Episode57

From Paul's Security Weekly
Jump to: navigation, search

Episode Media

mp3

Tech Segment: CES, MacWorld, and Security

There are lots of new technology gadgets and the like being released this week. Being geeks, we love to read about them! Of course, we want to put our security angle on it. So, here are some things that I have been hearing about and my thoughts (others, feel free to add):

- Apple Airport Extreme - [PaulDotCom] - Probably the most glossed over part of the keynote was the enhancements to the Airport. It will now support 802.11 a/b/g/draft-n! A drive update will be released for Core 2 Duo machines, who silently shipped with draft-n chipsets. Be certain to heed the warning from JW on 802.11n security. Boils down to using encryption (does 802.11n support WPA2?), running it on 5GHz spectrum, and not running it in mixed mode (i.e. dedicate a radio to 802.11n, much harder in large deployments). Oh, and bonus USB port to attach printers and share drives. Sweet!

- Nokia n800 - [PaulDotCom] - Replacing the Nokia 770 is this awesome new model. Twitchy and I both bought one last Sunday when they became available in the stores. It sports a Jabber client that can do live video teleconferencing, very geeky! I am still configuring it, and just updated the OS. Some of my challenges include making it work with EAP-TTLS/PAP, connecting to my IMAP SSL server, and preventing it from connecting to networks by default. This is a cool device, and it runs Linux. The new model has more memory as well, so can't wait to get it all configured and use it on a regular basis. Also, Nokia 770's will drop in price, these make great little hacking platforms (metasploit, kismet, nmap, etc...)

- Apple iPhone - [PaulDotCom] - So little is known, however we're pretty sure its an ARM processor. But, no keyboard or stylus? We'll see...We use Verizon, so there won't be one in my future anytime soon. It uses a Marvell wireless chipset, and it looks like there is no support under Linux other than NDIS. Kind of a wait and see on this one. I mean, for $499 you only get like 4GB, so its not replacing my iPod anytime soon. Bets on when the first exploit will be released?

  • Joe - No 3rd party apps, trademark infringement problems with Cisco (another display of Apple's hubris), and a cool but not-so original design (LG KE850). I'm happy to see the convergence of today's necessary digital devices (phone, mp3 player, PIM, etc), but I'm frustrated that the iPhone (Apple's, not Cisco's) will probably command the industry because of slick marketing. Competitors like FIC's Neo1973 or Trolltech's Greenphone seem like much more enticing products to me not only because of what they offer, but what they CAN offer; to the user and the industry

Stories for Discussion

Great Posting on String functions - [PaulDotCom] - I need to buy this book, the art of software security assessment. This article details buffer overflow heaven, and shows examples of many differe string manipulation functions and how they can be exploited. Very HOT!

How do you know your code is secure? - [Joe] - Wait until someone pwns it, of course! I like these quotes: "The more complicated the program is, the harder it is to get it right. It's really hard to tell the difference between a program that works and one that just appears to work". The author obviously is opinionated on securing code however: "if the "security researchers" actually wanted to be useful, they'd be working as part of the code audit team for Oracle, or Microsoft. But then they couldn't claim their fifteen minutes of fame on CNN or onstage at DEFCON."

New "Wifi Protected" Products announced - [PaulDotCom] - This is in the saim vain as Cisco's "Secure Easy Setup", and effort to make securing Wifi easy for the average user. This trick is that both the AP and the client hardware/software need to support it. Ya, good luck with that. Maybe it can be better than SES at least, which only worked with Cisco/Linksys.

"bugging" coins with RFID - [Joe] - "Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence. Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology." [Larry] - Holy crap! Besides the potential tracking and provacy issues, I want one! Any Canadians care to send me one?

Keep Your Client Software Up-To-Date - [PaulDotCom] - If you are using Adobe Reader, Java, WinZip, or Open Office, get updating. Also, note to the software makers, firefox does an excellent job of keeping itself up-to-date, why can't you? Users, consider something like Version Tracker software to help keep your software up-to-date or you will be pwned. That goes for Windows and OS X, Linux users use a distribution that offers automatic updates (like Debian, Gentoo, or uBuntu) and try not to stray from the provided packages.

We are controlling transmission - [Larry] - This hack is old, but very neat. Chicago, Novermber 22, 1987, Chicago land viewers for to see Max Headroom and a naked butt on the TV instead of Dr. Who. Apparently someone was able to inject their own data in to a licensed microwave transmission array. Alegedly, the equipment could have been rented for about 25K, or built by hand. Either way, it was illegal to operate - just because it is illegal or expensive, doesn't mean hackers won't do it

iDefense wants your vulnerabilities/exploits - [PaulDotCom] - I have mixed feelings on this one. On one hand, its good that bug hunters are being encouraged, okay bribed, to release their exploits so that vendors can fix them. However, this all depends on how well it is handled. Most of the companies that are buying exploits have some vested interest, iDefense is owned by Verisign who offers managed IDS/IPS, and the 3com project of a similar nature has potential benefits to the Tipping Point product line. COI if you ask me...

Apple's Bug Fix tool...is Buggy! - [Joe] - "Vulnerability researchers behind the "Month of Apple Bugs" project, which aims to publish one flaw per day throughout January in software used on Apple platforms, announced on Monday that they have found a vulnerability in a tool that is used by a group involved in finding fixes for the flaws. APE is a third-party piece of software, written by Unsanity, designed to "enhance and redefine" the behavior of applications running on Apple platforms. APE loads plug-ins containing executable code into active applications. Month of Apple Fixes uses the software to apply run-time patches to the flaws found by the Month of Apple Bugs project. The patches insert themselves into applications when they run, find the vulnerable code and apply themselves."

Bluetooth Security Worse than Wifi? - [PaulDotCom] - Interesting article, HD, Zoller, and Finestere, all weigh in. I think its interesting to think of every Bluetooth device as an access point.

SPAM decline? - [Larry] - Spam rose to unbelievable levels before the Holidays, now where did it all go? Rumor has it that a large botnet went all pear-shape. If the bot-nerder owns it, who does?

Detailed Analysis of the Adobe vulns releaesed at CCC - [PaulDotCom] - I was not able to digest this one in time for the show, but wanted to get other people's thoughts.

How to catch a mole - [Larry] - More MOAB craziness. Release an "exploit" earlier to those trolling the site before releases. PWN3D!

F-Secure has a signature for the MMS exploit - [PaulDotCom] - It is also clear that it is still very much a PoC, only working on certain phones. To get it to work on other phones/MMS applications you need to port the shellcode.

Where's Nick? - [Larry] - Lindend labs release the code to the second life client - Open Source.

Some Laptops Come with Vulnerabilities - [PaulDotCom] - First, Acer should be smacked. Second, the laptop is butt ugly. Third, Make sure you wipe your laptops and re-install before you use them to get rid of all the vendor crap.

More Raul - [Larry] - More of Raul's great article on wireless forensics.

NSA helps Microsoft - [PaulDotCom] - Great Schenier posting, so what does the NSA do when it finds a vulnerability? Flip a coin? Heads, use it to spy on Americans. Tails, tell M$ about it. Could it be a double headed quarter? :)

Irongeek's HP Printer hackin' - [Larry] - Updated to include the FTP exploits a few shows ago. Adrian, Please drop Joe a note.

Just a Little Old Fashioned Hotel Proxy'n - [Joe] - My boss showed me this little blog story. This might be old news, but it strikes me as one of those buyer beware situations- even though you're paying money to use the internet, it doesn't mean the hotel is looking out for you and your security/privacy

Best site to hit with a XSS attack and/or hijack - [PaulDotCom] - Good idea, but big red target in my opinion. Do I really trust it?

Other Stories Of Interest

Electronic Lust, sex toys for your computer - [PaulDotCom] - When I was in college, my friend and I used to try and come up with business ideas. One of them was this, and then we started to see people actually doing it... Ewwww, dirty USB ports...

Slip Traceroute through firewalls with 0Trace