Password Cracking With THC-Hydra
Investigating someone's Information disclosure? How about your information?
Stories for Discussion
MS Exploit History - [PaulDotCom] - This handy little web site lists all of the MS advisories, dating back to 1998!, and associated exploits where avavailable. This is a handy link for pen testers, and good reference when report writing (i.e. you were vulnerable to MS0X-XX, and it has an exploit that is readily available).
Perils in Parallells - [PaulDotCom] - So, when I installed Parallels I did not use the defaults. I went into every configuration option and customized it to my liking and security level. This took a but more time, and a bit of research, but I was never exposing this vulnerability due to good configuration practive and process. Advice: Always question the defaults as they are there for ease of use NOT security! Props to Krebs for bringing this to people's attention.
Bomb the bad hackers, bomb them good! - [PaulDotCom] - Googlemaps are scary, especially when you combine them with technology that pinpoints infected machines and a military "Genius".
Automated SQL Injection - [PaulDotCom] - Sounds promising, haven't tested it, but may be worth a look to put in your pen test toolkit.o
High-Performance security appliances - [PaulDotCom] - I have to say, ever since David Maynor started his blog, I have been a huge fan. This post is a great example, as David tell us some of the inside details on how ASICs aren't all they are cracked up to be. Basically, you can make them perform poorly, and having been hands on with a certain firewall vendor for some time, I have experience that first hand.
MySpace Users Attacked: Again - [PaulDotCom] - Why are MySpace users attacked so often? Is it because their web pages suck so badly? Do they inspire that much rage against hackers? Or is it that the community at large is a bunch of gullible usah's primed for 0wn4ge?
Fierce Domain Scanner - [PaulDotCom] - First off, cool logo. Second, you should be running a tool like this on every pen test. however, BidiHblAH is way better, while this tool is like a bull in a china shop approach, Senspost's tool is more elegant.
Security Auditor Vs. VP: Fight! - [PaulDotCom] - Hilarious story about a company sent in to retrieve a laptop from an employee behaving badly. We hope that our jobs never come down to a physical confrontation, but hey, gotta use those Kung Fu skillz sometime!
Top Ten Admin Passwords to Avoid - [PaulDotCom] - Did they get this from the movie "Hackers"? Funny stuff....
Penetration Testing Framework Updated - [PaulDotCom] - This is a really good reference guide for pen testers, and even for building defenses. Providing some insight into how a network/system is attacked.
Mobile Malware Authors: The skilled and not-so-skilled - [PaulDotCom] - As with many different hacking scenes, there are the truly skilled whose numbers are few, and the numerous copycats and "kiddies". F-Secure has found evidence of both in the mobile malware world.
Chris Paget of IOActive doing an RFID Hacking Presentation at Blackhat - [Joe] - "Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards." - [Larry] Talk was canceled due to legal threats by HID. moar info
Reverse hacker wins $4.3M in suit against Sandia Labs - [Joe] - "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."
IGiGle - [Larry] Irongeek's Wigle to Google earth conversion. Lets you view wigls data on google earth. The resulting maps are very detailed...
Old Mac WiFi hacks revealed! - [Larry] Remember all the hubbub about the Mac wireless driver vulnerabilities? Well, David Maynor demped them live, and cleared up the misconceptions.
Madwifi 0.9.2.1 Kernel buffer overflow - [Larry] by crafting some specialized packets involving WPA/RSN, upon reciving the packet, the madwifi driver can cough up a connect back.
SELinux vs Solaris trusted Extensions - [Larry] A comparison article between SELinux and the Solaris Trusted Extensions. An excellent comparison, basically stating that the Solaris product is better - of course, the article was written by someone at Sun.
Oracle, Again? - [Larry] David Litchfield illustrated a new attack method for Oracle databases, that does not require the aboility to create procedures or functions - it only requires Create Session. this blows a lot of the donwnplay that Oracle has given about many attacks. not to mention, it affects all Oracle versions.
Drive by pharming - [Larry] I only wantd to give this one few minutes. User browsws to a site, whcih lats a java app. said java app connects to thier home router, with a default password and modified dns servers. User surfs to commerce or banking site, and is redirected to a phony site as determined by the compromised DNS setting. Paul, I know you have comments on this one. Something similar to the CoWF "evil bastard" firmware.
Solaris Telnet Worm - [Larry] Yep, it exists, as confirmed by arbor networks. Hopefully it only got a handfull of machines...right?
Firmware new place for rootkit? - [Larry] I think we called this one a while back. Also see the CoWF evil bastard firmware. So, how do you check for malware/ootkist on your embedded device?
Stop and Plop Data thefts - [Larry] looks like they modded the pin terninals. Don't forget about physical security!
5 Mistakes of Data Encryption - [Joe] - 1.) Not using encryption when it is easy and accepted 2.) Inventing your own cryptographic algorithm 3.) "Hard-coding" secrets 4.) Storing keys with data 5.) Not handling data recovery
Low-Resource Routing Attacks Against Anonymous Systems - [Joe] - Paper on how to statistically xmoke Tor using low resource machines which report having higher resources, allowing them to permeate a Tor network for privacy-crippling results (warning: math)
Other Stories of Interest
How-to: Encrypt web browsing with SSH proxy - [Joe] - so simple even a caveman can do it. @Paul & Larry: is a WRT54G a viable avenue for this?
Lockheed's F-22 Raptor Gets Zapped by International Date Line - [Joe] - The jet crosses the IDL and the onboard computers crash. xmoke!
Why Geeks Make Good Lovers - [PaulDotCom] - Attention to detail? Striking good looks? :)