Via News.com -
Feast your eyes on this, car technology and high-mileage nuts. It's a Honda Accord that runs on diesel.
Honda expects to bring the clean-diesel car to the U.S. by 2010. It gets 62.8 miles a gallon on the highway, but otherwise looks and feels like a regular Accord. At that mileage level, the car is about as "clean" as a new Toyota Prius. But if you run it on biodiesel, a form of diesel made from vegetable oil or animal fat, it would be even cleaner than a Prius (Priuses get 60 in the city).
The advantage of diesel cars, however, is that they pack a lot of power.
The car was shown off with a number of other cars in Sacramento, Calif., earlier this month as a way to promote clean diesel cars and technology. In the '90s, California passed strict emission controls that restricted the amount of sulfur a car could emit. As a result, diesel manufacturers curbed sales to California and the U.S. in general.
Since then, petroleum manufacturers have devised cleaner diesels that only emit about 15 parts per million of diesel, down from hundreds of parts per million. That satisfies the California law.
Manufacturers, meanwhile, have come out with more efficient and powerful diesel engines that get 20 to 40 percent better mileage than their older cars.
"A lot of changes have taken place in the engine, all thanks to electronics," said Allen Schaeffer, executive director of the Diesel Technology Forum, which helped organize the Clean Diesel Technology Tour. (Cars from Audi and a tractor trailer rig from Caterpillar were also shown). "Half the cars in Europe are diesel."
Thus, diesels, usually thought of as smelly, are now environmentally somewhat sound.
------------------------
Sweet! Bio-diesel anyone?
Tuesday, July 31, 2007
Evading Vista Kernel Defenses with Unsigned Drivers
Via ComputerWorld.com -
July 30, 2007 (Computerworld) -- A security feature in the 64-bit version of Windows Vista can be easily circumvented with a free utility that loads unsigned drivers into the kernel, according to researchers at Symantec Corp.
Among 64-bit Vista's security provisions is one new to Microsoft Corp.'s operating systems: only digitally-signed code can be loaded into the kernel. Under those new rules, code destined for the kernel -- typically drivers -- must be accompanied by a signed certificate available from a limited number of issuing authorities. Drivers not equipped with a legitimate certificate aren't loaded.
The thinking behind the move was that it would stymie rootkits, which load driver code into the kernel as part of their cloaking tactics.
But a pair of Symantec security researchers pointed to a free utility from Australian developer LinchpinLabs as one easy end-around. LinchpinLabs' Atsiv, said Ollie Whitehouse, an architect with Symantec's advanced threats research team, uses signed drivers to load other, unsigned code, into the Vista kernel.
"[Atsiv's] command line tool loads [its own] appropriate driver, which then in turn allows loading of unsigned drivers due to the implementation of their PE loader," said Whitehouse. "A side effect of using their own load is noted by the authors in their design documentation: 'Atsiv doesn't add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.'
"This is rootkit-type behavior," said Whitehouse.
July 30, 2007 (Computerworld) -- A security feature in the 64-bit version of Windows Vista can be easily circumvented with a free utility that loads unsigned drivers into the kernel, according to researchers at Symantec Corp.
Among 64-bit Vista's security provisions is one new to Microsoft Corp.'s operating systems: only digitally-signed code can be loaded into the kernel. Under those new rules, code destined for the kernel -- typically drivers -- must be accompanied by a signed certificate available from a limited number of issuing authorities. Drivers not equipped with a legitimate certificate aren't loaded.
The thinking behind the move was that it would stymie rootkits, which load driver code into the kernel as part of their cloaking tactics.
But a pair of Symantec security researchers pointed to a free utility from Australian developer LinchpinLabs as one easy end-around. LinchpinLabs' Atsiv, said Ollie Whitehouse, an architect with Symantec's advanced threats research team, uses signed drivers to load other, unsigned code, into the Vista kernel.
"[Atsiv's] command line tool loads [its own] appropriate driver, which then in turn allows loading of unsigned drivers due to the implementation of their PE loader," said Whitehouse. "A side effect of using their own load is noted by the authors in their design documentation: 'Atsiv doesn't add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.'
"This is rootkit-type behavior," said Whitehouse.
The Pwnie Awards - Hackers Award Their Own
Via SecurityFocus -
A group of well-known researchers will meet this week at the Black Hat Security Briefings in Las Vegas to hand out seven awards recognizing the best bugs, mocking the worst vendors, and paying homage to the most lyrical bug hunter.
The Pwnie (pronounced "pony") Awards celebrate the most lethal bugs found by researchers in the past year, as well as the most hyped vulnerabilities. Like many of the hackers that find the flaws, the awards are not without a sense of humor (the Pwnies will recognize the best song written by a researcher) nor a certain vengefulness (the worst vendor will also be named).
"We have been getting a lot of submissions," David Goldsmith, president of Matasano, told SecurityFocus last week. Goldsmith and six other researchers -- including security professional Dino Dai Zovi, whose flaw won the Pwn to Own hack-a-Mac competition, and reverse engineer Halvar Flake, who may not make it to Black Hat after all -- announced the Pwnies last week and will act as the judges.
Security researchers have garnered more respect over the past decade. While major software vendors treat researchers well, others have tried to quash any reports of vulnerabilities in their products. Moreover, many researchers are irked that they are expected to give up important vulnerability information to vendors for free. The feelings have created a ready pool of freelance researcher for vulnerability bounty program, such as those created by iDefense and TippingPoint, and has given relative newcomer, auction site WabiSabiLabi, some momentum.
Nominations for the seven categories -- best server-side bug, best client-side bug, flaw used for mass exploitation, most innovative research, most overhyped bug, lamest vendor response and best song -- closed on July 28. The Pwnie Awards will be given out at Black Hat on August 2.
A group of well-known researchers will meet this week at the Black Hat Security Briefings in Las Vegas to hand out seven awards recognizing the best bugs, mocking the worst vendors, and paying homage to the most lyrical bug hunter.
The Pwnie (pronounced "pony") Awards celebrate the most lethal bugs found by researchers in the past year, as well as the most hyped vulnerabilities. Like many of the hackers that find the flaws, the awards are not without a sense of humor (the Pwnies will recognize the best song written by a researcher) nor a certain vengefulness (the worst vendor will also be named).
"We have been getting a lot of submissions," David Goldsmith, president of Matasano, told SecurityFocus last week. Goldsmith and six other researchers -- including security professional Dino Dai Zovi, whose flaw won the Pwn to Own hack-a-Mac competition, and reverse engineer Halvar Flake, who may not make it to Black Hat after all -- announced the Pwnies last week and will act as the judges.
Security researchers have garnered more respect over the past decade. While major software vendors treat researchers well, others have tried to quash any reports of vulnerabilities in their products. Moreover, many researchers are irked that they are expected to give up important vulnerability information to vendors for free. The feelings have created a ready pool of freelance researcher for vulnerability bounty program, such as those created by iDefense and TippingPoint, and has given relative newcomer, auction site WabiSabiLabi, some momentum.
Nominations for the seven categories -- best server-side bug, best client-side bug, flaw used for mass exploitation, most innovative research, most overhyped bug, lamest vendor response and best song -- closed on July 28. The Pwnie Awards will be given out at Black Hat on August 2.
VmWare v6.0.0 Remode Code Execution Exploit
:. GOODFELLAS Security Research TEAM .::.
http://goodfellas.shellcode.com.ar
vielib.dll 2.2.5.42958 VmWare Inc version 6.0.0 Remode Code Execution Exploit
http://www.milw0rm.com/exploits/4244
http://goodfellas.shellcode.com.ar
vielib.dll 2.2.5.42958 VmWare Inc version 6.0.0 Remode Code Execution Exploit
http://www.milw0rm.com/exploits/4244
The Story of DEFCON
Via Net-Security.org -
Jeff Moss aka Dark Tangent, the founder of DEFCON and Black Hat, tells the history of the largest hacker conference and how it all got started. Find out more about the early days of the hacking scene when dial-up was considered fast, how the security space changed around the conference as years went by, and discover some bizarre things that take place at the event.
http://www.youtube.com/watch?v=lg6bQMTjHCE
Jeff Moss aka Dark Tangent, the founder of DEFCON and Black Hat, tells the history of the largest hacker conference and how it all got started. Find out more about the early days of the hacking scene when dial-up was considered fast, how the security space changed around the conference as years went by, and discover some bizarre things that take place at the event.
http://www.youtube.com/watch?v=lg6bQMTjHCE
Monday, July 30, 2007
Halvar Flake Denied Entry into U.S. for Black Hat
Via ZDNet -
Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference, has been denied entry into the U.S. to attend and conduct training at this year’s confab.
Dullien, a German reverse engineering whiz known in hacker circles as “Halvar Flake,” said he was blocked from entering the U.S. after customs officials found printed “training materials” in his suitcase.
The CEO and head of research at Sabre Security said the denial appeared to be linked to his use of the visa waiver program to present Black Hat training as a private citizen instead of as a representative of a company.
After a nine-hour flight and a four-and-a-half hour interview with U.S. immigration officials, Dullien was put on the next 9-hour flight back to Germany and it seems uncertain he will get the visa situation straightened out in time for next week’s Black Hat show.
Dullien has attented and presented at Black Hat for the last seven years and, even before that, he has been part of the training sessions — teaching reverse-engineering and hacker tricks to mostly U.S.-government related folks, mostly working on US National Security in some form.
“I have trained people from the DoD, DoE, DHS and most other [government] agencies that come to mind,” Dullien explained.
He has also presented at Microsoft’s internal “Blue Hat” conference and is considered one of the most respected researchers in the world.
--------------------
Halvar Flake is set to lead a two day Blackhat training class on Analyzing Software for Security Vulnerabilities.
Fidelity National Data Theft Expands to 8.5 Million
Via ComputerWorld -
July 26, 2007 (Computerworld) -- A senior database administrator at a subsidiary of Fidelity National Information Services who was responsible for defining and enforcing data access rights at the firm took data belonging to as many as 8.5 million consumers -- not 2.3 million, as originally disclosed by the company.
The new number was disclosed yesterday in filings by Fidelity National with the U.S. Securities and Exchange Commission (SEC). The company warned of the possibility that even more data may have been compromised in the breach. Jacksonville, Fla.-based Fidelity National, which is not connected with the more widely known mutual funds company Fidelity Investments, is a transaction processing and outsourcing services provider to the financial industry.
Sunday, July 29, 2007
Tools of the Trade - Blended Wing Body
Blended Wing Body, or BWB, designates an alternative airframe design which incorporates design features from both a traditional tube and wing design into a hybrid flying wing configuration. The claimed advantages (see Potential Advantages below) of the BWB approach are efficient high-lift wings and a wide airfoil-shaped body. This enables the entire craft to contribute to lift generation with the result of potentially increased fuel economy.
The innovative Boeing Blended Wing Body (BWB) research aircraft -- designated the X-48B -- flew for the first time last week at the National Aeronautics and Space Administration's Dryden Flight Research Center at Edwards Air Force Base in CA.
The 21-foot wingspan, 500-pound unmanned test vehicle took off for the first time on July 20 and climbed to an altitude of 7,500 feet before landing 31 minutes later, according to Boeing.
------------------------------
On to the tools....
On July 28th, Paint.NET 3.10 Beta was released. Check the history page for the details.
On July 27th, Wine 0.9.42 was released. Wine is an Open Source implementation of the Windows API on top of X, OpenGL, and Unix.
On July 27th, Nessus 3.0.6.1 for Windows was released. This version fixes a security problem which exists on every version of Nessus 3.0.x for Windows with regards to the NessusGUI.exe interface which registers an ActiveX which contains a security vulnerability.
On July 25th, ClamAV/SOSDG for Windows v0.91.1-1 was released. ClamAV/SOSDG is a port of the powerful ClamAV anti-virus software package from UNIX/Linux to Windows using the Cygwin compatibility layer. It has been tweaked to the best of our abilities while still maintaing complete compatibility with the original version, allowing unmatched compatibility with other apps that can use ClamAV.
On July 25th, 7-Zip v4.51 Beta was released. Check the history page for all the details.
On July 24th, Tor 0.1.2.15 was released. Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Tor 0.1.2.15 fixes several crash bugs, fixes some anonymity-relatedproblems, fixes compilation on BSD, and fixes a variety of otherbugs.
On July 17th, Cain & Abel 4.9.5 was released. Cain & Abel is a password recovery tool for Microsoft Operating Systems. New features:
The innovative Boeing Blended Wing Body (BWB) research aircraft -- designated the X-48B -- flew for the first time last week at the National Aeronautics and Space Administration's Dryden Flight Research Center at Edwards Air Force Base in CA.
The 21-foot wingspan, 500-pound unmanned test vehicle took off for the first time on July 20 and climbed to an altitude of 7,500 feet before landing 31 minutes later, according to Boeing.
------------------------------
On to the tools....
On July 28th, Paint.NET 3.10 Beta was released. Check the history page for the details.
On July 27th, Wine 0.9.42 was released. Wine is an Open Source implementation of the Windows API on top of X, OpenGL, and Unix.
On July 27th, Nessus 3.0.6.1 for Windows was released. This version fixes a security problem which exists on every version of Nessus 3.0.x for Windows with regards to the NessusGUI.exe interface which registers an ActiveX which contains a security vulnerability.
On July 25th, ClamAV/SOSDG for Windows v0.91.1-1 was released. ClamAV/SOSDG is a port of the powerful ClamAV anti-virus software package from UNIX/Linux to Windows using the Cygwin compatibility layer. It has been tweaked to the best of our abilities while still maintaing complete compatibility with the original version, allowing unmatched compatibility with other apps that can use ClamAV.
On July 25th, 7-Zip v4.51 Beta was released. Check the history page for all the details.
On July 24th, Tor 0.1.2.15 was released. Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Tor 0.1.2.15 fixes several crash bugs, fixes some anonymity-relatedproblems, fixes compilation on BSD, and fixes a variety of otherbugs.
On July 17th, Cain & Abel 4.9.5 was released. Cain & Abel is a password recovery tool for Microsoft Operating Systems. New features:
- Added Windows Vista support for Active Wireless Scanner.
- Off-line capture file processing now compatible with 802.1Q Vlan encapsulation.
- Sniffer filter for LDAP passwords.
- Automatic Certificate Collector for LDAPS protocol.
- LDAPS Man-in-the-Middle Sniffer and password collector (TCP port 636).
Cleared Indian Doctor Leaves Australia Denying Terrorism Links
Via Bloomberg -
July 30 (Bloomberg) -- An Indian doctor, cleared of charges in connection with a car bomb plot in the U.K., has denied any terrorist links and claims he was ``victimized'' by Australian authorities.
Mohammed Haneef, 27, was reunited with his family in Bangalore last night after spending 25 days in custody in Australia. Haneef, who had been working at an Australian hospital, was arrested as he tried to board a flight from Brisbane to India on July 2 and charged on July 14 with recklessly supporting terrorist activities.
Police said had he provided a mobile phone SIM card to people allegedly involved in a failed attempt to detonate car bombs in London's West End on June 29 and an attack on Glasgow International Airport a day later.
Australian police and prosecutors cleared Haneef of the charges on July 27 and returned his passport.
July 30 (Bloomberg) -- An Indian doctor, cleared of charges in connection with a car bomb plot in the U.K., has denied any terrorist links and claims he was ``victimized'' by Australian authorities.
Mohammed Haneef, 27, was reunited with his family in Bangalore last night after spending 25 days in custody in Australia. Haneef, who had been working at an Australian hospital, was arrested as he tried to board a flight from Brisbane to India on July 2 and charged on July 14 with recklessly supporting terrorist activities.
Police said had he provided a mobile phone SIM card to people allegedly involved in a failed attempt to detonate car bombs in London's West End on June 29 and an attack on Glasgow International Airport a day later.
Australian police and prosecutors cleared Haneef of the charges on July 27 and returned his passport.
Computer for Space Station Sabotaged
Via LA Times -
A computer scheduled to be delivered to the International Space Station next month was sabotaged, possibly by a worker at a Texas subcontractor's plant, although NASA officials said Thursday that the damage would have posed no danger to the station.
Several wires were cut inside the briefcase-sized unit and two identical devices, said Edmund Memi, a spokesman for Boeing Co., the main contractor for the space station.
The news came just hours after the trade magazine Aviation Week & Space Technology reported that a NASA panel had found that drunk astronauts were allowed to fly on two occasions even though doctors warned they could pose a safety risk.
A computer scheduled to be delivered to the International Space Station next month was sabotaged, possibly by a worker at a Texas subcontractor's plant, although NASA officials said Thursday that the damage would have posed no danger to the station.
Several wires were cut inside the briefcase-sized unit and two identical devices, said Edmund Memi, a spokesman for Boeing Co., the main contractor for the space station.
The news came just hours after the trade magazine Aviation Week & Space Technology reported that a NASA panel had found that drunk astronauts were allowed to fly on two occasions even though doctors warned they could pose a safety risk.
Microsoft Hungary Subsidiary Raided
Via BetaNews (July 26th) -
Hungarian authorities have raided the offices of Microsoft Magyarorszag, the Redmond company's subsidiary in the country. Regulators believe Microsoft abused its position in the market to force computer makers sell only Office and no competing products.
"The GVH sensed that (Microsoft) likely applied a system of conditions and benefits -- rewards for loyalty -- for the most significant software distributors which gave no incentive to these distributors in selling other products competing with Microsoft Office software," the agency said on its Web site, according to Reuters. Microsoft has not commented on the news.
Hungarian authorities have raided the offices of Microsoft Magyarorszag, the Redmond company's subsidiary in the country. Regulators believe Microsoft abused its position in the market to force computer makers sell only Office and no competing products.
"The GVH sensed that (Microsoft) likely applied a system of conditions and benefits -- rewards for loyalty -- for the most significant software distributors which gave no incentive to these distributors in selling other products competing with Microsoft Office software," the agency said on its Web site, according to Reuters. Microsoft has not commented on the news.
Hacked iPhone Shares EDGE Data Over WiFi
Via Wired Blogs: Gadget Lab -
Building on the work of the iPhone Dev team and in particular the hacker Nightwatch, "Tomo.M" has compiled a SOCKS (SOCKetS) proxy server for the iPhone, called "srelay". What does that mean? It means that you can share your iPhone's EDGE connection with your computer. Beginning with the steps to add custom ringtones, you then install and run the server on the phone.
Building on the work of the iPhone Dev team and in particular the hacker Nightwatch, "Tomo.M" has compiled a SOCKS (SOCKetS) proxy server for the iPhone, called "srelay". What does that mean? It means that you can share your iPhone's EDGE connection with your computer. Beginning with the steps to add custom ringtones, you then install and run the server on the phone.
After that, you just set up an ad-hoc (direct computer-to-computer) WiFi connection between the iPhone and your computer, and you're surfing. Check the video at the end of this post to see how easy it is.
The opening up of the UNIX layer of the iPhone means that we're going to see all kinds of hacks like this. It is possible that anything that can run in the Terminal on Mac OS X can just be ported across to the iPhone.
Black Hat 2007 & Defcon 15
Well, it is Sunday and I am getting everything ready for my Tuesday morning flight...
Blackhat / Defcon is set to be pretty exciting...
Vegas baby, Vegas!
Ready or not....
Blackhat / Defcon is set to be pretty exciting...
Vegas baby, Vegas!
Ready or not....
Britian TV Licensing Officers Get New Tool
Via dailymail.co.uk -
With their peculiar and unwieldy antennae, the first TV detector vans were the stuff of science-fiction B movies.
With their peculiar and unwieldy antennae, the first TV detector vans were the stuff of science-fiction B movies.
And the myths that sprung up surrounding their supposed powers were also worthy of Hollywood.
But the latest weapon in the battle against licence-fee dodgers is a green torch-like device weighing less than 1lb – and it really does work, with frightening efficiency.
The hand-held detector linked to a set of headphones beeps if an operating TV is inside a radius of 29ft.
It means licensing officers can now target places previously inaccessible by cumbersome vans, such as homes in very remote areas and individual flats in blocks.Kate Fisher, of TV Licensing, said that the new detectors will work alongside existing vans 'to enhance an already effective enforcement operation'.
She added: 'The message is clear. We have the technology to ensure that anyone watching TV without a valid licence can and should expect a visit, wherever they live.
'The vans these days are designed to be discreet, whereas in the old days they were more obvious. There is much more focus on being covert and the hand-held device is a logical extension of that trend.
'We tend to work undercover more than in the past. Any van in the street could be a TV detector van these days. We are definitely catching evaders off their guard.'
Friday, July 27, 2007
Bypassing Robots.txt is Not Against DMCA
Via theregister.co.uk -
After losing a trademark infringement suit against a competitor, Healthcare Advocates - a patient advocacy organization based out of Philadelphia - sued the intellectual property law firm that represented the defendant in the trademark action, alleging that the firm had "hacked" the Wayback Machine in order to view blocked archives of its website.
The firm - Harding, Earley, Follmer & Frailey - used the Wayback Machine to look at past incarnations of Healthcare Advocates' site in order to gather evidence to defend against the original trademark infringement charges. Healthcare Advocates had a robots.txt file in place to prevent anyone from viewing the archived versions of its site, but the law firm was still able to bring up certain archived pages.
After losing a trademark infringement suit against a competitor, Healthcare Advocates - a patient advocacy organization based out of Philadelphia - sued the intellectual property law firm that represented the defendant in the trademark action, alleging that the firm had "hacked" the Wayback Machine in order to view blocked archives of its website.
The firm - Harding, Earley, Follmer & Frailey - used the Wayback Machine to look at past incarnations of Healthcare Advocates' site in order to gather evidence to defend against the original trademark infringement charges. Healthcare Advocates had a robots.txt file in place to prevent anyone from viewing the archived versions of its site, but the law firm was still able to bring up certain archived pages.
Healthcare Advocates argued that this constituted a circumvention of a technical measure designed to control access to a copyrighted work, which would violate the Digital Millenium Copyright Act. The company alleged that the firm used the Wayback Machine to bypass its technical measure, the robots.txt file, in order to view its copyrighted website.
The US District Court for the Eastern District of Pennsylvania wasn't buying it, however. The court last week pointed out that the law firm didn't do anything out of the ordinary in order to gain access to the archived pages that Healthcare Advocates had intended to block. Instead, the Wayback Machine simply malfunctioned and allowed the firm to view material that should have been blocked.
Wednesday, July 25, 2007
LinkedIn Internet Explorer Toolbar IEContextMenu ActiveX Control Code Execution
Jared DeMott and Justin Seitz have discovered a vulnerability in LinkedIn Internet Explorer Toolbar, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the "Search()" method, which takes in a VARIANT as the "varBrowser" argument. This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.
NOTE: Working exploit code is publicly available.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
Jared DeMott and Justin Seitz, VDA Labs
Original Advisory:
http://www.vdalabs.com/tools/linkedin.html
---------------------------------
Now that is Professional Pwnage (pun intended).
The vulnerability is caused due to an error within the IEToolbar.IEContextMenu.1 (LinkedInIEToolbar.dll) when handling the "Search()" method, which takes in a VARIANT as the "varBrowser" argument. This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
The vulnerability is confirmed in version 3.0.2.1098. Other versions may also be affected.
NOTE: Working exploit code is publicly available.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
Jared DeMott and Justin Seitz, VDA Labs
Original Advisory:
http://www.vdalabs.com/tools/linkedin.html
---------------------------------
Now that is Professional Pwnage (pun intended).
Could Fuzzing Bring Down the iPhone?
Recently Independent Security Evaluators (ISE) released information on a MoblieSafari flaw that could be used to attack iPhone users. While several of the applications on the iPhone are based on the open source WebKit project, the flaw discovered by ISEE was found by fuzzing the MoblieSafari browser application (PDF). More information on this exact flaw will be released at Blackhat next week. I am looking forward to seeing this talk.
In addition, the crew over at Errata Security are fuzzing the Bluetooth stack of the iPhone and have found several points of interest....no details have been released however.
Security Researcher Tom Ferris paid someone to stand in line for him in order to get an early crack at the iPhone. He planned on fuzzing the Wifi network drivers and looking deeper into the Scalable Vector Graphics (SVG) support of Safari on the iPhone (fuzzing the browser?). He believes that SVG bugs discovered in OS X might be applicable against the iPhone.
After the whole Safari Beta on Windows debacle, it seemed clear to everyone that Apple didn't fuzz the Safari browser (or at least not to the level that most expected). Due to the very short time period between the release of Safari Beta and the iPhone, it doesn't seem unreasonable to say that Apple might have went little on the iPhone fuzzing as well.
Everyone is digging into the iPhone and little pieces of hacker gold are being found. So my feeling is that the iPhone will fall under the gun.
And that gun will be a fuzzer.
In addition, the crew over at Errata Security are fuzzing the Bluetooth stack of the iPhone and have found several points of interest....no details have been released however.
Security Researcher Tom Ferris paid someone to stand in line for him in order to get an early crack at the iPhone. He planned on fuzzing the Wifi network drivers and looking deeper into the Scalable Vector Graphics (SVG) support of Safari on the iPhone (fuzzing the browser?). He believes that SVG bugs discovered in OS X might be applicable against the iPhone.
After the whole Safari Beta on Windows debacle, it seemed clear to everyone that Apple didn't fuzz the Safari browser (or at least not to the level that most expected). Due to the very short time period between the release of Safari Beta and the iPhone, it doesn't seem unreasonable to say that Apple might have went little on the iPhone fuzzing as well.
Everyone is digging into the iPhone and little pieces of hacker gold are being found. So my feeling is that the iPhone will fall under the gun.
And that gun will be a fuzzer.
Tuesday, July 24, 2007
Gang Kidnaps Gamer to Get Password Using Fake Orkut Date
Via Gizmodo.com -
An armed gang of four kidnapped one of the world's top RPG gamers after one criminal's girlfriend lured him into a fake date using Orkut, Google's social network. After sequestering him in Sao Paulo, they held a gun against the victim's head for five hours to get his password, which they wanted to sell for $8,000. And yes, the story gets even better.
I heard about this story last week but didn't think it was true. I didn't understand why they didn't just take his wallet or his car....or whatever.
An armed gang of four kidnapped one of the world's top RPG gamers after one criminal's girlfriend lured him into a fake date using Orkut, Google's social network. After sequestering him in Sao Paulo, they held a gun against the victim's head for five hours to get his password, which they wanted to sell for $8,000. And yes, the story gets even better.
Surprisingly enough, after five hours the hostage wasn't talking. The group leader had a gun against his head all that time but the guy didn't say a word. At that point, the crooks gave up and decided to let him go. The brazilian police then caught the four suspects, aged 19 to 27.
According to the police, the captive is the world leader in GunBound, a turn-based RPG-style multiplayer online game. Developed in South Korea, in this artillery game you get more experience points, offensive and defensive capabilities depending on your skills during battle, as well as money to buy more weapons, armor and all kinds of gear for your multiple avatars. You can only play with one of your avatars each time, but all of them belong to a single account.
The game looks to be quite popular, so the four gangsters decided they could make some quick cash if they kidnapped him to steal his user. Their plan: use one of the criminal's girlfriends, called Tamires, to get him into a date using Google's online social network Orkut, which is also extremely popular in Brazil. After contacting and seducing him, she told the GunBound wizard to meet her in a shopping mall.
But she never appeared. Instead, Igor the boyfriend did. Gun in hand, he abducted and held the player prisoner, planning to rely the password to his mates using a cellphone. Against all odds, our hero (or very stupid guy) resisted. Probably using some Stamina +357 spell. Or a Big Cojones +577 mana potion.
Whatever he did to resist the torture for a stupid game password, boys and girls, there's a moral to this story: if you live in Brazil, keep playing Tetris. [Folha Online (portuguese) - Thanks Diego]
------------------------------I heard about this story last week but didn't think it was true. I didn't understand why they didn't just take his wallet or his car....or whatever.
Air Traffic Operators Fault Maintenance
Via guardian.co.uk -
WASHINGTON (AP) - Air traffic controllers say poor maintenance of their aging work places has hampered and harmed them and could endanger the flying public.
The Federal Aviation Administration, which employees the controllers, has not given priority to maintaining and preserving aging air traffic control facilities, argued Patrick Forrey, president of the controllers' union.
``The resulting environmental conditions have jeopardized the safety of workers as well as the effectiveness of the equipment they use - both of which can negatively impact the safety of the air traffic system,'' Forrey said in testimony prepared for a hearing Tuesday by the House aviation subcommittee .
``We recognize that we have a backlog of maintenance and repair,'' said Bruce Johnson, FAA's vice president of terminal services. ``And we are taking steps to reduce that backlog ... We are making headway.''
In prepared testimony, Johnson said that repairs and maintenance affecting safety ``as always are our first priority.'' He added that high priority needs like a leaking roof or an air conditioner outage during summer are addressed immediately, while lower priority needs like new paint and carpet are planned through the agency's annual budget process.
Water leaks, obscured sight lines, toxic fumes, mold, asbestos, pest infestations and poor heating and cooling were reported in a survey by the National Air Traffic Controllers Association of its field representatives at the nation's 314 airport towers and traffic and radar control centers. Responses were obtained from 220 sites.
Forrey said:
-Seventy-five reported water leaks including six with frequent leaks directly over controllers or equipment. At the Atlanta Center ``controllers have had to hold an umbrella over the radar scope in order to see the planes and hope they do not get electrocuted while working.''
-More than 100 facilities reported extreme temperature variations because of poor heating or cooling. Because of recurrent condensation on the San Juan tower windows ``controllers are sometimes 'blind,' without the ability to scan the runways or taxiways.''
-Operations have been interrupted and some controllers taken ill because noxious fumes entered their work place, including poisonous carbon monoxide at the New York Terminal Radar Approach Control in April and welding fumes at the Dulles airport tower outside Washington, D.C., in May.
Of the 220 facilities reporting, 62 rated their conditions poor. Another 18 called theirs ``outright dangerous'' and said they ``were concerned with their personal well being as well as the facility's ability to handle the daily aircraft operations.''
WASHINGTON (AP) - Air traffic controllers say poor maintenance of their aging work places has hampered and harmed them and could endanger the flying public.
The Federal Aviation Administration, which employees the controllers, has not given priority to maintaining and preserving aging air traffic control facilities, argued Patrick Forrey, president of the controllers' union.
``The resulting environmental conditions have jeopardized the safety of workers as well as the effectiveness of the equipment they use - both of which can negatively impact the safety of the air traffic system,'' Forrey said in testimony prepared for a hearing Tuesday by the House aviation subcommittee .
``We recognize that we have a backlog of maintenance and repair,'' said Bruce Johnson, FAA's vice president of terminal services. ``And we are taking steps to reduce that backlog ... We are making headway.''
In prepared testimony, Johnson said that repairs and maintenance affecting safety ``as always are our first priority.'' He added that high priority needs like a leaking roof or an air conditioner outage during summer are addressed immediately, while lower priority needs like new paint and carpet are planned through the agency's annual budget process.
Water leaks, obscured sight lines, toxic fumes, mold, asbestos, pest infestations and poor heating and cooling were reported in a survey by the National Air Traffic Controllers Association of its field representatives at the nation's 314 airport towers and traffic and radar control centers. Responses were obtained from 220 sites.
Forrey said:
-Seventy-five reported water leaks including six with frequent leaks directly over controllers or equipment. At the Atlanta Center ``controllers have had to hold an umbrella over the radar scope in order to see the planes and hope they do not get electrocuted while working.''
-More than 100 facilities reported extreme temperature variations because of poor heating or cooling. Because of recurrent condensation on the San Juan tower windows ``controllers are sometimes 'blind,' without the ability to scan the runways or taxiways.''
-Operations have been interrupted and some controllers taken ill because noxious fumes entered their work place, including poisonous carbon monoxide at the New York Terminal Radar Approach Control in April and welding fumes at the Dulles airport tower outside Washington, D.C., in May.
Of the 220 facilities reporting, 62 rated their conditions poor. Another 18 called theirs ``outright dangerous'' and said they ``were concerned with their personal well being as well as the facility's ability to handle the daily aircraft operations.''
Monday, July 23, 2007
U.S. Military Options Draw a Chorus of Protests in Pakistan
Via NYTimes -
ISLAMABAD, Pakistan, July 23 — American assertions that military action remained an option to quell militants in Pakistan’s frontier regions drew mounting protests from the government and its critics here on Monday, as clashes continued in the tribal areas where the United States says Al Qaeda has been allowed to set up a safe haven.
The Pakistani military said Monday that its forces in North Waziristan had killed 35 militants in battles since the day before, though reporters and residents in the tribal town of Miramshah expressed doubts about the military’s claim. The military spokesman, Maj. Gen. Waheed Arshad, said two soldiers had been killed and 12 wounded in fighting since Sunday night.
Fresh fighting erupted a little over a week ago in the tribal areas, when the Taliban renounced a truce in the aftermath of a government raid on a radical pro-Taliban mosque here in the capital. The government of the Pakistani president, Gen. Pervez Musharraf, has tried to stitch up the truce. The militants demand that troops pull out of posts in the tribal areas.
The Bush administration has recently stepped up its criticism of the peace deal with the militants, using it to press General Musharraf, its longtime ally, into taking more forceful action against what it calls sanctuaries of Qaeda fighters and their helpers.
The administration’s homeland security adviser, Frances Fragos Townsend, said Sunday in an interview with Fox Television that the United States would consider military strikes against Qaeda hide-outs in Pakistan.
The statement was promptly countered by the Pakistan Foreign Ministry spokeswoman, Tasnim Aslam, on Monday. “We do not want our efforts to be undermined by any ill-conceived action,” Ms. Aslam said, adding that any military strikes would be deeply resented in the tribal areas and the rest of the country.
She said Pakistan was not aware of Osama bin Laden’s whereabouts.
ISLAMABAD, Pakistan, July 23 — American assertions that military action remained an option to quell militants in Pakistan’s frontier regions drew mounting protests from the government and its critics here on Monday, as clashes continued in the tribal areas where the United States says Al Qaeda has been allowed to set up a safe haven.
The Pakistani military said Monday that its forces in North Waziristan had killed 35 militants in battles since the day before, though reporters and residents in the tribal town of Miramshah expressed doubts about the military’s claim. The military spokesman, Maj. Gen. Waheed Arshad, said two soldiers had been killed and 12 wounded in fighting since Sunday night.
Fresh fighting erupted a little over a week ago in the tribal areas, when the Taliban renounced a truce in the aftermath of a government raid on a radical pro-Taliban mosque here in the capital. The government of the Pakistani president, Gen. Pervez Musharraf, has tried to stitch up the truce. The militants demand that troops pull out of posts in the tribal areas.
The Bush administration has recently stepped up its criticism of the peace deal with the militants, using it to press General Musharraf, its longtime ally, into taking more forceful action against what it calls sanctuaries of Qaeda fighters and their helpers.
The administration’s homeland security adviser, Frances Fragos Townsend, said Sunday in an interview with Fox Television that the United States would consider military strikes against Qaeda hide-outs in Pakistan.
The statement was promptly countered by the Pakistan Foreign Ministry spokeswoman, Tasnim Aslam, on Monday. “We do not want our efforts to be undermined by any ill-conceived action,” Ms. Aslam said, adding that any military strikes would be deeply resented in the tribal areas and the rest of the country.
She said Pakistan was not aware of Osama bin Laden’s whereabouts.
Moroccan Imam Arrested in Italy Over Chemicals
Via africa.reuters.com -
ROME, July 22 (Reuters) - A Moroccan imam arrested in Italy and suspected of running a "terrorism school" in his mosque had a variety of toxic chemicals at his home which could have been used to make explosives, police said on Sunday.
The imam was arrested in a dawn swoop on Saturday along with two assistants who worked in the mosque at Ponte Felcino, near the central Italian city of Perugia. Police seized films and Internet files they said were used for combat training.
At the house of the imam, identified as Korchi El Mustapha, police said they found "dozens of bottles" inside three barrels containing a variety of chemicals "with which, when combined and mixed with other easily available products, it would be possible to make improvised explosives."
...
Police, who searched 23 addresses in the area, said the mosque was being used to recruit and train international terrorists.
The imam of Perugia, Abdel Qader, told the Rome daily Il Messaggero that he condemned anyone who preached violence and that the 10,000 Muslims living peacefully in the city were "a concrete example of successful cohabitation".
Qader said he had met the arrested imam and had no reason to suspect him of militancy, but did not know him well. "Perhaps sometimes he polemicised about international affairs, but you know how words can fly," he said.
The head of Perugia's Muslim community said he hoped there would not be a backlash against the faith, though this has already started in some quarters.
80 Vehicles Damaged by Homemade Bomb in Greece
Via thepeninsulaqatar.com -
ATHENS - A homemade bomb exploded in the parking lot of a bank outside the Greek capital, damaging some 80 vehicles, a police source said yesterday.
The attack occurred shortly before midnight (2030 GMT) on Saturday in the parking lot of Piraeus Bank in Markopoulo east of Athens.
It led to a fire that authorities quickly brought under control, firefighters said. The bomb included three gas containers, police said.
Cars parked in the garage were those seized from customers indebted to the bank and were to be sold at auction.
Police were looking into whether the attack involved a revenge plot.
ATHENS - A homemade bomb exploded in the parking lot of a bank outside the Greek capital, damaging some 80 vehicles, a police source said yesterday.
The attack occurred shortly before midnight (2030 GMT) on Saturday in the parking lot of Piraeus Bank in Markopoulo east of Athens.
It led to a fire that authorities quickly brought under control, firefighters said. The bomb included three gas containers, police said.
Cars parked in the garage were those seized from customers indebted to the bank and were to be sold at auction.
Police were looking into whether the attack involved a revenge plot.
Pirates Demand $1.7m Ransom for Danish Freighter
Via News.com.au -
Pirates have demanded a $US1.5 million ($1.71 million) ransom for the release of a Danish freighter and its crew held off the coast of Somalia, officials said today.
Pirates have demanded a $US1.5 million ($1.71 million) ransom for the release of a Danish freighter and its crew held off the coast of Somalia, officials said today.
The Danica White, with five crew members, was hijacked on June 2, about 240 nautical miles off the Somali coast while heading to Kenya's Mombasa port.
"We were informed yesterday that the pirates are demanding $US1.5 million in order to release the vessel," said Kenyan official Andrew Mwangura.
Three other vessels – one from Taiwan and two from South Korea – are also currently held by pirates off the coast of war-torn Somalia and a Panama-flagged cargo vessel was recently reported to have gone missing in Somali waters.
The International Maritime Bureau said this year had seen at least seven pirate attacks off Somalia's 3700km of unpatrolled coastline.
Pirate attacks have increased since late 2006, when ruling Islamists were ousted by Ethiopian and Somali troops.
Lying in a strategic position at the mouth of the Red Sea, Somalia has been without an effective government since dictator Mohamed Siad Barre was ousted in 1991.
XProbe3 - Feature Request
Fyodor posted the following message on one of the security mailing list recently.
---------------------------------
Its been a while since last xprobe2 version was released and meanwhile we are working on a new version of the tool.
The new version of the tool would include:
thanks
-xprobe development team
--
http://o0o.nu
---------------------------------
Its been a while since last xprobe2 version was released and meanwhile we are working on a new version of the tool.
The new version of the tool would include:
- new reworked parallelized scanning engine
- scripting engine (with API)
- different output file formats support
- Updated signatures
- Improved Signature generator and much more.
- New protocols support (IPv6, Sigtrans, sctp and SIP-based fingerprints are in the queue)
thanks
-xprobe development team
--
http://o0o.nu
MS Windows Explorer.exe Gif Image DoS Exploit
# Bug Found By ::DeltahackingTEAM
##
# Coded By Reza.Yavari (Dr.Pantagon)
##
#Web Site::Www.Deltahacking.net And Www.DeltaSecurity.ir And Www.PersianWhois.com
##
#Free Upload :: Www.Persianupload.com And Www.Persianupload.net
##
#Email: Dr.Pantagon [A]Deltasecurity.ir
##
# We Are::Dr.Trojan,Hiv++,D_7j,Dr.Pantagon,Impostor,Lord,Vpc,And....All Mem
http://www.milw0rm.com/exploits/4215
-------------------------
DeltaHacking Team is a group from Iran that is also known for their web defacements.
##
# Coded By Reza.Yavari (Dr.Pantagon)
##
#Web Site::Www.Deltahacking.net And Www.DeltaSecurity.ir And Www.PersianWhois.com
##
#Free Upload :: Www.Persianupload.com And Www.Persianupload.net
##
#Email: Dr.Pantagon [A]Deltasecurity.ir
##
# We Are::Dr.Trojan,Hiv++,D_7j,Dr.Pantagon,Impostor,Lord,Vpc,And....All Mem
http://www.milw0rm.com/exploits/4215
-------------------------
DeltaHacking Team is a group from Iran that is also known for their web defacements.
Possible Criminal Case Against Lugovoi in Russia
Via rian.ru (Russia) -
MOSCOW, July 23 (RIA Novosti) - Russian prosecutors proposed Monday that the U.K. request Russia launch criminal proceedings against businessman Andrei Lugovoi, the key suspect in the murder of former Russian security service officer Alexander Litvinenko.
"We propose sending to the Prosecutor General's Office a request to launch criminal proceedings with all the available documentation attached," Deputy Russian Prosecutor General Alexander Zvyagintsev told journalists.
He said Russian prosecutors are ready to help Britain in the case, and that Russia cooperates with foreign states in criminal prosecutions of people accused of committing crimes outside the country.
Zvyagintsev also called Britain's response to Moscow's refusal to extradite Lugovoi "ungrounded and politically motivated."
Russia expelled four British diplomats last Thursday, imposed visa restrictions, and suspended cooperation with the U.K. in fighting terrorism, following similar measures by London, amid the bitter row over Moscow's refusal to extradite Lugovoi, charged with poisoning Litvinenko in London last November.
Lugovoi, a former Kremlin bodyguard, denies the charges, and Russia says its Constitution does not permit the extradition of its nationals.
"Britain is demanding that Russia change its Constitution for the extradition of a single individual," Zvyagintsev said, adding that there has been no such precedent yet, and that no country has yet changed its constitution to resolve such an issue.
"The calls to circumvent the requirements of the Constitution are all the more inadequate. The British side cares little about the supremacy of law," the deputy prosecutor general said.
Zvyagintsev said Russia's law enforcement authorities would authorize the arrest of any person found to have committed the crime.
A deputy head of the Prosecutor General's office's department for high-priority cases, Andrei Mayorov, on Monday called into question London's objectivity in its investigation.
Father of Afghanistan Dies
Via RRT News -
The last King of Afghanistan, Mohammad Zahir Shah, has died in Kabul, the President Hamid Karzai said Monday. He was 92.
Zahir Shah was ousted in 1973 in a palace coup after a 40-year reign. He lived in exile in Italy since then and returned to Afghanistan following the fall of the Taliban regime in 2001.
A new constitution passed in January 2004 named Zahir Shah as the ceremonial "Father of the Nation," a position that will dissolve with his death.
The last King of Afghanistan, Mohammad Zahir Shah, has died in Kabul, the President Hamid Karzai said Monday. He was 92.
Zahir Shah was ousted in 1973 in a palace coup after a 40-year reign. He lived in exile in Italy since then and returned to Afghanistan following the fall of the Taliban regime in 2001.
A new constitution passed in January 2004 named Zahir Shah as the ceremonial "Father of the Nation," a position that will dissolve with his death.
ISE - iPhone Safari Pwnage
Via TimesOnline.uk -
In what appears to be the first successful hack of Apple's iPhone, a group of security experts have shown how to take control of the device remotely using its internet connection.
In what appears to be the first successful hack of Apple's iPhone, a group of security experts have shown how to take control of the device remotely using its internet connection.
The researchers at Independent Security Evaluators (ISE) demonstrated that by tricking the phone into accessing a particular website, or by using a rogue wi-fi connection, hackers could force the phone to forward on personal information, such as text messages and contact numbers.
By installing a piece of malicious code in the iPhone via its Safari internet browser, a hacker could take "complete control" of the device, Charles Miller, principal security analyst at ISE, said.
The firm said that it had spoken with Apple about the vulnerability, and suggested that a software patch could fix the problem.
An Apple spokeswoman told The New York Times: "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.
"We’re looking into the report submitted by ISE and always welcome feedback on how to improve our security," she said.
On a website detailing the hack, www.exploitingiphone.com, Dr Miller said that the most likely scenarios in which iPhone owners would fall victim were if they opened a link in an e-mail or text message, or if they connected to the internet via a rogue wi-fi access point controlled by hackers.
A piece of malicious code would initially read the phone's text messages, address book, call history and voicemail data and then forward this on to the attacker, "but this code could be replaced with code that does anything that the iPhone can do", he said.
"It could send the user's mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker."
The King of Kong: A Fistful of Quarters
Via cinematical.com (Scott Weinberg's SXSW Review)
I'm utterly amazed at how a few astute filmmakers can take a story so slight, so silly and so trivial ... and turn it into a 90-minute documentary that's as fascinating as something that Ken Burns put together. Yes, The King of Kong is a documentary about bragging rights among video game geeks -- a topic so nerdy I hesitate to even mention how fascinated I was by the flick's subject matter -- but it's also as compelling, colorful and entertaining as any of the "human interest" documentaries of the past five years. If you liked Spellbound, Word Wars and Wordplay (or any other enthusiast-friendly documentary), you're going to have a ball with The King of Kong, and if you're about my age (let's say mid-30s) and you remember the earliest days of video gaming with much enthusiasm, I'd bet you a thousand quarters that you'll get a huge kick out of the flick.
--------------------------
YouTube Trailer - http://www.youtube.com/watch?v=Y6FTAbs0qeI
Not everyone in the gaming world is happy with the movie however.....
I'm utterly amazed at how a few astute filmmakers can take a story so slight, so silly and so trivial ... and turn it into a 90-minute documentary that's as fascinating as something that Ken Burns put together. Yes, The King of Kong is a documentary about bragging rights among video game geeks -- a topic so nerdy I hesitate to even mention how fascinated I was by the flick's subject matter -- but it's also as compelling, colorful and entertaining as any of the "human interest" documentaries of the past five years. If you liked Spellbound, Word Wars and Wordplay (or any other enthusiast-friendly documentary), you're going to have a ball with The King of Kong, and if you're about my age (let's say mid-30s) and you remember the earliest days of video gaming with much enthusiasm, I'd bet you a thousand quarters that you'll get a huge kick out of the flick.
--------------------------
YouTube Trailer - http://www.youtube.com/watch?v=Y6FTAbs0qeI
Not everyone in the gaming world is happy with the movie however.....
Sunday, July 22, 2007
Mars Rovers Switch into Hibernation Mode
Via News.com.au -
As a result, NASA has ordered rovers Spirit and Opportunity nearly into hibernation, cutting communication with Earth to save vital energy for heaters that keep their delicate innards from freezing.
"We're rooting for our rovers to survive these storms, but they were never designed for conditions this intense,'' said NASA associate administrator Alan Stern.
By Tuesday, NASA stopped any driving and all Opportunity's science observations, but the rover was still using more energy than its solar panels could generate, and drew down its battery.
"The only thing left to cut were some of the communication sessions,'' said John Callas, project manager for the twin rovers at the Jet Propulsion Laboratory, Pasadena, California.
That was the first time either rover had been told to skip communications for a day or more to save energy.
"We are taking more aggressive action with both rovers than we needed before,'' Mr Callas said.
As a result, NASA has ordered rovers Spirit and Opportunity nearly into hibernation, cutting communication with Earth to save vital energy for heaters that keep their delicate innards from freezing.
"We're rooting for our rovers to survive these storms, but they were never designed for conditions this intense,'' said NASA associate administrator Alan Stern.
By Tuesday, NASA stopped any driving and all Opportunity's science observations, but the rover was still using more energy than its solar panels could generate, and drew down its battery.
"The only thing left to cut were some of the communication sessions,'' said John Callas, project manager for the twin rovers at the Jet Propulsion Laboratory, Pasadena, California.
That was the first time either rover had been told to skip communications for a day or more to save energy.
"We are taking more aggressive action with both rovers than we needed before,'' Mr Callas said.
Local File Enumeration via Browser - Res:// Protocol
Via RSnake's Blog -
Billy Rios has a nice writeup on how you can enumerate files using the Internet Explorer res:// protocol. To see the demo, click here using Internet Explorer. I’ve been toying with this for a while, and used it to detect if you were using IE7.0 by looking at the included images that the anti-phishing image uses. But this is a new take on the same old idea.
This could be used to fingerprint a drive, enumerate users on a Windows platform, or detect which exploits to perform against a target. I’ve said a few times that the res:// protocol should be depreciated in the web context (cannot be called from the web) and I think there may be some movement in that direction in the future, but it probably won’t happen for a while. I’d love to see a hotfix to get rid of this one though, it just doesn’t need to be called from the web. In fact the only thing place I have seen res:// called from the web is in virus kits that attempt to fool people into thinking the page doesn’t exist by copying the IE file not found page, which includes links to res:// images. Time to kill that feature.
---------------------------------
I tested it in both IE7 and Firefox 2.0.05 and it identified more programs when I used Firefox. Just look at the source of Billy's page if you are interested in how the detection works.
Billy Rios has a nice writeup on how you can enumerate files using the Internet Explorer res:// protocol. To see the demo, click here using Internet Explorer. I’ve been toying with this for a while, and used it to detect if you were using IE7.0 by looking at the included images that the anti-phishing image uses. But this is a new take on the same old idea.
This could be used to fingerprint a drive, enumerate users on a Windows platform, or detect which exploits to perform against a target. I’ve said a few times that the res:// protocol should be depreciated in the web context (cannot be called from the web) and I think there may be some movement in that direction in the future, but it probably won’t happen for a while. I’d love to see a hotfix to get rid of this one though, it just doesn’t need to be called from the web. In fact the only thing place I have seen res:// called from the web is in virus kits that attempt to fool people into thinking the page doesn’t exist by copying the IE file not found page, which includes links to res:// images. Time to kill that feature.
---------------------------------
I tested it in both IE7 and Firefox 2.0.05 and it identified more programs when I used Firefox. Just look at the source of Billy's page if you are interested in how the detection works.
Saturday, July 21, 2007
India Elects First Woman President
Via aljazeera.net -
India has elected the country's first woman president after one of the bitterest political campaigns in the nation's history.
Pratibha Patil, the 72-year-old candidate of the governing Congress Party and its political allies, is the first woman to hold the office in the nation's six decades of independence.
India's president is not elected by popular poll but chosen by national and state legislators.
Patil defeated Bhairon Singh Shekhawa, India's vice-president and candidate of the opposition Bharatiya Janata Party.
Patil received nearly two-thirds of the vote, the election commission said after votes were counted on Saturday.
Hundreds of delighted Congress supporters danced in the streets, banging drums and setting off firecrackers outside her home in New Delhi and in her hometown in the state of Maharashtra.
The president's office is largely seen as a ceremonial one.
Under the constitution, the prime minister holds the executive reins but the president plays a role in forming governments at state and federal levels, making the post hotly contested.
Elected for a term of five years, the Indian president is the supreme commander of the armed forces. The chiefs of the army, navy and air force report to the president.
The president can also grant pardons or reduce sentences, particularly in cases involving the death penalty.
India has elected the country's first woman president after one of the bitterest political campaigns in the nation's history.
Pratibha Patil, the 72-year-old candidate of the governing Congress Party and its political allies, is the first woman to hold the office in the nation's six decades of independence.
India's president is not elected by popular poll but chosen by national and state legislators.
Patil defeated Bhairon Singh Shekhawa, India's vice-president and candidate of the opposition Bharatiya Janata Party.
Patil received nearly two-thirds of the vote, the election commission said after votes were counted on Saturday.
Hundreds of delighted Congress supporters danced in the streets, banging drums and setting off firecrackers outside her home in New Delhi and in her hometown in the state of Maharashtra.
The president's office is largely seen as a ceremonial one.
Under the constitution, the prime minister holds the executive reins but the president plays a role in forming governments at state and federal levels, making the post hotly contested.
Elected for a term of five years, the Indian president is the supreme commander of the armed forces. The chiefs of the army, navy and air force report to the president.
The president can also grant pardons or reduce sentences, particularly in cases involving the death penalty.
Iran Cleric says TV "Confessions" Prove U.S. Plot
Via asharq-e.com -
TEHRAN (Reuters) - A senior Iranian cleric said on Friday televised "confessions" of two detained American-Iranians proved a U.S.-backed plot to carry out a "velvet revolution" using intellectuals to topple Iran's clerical establishment.
Haleh Esfandiari, an academic at the U.S.-based Woodrow Wilson International Centre for Scholars, and Kian Tajbakhsh, a consultant with George Soros' Open Society Institute, have been detained separately since May for endangering Iran's security.
Iran's state television aired a program called "In the Name of Democracy" featuring interviews with Esfandiari and Tajbakhsh on Wednesday and Thursday. Washington has called the program illegitimate and coerced.
But Ahmad Khatami, a member of the Experts Assembly with the power to appoint or dismiss Iran's supreme leader, disagreed.
"Confessions of the executors of America's policies proved that America wanted to bring about a velvet revolution in Iran," Khatami told worshippers at Tehran University. His remarks were broadcast live on state radio.
Esfandiari, detained when visiting Iran from the United states, said on Thursday she had helped create a network "to lead to very fundamental changes in Iran's system."
The U.S.-based Soros Foundation's Open Society Institute said it was "deeply concerned over Iran's use of deliberately contrived television footage" of the pair.
A U.S. State Department spokesman told reporters in Washington: "This should be an embarrassment to the Iranian regime. Is it really possible to imagine that a government is so fragile and so under siege that individuals coming to visit elderly family members threaten its existence?"
North Korea Expects Light Water Reactors
Via itar-tass.com (Russia) -
TOKYO, July 21 (Itar-Tass) -- Light water reactors must be provided for North Korea if the nuclear facilities in the Yongbyon scientific centre are shut down, the North Korean chief negotiator for the talks on the nuclear problem said at Beijing airport on Saturday.
TOKYO, July 21 (Itar-Tass) -- Light water reactors must be provided for North Korea if the nuclear facilities in the Yongbyon scientific centre are shut down, the North Korean chief negotiator for the talks on the nuclear problem said at Beijing airport on Saturday.
Artist Envisions Modern Day 'Mastaba' in UAE
Via Middle East Online -
SAINT-PAUL - In a break with their usual temporary installations, the artist Christo and his wife Jeanne-Claude on Saturday unveiled a plan to build a giant pyramid of oil barrels in the desert of the United Arab Emirates.
"The Emirates is very keen to see this project realized," Christo said at a presentation of models and drawings for the 150-metre (500-foot) monument, roughly two thirds of the height of the Eiffel Tower.
The idea for the pyramid, with a flat summit, made up of 390,500 oil barrels piled up horizontally, dates back to the 1960s, the artists said. Two earlier attempts to erect it in Texas and the Netherlands came to nothing before the couple decided to turn to the UAE.
But then the Iran-Iraq war put the project on hold. It was only revived two and a half years ago.
The so-called Mastaba project takes its name and shape from the rectangular funerary constructions of Ancient Egypt. The exact location for the pyramid, which will be entirely in yellow-orange shades, has yet to be finalised but it will definitely be somewhere in the desert in the UAE, they said.
The project is a far cry from the ephemeral artworks for which the couple are best known, like wrapping the Berlin Reichstag and the Pont-Neuf in Paris: "According to engineers, the Mastaba could last for 5,000 years."
A change of philosophy? Christo's more pragmatic response is that "Arab states are less susceptible to provisional works and change."
----------------------------------------------------
Mastaba comes from the Arabic for bench, because when seen from a distance it looks like a mud bench. Mastabas are considered the forerunners of Pyramids and were the standard tomb type in early Egypt.
SAINT-PAUL - In a break with their usual temporary installations, the artist Christo and his wife Jeanne-Claude on Saturday unveiled a plan to build a giant pyramid of oil barrels in the desert of the United Arab Emirates.
"The Emirates is very keen to see this project realized," Christo said at a presentation of models and drawings for the 150-metre (500-foot) monument, roughly two thirds of the height of the Eiffel Tower.
The idea for the pyramid, with a flat summit, made up of 390,500 oil barrels piled up horizontally, dates back to the 1960s, the artists said. Two earlier attempts to erect it in Texas and the Netherlands came to nothing before the couple decided to turn to the UAE.
But then the Iran-Iraq war put the project on hold. It was only revived two and a half years ago.
The so-called Mastaba project takes its name and shape from the rectangular funerary constructions of Ancient Egypt. The exact location for the pyramid, which will be entirely in yellow-orange shades, has yet to be finalised but it will definitely be somewhere in the desert in the UAE, they said.
The project is a far cry from the ephemeral artworks for which the couple are best known, like wrapping the Berlin Reichstag and the Pont-Neuf in Paris: "According to engineers, the Mastaba could last for 5,000 years."
A change of philosophy? Christo's more pragmatic response is that "Arab states are less susceptible to provisional works and change."
----------------------------------------------------
Mastaba comes from the Arabic for bench, because when seen from a distance it looks like a mud bench. Mastabas are considered the forerunners of Pyramids and were the standard tomb type in early Egypt.
Morocco: Human Rights & Democracy Key to Fighting Terrorism
Via alertnet.org (Reuters) -
RABAT, July 19 (Reuters) - Morocco is committed to respecting human rights and democracy as it steps up security measures against al Qaeda-linked radical Islamists, a government minister said.
Early this month, the government raised its alert level to the highest "maximum" rating, mobilising security forces in readiness for a suspected imminent attack.
Rights activists voiced concern respect for human rights and tolerance of political opponents might be eroded by the increased security measures.
"The best long-term defence against terrorism is for Morocco to sustain democracy and strengthen respect for human rights," Mohamed El Yazghi, infrastructure, water and environment minister, told Reuters in an interview on Wednesday.
Yazghi is also the leader of the Socialist Union of Popular Forces (USFP) which controls key positions in the coalition government like justice and economy.
"Morocco is well-armed to fight terrorism," Yazghi said, citing plans to upgrade security forces and anti-terror law.
Rights groups have praised the government for its human rights record in the past eight years, in contrast to the "years of lead" in the 1960s-1990s era when hundreds of dissidents disappeared and thousands were jailed after unfair trials.
Morocco and its neighbours in the Maghreb region have been on alert since al Qaeda's affiliate in North Africa, the Algeria-based Al Qaeda Organisation in the Islamic Maghreb, threatened to escalate its war against "corrupt" regional rulers and their Western allies.
Al Qaeda's Maghreb branch has claimed responsibility for a series of attacks in Algeria in the past four months.
RABAT, July 19 (Reuters) - Morocco is committed to respecting human rights and democracy as it steps up security measures against al Qaeda-linked radical Islamists, a government minister said.
Early this month, the government raised its alert level to the highest "maximum" rating, mobilising security forces in readiness for a suspected imminent attack.
Rights activists voiced concern respect for human rights and tolerance of political opponents might be eroded by the increased security measures.
"The best long-term defence against terrorism is for Morocco to sustain democracy and strengthen respect for human rights," Mohamed El Yazghi, infrastructure, water and environment minister, told Reuters in an interview on Wednesday.
Yazghi is also the leader of the Socialist Union of Popular Forces (USFP) which controls key positions in the coalition government like justice and economy.
"Morocco is well-armed to fight terrorism," Yazghi said, citing plans to upgrade security forces and anti-terror law.
Rights groups have praised the government for its human rights record in the past eight years, in contrast to the "years of lead" in the 1960s-1990s era when hundreds of dissidents disappeared and thousands were jailed after unfair trials.
Morocco and its neighbours in the Maghreb region have been on alert since al Qaeda's affiliate in North Africa, the Algeria-based Al Qaeda Organisation in the Islamic Maghreb, threatened to escalate its war against "corrupt" regional rulers and their Western allies.
Al Qaeda's Maghreb branch has claimed responsibility for a series of attacks in Algeria in the past four months.
Fate of German Hostages in Afghanistan Unknown
Via reuters.com -
KABUL (Reuters) - Afghan Taliban rebels said they had killed two German hostages on Saturday, but Germany's foreign minister said one of the hostages was still alive and the other had died of a heart attack.
A Taliban spokesman, Qari Mohammad Yousuf, also said the militants would start killing the 23 Korean hostages they held if South Korea did not withdraw its troops from Afghanistan and the Afghan government did not release Taliban prisoners.
The spokesman said the two Germans had been killed after similar demands over Taliban prisoners and for Germany to withdraw its troops had not been met.
German Foreign Minister Frank-Walter Steinmeier told reporters in Berlin there had been a lot conflicting information about the fate of the hostages, but analysis suggested one hostage was alive.
"We have to assume that one of the two hostages died while being held hostage and all indications are that he was not murdered, but that he died of a heart attack ... we will do everything possible to save the life of the second hostage."
He said German officials were working with the Afghan authorities to secure the release of the remaining hostage.
Germany's Bild am Sonntag newspaper quoted unnamed German government sources as saying Yousuf did not speak for the hostage takers. German intelligence sources told Bild the spokesman had nothing to do with the kidnappers, it said.
"He may be someone trying to take advantage of the situation," Bild said in a preview of an article for Sunday.
Taliban spokesman Yousuf insisted the two Germans were dead.
KABUL (Reuters) - Afghan Taliban rebels said they had killed two German hostages on Saturday, but Germany's foreign minister said one of the hostages was still alive and the other had died of a heart attack.
A Taliban spokesman, Qari Mohammad Yousuf, also said the militants would start killing the 23 Korean hostages they held if South Korea did not withdraw its troops from Afghanistan and the Afghan government did not release Taliban prisoners.
The spokesman said the two Germans had been killed after similar demands over Taliban prisoners and for Germany to withdraw its troops had not been met.
German Foreign Minister Frank-Walter Steinmeier told reporters in Berlin there had been a lot conflicting information about the fate of the hostages, but analysis suggested one hostage was alive.
"We have to assume that one of the two hostages died while being held hostage and all indications are that he was not murdered, but that he died of a heart attack ... we will do everything possible to save the life of the second hostage."
He said German officials were working with the Afghan authorities to secure the release of the remaining hostage.
Germany's Bild am Sonntag newspaper quoted unnamed German government sources as saying Yousuf did not speak for the hostage takers. German intelligence sources told Bild the spokesman had nothing to do with the kidnappers, it said.
"He may be someone trying to take advantage of the situation," Bild said in a preview of an article for Sunday.
Taliban spokesman Yousuf insisted the two Germans were dead.
Google to Bid in Airwave Auction
Via SFGate.com -
Google Inc. says it is prepared to bid billions of dollars in an auction of federal wireless frequencies to create a national broadband network that could compete directly with the wired networks of companies like AT&T and Comcast.
A victory would open the door for Google to operate the network itself, vastly increasing its business prospects by selling Internet, telephone and television services. Or it could have other companies do the job, a more likely scenario.
But the Mountain View Internet giant also said it would bid on the band of wireless spectrum that's on the block only if federal regulators met certain conditions. It's unclear whether the government will meet Google's demands.
Google hopes its celebrity and deep pockets will sway federal regulators to implement rules requiring the auction's winner to lease portions of the wireless "spectrum" to third parties.
Google Inc. says it is prepared to bid billions of dollars in an auction of federal wireless frequencies to create a national broadband network that could compete directly with the wired networks of companies like AT&T and Comcast.
A victory would open the door for Google to operate the network itself, vastly increasing its business prospects by selling Internet, telephone and television services. Or it could have other companies do the job, a more likely scenario.
But the Mountain View Internet giant also said it would bid on the band of wireless spectrum that's on the block only if federal regulators met certain conditions. It's unclear whether the government will meet Google's demands.
Google hopes its celebrity and deep pockets will sway federal regulators to implement rules requiring the auction's winner to lease portions of the wireless "spectrum" to third parties.
Codename Vienna Becomes Windows Version 7
Via News.com -
Microsoft is planning to ship its next major version of Windows--known internally as version "7"--within roughly three years, CNET News.com has learned.
The company discussed Windows 7 on Thursday at a conference for its field sales force in Orlando, Fla., according to sources close to the company.
While the company provided few details, Windows 7, the next client version of the operating system, will be among the steps taken by Microsoft to establish a more predictable release schedule, according to sources. The company plans a more "iterative" process of information disclosure to business customers and partners, sources said.
Windows Vista, the oft-delayed most recent release of Windows, shipped to businesses in November and to consumers in January after more than five years of development. Vista's gestation period was marked by shifting product details as internal priorities changed and problems arose with development.
Like Vista, Windows 7 will ship in consumer and business versions, and in 32-bit and 64-bit versions. The company also confirmed that it is considering a subscription model to complement Windows, but did not provide specifics or a time frame.
Pinch - Professional CyberCrime Trojan Creation
Via Net-Security.org -
PandaLabs has uncovered Pinch, a tool sold on several online forums and designed to create Trojans. The tool lets cyber-crooks define a series of malicious actions that the Trojans can take.
One of Pinch’s main features is that it allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. Also, it is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it.
...
One of the most dangerous features of Pinch can be exploited through the WORM tab, which allows criminals to add worm features to their creations, so that they can spread by their own means, infecting other files or sending themselves out by email.
Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.
Finally, Pinch lets users define the way in which stolen data must be sent to its creator. Cyber-crooks can receive data via SMTP, HTTP or, simply order the Trojan to leave stolen data in a file on the infected computer to retrieve it later on through a port opened by the Trojan itself.
Pinch is accompanied by a parser program that allows users to decrypt the reports created by the Trojan with the stolen data and perform searches in them, so that cyber-crooks can easily identify the most profitable data.
PandaLabs has uncovered Pinch, a tool sold on several online forums and designed to create Trojans. The tool lets cyber-crooks define a series of malicious actions that the Trojans can take.
One of Pinch’s main features is that it allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. Also, it is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it.
...
One of the most dangerous features of Pinch can be exploited through the WORM tab, which allows criminals to add worm features to their creations, so that they can spread by their own means, infecting other files or sending themselves out by email.
Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.
Finally, Pinch lets users define the way in which stolen data must be sent to its creator. Cyber-crooks can receive data via SMTP, HTTP or, simply order the Trojan to leave stolen data in a file on the infected computer to retrieve it later on through a port opened by the Trojan itself.
Pinch is accompanied by a parser program that allows users to decrypt the reports created by the Trojan with the stolen data and perform searches in them, so that cyber-crooks can easily identify the most profitable data.
Friday, July 20, 2007
MPack Group Recommends Opera Browser
Via SecurityFocus -
In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious Web sites.
"DCT", one of three developers of the MPack infection kit A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims' systems and steal personal information. The MPack infection kit has been blamed for hundreds of thousands of compromised computers. And, it's malicious software with a difference: The creators have offered a year of support to those clients from the Internet underground who purchase the software for anywhere from $700 to $1,000.
In late June, SecurityFocus answered an online advertisement for the MPack infection kit, sending an ICQ message to the identifier listed in the ad. A few days later, a person contacted SecurityFocus through ICQ and identified themselves as "DCT," one of the developers of the MPack infection kit. What follows is the result of two weeks of interviews that took place in late June and early July.
-------------------------------
For the full interview, check out the SF article...good stuff.
In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious Web sites.
"DCT", one of three developers of the MPack infection kit A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims' systems and steal personal information. The MPack infection kit has been blamed for hundreds of thousands of compromised computers. And, it's malicious software with a difference: The creators have offered a year of support to those clients from the Internet underground who purchase the software for anywhere from $700 to $1,000.
In late June, SecurityFocus answered an online advertisement for the MPack infection kit, sending an ICQ message to the identifier listed in the ad. A few days later, a person contacted SecurityFocus through ICQ and identified themselves as "DCT," one of the developers of the MPack infection kit. What follows is the result of two weeks of interviews that took place in late June and early July.
-------------------------------
For the full interview, check out the SF article...good stuff.
Firefox Implements HTTPOnly Yet Vulnerable to XMLHTTPRequest
Via Rsnake's Blog -
I saw a few different people mention over the last few days that httpOnly has been added to Firefox 2.0.0.5. Very exciting stuff - as this has long been missing for over two years. There are some major pros and cons when using httpOnly on cookies. The pros are that httpOnly cookies aren’t visible in JavaScript space using document.cookie and that makes XSS much more difficult when using it in context of credential theft. The cons are that it doesn’t work in all browsers and in some browsers, like WebTV and IE5.5 on Mac it can actually cause the page to fail to load. Granted the user base on those browsers is pretty minimal but that may be a show stopper for some people.
The only problem I see with using this as protection against credential theft is that the cookies are still visible using XMLHTTPRequest. If you look at Alex’s example, it looks secure because the cookie is not visible. But if you look at this example you can see that using XMLHTTPRequest you can still get access to the cookie by looking at the headers. This has been one of those long standing problems with httpOnly, but it does raise the barrier by shutting down the most obvious way of getting at the cookies, using document.cookie.
Iraqis Being Smuggled Across the Rio Grande River
Via ABC News -
But how can be sure? If we are unaware of how many people have crossed and when...then how do we know?
I have heard people/groups say that Coyotes would NEVER bring people of Middle Eastern origin across the southern border, it just be too dangerous for the operation. Plus it would increase their chances of getting pinched.
This FBI report goes directly against that claim. Coyotes do it for the money...nothing more.
Scary stuff indeed.
The FBI is investigating an alleged human smuggling operation based in Chaparral, N.M., that agents say is bringing "Iraqis and other Middle Eastern" individuals across the Rio Grande from Mexico.
An FBI intelligence report distributed by the Washington, D.C. Joint Terrorism Task Force, obtained by the Blotter on ABCNews.com, says the illegal ring has been bringing Iraqis across the border illegally for more than a year.
Border Patrol officials in the area said they were unaware of the specifics of the FBI's report, and federal prosecutors in New Mexico told ABCNews.com they had no current cases involving the illegal smuggling of Iraqis.
The FBI report, issued last week, says the smuggling organization "used to smuggle Mexicans, but decided to smuggle Iraqi or other Middle Eastern individuals because it was more lucrative." Each individual would be charged a fee of $20,000 to $25,000, according to the report.
The people to be smuggled would "gather at a house on the Mexican side of the border" and then cross the Rio Grande into the U.S., the report says.
"Unidentified individuals would then transport them to train stations in El Paso, Texas or Belen, New Mexico," according to the FBI document.
A spokesman in Albuquerque said the FBI had "no viable information" that could lead to a case.
Until recently, the United States has kept its doors all but shut to the estimated two million refugees fleeing the violence in Iraq. Until this year, the country had taken in fewer than 800 Iraqi refugees, according to the State Department. This May, the Bush administration pledged to resettle 7,000 Iraqi refugees here by the end of the year.
----------------
Lets be clear here, it is highly likely that many of the people crossing the border are not terrorists or not looking to do harm to America. Most are just attempting to make a better life for themselves in America.But how can be sure? If we are unaware of how many people have crossed and when...then how do we know?
I have heard people/groups say that Coyotes would NEVER bring people of Middle Eastern origin across the southern border, it just be too dangerous for the operation. Plus it would increase their chances of getting pinched.
This FBI report goes directly against that claim. Coyotes do it for the money...nothing more.
Scary stuff indeed.
Texas State Web Site Leaks Sensitive Information
Via InfoWorld.com -
Troy Aikman may not be happy about it, but the State of Texas has made his address and social security number available via the Internet.
Sensitive information on Aikman, formerly a star quarterback with the Dallas Cowboys, and thousands of others is available on the Texas Secretary of State's SOSDirect Web site, according to Steven Peisner, the president of fraud prevention vendor Sellitsafe, who has provided IDG News Service with a half-dozen examples of social security numbers he was able to obtain from the site.
As government pushes more and more documents online, Texas is one of many state and local governments across the U.S. that is now struggling to remove sensitive information so that it cannot be misused by criminals.
Peisner found social security numbers on tax liens and on loan agreement notifications filed with the state, called Uniform Commercial Code (UCC) financing statements.
Texas has been automatically removing sensitive information from all documents filed with SOSDirect since June 2005, and the state is now in the process of redacting this information from earlier filings, said Scott Haywood, a spokesman with the Office of the Texas Secretary of State. But residents whose social security numbers are posted on SOSDirect need to contact the Secretary of State's office directly in order to have them removed right away, he added.
That's not good enough for Peisner.
"It's pretty cheap to do that... to make someone send in a request," he said. "There are literally hundreds of thousands of documents where social security numbers [are exposed]."
He thought that Texas should follow the lead of states like California and Colorado, which shut down access to their UCC databases earlier this year when privacy advocates notified them that they could be misused by identity thieves.
Users must submit a credit card number in order to search the Texas database, but Peisner said that lax security makes that barrier meaningless to most hackers. He said he was able to get access to information using a fake name and without providing the three-digit security code listed on the back of most cards. He believes that criminals could obtain information from the site using phony credit card numbers.
Peisner said he spoke with staffers at the Texas Secretary of State's office of his concerns last week, but to no avail. "You would think if somebody called up and said that this Web site has a hole so big that you could drive the Spruce Goose through it, that they would take it down."
One privacy advocate agreed with Peisner.
A name and social security number is all that criminals need to set up a phony credit card application, said Beth Givens, director of Privacy Rights Clearinghouse. "They need to immediately take action and take that Web site offline and in some other way remove or redact [the information]," she said.
But according to Haywood, the Texas Secretary of State is required to make the documents available under state public information laws. "Obviously our office is committed to trying to protect personal information in accordance with the law," he said. "But we also have a responsibility to post public information that has been submitted to our office. So we're balancing those responsibilities."
Ironically, Texas has recently gone after pawn shops and check-cashing operations in the state for throwing out sensitive data in public dumpsters.
-----------------------------
Ouch....
Thursday, July 19, 2007
Starbucks Challenge - 171 Stores in One Day
Some people go to Starbucks every day. Comedian/Filmmaker Mark Malkoff did the unthinkable. He made a short film in which he visited and made purchases at 171 Starbucks stores in Manhattan in one day.
To succeed Malkoff hit a Starbucks store every seven minutes for more than twenty consecutive hours. Countless espresso shots, coffees, and frappacinos later, Malkoff spent a grand total of $369.14.
http://www.171starbucks.com/
To succeed Malkoff hit a Starbucks store every seven minutes for more than twenty consecutive hours. Countless espresso shots, coffees, and frappacinos later, Malkoff spent a grand total of $369.14.
http://www.171starbucks.com/
Pictures of the Day - Pollution in China
Via guardian.co.uk -
Wuhan, Hebei province: A man collects dead fish in Donghu lake, where officials say an estimated 30,000kg of fish have been killed by a combination of pollution and hot weather
(Photograph: Wuhan/AP)
Beijing: A worker clears rubbish from canal. Reports suggest that as many as 300 million Chinese people - nearly one in every four - drink dirty water (Photograph: Teh Eng Koon/AFP/Getty Images)
Beijing: Taxis queue up outside the city's main railway station. Beijing's Olympic organizers plan to reduce the number of taxis from its roads by 50,000 as a way to combat air pollution
(Photograph: Peter Parks/AFP/Getty Images)
Wuhan, Hebei province: A man collects dead fish in Donghu lake, where officials say an estimated 30,000kg of fish have been killed by a combination of pollution and hot weather
(Photograph: Wuhan/AP)
Beijing: A worker clears rubbish from canal. Reports suggest that as many as 300 million Chinese people - nearly one in every four - drink dirty water (Photograph: Teh Eng Koon/AFP/Getty Images)
Beijing: Taxis queue up outside the city's main railway station. Beijing's Olympic organizers plan to reduce the number of taxis from its roads by 50,000 as a way to combat air pollution
(Photograph: Peter Parks/AFP/Getty Images)
Swedish Woman Gets Superfast Internet
Via Yahoo News! -
STOCKHOLM, Sweden - She is a latecomer to the information superhighway, but 75-year-old Sigbritt Lothberg is now cruising the Internet with a dizzying speed. Lothberg's 40 gigabits-per-second fiber-optic connection in Karlstad is believed to be the fastest residential uplink in the world, Karlstad city officials said.
In less than 2 seconds, Lothberg can download a full-length movie on her home computer — many thousand times faster than most residential connections, said Hafsteinn Jonsson, head of the Karlstad city network unit.
Jonsson and Lothberg's son, Peter, worked together to install the connection.
The speed is reached using a new modulation technique that allows the sending of data between two routers placed up to 1,240 miles apart, without any transponders in between, Jonsson said.
"We wanted to show that that there are no limitations to Internet speed," he said.
Peter Lothberg, who is a networking expert, said he wanted to demonstrate the new technology while providing a computer link for his mother.
"She's a brand-new Internet user," Lothberg said by phone from California, where he lives. "She didn't even have a computer before."
His mother isn't exactly making the most of her high-speed connection. She only uses it to read Web-based newspapers.
STOCKHOLM, Sweden - She is a latecomer to the information superhighway, but 75-year-old Sigbritt Lothberg is now cruising the Internet with a dizzying speed. Lothberg's 40 gigabits-per-second fiber-optic connection in Karlstad is believed to be the fastest residential uplink in the world, Karlstad city officials said.
In less than 2 seconds, Lothberg can download a full-length movie on her home computer — many thousand times faster than most residential connections, said Hafsteinn Jonsson, head of the Karlstad city network unit.
Jonsson and Lothberg's son, Peter, worked together to install the connection.
The speed is reached using a new modulation technique that allows the sending of data between two routers placed up to 1,240 miles apart, without any transponders in between, Jonsson said.
"We wanted to show that that there are no limitations to Internet speed," he said.
Peter Lothberg, who is a networking expert, said he wanted to demonstrate the new technology while providing a computer link for his mother.
"She's a brand-new Internet user," Lothberg said by phone from California, where he lives. "She didn't even have a computer before."
His mother isn't exactly making the most of her high-speed connection. She only uses it to read Web-based newspapers.
PHP 4 to Return to the Source & Save Zion
Ok, maybe it isn't going to save Zion...but it is returning to the source.
On July 13th, the PHP Development Team stated the following:
------------------------------------
Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued.
The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5.
-----------------------------------
Now go...disable the backup power system with Nmap 2.54 Beta 25 (.tgz) and help PHP 4 return to the Source. But only after you have upgraded your PHP....serious.Wii Be Pwning via Flash
Via Wiili.org -
The Flash player, that is embedded in the Internet Channel, is affected by the vulnerability in the flash video handling code that allows of executing native code.
The vulnerability involves a number signed/unsigned issue for the flv parser about the length for strings.
I, henke37 have confirmed that the vulnerability is indeed existing on the Wii.
-------------------------
Minded Security Research Labs Security AdvisoryI wonder what hacking the Wii sounds like.....perhaps it sounds like hacking on Linux or Windows on a cello. ;)
Legendary German WWII Cipher Machine on E-Bay
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146164488
Currently the bid is up to 20K....
UPDATE (7/20) - The link is now dead...looks like something happened.
Currently the bid is up to 20K....
UPDATE (7/20) - The link is now dead...looks like something happened.
Ransomware - Holding Corporate America
Via Prevx's Blog -
The VirusTotal results are very telling..and scary at the same time. It isn't uncommon to see results like this on a newly modified trojan...it gets repacked with some strange new packer and no one can see it....magic. But in this example the big name AV companies didn't detect it - McAfee, Symantec, Kaspersky, eTrust and Sophos. Strangely one of the free AV products did detect the trojan - AVG.
(Side Note - Why isn't Trend Micro on VT??)
The attackers use psychological trickery is pretty interesting as well. Lets tell them that we used RSA-4096, it will scare them into paying.
What started off as a relaxed saturday morning, turned out to be quite interesting when Marco told me about a new ransomware trojan claiming to be using RSA-4096 to encrypt users data.
This is a new iteration of a rather persistent favourite we see a lot, the filename in question is called "NTOS.EXE" Which we detect generically as Win32.PSWSteal.Gen, entirely preventing the threat of stolen data and infection.
...
At the time of writing there are 6317 records in the stat.txt file below, used to track how many people are infected, with their ip numbers.
While writing this, and looking at the Virustotal stats, one message sits clear with me. If these stats indicate that these companies have been attacked and they are running any of the products by the vendors that didn't detect it, do they even know they are infected? This could put them at significant risk.
And, if they don't know they are infected - how will they protect their customer data once its been leaked?
---------------------------------------------------
The VirusTotal results are very telling..and scary at the same time. It isn't uncommon to see results like this on a newly modified trojan...it gets repacked with some strange new packer and no one can see it....magic. But in this example the big name AV companies didn't detect it - McAfee, Symantec, Kaspersky, eTrust and Sophos. Strangely one of the free AV products did detect the trojan - AVG.
(Side Note - Why isn't Trend Micro on VT??)
The attackers use psychological trickery is pretty interesting as well. Lets tell them that we used RSA-4096, it will scare them into paying.
Wednesday, July 18, 2007
Internet Crash of 2007 - All Data Lost
Officials confirm that all online data has been lost after the Internet crashed and was forced to restart.
See the fully video news report on TheOnion.
This Internet Crash is much more serious than the Internet Crash of 2004 and the 48-hour Outage in 2003.
Funny stuff.
See the fully video news report on TheOnion.
This Internet Crash is much more serious than the Internet Crash of 2004 and the 48-hour Outage in 2003.
Funny stuff.
Islamic State of Iraq: Al-Qaeda's Internet Handle
Via WIBW.com -
BAGHDAD, Iraq (CNN) -- The U.S. military on Wednesday announced the arrest of a senior leader of al Qaeda in Iraq, an insurgent who, the military said, is casting himself as a "conduit" between the top leaders of al Qaeda and al Qaeda in Iraq.
Khalid al-Mashadani was seized in Mosul, the U.S. military says.
Khalid al-Mashadani, an Iraqi also known as Abu Shahed, was seized on July 4 in the northern Iraqi city of Mosul and is in coalition custody, the military said.
...
Bergner said al-Mashadani co-founded an organization "in cyberspace" called the Islamic State of Iraq, which he referred to as a "marketing" effort to create a Taliban-like state in Iraq. (Video Watch Bergner's briefing to reporters »)
Al-Mashadani also shed light on the Islamic State of Iraq, the so-called umbrella group of Iraqi insurgents that includes al Qaeda in Iraq.
That group has claimed responsibility for many terrorist attacks.
But Bergner said that al-Mashadani passed on the information that the creation of the group was a ruse to cast itself as home-grown, when in fact it is led by foreigners.
It went so far as to create a fictional political head of Islamic State of Iraq, Omar al-Baghdadi and an actor was used to portray him.
Bergner said Islamic State of Iraq is "a front organization" for al Qaeda in Iraq and a "pseudonym" for it as well.
"It is really being controlled, directed and guided by al Qaeda in Iraq leadership."
---------------------------
If you watch the terrorism news enough, you will see ISI somewhere. On some website or claiming to be behind some attack...but it was almost always on the internet. Each time you hear "Islamic State of Iraq" in a media report, you hear "Al-Qaeda connected" right behind it.
ISI attempted to play itself off as a Iraqi group that was fighting for their nation and their belief of Islamic rule of Iraq, but as the pictures becomes more clear...it appears to be nothing more than an Al-Qaeda internet handle - or is it?
Does Baghdadi exist or are they telling us he doesn't exist?
Al-Qaeda is fully aware of how effective PSYOPS can be during war. The videos and the printed newsletters are perfect examples. If you are losing, say you are winning....if you are captured, say you are being tortured....if you can't win with guns, then win with words.
PSYOPS are at the heart of asymmetrical warfare.
FBI CIPAV Program Nabs Teen After Bomb Threats
Via CNET -
The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.
Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.
The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges.
...
An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.
"The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique," Sanders wrote. A reference to the operating system's registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was "previously connected to."
News.com has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue.
...
In addition, the bomb hoaxster was sending a series of taunting messages from Google Gmail accounts (including dougbrigs@gmail.com) the week of June 4. A representative excerpt: "There are 4 bombs planted throughout Timberline High School. One in the math hall, library hall, and one portable. The bombs will go off in 5 minute intervals at 9:15 am."
The FBI replied by obtaining account logs from Google and MySpace. Both pointed to the Internet Protocol address of 80.76.80.103, which turned out to be a compromised computer in Italy.
That's when the FBI decided to roll out the heavy artillery: CIPAV. "I have concluded that using a CIPAV on the target MySpace 'Timberlinebombinfo' account may assist the FBI to determine the identities of the individual(s) using the activating computer," Sanders' affidavit says.
CIPAV was going to be installed "through an electronic messaging program from an account controlled by the FBI," which probably means e-mail. (Either e-mail or instant messaging could be used to deliver an infected file with CIPAV hidden in it, but the wording of that portion of the affidavit makes e-mail more likely.)
After CIPAV is installed, the FBI said, it will immediately report back to the government the computer's Internet Protocol address, Ethernet MAC address, "other variables, and certain registry-type information." And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications.
Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.)
One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.
----------------------------------
Given the information in the article, it most likely isn't a web bug trick. He appeared to be using a proxy thru the computer in Italy, so any web bug...might be accessed thru said proxy...therefore useless.
So how does the FBI install software to track these bad guys? Doesn't doesn't anti-spyware software catch it? Very good question indeed.
The FBI, like most bad buys, could alter than software in a way that is unique and therefore bypasses most detection software.
Or they could be doing some special java tricks in the browser to get IP and Network information sent back to them on the network-lan side., but this seems unlikely given the fact that data is returned for the next 60 days....it sounds to be installed on the system.
Monday, July 16, 2007
Tools of the Trade - Competitive Inhibiting Action of Caffeine
Caffeine is a xanthine alkaloid compound that acts as a stimulant in humans.Like alcohol, nicotine, and antidepressants, caffeine readily crosses the blood brain barrier. Once in the brain, the principal mode of action of caffeine is as an antagonist of adenosine receptors found in the brain.The caffeine molecule is structurally similar to adenosine, and binds to adenosine receptors on the surface of cells without activating them (an "antagonist" mechanism of action).
Therefore, caffeine acts as a competitive inhibitor. The reduction in adenosine activity results in increased activity of the neurotransmitter dopamine, largely accounting for the stimulatory effects of caffeine. The inhibition of adenosine may be relevant in its diuretic properties.
-------------------------------
On to the tools....
On July 15th, Grisoft released AVG Anti-Virus v7.5.476. This addresses a very serious security issues discovered by NGSSoftware.
Therefore, caffeine acts as a competitive inhibitor. The reduction in adenosine activity results in increased activity of the neurotransmitter dopamine, largely accounting for the stimulatory effects of caffeine. The inhibition of adenosine may be relevant in its diuretic properties.
-------------------------------
On to the tools....
On July 15th, Grisoft released AVG Anti-Virus v7.5.476. This addresses a very serious security issues discovered by NGSSoftware.
On July 13th, Gimp 2.2.17 was released. The GIMP is a multiplatform photo manipulation tool. GIMP is an acronym for GNU Image Manipulation Program. This release is mainly a bug fix over 2.2.16, which was released on July 6th. Gimp 2.2.16 fixed security problems in a number of file load plug-ins. Please see the NEWS file for a detailed list of changes.
On July 13th, CCleaner v1.41.544 was released. CCleaner is a freeware system optimization and privacy tool. This update addresses the following issues:
On July 13th, CCleaner v1.41.544 was released. CCleaner is a freeware system optimization and privacy tool. This update addresses the following issues:
- Fixed IE7 history cleaning in Vista.
- Fixed bug in clipboard cleaning.
- Added Safari cleaning.
- File system access optimizations.
- Updated several translations.
- Updated installer engine.
- Minor stability improvements.
- Minor bug fixes.
On July 13th, FG-Injector Framework v0.9 was released. FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.
On July 12th, WinSCP 4.0.3 was released. WinSCP is an open source SFTP client and FTP client for Windows. See the history file for all the change details.
On July 12th, Clam Anti-Virus 0.91 was released. Clam AntiVirus is an anti-virus toolkit for Unix. This release fixed the serious RAR Archive Processing Denial of Service Vulnerability.
On July 11th, Adam Laurie released RFIDIOt-0.1p. RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This version includes various additons and adds the CLONE mode to unique.py.
On July 11th, 7-Zip 4.49 Beta was released. This version can unpack WIM archives.
On July 10th, J.M. Seitz released PyFault 0.1a. PyFault is a python library for fault injection in Win32 based applications. Currently it implements a DLL injection and ejection mechanism. They plan to add more functionality to it; suggestions are welcome.
On July 10th, J.M. Seitz released PyFault 0.1a. PyFault is a python library for fault injection in Win32 based applications. Currently it implements a DLL injection and ejection mechanism. They plan to add more functionality to it; suggestions are welcome.
On July 9th, Wireshark 0.99.6a was released. Security-related vulnerabilities in the HTTP, DCP ETSI, SSL, DHCP, and MMS dissectors have been fixed along with the iSeries file reader. See the advisory for details. Wireshark 0.99.6a was released to fix an issue in Windows when upgrading Winpcap.
On July 6th, Trend Micro released HijackThis 2.0.2. HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs.
Recently Java JRE 6 Update 2 was released. This is an update release and therefore no functionality has been added or removed from the original 1.6.0 release. However, it does address several serious security issues.
On July 6th, Trend Micro released HijackThis 2.0.2. HijackThis is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs.
Recently Java JRE 6 Update 2 was released. This is an update release and therefore no functionality has been added or removed from the original 1.6.0 release. However, it does address several serious security issues.
Subscribe to:
Posts (Atom)