Episode52

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

NMAP Video

Shmoocon Video: Advanced Network Reconnaissance with Nmap

Stories for Discussion

UK RFID Passports Cracked - [Joe] - "The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat." [Larry] - Hmm, they also seemed nonplussed that they were only readable from a few cenimeters - and researchers are currently trying to read them form significant distances.

Worms In Second Life - [PaulDotCom] - Manifesting themselves as golden rings, these worms were able to take out the game servers for a better part of the weekend. I particularly like the picture in this blog posting, reminds me of Cranston, RI ;-) [Larry] - Just goes to show, that when you provide the users the ability to use thier own untrusted (to LindenLabs) scripts, that interesting things can happen.

Week of Oracle Database Bugs - [Joe] - "We want to show the current state of Oracle software ("in")security also we want to demonstrate Oracle isn't getting any better at securing its products (you already know the history: two years or more to fix a bug, not fixing bugs, failing to fix bugs, lying about security efforts, etc, etc, etc.)....We have 0days for all Database software vendors but Oracle is "The #1 Star" when talking about lots of unpatched vulnerabilities and not caring about security." ... whats next? the fortnight of firewall bugs? [PaulDotCom] - Don't forget to patch the 101 bugs released this month too! [Larry] - This goes hand in hand with the side by side comparison of MS-SQL vs. Oracle...now I just need to find the article.

IT Crowd DVD has subtitles in l33t 5p33k - [Larry] - We need this in more mainstream releases.

Many Wifi Users are still piggybacking - [PaulDotCom] - "According to its research, 37 per cent of wi-fiers it asked said they have used networks belonging to unknown businesses or residents nearby, even though they knew they may be exposing themselves to the risk that their data could be intercepted." This is just a no-no for so many reasons. If you do use open access points consider using SSH or OpenVPN. Those are my picks... [Larry] - What, using open access points to do my banking is bad? Why is my checking account empty, where did all my money NO CARRIER.

Disk image flaw found on Mac OS X - [Joe] - "The flaw occurs in the function responsible for opening disk images and could be exploited remotely if an attacker crafts a malformed image, places it on a Web server, and then convinces a Mac user to click on a link" MoKB Link. [PaulDotCom] - Holy FUD! Check out some of the Matasano rebulte here. [Larry] - John Gruber of daring fireball fame? Heh. Allegedly this only causes a crash via buffer overflow. We all know what that means - code execution soon enough.

Hacking An ATM Machine with an MP3 Player - [PaulDotCom] - So, you go to the back of the ATM machine, find the phone line, plug one end into to your mod'd MP3 player and the other back into the way, record all the tones, then decode them on your laptop once you retrieve the recorder. Very sexy! [Larry] - More reasons why when deploying devices that need to be secure, you need to seriously think about the environment, and INSTALL them securely as well.

Firefox 2.0 Password Manager Vulnerability - [Joe] - The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge, as shown in this proof-of-concept: [1]. [Larry] - Looks like this also may be a problem with one or more versions of IE as well. Of course, us security professionals would never store oour passwords in a browser. Don't worry, I can't see you clearing them right now.

Me Code Write Good - [PaulDotCom] - Fantastic article from Symantec on how virus/worm code has bugs and vulnerabilities! Everything from bugs in the Morris worm, to actual vulnerabilities in today's malware. I love the approach!

Do You Trust Bluetooh? - [PaulDotCom] - As time goes one, more bluetooth related threats are becoming a reality. From packet sniffing, to kernel mode exploits, bluetooth is emerging as a the next big thing to watch out for in my opinion. It will be a more pervasive technology, making it worth the bad guys time... [Larry] - We've said it time and time again. While bluetooth is a "local" technology, you can extend the range to say 28 miles. Even more scary.

DoD Access Points - [PaulDotCom] - You just never know what you're going to get on ebay, in this case some 900MHz APs reveal sensative information from the DoD. And yes, thats an SNMP community of "barney". I guess its better than private :) [Larry] - ...or better than public. Of course properly configured SNMP v3 would be the best, but not all devices support it.

"Hacker Safe": Safe for Hackers - [PaulDotCom] - So many people ask me about the "hacker safe" websites. You know, these are the sites that adorn those "Hacker Safe" banners. Well, here is a good reason or two not to trust it. A group of hackers recently found a bunch of XSS vulnerabilities in so-called "hacker safe" websites. Go figure. Ironic though, how being a "hacker safe" web site now makes you more of a target... Hackers who hacked hacker safe websites web site :) [Larry] - Claiming to be hacker proof and perfectly secure is an excellent way to get targeted. Hilarious.

M$ co-president lets his 7-year old son surf web without antivirus software - [PaulDotCom] - uh, not a good idea. I would think he would get a discount on Microsoft One-care :) [Larry] - Apparently the Vista security is that good...or because M$ hasn't opened up enough to allow AV vendors to write for Vista...or Vista isn't secure at all.

Perl Script Used to Catch Sex Offenders on MySpace - [PaulDotCom] - I'm not a huge fan of Perl, but in the right hands its doing some good for New York's Suffolk County Police Department, "Excluding a handful of obvious fakes, I confirmed 744 sex offenders with MySpace profiles". And they even open-sourced it, Way to go dudes!

Stealth Malware Taxonomy - [PaulDotCom] - Malware classification from Joanna Rutkowska.

Is the New OS X DMG Threat Real? - [PaulDotCom] - Thomas Ptacaek provides one of the most creative and well done blog postings to explain why. Oh, and my new house has this lake in the back, perfect for John Gruber and Alastair Houghton to go jump in. Yeah, and no, I'm not going to link to their blogs filled with mis-information, Mac Zealotism, and FUD. However, I will link again to the Matasano blog posting by Dave G. on how they predict the future of security. We got your back...

Hacking Exposed VoIP Edition - [PaulDotCom] - This one looks interesting... See also HackingVoIP.com.

Codecs Contain Malware - [PaulDotCom] - Be careful when browsing for pr0n, er, legally downloadable movies. Right, so um, yeah, the codecs usually contain malware, and they are not very sneaky about it. For more fake codecs, go here. Further Supporting Evidence. So, when is someone going to be able to embed malware in an audio stream, so it can take over your computer OR iPod, or whatever you listen to music on. That would be cool, er, did I say cool? I meant like bad/cool, like bad, but cool, anyway... [Larry] - It would only be cool if they sent the exploits via backwards masked satan worshiping messages.

Matasano Chat - [PaulDotCom] - Okay, this is the last Matasano plug this week, promise, they have a new chat room. Check it out! Be certain to thell them we sent you ;)

XSS Shell - [PaulDotCom] - I have not tested this one out but believe we as a community need to do a better job of communicating the dangers of XSS to developers and organizations management, etc... So, if this tool is useful for that purpose, please let us know!

We Saw Bruce Schneier! - [PaulDotCom] - Live and in person! We gave him t-shirts too. He said things like, "Exactly two things have made our air travel safer since 9/11,” he said. “The first one was reinforcing the cockpit door, and the second one was convincing passengers they have to fight back. Everything else has been a waste of money.”. Couldn't agree more! [Larry] - It was an excellent talk, and he brought up a ton of great points.

Stories of Interest

Open Source Hardware/Software Gifts for the Holidays - [Joe} - I want all of these!

SANS Mac OS X Security Checklist - [PaulDotCom] - Haven't read it yet, but interesting....

UCLA Police Taser Student for now showing his ID in Computer Lab - [PaulDotCom] - WARNING: This is not to the faint of heart. I've never wanted to jump into a video so bad and beat some ass, maybe get a few of my classmates on board and use those wooden chairs in the background for some good, like saving some poor dude from be repeatedly tasered for no reason and risking his life.

Free Book, Wireless Networking in the Developing World - [PaulDotCom] - on a lighter note, download a free book! I love these! [Larry] - When I was single I looked into joining up with the program (I'll be dammed If I can find the name). If you want to see the world, Do tech work, and solve very interesting challenges on no budget, check it out.

Juniper Tips & Tricks - How to capture traffic on a Juniper router. Good info, esp. if you are doing a pen test and want to capture all the target organizations traffic :)

Backtrack Video Tutorial From Offensive Computing - [PaulDotCom] - Don't know what kind of codec was used, but video won't play for me...


I Hate the term Evil Twin - [PaulDotCom] - Everyone should stop using it, it doesn't do anyone justice. With Karma, I'm really not a "twin", I'm more like, "Whatever the f*^& network you want to connect to". Its just a bad term, </rant> [Larry] - Please, it is not an evil twin...and it has been around for ages, wo why is it such a big deal, again?