: A buffer overflow vulnerability exists in the handling of RTSP packets in natd. By sending malformed RTSP packets, a remote attacker may be able to trigger the overflow which may lead to arbitrary code execution. This issue only affects users who have Internet Sharing enabled. This update addresses the issue by performing additional validation of rtsp packets. * SMB CVE-ID: CVE-2007-0744 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: Under certain circumstances, SMB may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands. * System Configuration CVE-ID: CVE-2007-0022 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Local admin users may execute arbitrary code with system privileges without authentication Description: Admin users have the ability to alter system preferences through the writeconfig utility. When the writeconfig utility launches the launchctl utility, it does not clean the environment inherited from the user. This could allow arbitrary code execution with system privileges without authentication. This issue has been described on the Month of Apple Bugs web site (MOAB-21-01-2007). This update addresses the issue by cleaning the environment before calling the launchctl utility. * URLMount CVE-ID: CVE-2007-0743 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local users may obtain other user's authentication credentials Description: The username and password used to mount remote filesystems through connections to SMB servers are passed to the mount_smb command as command line arguments, which may expose them to other local users. This update addresses the issue by securely passing the authentication credentials to the mount_smb command. Credit to Daniel Ball of Pittsburgh Technical Institute, Geoff Franks of Hauptman Woodward Medical Research Institute, and Jamie Cox of Sophos Plc for reporting this issue. * VideoConference CVE-ID: CVE-2007-0746 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Remote attackers may be able to cause an unexpected application termination or arbitrary code execution if iChat is running. Description: A heap buffer overflow vulnerability exists in the VideoConference framework. By sending a maliciously-crafted SIP packet when initializing an audio/video conference, an attacker can trigger the overflow which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of SIP packets. * WebDAV CVE-ID: CVE-2007-0747 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: When mounting a WebDAV filesystem, the load_webdav program may be launched without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands. * WebFoundation CVE-ID: CVE-2007-0742 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: Cookies set by subdomains may be accessible to the parent domain Description: An implementation issue allows cookies set by subdomains to be accessible to the parent domain, which may lead to the disclosure of sensitive information. This update addresses the issue by performing additional validation of the domain to which a cookie is being sent. This issue does not affect systems running Mac OS X v10.4. Credit to Bradley Schwoerer of University of Wisconsin-Madison for reporting this issue.

Technorati Tags: Apple, Security

Van Eck Method For Laptops and Flat Panels -- Walls Mean Nothing now

2007-04-20T23:41:00.001+01:00

Okay now the Van Sck method for seeing through walls has been around for a while now, for CRT's at least, but now this is kinda scary.... Via Newscientist.com Have you considered that someone could be reading what's on your monitor from a few rooms away? It's unlikely, but possible, as work by Cambridge University computer security researcher Markus Kuhn shows. A radio antenna and radio receiver - equipment totalling less than £1000 - is all you need. Kuhn managed to grab the image to the left through two intermediate offices and three plasterboard walls. Back in 1985, Wim Van Eck proved it was possible to tune into the radio emissions produced by electromagentic coils in a CRT display and then reconstruct the image. The practice became known as Van Eck Phreaking, and NATO spent a fortune making its systems invulnerable to it. It was a major part of Neal Stephenson's novel Cryptonomicon. CRTs are now well on the way to being history. But Kuhn has shown that eavesdropping is possible on flat panel displays too. It works slightly differently. With a flat panel display the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor. The on-screen image is fed through the cable one pixel at a time. Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form. If everything is just right, you can pick up signals from some distance. "I was able to eavesdrop certain laptops through three walls," says Kuhn. "At the CEBIT conference, in 2006, I was able to see the Powerpoint presentation from a stand 25 metres away." Here's the image he managed to get: Kuhn also mentioned that one laptop was vulnerable because it had metal hinges that carried the signal of the display cable. I asked if you could alter a device to make it easier to spy on. "There are a lot of innocuous modifications you can make to maximise the chance of getting a good signal," he told me. For example, adding small pieces of wire or cable to a display could make a big difference. As for defending against this kind of attack, Kuhn says using well-shielded cables, certain combinations of colours and making everything a little fuzzy all work.

Technorati Tags: Terrorism, UK, Vulnerabilities

Okay, now this is just bad...

2007-04-20T23:36:00.001+01:00

Via Out-Law.com The private details of 100,000 internet users have been stolen from broadband provider Bulldog. The security breach happened when the company was owned by Cable & Wireless. The data was stolen from Cable & Wireless in December 2005 by a third party which the company believes it can identify. Bulldog's customer base has since been sold to broadband provider Pipex, but C&W is investigating the breach. James Brown, managing director of Bulldog Internet, told the Guardian newspaper: "Our understanding is that, following an external enquiry by Cable & Wireless, it has become apparent that at some point in December 2005 Cable & Wireless had some of their customer contact details illegally obtained by a third party. This resulted in a small number of their customers receiving unsolicited calls." C&W said that it was preparing legal action against a third party which it said could be the source of the leak. It is not yet clear exactly what customer data was taken. Several customers have reported receiving telephone calls that alerted them to the security breach. It is not known whether or not credit card or bank details were among those taken. C&W said that there was no evidence that that was the case. Large scale data thefts are becoming increasingly common as identity theft becomes a more lucrative crime. With individuals carrying out more and more of their economic activity online, impersonating those people can bring ever greater rewards. The US has been the location of the most serious data breaches. One recent US breach had implications for UK citizens, though. The owners of High Street discount clothes chain TK Maxx suffered one of the biggest ever breaches when the credit card details of 45 million customers were stolen by a hacker. In a regulatory filing last month the shop's parent company, TJX Companies, said that data had been stolen in the UK. "We believe that information was stolen in the computer intrusion from … a portion of our computer systems in Watford, U.K. that processes and stores information related to payment card transactions at T.K. Maxx in the United Kingdom and Ireland," said the filing. ----------------------------------------------------- Glad I never signed up to Bulldog ;-)

Going To Be A SANS Stay Sharp Instructor!

2007-04-04T16:24:00.000+01:00

After passing my GCIH exams with 96% for both of them, I got a mail from Stephen Northcutt at SANS inviting me to be a SANS Stay Sharp and SANS Mentor Instructor. This happened when I passed my GSEC exams as well, but that kinda fell by the wayside for various reasons. This time however I am going to go for it, for those of you that don't know what the SANS Stay Sharp programs are they are basically short courses that range from about 3 hours to 3 days depending on the course. You cna get more info from the SANS Stay Sharp site here. So around the 20th of this month I am going to sign up for the "Defeating Rogue Access Points" course, and so long as I pass that one with a score of over 85%, I'll then be qualified to teach it, so you can expect some spam coming from me once I get through the exams about various training sessions that I'll be setting up in the Reading area, and maybe even London, we'll see how the demand goes. I'm planning on getting trained up on as many of the Stay Sharp courses as possible as it would be great to be able to offer some SANS courses in the UK. I know that SANS awareness is growing gradually in the UK, but it's just not as quickly as I'd like it to. So I'm going to do my best to make it grow a lot quicker. Later all, and apply that darn ANI patch.

Widgets listed on Apple's Dashboard Downloads

2007-04-04T16:10:00.000+01:00

I'm actually quite shocked on this one, not so much about the SANS widget, but the fact that Apple actually put up the Milw0rm exploit feed widget is amazing! Here are the links to both of them, so please grab them from there and save my bandwidth. http://www.apple.com/downloads/dashboard/networking_security/sansinternetstormcenterwidget.html http://www.apple.com/downloads/dashboard/networking_security/milw0rmexploitfeed.html

Month Of MySpace Bugs is a Go

2007-04-02T12:04:00.000+01:00

Well, it seems that the Month Of Myspace Bugs is going ahead, and with a European mirror configured as well, just in case of a U.S based shutdown. Great thinking guys! Here's the link to the site. http://momby.livejournal.com/ And the first advisory: Advisory MOMBY-00000001: MySpace Official URL Spoofing Press Embargo until April 1, 2007 Rankings: Noobs: ***** LOLs: ** 0wnz: * Myspace allows registered users to create arbitrary pathnames under the http://www.myspace.com/ domain. This can be used in the furtherance of a confidence scheme. Example: http://www.myspace.com/PasswordReset Details: Upon creating a new account, users are presented with an option to pick a MySpace Name/URL, as shown on this screenshot (click). Combined with the allowed CSS editing that allows users to essentially create custom layouts which may appear exactly as the targeted (or invented) MySpace service (such as a password resetting web application), and the "remember my password" functionality of some browsers which respect only domain names + form input names, this technique can help create a very convincing illusion of MySpace officialdom. As an example, the personal profile for "Mondo Armando" is now registered as the above example URL, which can now be used to trick victims into setting a password to a value known by, well, me. The downside (from the attacker's perspective) is that there are technically finite variations. However, a url such as "http://www.myspace.com/PasswordActivate" and "PASSW0RDRESET" may work just as well, so it'll be a while before all the "good" target URLs are taken. Credit: Originally noticed by mybeNi websecurity at http://mybeni.rootzilla.de/mybeNi

Milw0rm and SANS Internet Storm Center Widgets

2007-03-31T22:33:00.001+01:00

Just finished these two off as well, I've submitted them to Apple as well, so I'm really hoping that they get approved and listed. I'm hoping that I'll know tomorrow, as it seemed to take a day for the Reg one to get listed, I'll post links on here if they do though. Here's the info on them and the links to my site at this point: Milw0rm Widget This widget gets it’s feed from Milw0rm.com, and lists the last 30 exploits that have been added. SANS Internet Storm Center Widget This widget updates your Dashboard with the feed from the SANS Internet Storm Center. It displays the last 30 entries published. They can be downloaded from my site here.

First Dashboard Widget!

2007-03-31T01:22:00.001+01:00

I just finished making my first Dashboard widget for OS X, so I'm pretty chuffed that it turned out okay. I just submitted it to Apple, so hopefully it gets put up on their widgets section. The widget that I created grabs the daily news feed from the The Register, it's something that I've been looking for and never managed to find. Okay, so I didn't look too hard for one, but hey. I'm hoping to get a couple more done this weekend with more of a securtity/exploit focus to them. I'll be updating my blog though as I get them done, I don't want to give out too many details, as I really don't want someone else beating me to it. You can grab the Reg widget from my downloads page here. UPDATE: It's officially listed on Apple's widget site now. http://www.apple.com/downloads/dashboard/news/theregisterwidget.html

Technorati Tags: Apple, Dashboard Widgets

Local Privilege Escalation Vulnerability found in X-Kryptor

2007-03-23T10:00:00.001Z

From the UNIRAS website: ID: 0107 Ref: 0107 Date: 01 February 2007:0900:00 Title: Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client Abstract: X-Kryptor is a range of multi-role, dynamic-VPN products. The X-Kryptor Secure Client is a software-based VPN client that is used to connect home-base or mobile workers to a secure Local Area Network (LAN). A vulnerability has been discovered by NCC Group plc that, if exploited, could potentially allow a malicious person to take full control of the local system and to execute arbitrary code. Barron McCann is aware of this issue and has produced patches to address it. Please see 'Solution' for further details. Vendors affected: Barron McCann Operating Systems affected: Windows Applications affected: X-Kryptor Driver BMS1446HRR,Xgntr Version BMS1351,Install Release BMS1472 Document link: Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client CPNI Vulnerability Advisory 0107-XKryptor-February 2007 Local User Privilege Escalation Vulnerability in X-Kryptor Secure Client Version Information ------------------- Advisory Reference VAN 0107-XKryptor Release Date 1 February 2007 Last Revision 25 January 2007 Version Number 1.0 Acknowledgement --------------- This issue was reported by NCC Group plc (http://www.nccgroup.com). What is affected? ----------------- The vulnerability was verified against the following product version running on Microsoft Windows: - X-Kryptor Driver BMS1446HRR - Xgntr Version BMS1351 - Install Release BMS1472 Other versions may also be affected. Impact ------ If exploited, this vulnerability can potentially allow a malicious user to take control of the local system. Severity -------- Medium Summary ------- X-Kryptor is a range of multi-role, dynamic-VPN products. The X-Kryptor Secure Client is a software-based VPN client that is used to connect home-base or mobile workers to a secure Local Area Network (LAN). A vulnerability has been discovered by NCC Group plc that, if exploited, could potentially allow a malicious person to take full control of the local system and to execute arbitrary code. Barron McCann is aware of this issue and has produced patches to address it. Please see 'Solution' for further details. Details ------- CVE ID: CVE-2007-0436 Under certain circumstances it is possible for users, when using the X-Kryptor Secure Client on Microsoft Windows, to escalate privileges on the machine to the local SYSTEM account. Solution -------- Barron McCann has produced a fix for this issue; please contact them for further details. Vendor Information ------------------ Based in Letchworth, Hertfordshire, Barron McCann Technology is a leading supplier of high assurance security products including the X-Kryptor, a range of VPN products that secure sensitive government communications across the United Kingdom and Europe. For further details regarding Barron McCann, please visit http://www.bemac.com/. Credits ------- The CPNI Vulnerability Management Team would like to thank NCC Group plc for reporting these issues. Please visit http://www.nccgroup.com for further details about NCC Group plc. The CPNI Vulnerability Management Team would also like to thank Barron McCann for their co-operation and assistance in the handling of this vulnerability. Contact Information ------------------- The CPNI Vulnerability Management Team can be contacted as follows: Email vulteam@cpni.gov.uk Please quote the advisory reference in the subject line Telephone +44 (0)870 487 0748 Ext 4511 Monday - Friday 08:30 - 17:00 Fax +44 (0)870 487 0749 Post Vulnerability Management Team CPNI PO Box 60628 London SW1P 1HA We encourage those who wish to communicate via email to make use of our PGP key. This is available from http://www.cpni.gov.uk/key.aspx. Please note that UK government protectively marked material should not be sent to the email address above. If you wish to be added to our email distribution list please email your request to info-sec@cpni.gov.uk. What is CPNI? -------------- For further information regarding the Centre for the Protection of National Infrastructure, please visit http://www.cpni.gov.uk. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither shall CPNI accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. © 2007 Crown Copyright <End of CPNI Vulnerability Advisory> * Accessibility | * Terms and conditions | * Privacy statement | * Data protection act |

Technorati Tags: Vulnerabilities, Security

3 Held For Questioning Over 7th Of July Bombing In London

2007-03-23T09:48:00.001Z

Via BBC's website: Anti-terrorism police are to begin questioning three men arrested over the 7 July suicide bombings in London. Two suspects, aged 23 and 30, were detained at Manchester Airport as they prepared to fly to Pakistan while a third, 26, was detained in Leeds. The arrests, which are the first major ones since the attacks, followed a lengthy police operation. Fifty-two people died in 2005 after four bombers detonated devices on three London Underground trains and a bus. Police have been searching five houses in the Beeston area of Leeds, and two premises in east London. The three men will be interviewed at Paddington Green police station in the capital. Under new anti-terror laws, police can hold them for a maximum of 28 days. We need to know who else, apart from the bombers, knew what they were planning Scotland Yard spokesman 'Low-key' approach of police The men were held on suspicion of the commission, preparation, or instigation of acts of terrorism. Mohammad Sidique Khan, 30, Shehzad Tanweer, 22, and Germaine Lindsay, 19, detonated bombs on three Tube trains and Hasib Hussain, 18, attacked a bus. Home Secretary John Reid said: "I think the best thing here is not to get ahead of ourselves, not to get into speculation or heighten all of this. The scene after the arrests in Leeds The searches are expected to take some time "It is a normal part of a very serious and continually ongoing operation and the police will keep everybody informed as is appropriate." The arrests at Manchester Airport were made shortly before 1300 GMT on Friday, while the other in Leeds was made just after 1600 GMT. The addresses of the Leeds searches are in Cardinal Road, Colwyn Road, Firth Mount, Tempest Road, and Rowland Place. Tanweer and Hussain had both been living in Beeston when the attacks were carried out and Khan grew up in Beeston. Tanweer lived in Colwyn Road with his parents. The east London searches involve a flat, understood to be in Bromley-by-Bow, and a business, understood to be in Whitechapel. Scotland Yard said the arrests were part of a pre-planned, intelligence-led operation and also involved the West Yorkshire Police Counter Terrorism Unit. Map showing the homes being searched in Leeds Ch Supt Mark Milsom, of West Yorkshire Police, said it had not been a high profile operation and unarmed officers were carrying out the searches. He said the searches may take "some time" but they were not expecting to find firearms or bomb-making equipment. A Scotland Yard spokesman said: "We need to know who else, apart from the bombers, knew what they were planning. Did anyone encourage them? Did anyone help them with money, or accommodation?" BBC correspondent Danny Shaw said that, before Thursday's arrests, the police investigation into the 7 July bombings had been "going on with very little publicity". The investigation had included a search of a landfill site - "the size of 18 Olympic swimming pools" - at Skelton Grange in Leeds, he said. Police had "quietly but assiduously" gone through the entire site looking for evidence, our correspondent added.

Technorati Tags: Terrorism, Security, UK

Web Application Auditing Over Lunch

2007-03-23T09:40:00.000Z

Johanness Ulrich over at SANS has a really good quick howto on Web Application Security over at the SANS Institute, this really is a worthwhile read for anyone new to web application security, and provides a very good walkthrough at a high level of some of the steps that you should take when auditing web applications. Take a look: Web Application Auditing Over Lunch For a more in-depth view on Web application security audits, have a look at the OWASP Testing Guide. It's a long document, but it covers evrything that you're going to need to check. Mourn - Non-Stop Violence from the album "7" by Apoptygma Berzerk

Technorati Tags: Web Application, Security

BackTrack 2.0 and Parallels

2007-03-23T09:28:00.000Z

I know that BackTrack 2.0 was release about a week ago now, but I'm only getting around to writing about it now as I only got my MacBook Pro a couple of days ago, and I didn't have a chance to download it or try it out. For those of you who are unfamiliar with BackTrack, it is probably the ultimate penetration tester's bootable Linux distro. BackTrack is what came out of a merger between two of the most famous security related bootable Linux distro's, namely Whax and the Auditor Security Collection. From a pen-tester's point of view, it really does have everything that you could want in a live Linux distro, and more. Here are some of the new features in version 2.0 * Updated Kernel-Running 2.6.20, with several patches. * Broadcom based wireless card support * Most wireless drivers are built to support raw packet injection * Metasploit2 and Metasploit3 framework integration * Alignment to open standards and frameworks like ISSAF and OSSTMM * Redesigned menu structure to assist the novice as well as the pro * Japanese input support-reading and writing in Hiragana / Katakana / Kanji. You can download it from http://www.remote-exploit.org/backtrack.html Now I also mentioned Parallels in the subject of this one, which is something that I have been dying to play with since before I got my MacBook Pro, and well, all I can say is that I am shocked at the speed of it. I installed BackTrack 2.0 on a virtual disk within Parallels, allocated 256MB of RAM to it, and to say that it's damn quick would be an understatement. This blows away my dedicated Linux PC at work! Maybe later on today I'll install XP within Parallels and see how that goes, but at this point, I am really impressed. I know have the perfect setup, OS X as my main OS, and then BackTrack for anything that I can't run within OS X, from a penetration testing point of view, this really is perfect. I'm kinda regretting ordering an Alienware laptop for work now, but hey, I kinda need it to run Core Impact and WebInspect, so I'm sure it'll be worthwhile, when I get it of course. Alienware's build time seems to take forever! Anyway, if anyone reading this hasn't tried BackTrack 2.0 or Parallels yet, do yourself a favour and go and try it out. Love Never Dies [part 1] from the album "7" by Apoptygma Berzerk

Technorati Tags: Apple, Linux, Security

MacBook Pro 17" Core 2 Duo 2.33 GHz

2007-03-22T12:26:00.001Z

Well, it finally arrived yesterday, and since I got it I've been installing all the tools and programs that I need and want onto it. In regard to my aging G4 PowerBook 1.33 GHz, this little baby flies! Everything that I have done on it so far have been so much quicker, it's pretty scary to be honest, and it also makes me realize that even though I had my doubts about Apple's whole switch to Intel chips, it was definitely worthwhile. I must say though that now that I have a 17" screen I don't think that I could ever go back to a 15" again, also if anyone's curious the glossy display is so much better than the matte displays that I've seen. Everything is really clear and crisp. I read a lot of reviews about the glossy screen and they have all been really bad, and then I saw one at work, and decided that glossy was the way to go almost instantaneously. I must say that I was still a bit concerned about the glare and reflection that kept getting mentioned in the various forums that I read, but well, I've had no problems with it all. The one thing that really amazed me is the speed at which Fink compiles things on the MacBook Pro, it really is quick, to say the least. Also I had to pull down the SVN version of KisMac as the current stable build doesn't support the new Airport Extreme cards in the MacBook Pro's, but the SVN version works perfectly! I'll post more updates as and when I have them, take it easy all. Brain Bypass from the album "What The Fuck Is Wrong With You People?" by Combichrist

Technorati Tags: Apple

Yet another reason that I really like Frank Zappa

2007-03-21T10:36:00.000Z

This has got to be one of his best interview clips ever, I'd hate to be the interviewer in this one ;-) http://www.youtube.com/watch?v=RFjZOeL10MA&NR

Flu and the SCNA exam != Pass

2007-03-20T13:24:00.000Z

Well, my body has decided recently that having a dose of flu would be a great thing to do to me, just make the SCNA exam more of a challenge, and well, I didn't make it. You need 62% to pass the exam and I got a grand total of 49%, I know the stuff, but while I was sitting there all I could think about was going home and crawling into bed. I guess I'll give it a couple of weeks or so and then try again, now that it's beaten me, I really want to get this one under my belt. Also to add insult to injury, while I was out failing the exam, the UPS man dropped by to deliver my MacBook Pro, typical! I gave them a call though and they will re-deliver it tomorrow, so at least now I know that I'll be getting it tomorrow. Now I feel a nap coming on, and then some quality time spent in front of the TV, maybe watching cartoons for the rest of the day.

GCIH Certified - 96% on 2nd Exam As Well

2007-03-17T17:42:00.000Z

So, I couldn't do it, I just couldn't leave the two remaining GCIH books alone and get on with the SCNA studying that I've gotta do before Tuesday. Oh well, right now though I am damn excited to have passed both the GCIH exams! I must say though that I found the second exam a hell of a lot tougher than the first one, but also a hell of a lot more interesting. Well, both the books for the second exam were actually a lot more interesting than the three for the first exam, all in all though, SANS courseware has once again exceeded my expectations. Well, tomorrow and Monday I'm going to be getting into serious study mode for the SCNA exam, and then hopefully on Tuesday I'll pass that one as well. I won't ever be doing 3 exams in the space of 5 days again though, I didn't realise how insane it was actually going to be. Now to decide if I'm going to go for the gold certification on GCIH or not, hmmmmm...

Studying For The SCNA exam bleh

2007-03-15T21:13:00.000Z

OK, so I'm sitting here studying for the Sun Certified Network Administrator (SCNA) for Solaris 10 exam, and well, to be honest it's boring as hell, and I'm forcing myself to study for it. I've been working with Solaris for over 10 years, and this covers things like the TCP/IP model, Subnetting, DHCP, DNS, NTP, and well, I know these things, damnit! I used to be a SysAdmin in a previous life, so I was expected to know these things, and now I'm worried about passing the exam on Tuesday, as I can't remember the last time I actually configured a DHCP server! Yeah, I've hacked a DHCP/NTP/DNS server, I know how the damn TCP/IP model works, but for some reason I'm still stressed about this exam. It really doesn't help either that I have the last two books of courseware for the GIAC Certified Incident Handler (GCIH) sitting on my desk, and all I want to do is pick them up, read them, and do the exam. I'm hoping to do that one next Friday, but then my MacBook Pro is supposed to be getting here next Weds, so we'll have to see how that goes. Oh well, enough of my ranting for now, better get back to some studying. Bleh! I'll leave you with a funny one though: Solaris 10/11 Telnetd vulnerability telnet -l -froot bwahahahahah!!!!!!!

GCIH Exam 1 = Pass 96%

2007-03-15T16:17:00.000Z

Well, I sat this one this morning and passed it with quite a decent score, so I'm quite happy to say the least. I'm just hoping that I can get the same score or better for the next one, which I'm hoping to sit next Friday, so we see how it goes. Now to carry on studying for the Solaris 10 SCNA exam which I'm sitting on Tuesday. Still no MacBook Pro, but I got an update from Apple saying that it should be delivered next Weds.

GCIH, SCNA and going dark for a while

2007-03-12T12:58:00.000Z

Well, things have been rather interesting lately to say the least, I'll be sitting the SCNA exam next Tuesday, so I am going to be spending most of this week and next Monday studying for that one. At present though I'm studying for the first GCIH exam, which if all goes as well as I'm hoping I'll be sitting tomorrow night, so wish me luck. I've also recently invested in a nice shiny new 17" MacBook Pro, and yesterday the auction for my PowerBook finished, so I spent last night formatting it, and packaging it up. I sent it off to it's new home this morning. The only catch is though, that I Apple told me that I will probably only be getting my new MacBook Pro around the 24th-26th of this month, so that's going to leave me without a laptop for a couple of weeks. It's going to be damn weird, but I'm so excited about getting my new MBP! If any of the ISW guys are reading this post, please don't send me any encrypted mails, as I won't be able to read them until I get my new MBP, as I'll be using webmail to check my mail until then. Well, take it easy all.

Solaris 10 Network Admin Course

2007-02-23T22:32:00.000Z

Well, this week was pretty interesting to say the least, I was on the Solaris 10 network admin course at Sun's UK headquarters, and I've gotta say that this has been the best course that I've been on at Sun so far. You can find more details about the course here http://uk.sun.com/training/catalog/courses/SA-300-S10.xml. The first two days of the course were pure networking, which was great, although I seriously detest working out subnets. There were also sections that I knew, and feel very confident about for the exam, namely Bind, DHCPd and XNTPd, the sections on IPv6 and IPFilter were really worthwhile though. The great part about the course though was for a change the instructor seriously had security in mind, even to the point of showing the class how to exploit the Solaris telnetd vulnerability. Okay, so it's not the most complex exploit, but it was still mind blowing to be shown that on a course at Sun. :-) Okay so the lecturer was contracted to teach the course and not a Sun employee, but it was still great. There were also constant references to security throughout the course, which makes a great change from the other courses that I've been on at Sun in the past. Before I went on the course I was planning on sitting the SCNA exam next Friday. To be honest though, after spending a week on the course, I think that a couple of weeks will be a better bet, I really want to make sure that I get through the exam first time. I'll let you know how the exam goes when I go and sit it, I'm hoping to book it sometime this weekend. Well, till next time, and remember: telnet -l -froot Solaris10host ciao If You Want Peace... Prepare For War from the album "Are You Dead Yet?" by Children Of Bodom

Interview with Fyodor

2007-01-31T15:06:00.000Z

I caught up with Fyodor yesterday in regard to the recent goings on with godaddy.com and his seclists.org domain, the full interview can be found on the Securiteam site here: http://blogs.securiteam.com/index.php/archives/806

SCSA Certified Now!

2007-01-19T21:14:00.000Z

Passed the second exam today, and well, aside from considering half way through the exam I thought of walking out, as I thought I'd failed. I actually passed it with a better score than the previous one! So, that's another 4 letters behind my name now, so long as it keeps me up to date, and if it helps to get me a decent increase all the better. Oh well, time to be off now, gotta carry on celebrating! At least this means that I don't have to spend any more nights studying for a while, and now I can spend more time with my guitar. Woman from the album "Bloody Kisses" by Type O Negative

Microsoft Windows XP/2003/Vista memory corruption0day

2006-12-21T12:01:00.000Z

3APA3A just posted the following e-mail to the FD list, so if anyone is looking for details on the Vista 0-day mentioned earlier. Here's the mail that was sent: Dear full-disclosure@lists.grok.org.uk, Since it's already wide spread on the public forums and exploit is published on multiple sites and there is no way to stop it, I think it's time to alert lists about this. On the one of Russian forums: http://www.kuban.ru/forum_new/forum2/files/19124.html message was published by NULL about vulnerability in Windows on processing MessageBox() with MB_SERVICE_NOTIFICATION flag and message/caption beggining with \??\. Vulnerability seems to be memory corruption in kernel and causes system crash or hang after few attempts. It seems to happen because message is logged to event log and may point to some problem with event logs processing. Vulnerability details and code may be found here: http://www.security.nnov.ru/Gnews944.html There is potential remote exploitation vector if some service uses user-supplied input for MessageBox() function. Messenger service is not vulnerable in this way, because it prepends user-supplied input with additional string. I contacted Microsoft on this issue on December, 16.

Too much effort to carry around a laptop and an RSA token?

2006-12-21T11:47:00.000Z

This is classic!! Security By Oblivity

Month Of Apple Bugs, Beginning January 1st 2007

2006-12-21T11:21:00.000Z

As you all know I am a huge fan of Apple's OS X operating system, but I am also heavily involved in information security as well. I personally think that something like this is one of the best things that can happen to Apple's operating system, I also think that the timing is perfect as well, as this will put some strain on Apple to get these fixed in a timely manner. On the 9th of January Steve Jobs will be giving his keynote at Macworld, so I am guessing this means that most of Apple's techies will be working to find any bugs in any of the new kit that will obviously be getting announced. Having the Month Of Apple Bugs at this time, will hopefully show us all just how seriously Apple takes the security of it's operating system. The really great thing with this is though that any bugs found by LMH and KF will hopefully help to make OS X even more secure once they have been patched, and if Apple plays this hand right, it could also show MS how things are supposed to be done in the security world. I don't know whether this second part will happen, but it's a nice thought at least. I guess we'll just have to wait and see what happens. Either way, I think that January is going to be a damn good month!

Does Microsoft really take security seriously?

2006-12-21T11:09:00.000Z

I've been wondering about the above question for a while now, and I really can't wait to sit face to face with an MS security person next month and ask them that exact question. It seems of late all of their effort has been going into releasing Vista, and well, even that isn't exactly secure is it? There are already a couple of 0-day's floating around the net for Vista, now I'm sure that no company in their right mind would have rolled Vista out into the production networks yet (well, aside from MS anyway), but this is still a major threat. The folks over at SANS have updated the list of MS vulnerabilities that have still not been patched, and these are known to be getting exploited. The oldest one of these goes back to the 19th July this year, that's over 6 months old! This really makes me wonder what they hell they are playing at. MS has a lot more money that any security researchers/hackers do, and well if the vulnerabilities can be found, they can be patched. So I would really like to know why these are taking so damn long. In total SANS have 9 vulnerabilities listed, I seem to think that there may be a couple more on top of that as well! The list of vulnerabilities can be found here. So what are everyone else's views on this situation?

Thornography Tour

2006-12-20T10:44:00.000Z

So last night we went to go and see Cradle Of Filth at the Astoria in London, and well aside from messing my knee up before we even got to the gig, it was an amazing night! Up until last night I would have always rated Iron Maided as the best band that I have ever seen live, well even though I was in pain through the Cradle concert last night, Cradle seriously blew Maiden away. The one thing that sucks the most though is that last night was the last leg of their European tour, and next year they will be touring the U.S, so I guess that I'm going to have to wait a while before seeing them again. Seeing live Cradle music videos on the TV really doesn't do them any justice, as the live shows that I've seen on Tv have always had really poor sound. Last night however the sound was perfect, loud, clear and they sounded as good, if not better live than they do on their albumns. I think that they managed to play everything off of the new albulm Thornography last night, as well as some real classics such as "Her Ghost in The Fog", and my all time favourite "Nymphetamine". The only thing that was really wierd about the whole night, was that there was a hell of a lot of tiny little kiddie's there, probably between the ages of 13-16, which just seemed really wrong, but hey. If you like metal at all, do yourself a favour and go and see this band live!

Passed Sun Certified Systerm Administrator Exam! (Well, the first one anyway)

2006-12-14T12:34:00.000Z

So I spent a couple of days preparing for the exam (CX-310-200), and then yesterday I went and sat the exam. Considering I went into the exam with an open mind, and no idea at all if I was going to pass or fail. I was really happy when I finally walked out of the tiny little testing room, and eventually got to look at my results and saw the word PASS! I must say though, I've been working with Solaris for a good few years now, and I would hate to try the exam if I hadn't, okay granted I could have spent a lot more time preparing for the exam, but hey, I always managed to find something better to do than study. Today I booked the 2nd exam (CX-310-202) for the 19th January, for this next one though, I'm going to have to get some serious studying in, as I think that this next one is going to be a bit of a nightmare. All going well though, after the 19th January, I should be SCSA certified. I then need to start preparing for the other exams that I got vouchers for, before the vouchers are no longer valid. The two that I still have to do, before I take on anything new are the Sun Certified Java Programmer (SCJP), and the Cisco Certified Network Associate (CCNA). I'm hoping to get both of them behind me by the end of March next year, but we'll see what happens between now and then I guess.

Backdooring MP3 Files

2006-12-11T15:50:00.000Z

GNUCITIZEN has got a damn good write up on backdooring mp3 files, and I'd definetly recommend it to anyone who's interested in the security implications of this. This is a cross platform problem, due to a "feature" in the latest version of Apple's Quicktime. I use the term "feature" loosly here, as it is a security issue, but so far Apple are failing to admit this. Anyway, here's the link: Backdooring MP3 Files

GSEC Gold

2006-12-08T23:32:00.000Z

So after spending what felt like a year working on on my paper for the GSEC Gold certification, I finally got it finished thanks to the great advisor that was working on it with me. I got an e-mail come through letting me know that my paper has been accepted, and that I passed!

So I went to go and check the SANS site to see if my paper had been added and well, I couldn't wipe the grin off my face for the whole day. My paper ended up in the honors section of the GIAC site!

If anyone's interested the paper's titled "Securing Apache on Mac OS X", it covers securing OS X, Apache, PHP, mod_security, and setting up SSL.

You can find it online here: Securing Apache on OS X

Other news is, that I found out that I can send photo's from my cell phone, right onto this blog, so that's pretty cool, and hence the reason that I am updating this blog again, and why there are pictures of our 2 cats as well.

I'm hoping to put a load more articles up here in the near future as well, but I've also got a load of studying to do as well, as this coming Wednesday I'm sitting the Solaris 10 certification exam, well part one anyway. So wish me luck.

Well, let's see how long this round of blogging lasts shall we?

Now Playing:
The Promise of Fever from the album "Damnation and a Day" by Cradle Of Filth

Monty

2006-12-08T18:09:00.001Z

Oscar

2006-12-08T18:06:00.000Z

Scary RFID uses

2006-12-08T14:31:00.000Z

Just saw this and as interesting as this is, it's just damn scarey to be honest. Oh yeah, and maybe I'll start using this damn blog thing again, now that xmas is coming up. Anyway here's the link: http://www.rfidlowdown.com/2006/12/cool_surprising.html

OS X As A Pentesting OS

2006-01-25T14:47:00.000Z

Just added the above entry on the SecuriTeam site, so go and check it out and give me your feedback. http://blogs.securiteam.com/index.php/archives/246

SecuriTeam Blog

2006-01-25T14:45:00.000Z

Hey All, Well this blog may not be getting updated with any new security articles, as they will all be getting posted on Securiteam's site located at http://blogs.securiteam.com from now on. This one will still have daily rants, and most OS X related stuff though. xyberpix

New Email worm doing the rounds rather rapidly.

2006-01-18T13:05:00.000Z

Just got this off of the F-Secure blog, so c'mon people time to update those virus defs. "The worm, named as Email-Worm.Win32.VB.bi seems to be spreading quite aggressively, it is already 3rd in our Virus Statistics. It is a simple mass-mailer written in Visual Basic. Please see the virus description for more details. We detect the worm with FSAV update version 2006-01-18_02." Summary Email-Worm.Win32.VB.bi is a mass-mailing worm that also tries to spread using remote shares. It also tries to disable security-related software. Detailed Description

Installation to system Email-Worm.Win32.VB.bi is written in Visual Basic and compiled as p-code. The size of the main executable is about 95 kilobytes. When executed, it first copies itself to several locations: %Windows%\rundll16.exe %System%\scanregw.exe %System%\Update.exe %System%\Winzip.exe where '%Windows%' presents the system Windows folder. In Windows XP systems, it is usually C:\WINDOWS. '%System%' is the system32 folder. The worm installs the following registry key for ensuring it will be started on system startup: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry" = "%System%\scanregw.exe" Spreading in e-mails The worm collects e-mail addresses from files with following extensions: .HTM .DBX .EML .MSG .OFT .NWS .VC .MBX .IMH .TXT .MSF And from the files with the following string in name: CONTENT TEMPORARY The worm sends itself as attachment in the infected e-mail. The e-mail subject is one the following: The Best Videoclip Ever School girl fantasies gone bad A Great Video Fuckin Kama Sutra pics Arab sex DSC-00465.jpg give me a kiss *Hot Movie* Fw: Funny :) Fwd: Photo Fwd: image.jpg Fw: Sexy Re: Fw: Part 1 of 6 Video clipe You Must View This Videoclip! Miss Lebanon 2006 Re: Sex Video My photos The message body may be one of the following: Note: forwarded message attached. Hot XXX Yahoo Groups Fuckin Kama Sutra pics ready to be FUCKED ;) Note: forwarded message attached. forwarded message attached. VIDEOS! FREE! (US$ 0,00) i attached the details. Thank you. >> forwarded message ----- forwarded message ----- i just any one see my photos. It's Free :) The worm can attach itself as executable file. It uses one the following names in attachment: 007.pif School.pif 04.pif photo.pif DSC-00465.Pif image04.pif 677.pif New_Document_file.pif eBook.PIF document.pif DSC-00465.pIf Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be one of the following: Attachments[001].B64 3.92315089702606E02.UUE SeX.mim Original Message.B64 WinZip.BHX eBook.Uu Word_Document.hqx Word_Document.uu The filename inside MIME-encoding is one of the following: Attachments[001].B64 [spaces] .sCR 3.92315089702606E02.UUE [spaces] .sCR SeX,zip [spaces] .sCR WinZip.zip [spaces] .sCR ATT01.zip [spaces] .sCR WinZip.zip [spaces] .sCR Word.zip [spaces] .sCR Word XP.zip [spaces] .sCR Spreading in shared folders The worm searches for remote shared folders and tries to copy itself using one of the following filenames: \Admin$\WINZIP_TMP.exe \c$\WINZIP_TMP.exe \c$\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.exe Other details The worm attempts to disable several security-related programs.

iPod Video 60GB

2006-01-18T12:40:00.000Z

Well, I got one of these lovely little toys the other day, thankfully it came at just the right time as my Archos Jukebox was on it's last legs, and really wasn't going to last too much longer at all. I went for the white one, and well it really is a lovely little piece of kit. Considering I've never had an iPod before the scroll wheel takes a bit of getting used to, but after that it's such a breeze to use. The fact that it's 60GB in size as well is brilliant! So far I've managed to get all my mp3's, 3 videos and 2 video podcasts on it, as well as sync my address book and calender. The video version also comes with a few games on it, my fav of these has got to be the music game, it plays a few seconds of a song, and gives you 4 options to pick which song is currently playing. The longer you leave the song playing for, the less points you get. I thought that I really would've known my music a lot better than I do, I'll say that much. I am really paranoid about scratching the screen though, as right now it looks great and I really want to keep it that way, so roll on pay-day so that I can order a case for the thing. Video playback on the iPod video is truely amazing, I never would have thought that the quality would be as high as it is. My Archos Jukebox could play video, which when I got it was really cool, but the quality seriously sucked, and the size of the screen really didn't help matters either. Even though iPods are not the cheapest MP3 players on the market, I really doubt I'll ever buy another MP3 player that's not an iPod. I'm hoping that I never have to, but we'll have to see how technology changes in the coming years. If you're in the market for an MP3 player, head over to somewhere that'll let you play around on the iPod video for a few minutes and see what you think, I doubt you'll be disappointed.

gDisk

2006-01-13T19:00:00.000Z

Finally, some's developed something that I've missed since the days that I was running Linux. A Gmail drive extension for OS X. What this means is that you can use all that cool space, 2 GB at the moment that Google gives you to store mail, as an external hard drive! Great for those offsite backups as well, you know, all the things that really matter. Fine it's not enough space to upload your iMovie files, but hey, you'd want to keep them private anyway. Well, here's the link to the OS X one gDisk: http://gdisk.sourceforge.net/ Here's the one's for Linux and Windows respectively as well: Linux http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html Windows http://www.viksoe.dk/code/gmail.htm Have fun!

Technorati Tags: Security, UK

How To Install Apple's Front Row on any Mac running OS X 10.4.3 or later.

2006-01-11T18:54:00.000Z

I was trying to figure out a way to do this after watching Steve Jobb's latest keynote, and seeing the shiny new iMac's. Well, after a little bit of Googling, someone's already figured out how to do this, and it runs perfectly on my 15" Powerbook. For info on how to get it running head over to http://www.andrewescobar.com/frontrow , and follow the directions. Have fun.

UK+Car Movement Monitoring+Data Retention Act = Dystopia

2005-12-22T10:06:00.000Z

Dystopia: A dystopia (alternatively, cacotopia, kakotopia or anti-utopia) is usually seen as the antithesis of a utopian society. A dystopian society is usually characterized by an authoritarian or totalitarian form of government, or some other kind of oppressive social control. The first use of the word has been credited to John Stuart Mill, whose knowledge of Greek would suggest that he meant it as a place where things are bad, rather than simply the opposite of Utopia. The Greek prefix 'dys'/'dis' signifies 'ill','bad' or 'abnormal', whereas 'ou' means 'not'. I've always been one for privacy, and well after reading the article in the Independent Online today, and with all the recent news about the EU Data Retention act, things are starting to really bug the hell out of me. We used to live in a world where privacy really used to matter, and our affairs where left private, and people would have to go to a great deal of trouble to find out certain information about each other, and cross various legal boundries to do so. These days however, it seems that the U.K government is pushing things further and further away from that time, all in the name of terrorism! I do not support terrorism in any way, and would just like to make that clear now. I am completely against any form of terrorism and feel that more should be done to stop it affecting innocent people and children. What I am against however is governments deciding that they can do whatever the hell they like to the general population in the name of tyring to stamp out terrorism. The headline on the article I read a few moments ago is this Britain will be the first country to monitor every car journey. This gets to me at so many different levels. So they are going to be setting up cameras all over the country so that they can track the whereabouts of a vehicle at any given time, and all of these camera feeds will be linked up to a huge data centre somewhere, so that they can playback infomation at will. Here's a quote from Frank Whiteley, Chief Constable of Hertfordshire: "What the data centre should be able to tell you is where a vehicle was in the past and where it is now, whether it was or wasn't at a particular location, and the routes taken to and from those crime scenes. Particularly important are associated vehicles." So all this data is going to be stored in a central location??? So if we travel somewhere, we WILL be monitored! Hell, they'l even be able to tell us what route we took, who needs the AA's routefinder anymore? "Hello Government car survalance, how can we help?" "Hello, could you please tell me the route I took last weekend to get to Birmingham, as I'd like to go that way again?" "Certainly sir, what's your car registration details, and may I please have your postcode to verify your identity?" Due to the fact that in the UK, we are allowed access to all the infomation held about us, such as credit, criminal and medical records, will we also be allowed access to these records as well? Do they really not see the security implications with doing this? Here's a scenario for you to think about: Imagine that I want to get someone's daily route to work, for whatever reason, use your imagination on this one (think high level political figures.) So I hire a top notch hacker to gain access to the travel records stored at previously mentioned data centre, I will then have a pretty good idea of exactly what time that person will be at the corner of Smith and Jones street. The same also goes for the secure cash delivery vans that deliver money to the ATM's and banks, if I wanted to know what route they take each day/week, all I would have to do is gain access to the vans travel records over a 2 month period, and voila! So much easier that having to perform the standard manual survailance techniques, and much less of a risk of getting spotted. So will this really be helping to stamp out the current crime rate, or will it be helping it out? Couple this with the EU Directive on Privacy and Electronic Communications that states: "Under the terms of the new Directive, member states may now pass laws mandating the retention of the traffic and location data of all communications taking place over mobile phones, SMS, landline telephones, faxes, e-mails, chat rooms, the Internet, or any other electronic communication device. The new Directive reverses the 1997 Telecommunications Privacy Directive by explicitly allowing EU countries to compel Internet service providers and telecommunications companies to record, index, and store their subscribers' communications data (Art. 15 (1) of Dir. 2002/58/EC (PDF). The data that can be retained includes all data generated by the conveyance of communications on an electronic communications network ("traffic data") as well as data indicating the geographic position of a mobile phone user ("location data") (Art. 2 (b) and (c) of Dir. 2002/58/EC). The contents of communications are not covered by the data retention measures. These requirements can be implemented for purposes varying from national security to criminal investigations and prevention, and prosecution of criminal offences, all without specific judicial authorization." So, they can monitor how we get from A to B in our cars, monitor our phone calls, sms's, e-mail and chat conversations, so how much further will this extend? What's next, video cameras in our homes? That may sound a bit paranoid, but it really does seem that we're heading in that direction. As far as anything online goes, there's ways around that as we can use encryption to conceal all our online activities, but yet, we are required by the law to hand over our private keys if requested, and can be charged with not handing them over. There's currently a nice long thread going on this topic on Slashdot as well, and I have to strongly agree with falzer224563's comment, which was " That cuts it, I'm moving to America!" At least over there they don't seem to be getting as anal about the whole thing, and they seem to be the biggest terrorist target in the world. Go figure! Here's a link to a Shockwave video about what all of this government monitoring could lead to, and yes this is a reality, and if things continue the way that they're going, we may not be too far away from this. Watch video. For more info on the EU Data Rentention Policy, please see the Electronic Privacy Information Center's page. Well, I guess that's my rant over and done with today. On a lighter note this is my last day at work until the 9th Jan 2006, and I can't wait to start my leave!!!!

I've gotta try this!!!!!!!!!

2005-12-20T14:46:00.000Z

http://www.zorb.com/main.html Now that looks like fun! If anyone knows where to buy one of these, please let me know. I'm going to look on e-bay now ;-)

2 x 0 Day exploits For Microsoft Excel!!!

2005-12-19T11:25:00.000Z

So I just logged into my e-mail, and what do you know, AD [at] heapoverflow.com has just released 2x 0-day exploits for MS Excel. Both of these are NULL Pointer bugs in the application itself, and as yet AD has said that he has not notified MS of these vulns, due to the fact that they probably won't patch them anyway. ;-) Really can't say that I blame him, as MS really have been lagging behind quite a bit now, but hey, maybe one day they'll learn. Nice find AD!!

Bush Above The Law? Can You Say 1984?

2005-12-19T10:46:00.000Z

So, after all that's happened with the NSA using ECHELON to snoop on US citizens, and local and internation phone calls, this turned up on one of the mailing lists that I subscribe to. Even though I don't live in the U.S, I do have some very close friends over there, and things like this really get to me. Laws are layed down for a reason, and when someone like the President of the U.S decides that these laws don't apply to him, it really shows what direction the world is heading. Below is a copy of a mail sent to the mailing list that I am on, and I couldn't have put this better. "This mailing list is putatively about cryptography and cryptography politics, though we do tend to stray quite a bit into security issues of all sorts, and sometimes into the activities of the agency with the biggest crypto and sigint budget in the world, the NSA. As you may all be aware, the New York Times has reported, and the administration has admitted, that President of the United States apparently ordered the NSA to conduct surveillance operations against US citizens without prior permission of the secret court known as the Foreign Intelligence Surveillance Court (the "FISC"). This is in clear contravention of 50 USC 1801 - 50 USC 1811, a portion of the US code that provides for clear criminal penalties for violations. See: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of war by congress, a period of 72 hours prior to seeking court authorization (which was never sought), and similar exceptions that clearly are not germane. There is no room for doubt or question about whether the President has the prerogative to order surveillance without asking the FISC -- even if the FISC is a toothless organization that never turns down requests, it is a federal crime, punishable by up to five years imprisonment, to conduct electronic surveillance against US citizens without court authorization. The FISC may be worthless at defending civil liberties, but in its arrogant disregard for even the fig leaf of the FISC, the administration has actually crossed the line into a crystal clear felony. The government could have legally conducted such wiretaps at any time, but the President chose not to do it legally. Ours is a government of laws, not of men. That means if the President disagrees with a law or feels that it is insufficient, he still must obey it. Ignoring the law is illegal, even for the President. The President may ask Congress to change the law, but meanwhile he must follow it. Our President has chosen to declare himself above the law, a dangerous precedent that could do great harm to our country. However, without substantial effort on the part of you, and I mean you, every person reading this, nothing much is going to happen. The rule of law will continue to decay in our country. Future Presidents will claim even greater extralegal authority, and our nation will fall into despotism. I mean that sincerely. For the sake of yourself, your children and your children's children, you cannot allow this to stand. Call your Senators and your Congressman. Demand a full investigation, both by Congress and by a special prosecutor, of the actions of the Administration and the NSA. Say that the rule of law is all that stands between us and barbarism. Say that we live in a democracy, not a kingdom, and that our elected officials are not above the law. The President is not a King. Even the President cannot participate in a felony and get away with it. Demand that even the President must obey the law. Tell your friends to do the same. Tell them to tell their friends to do the same. Then, call back next week and the week after and the week after that until something happens. Mark it in your calendar so you don't forget about it. Politicians have short memories, and Congress is about to recess for Christmas, so you must not allow this to be forgotten. Keep at them until something happens." If anyone reading this is in the U.S, stand up for your rights on this one, otherwise it won't be long before we see this sort of behaviour elsewhere in the world!

Xyberpix's Insanity

Exciting Times!

Good Books on Wireless Security

Backtrack WiFu and the OSWP certification

Details of Web App Vulnerabilities Removed

Window Of Vulnerability (courtesy of OWASP TGv3)

The Web Application Hacker's Handbook: A book that that every penetration tester should have on their desk!

In the interest of full disclosure

Just realized that if I am going to get anywhere, I need a new website

Full Disclosure Policy 2.0

New Adobe 0-Day Added To Metasploit

Next Target Acquired - Twitter

Facebook and responsible disclosure

SQL Injection Cheat sheet

Pirate Party UK - The party is registered!

Half A Million Intercepts of Communications Data in 2008

Linux SCTP Vulnerability

Plan To Monitor All Internet Usuage

Computer Spies Breach Fighter-Jet Project

Blackout Europe

The Hacker Manifesto

Pirate Bay Verdict Guilty!! -- WTF???

PIN Crackers Nab Holy Grail of Bank Card Security

Tracking via Cell/Mobile phones

XSS Prevention Cheat Sheet

XSS Cheat Sheet

V for Vendetta!

More on the BBC botnet issue!

When the BBC does it's not illegal...

Blogging

UK = 1984

OSCP Certification Challenge (The Most Intense 24 Hours I've Had This Year)

New Beast

Facebook

VoIP Security

AACS encryption key T-Shirts

Passed SSP-DRAP (Defeating Rogue Access Points) With 100%

Month Of .......Bugs

The Number...

Apple Patches QuickTime Security Flaw

Nine Inch Nails - Year Zero: A Post-Iran War American Dystopia Set in 2020

Bad Vista

A Letter To Warner Chairman Edgar Bronfman

Mod_Auth_OpenPGP

Writing Exploits With Perl ---> Book

InfoSec Europe Next Week

ABN Amro Phishing attack bypasses Two Factor Authentication

Apple Security Update 2007-004

Van Eck Method For Laptops and Flat Panels -- Walls Mean Nothing now

Okay, now this is just bad...

Going To Be A SANS Stay Sharp Instructor!

Widgets listed on Apple's Dashboard Downloads

Month Of MySpace Bugs is a Go

Milw0rm and SANS Internet Storm Center Widgets

First Dashboard Widget!

Local Privilege Escalation Vulnerability found in X-Kryptor

3 Held For Questioning Over 7th Of July Bombing In London

Web Application Auditing Over Lunch

BackTrack 2.0 and Parallels

MacBook Pro 17" Core 2 Duo 2.33 GHz

Yet another reason that I really like Frank Zappa

Flu and the SCNA exam != Pass

GCIH Certified - 96% on 2nd Exam As Well

Studying For The SCNA exam *bleh*

GCIH Exam 1 = Pass 96%

GCIH, SCNA and going dark for a while

Solaris 10 Network Admin Course

Interview with Fyodor

SCSA Certified Now!

Microsoft Windows XP/2003/Vista memory corruption0day

Too much effort to carry around a laptop and an RSA token?

Month Of Apple Bugs, Beginning January 1st 2007

Does Microsoft really take security seriously?

Thornography Tour

Passed Sun Certified Systerm Administrator Exam! (Well, the first one anyway)

Backdooring MP3 Files

GSEC Gold

Monty

Oscar

Scary RFID uses

Studying For The SCNA exam bleh