The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for July, 2005

The first cybercime treaty

Posted by Xavier Ashe on July 30, 2005

A U.S. Senate panel on Tuesday approved the world's first treaty
targeting “cybercrime,” clearing the way for a floor vote later this

All nine members of the Foreign Relations Committee who were present
said by voice vote that they broadly agreed with the Council of Europe
Convention on Cybercrime, handing a hard-won victory to software
companies that are eager for the U.S. to ratify it.

Because U.S. law already includes much of what the treaty requires, the
Senate's consent would be largely symbolic. The document requires
nations to adopt laws governing search and seizure of stored data,
surreptitious Internet wiretapping, cross-border assistance, and
retention of Internet provider records upon police demand.

Get the details at the Computer Crime Research Center.


Posted in Security | Leave a Comment »

Wi-Fi Protected Access 2 by The Cable Guy

Posted by Xavier Ashe on July 30, 2005

Wi-Fi Protected Access 2 (WPA2), as described in Wi-Fi Protected Access 2 (WPA2) Overview,
the May 2005 The Cable Guy article, is a product certification
available through the Wi-Fi Alliance that certifies wireless equipment
as being compatible with the IEEE 802.11i standard.

802.11i standard formally replaces Wired Equivalent Privacy (WEP) in
the original IEEE 802.11 standard with a specific mode of the Advanced
Encryption Standard (AES) known as the Counter Mode Cipher Block
Chaining-Message Authentication Code (CBC-MAC) protocol (CCMP). CCMP
provides both data confidentiality (encryption) and data integrity.
This article describes the details of the WPA2 implementation of AES
CCMP for encryption, decryption, and data integrity validation of
802.11 wireless frames.

Great Article in the August edition of the The Cable Guy.

Posted in Other Technology, Security | Leave a Comment »

UPDATE: Furor over Cisco IOS router exploit erupts at Black Hat

Posted by Xavier Ashe on July 29, 2005

Although Cisco and Internet Security Systems had abruptly cancelled a planned technical talk
and demo at the Black Hat Conference to reveal how unpatched Cisco
routers can be remotely compromised, the researcher who had originally
uncovered the problem went ahead with the talk anyway, igniting a spate
of lawsuits against himself and the Black Hat Conference.

Michael Lynn, the research analyst at ISS who was asked to resign
after his presentation detailing how an attacker can exploit flaws in
unpatched Cisco routers to gain total control over them, said he felt
compelled to reveal the information because “I felt I had to do what’s
right for the country and the national infrastructure.”

and ISS, claiming it was premature to release the research, saw it
differently and immediately filed a lawsuit aimed at compelling him not
to discuss the subject further. The Black Hat Conference was also
served with a lawsuit by the two companies for allowing Lynn to discuss
the exploits associated with Cisco routers.

The efforts by Cisco and ISS to put a lid on the information about
Cisco router exploits that Lynn revealed may be futile. Some attendees
at the conference believe the original CD which containing the detail
is already in circulation. In addition, some security professionals
attending the Black Hat Conference said they were grateful for Lynn’s

Read the full back and forth on Network World.  Wow, I am missing some fun down at Black Hat this year.  You bet I won't miss it next year.

Posted in Security | Leave a Comment »

Cisco tries to silence researcher

Posted by Xavier Ashe on July 29, 2005

Cisco has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a
request Wednesday for a temporary restraining order against Michael
Lynn and the organizers of the Black Hat security conference. The
motion came after Lynn showed in a presentation how attackers could
take over Cisco routers — a problem that he said could bring the
Internet to its knees.

The filing in US District Court for the Northern District of California
asks the court to prevent Lynn and Black Hat from “further disclosing
proprietary information belonging to Cisco and ISS,” said John Noh, a
Cisco spokesman.

Get the scoop on ZDNet UK.

Posted in Other Technology, Security | Leave a Comment »

Microsoft "Genuine Advantage" cracked in 24h

Posted by Xavier Ashe on July 29, 2005

AV sez, “This week, Microsoft started requiring users to verifiy their
serial number before using Windows Update. This effort to force users
to either buy XP or tell them where you got the illegal copy is called
'Genuine Advantage.' It was cracked within 24 hours.”

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter: >


It turns off the trigger for the key check.

On Boing Boing and UNEASYsilence.

Posted in Security | Leave a Comment »

Cell Phone Tower Search

Posted by Xavier Ashe on July 28, 2005

Towers are registered with the FCC.
We've taken the information and compiled it into a searchable database,
and displayed it with Google Maps to give you a graphical interface to
see towers in your area. Unfortunately, many towers are independantly
owned and leased to carriers. Therefore, if the towers are private, it
is not possible to know which carrier or carriers it is being leased to
at the moment.

Another great Google Maps hack.  Cell Phone Tower Search

Posted in Other Technology, Tools | Leave a Comment »

EarthLink Drops Spam Charges against Two Defendants

Posted by Xavier Ashe on July 27, 2005

Atlanta-based EarthLink has dropped
allegations of illegal spamming against two individuals, Alyx Sachs, a
former television producer for Geraldo Rivera, and Albert Ahdoot, whom
the company had claimed were part of the notorious Alabama Spam Gang.
“As a result they were publicly reported in the most negative light by
over 200 news organizations — naming them as some of the world's most
notorious spammers and thieves,” the two men's lawyer, Paul Sigelman,
said in a release on Tuesday. “EarthLink now believes they were victims
of a massive and sophisticated campaign of identity theft and that they
were, in fact, unaware of and had no role in spamming,” Sigelman said.
The Alabama Spam Gang was convicted in January of violating federal and
state Computer Systems and civil RICO laws, including the use of stolen
credit cards, identity theft, and phony Internet accounts to send out
over 250 million junk emails.

Get the full scoop on biz.Yahoo

EDITED There is a correction posted:

In the news release, Wrongfully Accused: Earthlink Dismisses for Mistaken
Identity, Says Company and Its Founders Are Not 'The Alabama Spam Gang,' Says
Defense Attorney Paul Sigelman, issued earlier today by Paul Sigelman over PR
Newswire, we are advised by the company that the phone number for Lisa Fein,
should read “+1-702-966-0182” rather than “+1-702-996-0182” as originally
issued inadvertently.

Posted in Security | Leave a Comment »

Black Hat: Oracle's crypto not secure, researcher says

Posted by Xavier Ashe on July 25, 2005

The standard encryption mechanism used
by Oracle's database products can be easily circumvented, according to
a German security researcher who last week published details on a
number of unpatched security

Security expert Alexander Kornbrust plans to give a presentation at the
Black Hat USA 2005 security conference this week showing how Oracle's
encryption can be broken. The encryption features that come standard
with Oracle's database, called DBMS Crypto and DBMS Obfuscation
Toolkit, can be circumvented, he said in an interview.

“A lot of people think that if they use this DBMS Crypto, a hacker is
not able to decrypt the data, but I found a way to get the keys,” said
Kornbrust, a business director at Red-Database-Security GmbH, in
Neunkirchen, Germany.

Get the full article at InfoWorld.

Posted in Security | Leave a Comment »

HuFu – Artificial Human Meat

Posted by Xavier Ashe on July 24, 2005

What does Hufu TM taste like? Does it taste like human flesh?
is designed to resemble, as humanly possible, the taste and texture of
human flesh. If you've never had human flesh before, think of the taste
and texture of beef, except a little sweeter in taste and a little
softer in texture. Contrary to popular belief, people do not taste like
pork or chicken.

How do you know HufuTM tastes like human flesh?
The taste and texture of HufuTM
are the result of painstaking research and extensive testing in our
kitchens. We are supremely confident that our food products would
satisfy the tastes of even the most demanding cannibal.

Is HufuTM a vegetarian/vegan friendly?
Yes. HufuTM contains no human or animal products.

Get your own Human meat replacement at

Posted in For Fun | Leave a Comment »

CEOs are faking it, Stanford professor says

Posted by Xavier Ashe on July 24, 2005

Your company's chief executive might be
a pretender, and that may be a good thing, according to Stanford
University Professor of Management Science and Engineering Robert

Sutton, the author of a 2001 study of corporate innovation, “Weird
Ideas that Work,” says that a close look at the evidence shows that
chief executive officers (CEOs) probably deserve less credit for their
company's fortunes than they receive, and that the best of them manage
a tough balancing act: secretly aware of their own fallibility, while
also realizing that any sign of indecisiveness could be fatal to their

The best executives, like Intel's former CEO Andy Grove will admit that
they face a dilemma in needing to appear decisive, while at the same
time being conscious of their limitations. “You have to pretend” Sutton
said. “It's sort of a dilemma, but if you want to accept a leadership
job, you've got to accept the hypocrisy of it.”

In a 2003 interview with the Harvard Business School, Grove admitted
that no business leader has “a real understanding of where we are

Read the full article at InfoWorld
Makes me feel better about my chances at business leadership.  I
was told by a wise person once that leader do nothing very well, but
still knows how to get things done by inspiring others.

Posted in Main Page | Leave a Comment »

RockStar Confirms Sex Mod Not a Hack

Posted by Xavier Ashe on July 23, 2005

The fight over Grand Theft Auto: San Andreas came to a climax on
Wednesday as the Parents Television Council called for a recall of the
video game, and a statement from the game maker Rockstar seemed to
confirm the Hot Coffee modification was indeed not a hack and was
present within the game.

RockStar issued a statement late
Monday saying it was providing a patch to prevent the modification in
already purchased titles, and would stop selling the game while it
works on a non-modifiable version. Wednesday's developments ostensibly
confirmed that the scenes depicted within the game were created by the
game manufacturer.

Effective immediately, the ESRB has changed
the rating of the current version of the game to “AO” for adults only,
and would provide stickers to retailers wishing to continue selling the
current version.

Get the full scoop at BetaNews.

Posted in Other Technology | Leave a Comment »

Entrada Network ceases operations

Posted by Xavier Ashe on July 23, 2005

On July 20, 2005, we were
advised via an e-mail from SBI Advisors, LLC, agent for our chief lender,
instructing their counsel to prepare documents to call in the default and to
accelerate our loans for non-payment of interest.  These loans were extended to
July 31, 2005 in the Amendment 4 to the loan documents that we had filed
previously. Without the extension from the chief note holders, or warrant
holders exercising the warrants they hold, or an infusion of any cash, we are
not in a position to continue our operations

See the full SEC Filing

I had to remove by previous post.  Right now the best thing to say is that Microtek isn't sunk yet.

Posted in Main Page | Leave a Comment »

CSI/FBI Computer Crime and Security Survey 2005

Posted by Xavier Ashe on July 22, 2005

Some key findings:

❏ Virus attacks continue as the source of the greatest financial
losses. Unauthorized access, however, showed a dramatic cost increase
and replaced denial of service as the second most significant
contributor to computer crime losses during the past year.

❏ Unauthorized use of computer systems has increased slightly according
to the respondents. However, the survey respondents reported that the
total dollar amount of financial losses resulting from cybercrime is
decreasing. Given that the total number of respondents to the survey has dramatically
increased, the survey shows a dramatic decrease in average total losses
per respondent. Two specific areas (unauthorized access to information
and theft of proprietary information) did show significant increases in
average loss per respondent.

❏ Web site incidents have increased dramatically.

❏ State governments currently have both the largest information
security operating expense and investment per employee of all
industry/government segments.

❏ Despite talk of increasing outsourcing, the survey results related to
outsourcing are nearly identical to those reported last year and
indicate very little outsourcing of information security activities.
Among those organizations that do outsource some computer security
activities, the percentage of activities outsourced is quite low.

❏ Use of cyber insurance remains low (i.e., cybersecurity insurance is
not catching on despite the numerous articles that now discuss the
emerging role of cybersecurity insurance).

❏ The percentage of organizations reporting computer intrusions to law
enforcement has continued its multi-year decline. The key reason cited
for not reporting intrusions to law enforcement is the concern for
negative publicity.

❏ A significant number of organizations conduct some form of economic
evaluation of their security expenditures, with 38 percent using Return
on Investment (ROI), 19 percent using Internal Rate of Return (IRR) and
18 percent using Net Present Value (NPV).

❏ Over 87 percent of the organizations conduct security audits, up from 82 percent in last year’s survey.

❏ The Sarbanes-Oxley Act has begun to have an impact on information security in more industry sectors than last year.

❏ The vast majority of respondents view security awareness training as
important. However, (on average) respondents from all sectors do not
believe their organization invests enough in it.

Download the PDF.

Posted in Security | Leave a Comment »

Howto: Use the PSP to open Masterlocks

Posted by Xavier Ashe on July 22, 2005

There is a homebrew PSP application will generate a list of the 100
possible combinations for a Masterlock combination lock given the last
digit in the code.

Yes, a PSP applcation. Click here to download the program and click here to learn how to install it.

Read More

Found on UNEASYsilence.

Posted in PSP Hacks | Leave a Comment »

Thanks for the shout-out

Posted by Xavier Ashe on July 21, 2005

I just had a lovely comment posted….

Thank you, I just wanted to give a greeting and tell you I like your website.

I get an email notifaction when this happens.  There are two email
links within that email: one small link for reply, and one huge
multiline link for delete.  Doh!  I went with the big blue
link and wiped it out.

Thanks to whoever took the time to say Thank You.  It means a lot
and I wanted to make sure you didn't think I delete all the nice posts.

Posted in Main Page | Leave a Comment »

How much does a security breach actually cost?

Posted by Xavier Ashe on July 21, 2005

How much does a security breach actually “cost,” and who pays for
it? When the breach involves personal information, like credit card
data, the answer is, a lot more than you may think. The problem is that
the people who “pay” for the cost of the breach are rarely the ones
responsible for preventing the breach.

A recent lawsuit filed in state court in San Francisco may, to a
small extent, change that. The lawsuit was filed as an aftermath of the
data breach by credit card processor Cardsystems, Inc., which resulted
in the potential compromise of more than 40 million credit card
numbers, and seeks to impose liability on Cardsystems for the true
costs of failing to protect data.

Read the full article at the Register.

Posted in Security | Leave a Comment »

If all you have between you and hackers is a firewall then be very afraid…

Posted by Xavier Ashe on July 18, 2005

Ahh yes.  The old “I know we are secure because we have a firewall”
story.  I’ve been consulting for a long time now and can’t count the
number of times I’ve heard that statement when I ask how secure they
(the IT staff) believe their sites and servers are.  I’m here to dispel
the myth of firewalls being this all knowing protective guardian of
your network.

My next questions to anyone who gives me the “My Firewall protects me” line are:

  • “Do you have a mail server that sends and receives mail from behind your firewall?”
  • “Do you have a web server behind the firewall that allows users over the internet to connect to it?”
  • “Do you allow any VPN, Terminal Server, or any service to connect to your servers from the outside world?”

Great post over at Duane's World.  He comes to the same conculsion I did about this problem, intrusion prevention.

Posted in Security | Leave a Comment »

BlueTest – Bluetooth Scanner

Posted by Xavier Ashe on July 18, 2005

What can it do?
1. Search devices
2. Ping a device (optional)
3. Bind a device (ex. 6310i)
4. Extract device information
5. Extract/manipulate phonebook entries
6. Extract/manipulate SMS entries (Only Nokia 6310i is supported)
7. Extract dialed numbers, missed calls, received calls
8. Make a call (hangup after 20 sec.)

What do you need to run it?
1. Mobile device/phone (example: 6310i)
2. Perl + Device::Gsm;Getopt::Std;Term::ReadLine;Device::Modem;Term::ANSIColor
3. Bluetooth adapter (example: linksyss usbbt100)
4. Start the script as root (you need root to bind a device at /dev/rfcomm0)

The information has been provided by Kroma Pierre.

Get the code at

Posted in Security, Tools | Leave a Comment »

Hacking Tutorials –

Posted by Xavier Ashe on July 17, 2005

I just stumbled upon a nice hacking website that have mulitmedia
hacking demostrations using their live security tools CD called  Thier live CD is called Auditor
and it's based on the KNOPPIX release.  I am downloading it right
now to add to the collection.  I am most impressed with thier tutorial page where they have flash and video demos using the tools on the CD.  There you can find:

  • Netgear WG511 external antenna
  • Exploiting weakness of PPTP VPN
    • Obtaining a username and password via sniffing a PPTP session
  • Bluesnarfing a Bluetooth
    enabled Mobile Phone
    • All sorts of fun with bluetooth
  • WPA Cracking
    • Very impressive.  Goes through injecting a
      de-authentication packet to capture the WPA handshake, then brute
      forcing the hash.
  • Void11 Mass De-Authentication
    • Wireless DoS attack
  • Decrypting SSL Traffic using
    Man In The Middle technique (MITM)
    • Nice demo using ARP and DNS spoofing
  • 128 Bit Wep cracking

Posted in Security | Leave a Comment »

The Problem with Spyware

Posted by Xavier Ashe on July 16, 2005

The main reason that Spyware has been such a problem that it
began as a quasi-legitimate business practice.  Notice that we use to call
it Adware.  Unfortunately, competition for your personal information
caused other to start being super sneaky.  And, of course, the
proliferation of Spyware removers resulted in an all out war.

Well, there are still many successful companies that rely on Adware/Spyware and
have really good lawyers.  What they have done is still super sneaky, just
in a different way.  They are making deals with the Spyware removers to
remove them from the blacklist.  There
are several followers
of the WhenU controversy, where WhenU convinced Ad-Aware and others to de-list
them.  Now Bruce Scheier has
noted that
that Claria (the makers of Gator, the first successful Adware
program) has managed to get de-listed from
Microsoft's AntiSpyware
.  The disturbing thing is that Microsoft is in
acquisition talks
with Claria

So my bottom line, don't trust adware/spyware removers.  First of all,
they usually only do a 90% job.  So you have to run several programs to
clean a system.  Secondly, as you can clearly see above, you cannot trust their
business drivers.  As Bruce Scheier put it, “The problem with spyware
is that it can be in the eye of the beholder.”

My solution?  Use an immune system designed software like Sana Software.  Like your human
immune system, Sana
knows what should be happening on your PC and blocks everything else. 
Prevent the spyware from talking at all.  And how do you know which
computers are infected?  Use an intrusion detection and prevention
appliance that supports spyware detection like the Juniper NetScreen IDP
Then you know when computers are actually transmitting spyware traffic. 
These two solutions will keep you squeaky clean.

Full disclosure:  I work for Microtek Systems, Inc that partner with Sana
Security and Juniper.  I do sell the above product, but only because I truly
believe they are the best solutions.

Posted in Security | Leave a Comment »

%d bloggers like this: