Sunday, December 31, 2006

Happy New Years

I want to wish everyone a happy new years. I know I have some friends in Berlin right now that will be ringing in the new year shortly.

Everyone have a safe and fun new year.

Another Day, Another One hundred Twenty Yen

Saturday, December 30, 2006

Indian Pharmaceutical Research Company Without AV

Via Indiatimes.com -

KOLKATA: Consider this. Having discovered a virus in its mail system, a mid-sized Indian pharmaceutical research company downloaded a free antivirus software from the Internet. It cleaned the viruses and apparently everything was fine.

Until it discovered that sensitive information was being passed off to its competitors. “We discovered that the antivirus had, in fact, silently planted a spyware that sent every copy of emails to another address from where it was being passed off to its competitors. Even antivirus softwares may not be safe!” Ironport Systems’ regional director for India & Saarc Ambarish Deshpande told ET.





This story still confuses me...why are we even talking about the AV software, which most likely was fake or not powerful enough to remove the infection?

Anyone in the IT security world knows that you can't trust an AV product to remove all elements of an infection. You think it got all the bad files, but did it really? Who knows...so IMHO, the security integrity of the server is now gone. How do we get it back? Well in this case, nothing short of a complete OS rebuild will work. The server was infected with all types of stuff before AV was installed, enough said.

Plus, it smells of corporate espionage. The server is not to be trusted on the network, until proven otherwise.

But let’s back up a bit. Shouldn't we ask why a Mid-sized Pharmaceutical Research company is running without anti-virus?? I mean seriously! How long have they been infected before finding the problem? A long time, I can tell you that.

And now all the IndiaTimes wants to talk about is the insufficient AV program that was downloaded and installed. IMHO the fault should fall directly on the IT staff for several reasons.

It is hard to worry about competitors if you are busy creating a PR nightmare for yourself.

Thursday, December 28, 2006

Weak Protection in AACS DRM

Via Engadget -

Can it be? Is Hollywood's new DRM posterchild AACS (Advanced Access Content System, see more here) actually quite breakable? According to a post on our favoritest of forums (Doom9) by DRM hacker du jour muslix64, his new BackupHDDVD tool decrypts and dismantles AACS on a Windows PC. Just feed the small utility a crypto key (it comes bundled with keys for a few popular HD DVD titles, with the promise of more on the way), and it'll dump the video right off the disc onto your hard drive, supposedly playable in any HD DVD compatible player. If true, this would instantly become the DeCSS of high def optical (where you at, Jon?), as AACS is the copy protection scheme used not only by HD DVD, but by Blu-ray as well. Code and source posted in read link, let us know what you find!Note: We're working on testing this ourselves, we'll report back with our findings asap.

More information can be found here.

CCC Pulls RFID Into the Sunlight

This makes me think of a quote from Tomhiko Taniguchi, Japanese Foreign Ministry spokesman.

"Sunshine is the best disinfectant..."

Basically, he is saying that sweeping something under the rug isn't going to fix anything. Bring an issue to the front and be transparent about it. So instead of just talking about RFID, the CCC is using it...and forcing those in attendence to pay attention.

Via Wired -

BERLIN -- This year's Chaos Communication Congress opens with a unique opportunity -- your chance to track the movements of a Wired News' reporter on the scene, as well as nearly a thousand other visitors to the annual hacker convention.

Hackers are paying 10 euros each for the privilege of hanging special homebrew RFID tags around their necks or slapping them on their laptop bags. Every few seconds, each of these "CCC Sputnik" badges reports its owner's position to an array of 35 monitoring stations, and spits out the guinea-pigs' every move over a public XML feed.

Why is the CCC, a venue more commonly associated with RFID cracks and spychip destruction devices, supporting such an invasion of its members' privacy? One of the project's leaders, Milosch Meriac, explains the motivation to create the system was to make obvious what is normally hidden in how our technology tracks us.

McAfee Virtual Criminology Report 2006 PDF

Several weeks ago, I noted that McAfee released the 2006 Criminology in Europe and it would be released in the US at the beginning of 07.

However with the powers of the interweb, we can all be in Europe. Well Poland in this case. I love the comparison on Page 9.

McAfee, Inc. has released the findings of new research that reveals how organized crime is grooming a new generation of cybercriminals using tactics reminiscent of those employed by the KGB during the cold war.

McAfee Virtual Criminology Report 2006 (PDF) marks the second annual McAfee report into organized crime and the Internet. The study, which used input from Europe's leading high-tech crime units and the FBI, suggests that crime gangs are targeting top students from leading academic institutions in order to provide them with the skills they need to commit high-tech crime on a mass scale.

The study reveals how Internet savvy teens as young as 14 are being attracted into cybercrime by the celebrity status of high-tech criminals and the promise of monetary gain without the risks associated with traditional crime. The report also shows how cybercriminals are moving away from bedrooms and into public places such as Internet cafes and Wi-Fi enabled coffee shops.

Another Microsoft Windows Csrss.exe Exploit

Ruben Santamarta released a new memory disclosure exploit for the Microsoft Windows Csrss.exe vulnerability. This exploit is new and just adds a new twist to the DoS discovered by NULL.

The original vulnerability was also discovered by Determina Security Research.

Watch Secunia and SecurityFocus for future details.

Applescript Opens a New Class of Malware

Looks like he is getting ready for the soon to be released Month of Apple Bugs (MoAB).

Via L.M.H.'s Blog -

After playing with the AppleScript language for a while, it looks like an extremely useful feature of Mac OS X, which enables interaction with mostly every application installed. It’s extremely similar (functionality-wise) to Microsoft’s Visual Basic Script (VBS), which also enables scriptability of the whole system, depending on installed components and other settings. VBS certainly helped to automate tasks and other operations in Microsoft Windows, but also brought a whole new class of malware.

Thanks to the integration of the scripting functionality, it becomes much more easier to elaborate malware capable of spreading itself, for example accessing the Microsoft Outlook address book to gather target e-mail addresses. The first widely known in-the-wild example of malware deploying these techniques was the infamous ILOVEYOU. It’s worth noting, that, while they weren’t capable of “morphing” their code (ex. on spread time, they didn’t generate a different source representation of themselves), they already made use of obfuscation techniques such as variable name randomization, strings encoding and other tricks. Thus, the author needed to start different infections using variants, in order to avoid detection by signature-based antivirus and IDS products.

Moths Drink the Tears of Sleeping Birds

Via Newscientist.com -

A species of moth drinks tears from the eyes of sleeping birds using a fearsome proboscis shaped like a harpoon, scientists have revealed. The new discovery – spied in Madagascar – is the first time moths have been seen feeding on the tears of birds.

Roland Hilgartner at the German Primate Centre in Göttingen, Germany, and Mamisolo Raoilison Hilgartner at the University of Antananarivo in Madagascar, witnessed the apparently unique sight in the island state’s Kirindy forest.

Tear-feeding moths and butterflies are known to exist elsewhere in Africa, Asia and South America, but they mainly feed on large, placid animals, such as deer, antelope or crocodiles, which cannot readily brush them away. But there are no such large animals on Madagascar. The main mammals – lemurs and mongoose – have paws capable of shooing the moths. Birds can fly away.

But not when they are sleeping. The Madagascan moths were observed on the necks of sleeping magpie robins and Newtonia birds, with the tip of their proboscises inserted under the bird’s eyelid, drinking avidly (scroll down for images). This was during the wet season, so the scientists think the insects wanted salt, as the local soils are low in sodium.

Wednesday, December 27, 2006

Blogger Out of Beta

Well, I finally upgraded my Blogger template today. After backing up my old template, I was sad to see that I couldn't "cut and paste" all my custom links into the new template.

So it took me like 2 hours to get everything back on here. The search menu is missing because I haven't found a nice one that I like yet.

If you find something that is broken or weird, let me know. Thanks

The Celldar Project - Are Cellphones Still Our Friend?

Please note this article was released over 4 years ago...I wonder how far things have progressed since 2002. The system uses an external signal source emitter which makes it totally passive. No wonder the military liked the idea.

Passive radar systems are nothing new and have been researched since the late 90s. Past projects have also played with FM radio towers as well.

Via Guardian.co.uk (Oct 2002) -

Secret radar technology research that will allow the biggest-ever extension of 'Big Brother'-style surveillance in the UK is being funded by the Government.

The radical new system, which has outraged civil liberties groups, uses mobile phone masts to allow security authorities to watch vehicles and individuals 'in real time' almost anywhere in Britain.

The technology 'sees' the shapes made when radio waves emitted by mobile phone masts meet an obstruction. Signals bounced back by immobile objects, such as walls or trees, are filtered out by the receiver. This allows anything moving, such as cars or people, to be tracked. Previously, radar needed massive fixed equipment to work and transmissions from mobile phone masts were thought too weak to be useful.

The system works wherever a mobile phone can pick up a signal. By using receivers attached to mobile phone masts, users of the new technology could focus in on areas hundreds of miles away and bring up a display showing any moving vehicles and people.

An individual with one type of receiver, a portable unit little bigger than a laptop computer, could even use it as a 'personal radar' covering the area around the user. Researchers are working to give the new equipment 'X-ray vision' - the capability to 'see' through walls and look into people's homes.

Ministry of Defence officials are hoping to introduce the system as soon as resources allow. Police and security services are known to be interested in a variety of possible surveillance applications. The researchers themselves say the system, known as Celldar, is aimed at anti-terrorism defence, security and road traffic management.

However civil liberties groups have been swift to condemn the plan.

'It's an appalling idea,' said Simon Davies, director of Privacy International. 'The Government is just capitalising on current public fears over security to intoduce new systems that are neither desirable nor necessary.'

The system, used alongside technology which allows individuals to be identified by their mobile phone handsets, will mewan that individuals can be located and their movements watched on a screen from hundreds of miles away.

Prototypes have been effective over 50 to 100 metres but the developers are confident that range can be extended.

After a series of meetings with Roke Manor, a private research company in Romsey, Hants, MoD officials have started funding the multi-million pound project. Reports of the meetings are 'classified'.

Whitehall officials involved in radar confirmed that the MoD was 'very interested' last week. 'It's all about resources now,' said one.

Russian SVR Spy Case Deepens in The Great White North

Back on Dec 5th, I blogged about a possible Russian SVR agent that was arrested in Canada after being watched by the CSIS.

At that time, little was known about the person and it seems likely that he would be deported.

Now experts and officials believe that he may have a even deeper mission. He may have been building a solid cover while also picking up a bit of intel on our friends to the north. Very interesting.

The Robots Are Coming - UK Ponders Robot Civil Rights

Via TheInquirer -

A UK GOVERNMENT think tank is warning that robots might be smart enough to demand emancipation from their human owners.

The paper warns that there could be a "monumental shift" could occur if robots were developed to the point where they could reproduce, improve or think for themselves. This would of course make them more developed than most humans.

The research, commissioned by the U.K. Office of Science and Innovation's Horizon Scanning Centre said that correctly managed, there was a possibility for increased labour output and greater intelligence to be provided by robots that will ultimate lead to greater human prosperity and an improvement of the human condition.

However, Robots could end up suing the government if they did not get their way. The result is that the toasters could have to provide full social benefits to them including income support, housing and possibly robo-health care to fix the machines over time.

Shop & Window Browse with a Twist - RFID

Via PC Advisor UK -

A location-based services trial that will see a famous Tokyo neighborhood blanketed with around 10,000 RFID (radio frequency identification) tags and other beacons got underway earlier this month.

The Tokyo Ubiquitous Network Project seeks to install RFID, infrared and wireless transmitters throughout Tokyo's Ginza area, which is the most famous shopping area in the capital. The tags and transmitters will provide location-related information to people carrying prototype readers developed for the trial, said Ken Sakamura, a professor at The University of Tokyo and the leader of the project.

The system works by matching a unique code sent out by each beacon with data stored on a server on the Internet. The data is obtained automatically by the terminal, which communicates back to the server via a wireless LAN connection and requests the data relevant to the beacon that is being picked up.

Sakamura envisages the system will be able to provide users with basic navigation and information about the shops and stores in the area in at least four languages: Japanese, English, Chinese and Korean.

For example, bringing the terminal close to an RFID tag on a street lamp will pinpoint the user's location and the system will be able to guide them to the nearest railway station while walking past a radio beacon in front of a shop might bring up details of current special offers or a menu for a restaurant.

"Ginza is the most famous shopping district in Japan," said Tokyo Governor Shintaro Ishihara at an event to launch the project. "In every building there are many shops, bars and clubs and it can be difficult to find the one you want. With this you can just push a button and find the where you want to go even if you're drunk!"

Floggers Exposed - Sponsoring Secret Blogs

Via Australian IT -

The curtain has been pulled on a deceptive new advertising tactic in which companies camouflage ads as product praise masquerading as independent blog posting.

Several companies have been exposed for launching fake blogs - known as "flogs" - in a practice that coincides with an increase in the number of real bloggers secretly paid to endorse products.

Online firm Technorati reported it was tracking more than 63 suspicious blogs.

Wily marketers have infiltrated the blogging world, paying for favourable commentary on products.

However posting product commentary without alerting readers that bloggers were compensated for their opinions is unethical and potential illegal, according to US Federal Trade Commission (FTC) rules.

Sony Computer Entertainment America, admitted last week that it created a bogus blog baptized "All I want for Christmas is a PlayStation Portable."

The blog was passed off as the work of an amateur hip-hop musician named "Charlie," who enthusiastically praised the PlayStation.

In a short message on the Charlie blog, Sony apologised for being "a little too clever".

The world's largest retailer, Wal-Mart, came under fire in October for a blog portrayed as an online journal kept by a typical US couple, named Laura and Jim, as they travelled across the country in a motor home.

The couple's blog praised Wal-Mart for letting them park their hulking recreational vehicle overnight in store parking lots and told of encountering Wal-Mart workers nationwide that praised their jobs and their employer.

Business Week magazine revealed that the couple's cross-country trip was sponsored by Wal-Mart - a fact unmentioned in the online postings.

----------------------------------------------

Some corporations want to trick you...they want to fool you...into liking them.

Sad? - Yep, pretty much.

Creates a negative image toward the company? - In my mind, it does.

Illegal? - Perhaps and I don't have a problem with that.

Underhanded advertising is a growing problem and something needs to be done.

RF Jammer - Wave Bubble

This website details the design and construction Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes.

An internal lithium-ion battery provides up to 2 hours of jamming (two bands, such as cell) or 4 hours (single band, such as cordless phone, GPS, WiFi, bluetooth, etc). The battery is rechargeable via a mini-USB connector or 4mm DC jack (a common size). Alternately, 3 AAA batteries may also be used.

Output power is .1W (high bands) and .3W (low bands). Effective range is approximately 20' radius with well-tuned antennas. Less so with the internal antennas or poorly matched antennas.

Self-tuning is provided via dual PLL, therefore, no spectrum analyzer is necessary to build this jammer and a single Wave Bubble can jam many different frequency bands - unlike any other design currently available! To reconfigure the RF bands, simply plug it into the USB port of your PC and type in the new frequencies when prompted. Multiple frequency ranges can be programmed in, each time the device is power cycled it will advance to the next program in memory.

While the documentation here is both accurate and complete (as much as possible), the construction of such a device is still an advanced project. I would not suggest this as even an 'intermediate' skill project, considering the large amount of difficult SMT soldering (multiple TSSOP and SOT chips, 0603 RC's), obscure parts, and equiptment necessary to properly construct and debug.

This design is not for sale or available as a kit and never will be due to FCC regulations. Please do not ask me to assist you in such matters.

All original content for this project is distributed open source under Creative Commons 2.5 Attribution / Share-Alike.

http://www.ladyada.net/make/wavebubble/index.html

MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day)

# NetrWkstaUserEnum(max_len = 1024 * 1024 * 512)
# Exploit --> NULL Session --> PIPE: browser --> NetrWkstaUserEnum() --> Windows XP
# svchost.exe memory usage: 512 MB

http://www.milw0rm.com/exploits/3013

Monday, December 25, 2006

Myspace XSS Zero-Day - Keeps Going & Going

Via Ha.ckers.org -

I laughed out loud when I read this. Kuza55 found another issue in MySpace again today using the exact same exploit that we have been trying to get them to close FOUR separate times now.

Click here to read about the XSS hole last time if you don’t recall what I’m talking about.

Anyway, this is the exact same non-alpha-non-digit issue that they have faced numerous times before. Only this time they got exploited through a different issue they caused for themselves. Remember how I’ve said a number of times don’t strip content unless you really know what you’re doing? Well they don’t really know what they are doing (if you aren’t using a while loop you are already in trouble). In this case, they stripped out moz-binding (the Firefox CSS issue) and replaced it with “..”. Wellll if you make your vector look like onloadmoz-binding= and it gets replaced with “..” you get onload..= which still works in Firefox.

Kuza55 said it best… you really have to wonder what these MySpace developers are thinking right about now. Anyway, this is why you should never ever strip or change HTML input unless you know how HTML works in different browsers, lest you get hit with the same issue 4 times. Nice job Kuza55!

DoD Bar Use of HTML E-mail & OWA

Via FCW.com -

Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.

An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.

Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.

The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.

YouTube Turns Crime-Fighting Tool

Via Wikinews.com -

Following the stabbing of Ryan Milner at a nightclub parking lot, Hamilton police posted a 72-second video clip of a surveillance cam on YouTube, a popular video sharing website, with hopes that witnesses would come forward. While no additional witnesses turned up, about two weeks later, 24-year-old George Gallo turned himself in.

Police had thought that the extra attention brought to the case is what made Gallo surrender; indeed, the video had been viewed 34,000 times. Additionally, the video had been seen from as far away as Singapore. Hamilton Police believes this is the first time YouTube has been used in an investigation, and they are considering using YouTube for future investigations.

Det. Sgt. Jorge Lasso claims that he got the idea when he noted that the same people who attended the concert are the same people who are his children's ages. "My own children are in that age category, and they spend all their time on the Internet; they do not watch mainstream media," he stated.

Sunday, December 24, 2006

CSU Considers Tech Literacy Placement Test

Via ECommerceTimes.com -

California State University (CSU) is considering adding a mandatory assessment test on technological literacy for all freshmen, much as it has required English and math placement tests since the 1980s. "It's been a long time since we talked about any other standardized test in the CSU," Lorie Roth, assistant vice chancellor for academic programs in the CSU system said. "It's in the discussion phase now ... serious discussion."

[...]

"They're geeky, but they don't know what to do with their geekdom," said Barbara O'Connor, a Sacramento State communications studies professor involved in a nationwide effort to hone students' computer-research skills.

On a recent nationwide test to measure their technological "literacy" -- their ability to use the Internet to complete class assignments -- only 49 percent of the test-takers correctly evaluated a set of Web sites for objectivity, authority and timeliness. Only 35 percent could correctly narrow an overly broad Internet search.

-------------------------------

I think this is a great idea and long overdue.

Litvinenko Case - Timeline

CLOAK AND DAGGER.

Here are the key dates in the continuing affair of former Russian intelligence officer Aleksandr Litvinenko, who died in London on November 23 after apparently being poisoned by the radioactive isotope polonium-210.

November 1: Former Russian security officer and vocal Kremlin critic Aleksandr Litvinenko meets two Russians for tea in a central London hotel, then meets an Italian contact, Mario Scaramella, in a sushi restaurant. Shortly after, Litvinenko starts to feel ill.

November 16: Police are informed that Litvinenko is in a serious condition in hospital in Barnet, north London.

November 17: Litvinenko is transferred to University College Hospital in central London.

November 19: British newspapers break the story of his poisoning, initially thought to be caused by radioactive thallium.

November 20: Litvinenko is transferred into intensive care. A photograph is released showing him bald and wearing a green hospital gown. Antiterrorism police take over the probe. Moscow rejects claims that it was behind the poisoning.

November 21: A key doctor says Litvinenko may have been poisoned with thallium. Scaramella says that he and Litvinenko were targeted on a hit list.

November 23: Doctors rule out thallium as the poison, leaving the cause unclear. Litvinenko dies at 9:21 p.m. local time.

November 24: In a death-bed letter, Litvinenko blames Russian President Vladimir Putin for his demise. Putin condemns the claim as politically motivated. Health authorities say Litvinenko was probably poisoned with polonium-210, in an "unprecedented" attack in Britain. Polonium-210 found Litvinenko's London home, the hotel, and sushi bar he visited. The government's top security committee, COBRA, meets to discuss the situation. The Foreign Office says it has raised the case with the Russian Embassy.

November 25: Scaramella alleges the Kremlin was behind the Russian's killing. British authorities urge people who were in the contaminated sushi bar or hotel to contact them. COBRA meets again.

November 26: Hundreds call emergency health hotline to report symptoms, while a government minister, Northern Ireland Secretary Peter Hain, laments the "murky" death of Litvinenko.

November 27: Traces of radioactivity are found in two new locations. Scaramella is taken into protective police custody.

November 28: Authorities confirm traces of radioactivity at five locations. Russian prosecutors in Moscow offer to cooperate with British police.

November 29: Prime Minister Tony Blair pledges there will be "no diplomatic or political barrier in the way of that investigation." British Airways says it has found low levels of radioactivity on two aircraft, including one flown back from Moscow to London. Former acting Russian Prime Minister Yegor Gaidar is reported to be in hospital after falling ill in Ireland, triggering speculation of a link.

November 30: U.K. Home Secretary John Reid announces that traces of radioactivity have been found in around a dozen locations. Four aircraft are grounded pending radiation checks. One is given the all-clear. Reid says the authorities may also be interested in a fifth Russian jet.

December 1: Scaramella tests positive for polonium-210 and is hospitalized. Doctors say he is "well," with symptoms less serious than the ones that led to Litvinenko's hospitalization. A specialist postmortem examination of Litvinenko's body takes place. Litvinenko's friend Alex Goldfarb says he has given British police scans of letters he says were written by a jailed former Russian intelligence officer showing the existence of a secret squad targeting Litvinenko and others. Ireland's nuclear watchdog assists police investigating Gaidar's mystery illness.

December 2: Scaramella shows "no evidence of radiation toxicity" in early tests. Three British Airways planes are cleared for use again. Ireland's health authorities find no traces of radiation at the hospital where Gaidar was treated.

December 3: U.K. Home Secretary John Reid says the Litvinenko investigation will likely widen to Europe.

Saturday, December 23, 2006

Happy Festivus!

Props to Fergie for beating me to the gun...

http://fergdawg.blogspot.com/2006/12/happy-festivus.html

This Week in Urban Words

Monday - Grade Digger

  • Girl who only talks to you for help with her classes.

Tuesday - funemployment

  • a happy time in one's life when one is not employed and is not wanting to be employed

Wednesday - Chrismukkah

  • Mixed celebration of Hannukkah and Christmas for Christian/Jewish families. Originated from The OC.

Thursday - Christmas Creep

  • A phenomenon where the Christmas season starts earlier and earlier each year.

Friday - Serial Chiller

  • A person who always kicks back, kicks it, relaxes. One who rarely shoulders responsibility and avoids stress and anxiety.

Thursday, December 21, 2006

Miracle of Birth

Via BBC -

A British woman is thought to be the first in the world to give birth to triplets from two wombs. In September, Hannah Kersey, 23, of Northam in Devon, had twin girls who were conceived in one womb, and a third girl from another womb. Kersey has a rare condition known as uterus didelphys, which results when the uterus fails to fuse during development. The condition affects one in 1,000 women in the U.K.


Via Independent.co.uk -

The world's largest lizard has astonished biologists by being able to produce offspring by an "immaculate" conception without the help of a male. Two captive female Komodo dragons have had virgin births by a process called parthenogenesis, when an unfertilised egg develops into a normal embryo without being fertilised by a sperm.

Unconfirmed Windows Memory Corruption Zero-Day

Dear Secure@microsoft.com,

On one of Russian forum security vulnerability is discussed in Microsoft Windows (Windows XP is tested). A vulnerability is caused by memory corruption is string beginning with "\?\" is send thorugh MessageBox API with MB_SERVICE_NOTIFICATION flag.

It looks like some "debug" feature not cleaned out in final release and it seems to exploitable to code execution at kernel level.

See the full details on Security.nnov.ru.

Lawmaker Won't Apologize for 'Islamophobic' Letter

IMHO, This lawmaker should be apologize for such a statement. Muslims are not some type of hate filled group that has its sight set for destruction. If a person has to be sworn in on an object, it is my personal view that the object should have a special meaning to the person....If you don't use an object that means something to you...then why even do it.

This congressman would want you to believe that this is the first time..and a growing "problem"...but this isn't the first time and it isn't a problem at all.

The object is suppose to be mean something to the person being sworn in. The object could be a Grande Starbucks Latte and it would be legal, it doesn't matter.

Saying that a Muslim congressman shouldn't be sworn in on the Quarn is like saying that a Christian congressman shouldn't be sworn in on the Bible. No one can force an object to have a special meaning to the person...so I don't understand why people would be at odds with Ellison's decision.

This congressman from VA should stop and think about his actions....and if I was one of the citizens in his district...I would stop and think about who we just elected to govern over us.

Is he showing the level of understanding and acceptance that we expect from a person that we elect into power?

Smells like clear bigotry to me....but that is just my 2 cents.

Wednesday, December 20, 2006

The Missing Microsoft Patches

The fine people over at SANS have outlined several important vulnerabilities which still haven't been patched.

Boy Hurt By Cannon Blast Feels Twice Wounded

Via Seattlepi -

SNOHOMISH -- The cannon shot that ripped into Brett Karch's leg, causing a gaping combat-style wound, has also torn a hole in his hometown community of Snohomish.

Karch, whose leg was nearly amputated and who faces more than a year of physical rehabilitation with an uncertain outcome, has been the target of physical threats because of fears his injury will jeopardize the community's tradition of firing the ceremonial cannon before each high school football game and after touchdowns.

For more than 30 years, the blast of the cherry-red cannon has ignited the roars of fans whenever the home team scored in this football-proud town. With its tree-lined streets, gingerbread-trimmed Victorian houses and hills crested with historic churches, the town is devoted to its traditions, including its beloved cannon, which students in the school's metal shop built after a previous cannon gave out in the mid-1980s.

[...]

But the shot that nearly took off Brett Karch's leg now leaves the fate of that tradition in the air, and that has upset some in the community.

According to Karch's medical records, security guards notified police after Karch received disturbing phone calls and visits from parents and students, some of whom threatened to "break his other leg" or worse, if he didn't keep quiet about the accident. Hospital staff had to move him to a secure room where they monitored visitors.

Callers and visitors told Karch they would "make sure his other leg got blown off," and that "there would be retaliation" if the family cooperated in an investigation that could end the cannon tradition, said Mary Bissel, Karch's mother. "That's when I kind of got a little upset," Karch said.

The threats also included mention the family would be "banned from the town," Bissell said.


She's been warned not to talk to a lawyer, or reporters. The allegations of threats, as well as the cause of the accident, remain under investigation.

Hospital security reported the threats to the Everett Police Department, but police, who came to the hospital to interview Karch and his mother, won't release the incident report, citing the open investigation into the cause of the accident.



Traditions are a positive thing, but in the face of true human suffering...no tradition is that important. Traditions are meant to carry emotion, without that positive emotion...the tradition is useless. The people that are make threats to this young kid have truly lost sight of their tradition and that is sad.

Just last month, Aggies around the world took time to remember the Texas A&M Bonfire collapse of 1999. As expected the game just didn't seem the same anymore.

My brother, a graduate of TAMU, wrote the following in his blog on Nov 18th, 2006:
Seven years ago today, in the midst of every Aggies favorite week, tragedy struck and suddenly the rivalry game with the University of Texas didn't seem as important has it had the day before.

At 2:42 am on the morning of November 18, 1999, the Bonfire stack fell and my perspective on what rivalry means shifted with the falling logs. Twelve Aggies would be killed by the pileup and 27 others injured, and the whole Aggie family mourned. With the game only a couple of days away, the Bonfire workers were in what they called "push" the hectic 24 hour work schedule before the burn. Because of that, I knew when I got the call on that morning and my friend told me that "Bonfire collapsed last night"... I knew there were students all over it and that the hope of no one getting critcally injured was minimal.

I'll never forget the sorrow I felt that day as I sat at my desk in Houston trying to work. I didn't personally know any of the students who were killed or injured but that didn't matter - they were Aggies. They were kids in the prime of their lives and all I could think about was the immeasureable loss their immediate families must be going through. This was the first tragedy that had hit me this hard - the horror of 9/11 was still almost two years away. I wanted to be in College Station that day and to grieve with my fellow Aggies. I know I probably couldn't provide any tangible assistance, but I just felt like I needed to be there.

Ironically, it took a tragedy like this to remind everyone that the grudge match and blood fued of a rivalry we had all thought so important just a day earlier was only a game. The University of Texas shared their shock and condolences with the Aggies as their student body president traveled to College Station that day to speak at the memorial service on campus that night. Our student president went to Austin later to participate in a candlelight vigil that replaced the Longhorns annual "Hex Rally".

The game happened a week after the collapse, and thankfully the Aggies won. Not because we wanted bragging rights, but because we needed it. The players dedicated the game to their fallen fellow students and when linebacker Brian Gamble sacked Major Applewhite and recovered the fumble to ice the game, he raised his arms skyward almost as if to give those lost a giant hug and the emotions flowed all around the stadium.

Through it all I gathered a new respect for our most fierce rival. The class they showed after the event and during their memorable halftime salute at the game, showed me that while we may enjoy nothing more than beating each other on the field we're still all Texans, all human and that the outcome of a football game shouldn't seem as important as life and death.

I'll never forget the compassion and the gestures they made. One that sticks out was weeks later a college friend and I were sitting in a bar in Houston when two Longhorns having seen our Aggie Rings came over and shook our hands and offered their sincerest condolences.

Sure I still want my team to come out on top when the two schools match up on the field, and I still love to engage in a little friendly rivalry smack talking, but for me the game now is just a game.
----------------------------------------

Absolutely disgusted! Sometimes I feel like there are just some people that shouldn't have the freedom to walk around us....these people that are making threats to this kid, fit the bill pretty well.

Mozilla Firefox Multiple Vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system.

Solution:
Update to version 1.5.0.9 or 2.0.0.1.

Humor: Where are the Superheo Mutants?

Via theOnion -

As the search for alternative energy sources continues, many decry nuclear energy as an unsafe and irresponsible option. Admittedly, dangers exist, but innovation always involves risk, for the best ideas often result from happy accidents. Indeed, perhaps a catastrophic meltdown would be the best thing that could happen. To abandon nuclear energy is to risk something far greater than another Chernobyl. It is to risk the loss of future superpowered, costumed heroes.

If we fail to encourage our scientists to get trapped in a malfunctioning reactor as warning klaxons ring across the facility, and menacing numbers on a nearby wall-screen count down to zero, their frail human physiologies will never receive the massive doses of radiation necessary to transform them into glowing metallic-chrome beings with nuclei-and-electron symbols emblazoned on their muscular chests. As our country takes on the innumerable challenges of the 21st century, we need—now more than ever—cosmic, glowing superbeings capable of harnessing the power of the atom to fight crime.

While we possess the technology to irradiate common household insects in educational experiments gone awry, we inexplicably have not yet done so. Not one high-school student has been exposed to the bite of such a radioactive insect and developed spider-like powers.

Without swift, even reckless expansion of our domestic nuclear-energy program, scientists will never be exposed to the new and unique radiation poisonings from which the most powerful superheroes are generated. We need to see radioactive canisters spilled from the backs of trucks, hitting small boys in the eyes, blinding them, and giving them the heightened senses and radar-like superpowers of rooftop-jumping gymnastic avengers.

Without research into Gamma Bombs, how will an idealistic young scientist be forced to run out onto the test site at the last minute to save a reckless teen, only to be mutated into a giant, green, rampaging force for justice?

[...]

We can no longer deny the facts: We need code-named heroes to fight the super-villains of tomorrow. Unless our government prioritizes scientific research and its resulting freak accidents, we have no one but ourselves to blame when we are unable to protect ourselves from robot executioners, giant creatures from the Earth's core, or invasions from the Skrull Empire.

---------------------------------------

The UK recently released plans to spend up to £20bn on a new generation of submarines for Trident missiles. And the US just signed a nuclear deal with India.

But all of this just points back to the real underlying question. What about the Superhero Mutants that we were promised? All this nuclear stuff flying around everywhere and I haven't seen a single crime-fighting superhero mutant anywhere. I mean, come on people...whats the deal?

Tuesday, December 19, 2006

Sony BMP Spyware Case Finally Closed in Texas

AUSTIN - Texas Attorney General Greg Abbott today concluded a year-long investigation and legal action against Sony BMG Music Entertainment by obtaining an Agreed Final Judgment that provides restitution to consumers and brings sweeping reforms that will protect consumers nationwide.

Texas was the first state in the nation to take legal action against the music giant after determining that Sony BMG released millions of compact discs containing harmful software that was not disclosed to consumers. Today’s precedent-setting action prohibits Sony BMG from selling CDs containing XCP, MediaMax or any other content-protection software that hides or cloaks its software files. Sony BMG must also destroy any existing CDs embedded with XCP or MediaMax technology, continue working to withdraw those CDs from the marketplace, and submit to independent, third-party monitoring of any software-enhanced music CDs for the next five years.

“Texans deserve to be protected from harmful, hidden files that threaten their privacy or the integrity of their computer systems,” said Attorney General Abbott. “Our first-in-the-nation action against Sony BMG shows that consumer privacy will be vigorously protected. Today’s settlement removes harmful products from the marketplace, compensates consumers for any harm they have suffered, and sets best practices that we hope will lead to reforms across the industry.”

In November 2005, the Attorney General’s Consumer Protection Division brought the first lawsuit ever filed under the Texas Consumer Protection Spyware Act after learning that so-called XCP and MediaMax technologies violated Texas' consumer protection laws. Further investigation revealed that the software embedded on some Sony BMG CDs could damage consumers’ computers and create security vulnerabilities. The State’s lawsuit also claimed that Sony BMG violated the Deceptive Trade Practices Act.

Texas consumers whose computers and CD-ROM drives were damaged by XCP software may qualify for restitution from Sony BMG. Today’s agreement requires that Sony BMG publish claim forms on its Web site, www.sonybmg.com. Consumers seeking restitution should submit claim forms to Sony BMG, along with repair receipts and other evidence of system damage. Claimants could receive up to $175 each to compensate them for the costs of repairing computers damaged by Sony BMG products. Those without proof of out-of-pocket expenses are still eligible for $25.

----------------------------------------

Check out the rest of the details in the Official Texas AG Press Release.

You can see my past blogs about the Sony Spyware case here.

Month of Apple Bugs - Set for Beginning of 2007

Looks like KF and LMH plan on dropping some Mac Bugs at the beginning of the year. It should be interesting to say the least.

You will remember LMH from the Month of Kernel Bugs (MoKB) and you might remember KF from the OSX Inqtana PoC worm and numerous Bluetooth vulnerabilities.

LMH has stated that he "isn't a fan of full-disclosure" and KF has been pretty good at releasing important information in a way that causes little to no damage. For example, the OSX Inqtana worm took advantage of patched bluetooth vulnerability and it ended up going nowhere fast.

With that in mind, I don't think people should freak out too much about what might be released.

In the end, it will serve to prove a point if anything. All operating systems are vulnerable and people should take measures to protect their computers at all times. At the same time, vendors should be open about possible security issues and work to solve those issues in a timely fashion, while keeping the public in the loop (looks at you Apple).

However vendors also have a huge responsible to deal with issues in a timely fashion...if that doesn't happen....the game changes normally.

Month of Apple Bugs (MoAB) here we come....

Check out the SecurityFix blog for more details.

17,500 CU Students Warned of Possible Data Theft

Via dailycamera.com -

University of Colorado officials are warning 17,500 students that their personal information, including names and Social Security numbers, may have been stolen when a hacker broke into a campus computer server.

It's the first such incident this year after CU bolstered computer security in February following a wave of four attacks in 2005.

Employees from CU's Information Technology Services office discovered the attack on a server in the campus' Academic Advising Center on Dec. 8. The investigation is ongoing.

"The hacker apparently entered the server through a Web page," Todd Gleeson, dean of CU's College of Arts and Sciences, which houses the Academic Advising Center, said in a statement.

The identities and Social Security numbers exposed in the attack were of students who attended orientation sessions from 2002 to 2004, he said.

"We do not presently have any evidence that the data were actually accessed or used, and we are notifying the students affected," Gleeson said.

(Thanks to my friend, Aaron Spuler, for the catch.)

Microsoft Outlook ActiveX Control Remote IE DoS Vulnerability

Via SecurityFocus -

The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.

Sample Exploit - http://www.securityfocus.com/data/vulnerabilities/exploits/21649.html

Cartoon Artist Joseph Bardera Dies at Age 95

Joseph Roland "Joe" Barbera (March 24, 1911 – December 18, 2006) was an American animator, cartoon artist, storyboard artist, director, producer, and co-founder, together with William Hanna, of Hanna-Barbera. The studio produced well-known cartoons such as Tom and Jerry, The Huckleberry Hound Show, The Flintstones, The Jetsons, Scooby-Doo as well as the musical film, Charlotte's Web.

http://en.wikipedia.org/wiki/Joseph_Barbera

http://www.abc.net.au/pm/content/2006/s1815109.htm

As I recall, there were few days in my youth...where I didn't see one of the above shows.

Classic writer that will be missed by the youth of now and those of the future...that is for sure.

Rumor of a Skype Worm Spreading

Websense Security Labs has had reports of a new worm that uses Skype to propagate. We are still investigating the issue but here are the details so far:
  • users receive messages via Skype Chat to download and run a file
  • the filename is called sp.exe
  • assuming the file is run it appears to drop and run a password stealing Trojan Horse
  • the file also appears to run another set of code that uses Skype to propagate the original file
  • the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
  • the file connects to a remote server for additional code
  • the original site has been black holed and is not serving the code anymore
  • the number of victims is still TBD
  • the original infections appear to be in APAC region (Korea in particular)

More details will be published later today when we get more details.
Special thanks to the Shadow Server for research assistance.

SANS also has a blog about it.

Monday, December 18, 2006

Chocolate is a Pepsi Product

I am sitting here eating some super rich yet bitter dark Russian chocolate. Good stuff. So I decided to visit the Russian website....I don't speak Russian, so I used trusty old Google for the translation.

And it would seem that "Chocolate is a Pepsi product made of cocoa products and sugar."

Original Russian Site = http://www.uniconf.ru/ru/babaevskiy/

Man, I never knew that.. =)

Talisker Network Security Radar Wizardry

I found this site several years ago and have passed it along to friends when needed. It is pretty nice for a quick overview of what is going on as a whole.

It isn't too in-depth, so those people that constantly read all the security mailing list, will find it lacking a bit. But for the busy corporate types that can't keep up with noisy mailing list, it is pretty nice.

Main Site - http://www.networkintrusion.co.uk/

Radar (uses Java) - http://securitywizardry.com/radar.htm

The Computer Network Defence Internet Operational Picture was designed and built to cater for the demands of Government and Military networks requiring near real time information on new and emerging cyber threats. It's public availability and lack of corporate identity has resulted in almost every industry, including home users, taking advantage of it either on an occasional basis or full time on plasma screens. The page auto updates every 20 minutes drawing information from multiple sources.

Post No. 501 - HSBC Closing Accounts For Good

Very interesting read over at Light Blue Touchpaper.

Sound like anti-terror or AML regulations to me for sure.

I just noticed that this is post 501. Pretty good for just starting last Oct.

Anyways, I want to say thanks to all the readers out there...so thanks for reading.

Happy Monday

Sunday, December 17, 2006

Mars Rovers Experience Four-Digit Date Issue (Y2K Anyone?)

Via ScienceNow.org -

SAN FRANCISCO, CALIFORNIA--Spirit and Opportunity are painting a considerably different picture of Mars from what NASA's mission scientists had expected when the twin rovers set down separately on the red planet in January 2004. Designed expressly to look for signs of water, both craft have found such signs in the rocks and soil lying in their paths. But what's surprising and disappointing is the water seems only to have lurked beneath the Martian surface. Lakes, rivers, and oceans seem to have been almost totally absent from the planet's history.

Reporting here today at the annual meeting of the American Geophysical Union, members of the Mars Exploration Rover science team declared both machines basically healthy--although Spirit remains partially crippled by a right-front wheel drive motor that failed nine months ago. So far, Spirit has logged 1047 sols, or Martian days, and Opportunity has been operating for 1026 sols. The Mars rovers' project manager, John Callas of NASA's Jet Propulsion Laboratory in Pasadena, California, quipped that crossing the 1000-sol threshold created a problem, because the rovers' software was not designed to handle four-digit dates. "But it's a good problem to have," Callas said.

----------------------------

The Mar Rovers were projected to only be going for three months....but they are looking at three years right now. Very cool.

Organized Crime Groups Probe ATM Weaknesses

Via MSNBC.com -

Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks – a flaw that they say could undermine the entire debit card system.

The U.S. Secret Service is investigating the matter, and MSNBC.com obtained a memo compiled by the agency that indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN traffic.

The report has ignited a debate within the banking industry, with many financial industry experts downplaying the seriousness of the flaw and outside experts divided on its implications. But there is no disputing the impact that such a hack would have if successful.

----------------------------------

This article is several weeks ago, but still very interesting. We all remember the Mini-bank password issues from the Fall.

The Virtual Relationship Myth

Via TechDirt -

There's a new study out about how people online are making friends online -- which is hardly a surprising fact. However, where the reporting on it gets weird is that the press keeps referring to these relationships as "virtual" friendships, as if the people aren't real. The people are very real, and the friendships aren't "virtual" at all. It's just that the conversations are often kept up digitally. It's also weird to see quotes like: "More than a decade after the portals of the worldwide web opened to the public, we are now witnessing the true emergence of the internet as the powerful personal and social phenomenon we knew it would become." That's really a rewriting of history. The internet has always succeeded as a communications platform. Things like email, BBS's, IRC and Usenet were very much about the social aspect long before the web itself even came along. To claim that it's suddenly reached its potential is misleading. It's just that people are finally recognizing that the social and communications aspect is what the internet does well, instead of trying to force it into being a broadcast medium.

---------------------------------------------------

I personally think that Mike has hit the nail directly on the head....because I know he is right.

I-Hacked Video: Making a Beer Can PadLock Shim

http://www.i-hacked.com/content/view/243/48/

Why drink beer at Defcon 14? To make lock shims, of course.

That 2 hour delay was crazy that morning.

Quote of the Vid - "The Red Badge doesn't mean I neseccarily know what is happening..."

Saturday, December 16, 2006

Engineer Indicted on Economic Espionage

Via SignOnSanDiego.com -

SAN JOSE – A Silicon Valley engineer stole trade secrets from a San Jose software company and tried to sell them to foreign governments, prosecutors alleged Thursday.

Xiaodong Sheldon Meng, 42, a Chinese national with Canadian citizenship, was indicted on 36 felony counts, including economic espionage to benefit a foreign government and violations of military technology export laws.

Prosecutors say Meng stole the underlying code for software made by Quantum3D Inc. that is used to train military fighter pilots, and tried to sell it to the Thai and Malaysian air forces and a company with ties to China's military.

No foreign government or agent was named as a conspirator in the case.

Under U.S. law, anyone attempting to sell such information overseas must first obtain a license from the State Department and is subject to strict regulations. Xiaodong never applied for or received such a license.

His case marks only the third time prosecutors have charged someone with economic espionage to benefit a foreign government, the most serious crime under the Economic Espionage Act of 1996. It carries up to 15 years in prison. Theft of trade secrets can bring 10 years.

Guilty pleas were expected Thursday afternoon in one of the other two cases under the economic espionage act. That case involves Fei Ye and Ming Zhong, two other Silicon Valley engineers with ties to China. Their conviction would be the first since the economic espionage law was enacted.


(Props to my friend Fergie for the find)

Underground Auction - Vista Zero-Day, Bots & More

Via Eweek.com -

Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.


In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.

[...]

A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.

Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300.

The auction marketplace is also selling driver's licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25.

PayPal or eBay account credentials are available for $7, Genes said.

-------------------------

(Props to my friend Fergie for the find)

New Pentagon Counterinsurgency Manual Released

Via the Secrecy News -

The U.S. Army has completed a long-awaited new manual (large pdf) presenting military doctrine on counterinsurgency. It is the first revision of counterinsurgency doctrine in twenty years.

In several respects, the new doctrine implicitly repudiates the Bush Administration's approach to the war in Iraq.

"Conducting a successful counterinsurgency campaign requires a flexible, adaptive force led by agile, well-informed, culturally astute leaders," the foreword states.

The new manual emphasizes the importance of planning for post-conflict stabilization, and it stresses the limited utility of conventional military operations.

"The military forces that successfully defeat insurgencies are usually those able to overcome their institutional inclination to wage conventional war against insurgents."

A copy of the new 282 page unclassified manual was obtained by Secrecy News.

See "Counterinsurgency," U.S. Army Field Manual 3-24, December 15, 2006 (12.9 MB PDF).

MS Releases IE7 Patch to Address Slow Phishing Feature

When you use Windows Internet Explorer 7 to visit a Web page, the computer may respond very slowly as the Phishing Filter evaluates Web page contents.

http://support.microsoft.com/kb/928089

This patch was released on Black Tuesday, but was not pushed down via Windows Update. Get it if you use the anti-phishing feature of IE7.

Friday, December 15, 2006

New Windows Explorer & Media Player 10 DoS Exploits

CVE-2006-6602 - Publish Date: 12/15/2006
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.

CVE-2006-6601 - Publish Date: 12/15/2006
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a MID file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.

Credit to SehaTo for both.

You might remember him from the Windows Media ASX DoS Exploit.

PoC Exploits for Both = http://www.security.nnov.ru/Gnews936.html

MIT launches iFIND App For Stalking Your Friends

Via Engadget.com -

When we first spotted MIT's location-tracking WiFi network last year, the stalking capabilities were interesting, but not fully realized. Now with this new iFIND app of theirs, WiFi positioning takes on a whole new level of geeky functionality at the Boston campus. At its core, iFIND is a peer-to-peer application that allows users to control the flow of their own location information, eliminating the privacy concerns of a centralized tracking system. Built on top of that functionality are all sorts of interesting buddy list capabilities to track and chat with friends, and choose who can track you. You can also set up meeting places with friends, even using the system to pick a spot at the "center of gravity" of a group of friends for the ultimate in geek cred. Anyone with an MIT email address can use the system, and future functionality includes the ability to share data anonymously with users found with the system, or to alert the police to your position in an emergency without divulging your identity -- all for the truly paranoid, but fun stuff all the same.

Backframe – JavaScript Hacking Framework

Backframe Attack Console was started as an experiment to create a full featured attack console for exploiting web browsers, web users and remote applications. Those who are familiar with XSS Proxy or even BEEF might already be familiar with the core principles of the project.

The console is based on simple client-server interaction. Both parts are required for successful operation. The server, also known as the attack channel, providesfunctionalities for establishing bi-directional communication with remote clients. On the other hand, the console is responsible for interacting with the channel providing the necessary toolkit for launching attacks against these clients.

The result of these core principles is an easy to use and understand web-client-oriented attack framework that keep the data, the presentation layer, and the underlying logic apart. This design is known as "the separation of concerns model". This is highly effective practice which allows to easily extend upon the core elements.

http://www.gnucitizen.org/backframe/docs/index.htm

Online Example - http://www.gnucitizen.org/backframe/application.htm

MS Internet Explorer 7 (DLL-load hijacking) Code Execution Exploit PoC

/*
Copyright (C) 2006-2007 Aviv Raff
http://aviv.raffon.net
Greetz: hdm, L.M.H, str0ke, SkyLined


Compile and upload to the victim's desktop as one of the following hidden DLL files:
- sqmapi.dll
- imageres.dll
- schannel.dll


Run IE7 and watch the nice calculators pop up.
Filter fdwReason to execute only once.


Tested on WinXP SP2 with fully patched IE7.
For testing/educational purpose only!
*/

Please note that this isn't your normal drive-by-download type of vulnerability. The DLL would need to be uploaded to the victim's PC.

http://www.milw0rm.com/exploits/2929

Nano-Cables Convert Light into Electricity

Via NewScientistTech.com -

Nanocables that convert light into electricity could one day be used to power nano-robots.

The cables are 16 nanometres in diameter and several micrometres long. They resemble the light-harvesting antennae used by some bacteria and transform light into electricity in a similar way to the semiconductors in solar panels, albeit on a much smaller scale.


"This is the first example of a photoconducting nanostructure," says Takanori Fukushita of the University of Tokyo, Japan, a member of the team that built the cables.

The hollow cables can grow up to several micrometres long. To build them, Fukushita and colleagues created a compound containing hexabenzocoronene (HBC), two carbon-12 chains, and trinitrofluorenone (TNF). They placed the compound in a solution of tetrahydrofuran and bubbled methane vapour though it, causing the compound to self-assemble into hollow cables.

The HBC, which sheds electrons when hit by light, formed the inside of the cable wall, and the TNF, which readily accepts electrons, coated the outside of the wall.


Each time a photon hits the cable from outside it passes through the outer layer and knocks an electron loose from the inner layer. This causes the electron to jump to the outer layer and leave behind a positively charged "hole". These separated charges can then generate a current.

To test the nanocables, the researchers placed one on a silicon surface and applied a voltage across it. When light was shone onto the surface, a current began flowing down the cable between two electrodes. When the light was switched off, the current stopped.

At the moment, the cables cannot produce usable electricity from sunlight alone, as current does not flow well through the outer layer of TNF. The next step, Fukushita says, is to modify the outer layer, perhaps by attaching carbon-60 molecules (buckyballs), so it acts as a semiconductor and allows more current to flow.

Once this has been achieved, the nanocables could be fitted to nano-sized robots or micro-machines and power their movements, suggests Franz WĂĽrthner at the University of WĂĽrzburg in Germany. Their similarity in size and function to the antennae used by bacteria for photosynthesis means it might also be possible to connect them to such organisms, creating hybrid devices, he says.

--------------------------------------------

Very interesting. Now if someone can just make cybernetic light-powered bateria to keep my car clean...

Hackers Take Over Email, Then Demand Ransom

Via ZDNet India -

A Hotmail user logged into their account this week to find that scammers had deleted all their e-mails except for one, which was from a hacker demanding cash in exchange for restoring the lost information, according to Websense.

Websense said this scam is a variant of ransomware, which is a malicious program that encrypts documents on the victim's computer and asks for a payment in order to decrypt the files. Had this been the owner or an employee of a small business, the company's intellectual property (IP) would have been at risk.

Joel Camissar, country manager at Websense ANZ, said that the Hotmail account of the victim is thought to have been hacked after they used a spyware-infected computer in a Spanish Internet cafe. The hackers had deleted everything from their inbox, outbox and removed all their contacts.

Camissar warned that the same thing could easily happen in Australia to somebody accessing their corporate Webmail account, which would most likely have serious consequences.

"Somebody could have used the Internet caf? to access their Outlook Web access account -- their password would then be compromised because the password for that account would be the same as their regular work access.

"The intellectual property could be very valuable. Imagine if it's the director of a company and they have [e-mails containing] confidential schematics or financial results," said Camissar.

Earlier this year, antivirus firms warned that criminals were increasingly using ransomware and warned that small businesses were most at risk.

David Emm, senior technology consultant at Kaspersky UK, said: "Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses (without IT departments) and individuals".

Thursday, December 14, 2006

UK Online Banking Fraud Up 8000%

Via BBC News -

The Financial Services Authority (FSA) told peers it was "very concerned" about the growth in "phishing".

Phishing involves using fake websites to lure people into revealing their bank account numbers.

The amount stolen is still relatively small but it is set to go up by 90% for the second year running, peers heard.

Between January and June 2005, the number of recorded phishing incidents was 312, the Lords science and technology committee was told.

The figure for the same period this year was 5,059, according to banking trade body Apacs figures.

The amount of cash stolen in the first half of 2006 was £23.2m, the committee was told, and was likely to be £22.5m in the second half of the year.

'Industrialised'

The increase was put down by Apacs security chief Philip Whitaker to better detection.

But Mr Whitaker told peers the criminals behind "phishing" scams were also becoming increasingly "industrialised" in their approach.

Lord Paul said the committee had been told one bank was being targeted far more than any other.

But Apacs director of communication Sandra Quinn rejected the peer's call to name the bank concerned, saying it would breach commercial confidentiality.

She said Apacs was there to represent the banking industry not the consumer, and had no plans to make public its list of banks being targeted by fraud.

--------------------------------------------

It kinda sound like this is based on just the reported phishing sites, so take the hard figure with a gain of salt...however this doesn't mean the real number is lower, sadly it is most likely even higher than 8000%.

Phishing and spam are the "cash crop" of organized crime rings. When all other money making tricks fail, they can always depend on phishing and spam to work.

Wednesday, December 13, 2006

Microsoft Releases OS X Office 2004 Update By Mistake

Via SANS ISC -

Microsoft accidentally released an update named 11.3.1 for Office 2004 (the Apple Mac version) today.

It did contain an unspecified security fix and stability improvements. After asking what it fixed we got the reply it was actually a pre-release that was made available through auto-update.

The wasn't intended to be released and hence has been pulled. See the MSRC blog for more details.

Microsoft is also recommending to uninstall the patches, although to be honest I've no idea how to actually do that.

-Swa Frantzen -- Section 66

Holiday Decorations Can Create Major Wi-Fi Disturbances

Via Arstechnia.com -

It sounds like something the MythBusters "Build Team" could have busted or confirmed in a couple of hours. Holiday decorations... Christmas lights, garland, those big blow-up snowmen... they're all putting the hurt on WiFi?

That's the word from AirMagnet, Inc., a company that develops and sells WiFi networking analysis and troubleshooting tools. The company says that it monitored office WiFi health before and after holiday decorations were deployed, and their survey found that Old Saint Nick has some splainin' to do.

According to the survey, the addition of Christmas and holiday ornamentation (trees, decorations, etc.) to a standard office setting reduced wireless signal strength by 25 percent. Furthermore, AirMagnet claims that signal deterioration was increased by a factor of one-third, and made signal distribution more uneven, reducing strength by an additional 10 percent in different locations.

"When new elements are introduced into an enterprise environment they have the potential to seriously affect the performance of the Wi-Fi network, by deflecting, absorbing or otherwise interfering with the wireless signal," said Chia-Chee Kuan, CTO and vice president of engineering for AirMagnet. "During the holidays, it could be the decorations in an office, at other times it could just as easily be a new microwave oven or a metal shelving unit." AirMagnet's ploy in all of this is to draw attention to the company as a developer of WiFi analysis tools, and to be honest, we find it pretty humorous.

It's the metal contained in many Christmas decorations that is the culprit for these wireless shenanigans. Whether or not this spells bad news for those of you planning to erect a Festivus pole is anyone's guess, but at the very least you'll have the chance to air your grievance in ritual fashion.

UCLA Computer Security Breach Exposes 800,000 Students

Via Washington Post -

LOS ANGELES -- The University of California, Los Angeles alerted about 800,000 current and former students, faculty and staff on Tuesday that their names and certain personal information were exposed after a hacker broke into a campus computer system.

It was one of the largest such breaches involving a U.S. higher education institution.

The attacks on the database began in October 2005 and ended Nov. 21 of this year, when computer security technicians noticed suspicious database queries, according to a statement posted on a school Web site set up to answer questions about the theft.

Acting Chancellor Norman Abrams said in a letter posted on the site that while the database includes Social Security numbers, home addresses and birth dates, there was no evidence any data have been misused.

The letter suggests, however, that recipients contact credit reporting agencies and take steps to minimize the risk of potential identity theft. The database does not include driver's license numbers or credit card or banking information.

"We have a responsibility to safeguard personal information, an obligation that we take very seriously," Abrams wrote. "I deeply regret any concern or inconvenience this incident may cause you."

School representatives did not return calls for additional comment.

The breach is among the latest involving universities, financial institutions, private companies and government agencies. A stolen Veterans Affairs laptop contained information on 26.5 million veterans, and a hacker into the Nebraska child-support computer system may have gotten data on 300,000 people and 9,000 employers.

Security experts said the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university.

"To my knowledge, it's absolutely one of the largest," Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association, told the Los Angeles Times.

Petersen said that in a Educause survey released in October, about a quarter of 400 colleges said that they had experienced a security incident in which confidential information was compromised during the previous 12 months, the newspaper reported.


In 2005, a database at the University of Southern California was hacked, exposing the records of 270,000 individuals.

This spring, Ohio University announced the first of what would be identified as five cases of data theft, affecting thousands of students, alumni and employees _ including the president. About 173,000 Social Security numbers may have been stolen since March 2005, along with names, birth dates, medical records and home addresses.

Jim Davis, UCLA's chief information officer, said a computer trespasser used a program designed to exploit an undetected software flaw to bypass all security measures and gain access to the restricted database that contains information on about 800,000 current and former students, faculty and staff, as well as some student applicants and parents of students or applicants who applied for financial aid.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," Davis said in the statement.

The university's investigation so far shows only that the hacker sought and obtained some of the Social Security numbers. But out of an abundance of caution, the school said, it was contacting everyone listed in the database.

About 3,200 of those being notified are current or former staff and faculty of UC Merced and current or former employees of the University of California Office of the President, for which UCLA does administrative processing.

Teenager Ran Internet Banking Scam Worth Nearly 50K

Via Stuff.co.nz -

A 16-year-old who police sent on a computer training course to improve his behaviour has admitted using a computer in an attempt to defraud banks of nearly $45,000.

The Upper Hutt teenager faces 26 fraud charges after hacking into people's internet banking accounts in August and September.

Police say he posted a computer virus on an internet message board and used it to capture details from people's personal computers.

Westpac, ANZ and ASB were all hit. The biggest transaction involved $6323, but the banks agreed to reimburse the losses.

The scam, combined with the boy's age, has raised fresh questions about the security of internet banking. It is just six months since banking ombudsman Liz Brown said banks had been slow to introduce two-factor authentication measures to fight internet fraud.

Judge Pat Grace remanded the youth to a secure residential facility in Palmerston North when he appeared in Upper Hutt Youth Court yesterday.

"You had set up quite a sophisticated operation to obtain some $50,000 from unsuspecting users of the internet.

"With the seriousness of this offending, I must be considering a custodial sentence as far as you are concerned, and because of that I'm going to decline your application for bail."

The youth, who cannot be named, has also admitted unrelated charges of kidnapping, aggravated robbery, threatening behaviour, unlawfully taking a motor vehicle, reckless driving, failing to stop and a string of driving offences. He is understood to owe about $35,000 in fines.

The computer fraud is believed to have been committed at his parents' home while he was unemployed.

The court is awaiting a psychological and social workers' report before hearing submissions on which court he should be sentenced in.

He faces up to five years' imprisonment if sentenced in the district court.

Constable Chris Muir said the youth decoded large amounts of information from people's computers to get account numbers and passwords.

"He just keeps the things he wants. He is a very clever boy."

It was possible that others had been targeted but had not complained to police.

About $15,000 had been recovered. The outstanding money had mainly been sent to the bank accounts of several co-offenders, who were also before the courts.

"It's very concerning that someone can basically sit at home and get everything off the internet and do what they want."

The police electronic crime lab's national manager Maarten Kleintjes said internet banking fraud was becoming more sophisticated.

He would not say if it was increasing, because banks shared the information with police in confidence.

Two-factor authentication - in which customers are issued with a new security code each time they log on - was the best way to guard against internet banking fraud.

Though it was compulsory in many countries, several major New Zealand banks - Westpac, ANZ and National - were yet to introduce the technology.

"The attacks are now being taken to a new level whereby people's machines are deliberately infiltrated with very sophisticated spyware, Mr Kleintjes said.

"They basically take control of your machine. They access your bank accounts but also steal your identity."

------------------------------------

The question is...was this young kid truly at the top of the scam? I find it hard to believe, but it is possible. The article only states that he uploaded the virus, did he also create the virus? If he didn't create the virus, then we have to ask who did...and what was their take on the scam?