The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for July, 2006

DOS with your Cell phone!

Posted by Xavier Ashe on July 31, 2006

Just when I thought I had seen every cool way to DOS a computer, Rickard Liljeberg finds the coolest yet.

Apparently if you stick a cell phone near the CD-ROM of a Dell Optiplex GX520 and receive a SMS/text message, the machine will go into suspend mode!

Imagine the pranking possibilities.

If you read through the comments of the site, Richard states that a few folks from Dell have already viewed his page.

Here's a link to the video, or please visit the blog entry to read more.

Found on A Day in the Life of an Information Security Investigator.


Posted in Other Technology, Security | Leave a Comment »

Google doesn't like security sites!

Posted by Xavier Ashe on July 27, 2006

I decided to create some Google Ads to drive some addtional traffic to the site.  After a few days of the ads running, Google suspended my account.


Thank you for advertising with Google AdWords. After reviewing your account, we've found that one or more of your ads or keywords does not meet our guidelines. You can see your disapproved ad(s), the reason for disapproval, and editorial suggestions, from the Disapproved Ads page within your account.

Wells that's not very nice.  I logged on to my Google AdWord account and found out the following:

At this time, Google policy does not permit the advertisement of websites that contain “hacking or cracking”. As noted in our advertising terms and conditions, we reserve the right to exercise editorial discretion when it comes to the advertising we accept on our site.

Has anyone else had problems like this? 

Posted in Personal Note | Leave a Comment »

Xbox 360 Piracy Spreading Fast In China

Posted by Xavier Ashe on July 27, 2006

As part of Gamasutra's visit to Shanghai for this week's ChinaJoy game
exhibition, we've discovered that Xbox 360 game piracy appears to be
spreading notably in the country, with at least one vendor offering
Xbox 360 titles such as Hitman: Blood Money for around 30 Chinese yuan ($3.50).

This development has occurred after an incident in March 2006, in which hackers managed to flash changes to the firmware
on the Xbox 360's DVD-ROM drive which allowed non-authenticated
(copied) games to be played. Further information on the hack surfaced
in late May, when other parties appear to have released a public
version of the exploit, and Microsoft's Gamerscore Blog published an official response to the problem.

But, judging by the shrinkwrapped copies of Xbox 360 titles available
publically in the country, Microsoft's much-vaunted security system has
been definitively bypassed for physical media-based Xbox 360 games –
with stores or individuals in Shanghai presumably offering to flash the
Xbox 360's disc drive BIOS for a fee.

As for the large selection of Xbox 360 games available, a recent Chinese-language article at pictures some of the titles readily available at game vendors throughout China, also including Ninety-Nine Nights, Fight Night Round 3, and Project Gotham Racing 3.

Read the full article on Gamasutra.

Posted in XBox Hacks | Leave a Comment »

Who would win in a fight – Hobgoblin or Ghostrider?

Posted by Xavier Ashe on July 26, 2006

Who would win in a fight – Hobgoblin or Ghostrider?  Two characters from the indie movie Geekin' argue it out.  See more on the Geekin' extras page.  If you like it, Digg It!

Posted in For Fun | Leave a Comment »

Response from the Governor

Posted by Xavier Ashe on July 25, 2006

As you may recall, I wrote the governor of Georgia on April 24, 2006 to protest HB1259.  That was the bill that would have made it a felony to practice computer forensics without a PI license.  Governor Sonny Perdue vetoed that bill on May 5, 2006.  His office just now replied to my message.  Better late than never.

Dear Mr. Ashe:

Thank you for contacting my office regarding House Bill 1259, recently considered by the 2006 Georgia General Assembly. I appreciate knowing how you stand on this issue and regret the
delay in my response to your message.

The existing definition of “private detective business,” continued in this bill, in conjunction with the applicable exemptions in the law, fails to exclude from the private investigator licensing requirement many professions that collect information or may be called as expert witnesses in court proceedings. To expand the penalty from a misdemeanor to a felony without revision of the existing definitions in the law could result in unintended consequences, therefore I vetoed House Bill
1259 on May 5, 2006.

Thank you again for writing and for your participation in our democratic process.

Posted in Personal Note | Leave a Comment »


Posted by Xavier Ashe on July 24, 2006

Nepenthes is a low interaction honeypot like honeyd or mwcollect.
Low Interaction Honeypots emulate _known_ vulnerabilities to collect
information about potential attacks. Nepenthes is designed to emulate
vulnerabilties worms use to spread, and to capture these worms. As
there are many possible ways for worms to spread, Nepenthes is modular.
There are module interface to

  • resolve dns asynchronous
  • emulate vulnerabilities
  • download files
  • submit the downloaded files
  • trigger events (sounds abstract and it is abstract but is still quite useful)
  • shellcode handler

Click here for the project homeFound on Bruce Schneier blog.

Posted in Security, Tools | Leave a Comment »

Human Implanted RFID Cloned at HOPE

Posted by Xavier Ashe on July 24, 2006

Newitz said she has an RFID chip implanted in her right arm manufactured by VeriChip Corp., a subsidiary of Applied Digital.

“Their Web site claims that it cannot be counterfeited — that is something that Jonathan and I have shown to be untrue.”

The pair demonstrated the cloning process: Westhues held a standard
RFID reader against Newitz’s arm to register the chip’s unique
identification number.

Next, Westhues used a home-built antenna connected to his laptop to
read Newitz’s arm again and record the signal off her implanted chip.

Westhues then takes the standard RFID reader and waves it past his
laptop’s antenna. The reader beeps, showing Newitz’s until then
“unique” ID. “It actually has no security devices what-so-ever,” Newitz
said of VeriChip’s claims that its RFID chips can not be counterfeited.

Read the full story on Reuters Newsblogs.

Posted in Privacy, Security | Leave a Comment »

XBox-Scene News show us the goods…

Posted by Xavier Ashe on July 22, 2006

Here are some high-res pictures of the sample we received of the Globe 360 (pre-order) dual-firmware DVD chip with “on-the-fly” DVD-key patching.

Globe 360 Globe 360

More Pictures:
* Close-up of Actel CPLD chip: low-res | high-res
* Close-up of socket-ed SST flash-chip: low-res | high-res
* Close-up back of PCB: low-res | high-res

Plug&Play: Don't need the extraction of drive-key from the original
firmware of drive on your console, only install the chip and the
“unsigned” firmware on-board will be boot.
* Firmware-drive Upgrade:
you can use an upgraded firmware for better performance of your
DVD-drive to reading DVD-R DL support (ex: you should use on Hitachi-LG
the firmware vers. 059 instead your original 47D or 46D).
Electronic Switch ON/OFF: enable or disable the chip when turn-on your
console by power button, you can check the state of chip by a
* Easy Reprogrammable Flash eprom: the on-board flash
eprom is mounted on a socket connector for an easy and clean remove in
order to fast reprogramming it.
* Compatible with all DVD-drives on the market (Hitachi-LG and Toshiba-Samsung).
* High reliability through ACTEL CPLD technology.

Official Site:
Install Diagrams: Toshiba-Samsung | Hitachi-LG
Pre-Order Globe 360 ($53):
Discuss this news item on our forums:

From XBox-Scene News.

Posted in XBox Hacks | Leave a Comment »


Posted by Xavier Ashe on July 22, 2006

is a live DVD collection
featuring the 10 Best
Security Live CD Distros (Pen-Test, Forensics & Recovery) as
per Darknet (see article here)
on one single DVD.

The live DVD collection features the following security based live
distributions (click names for further information):

  1. BackTrack 1.0
  2. Operator v3.3.20
  3. PHLAK v0.3
  4. Auditor v200605-02
  5. L.A.S.
    Linux – Local
    Area Security v0.5
  6. Knoppix-STD v0.1
  7. Helix v1.7
  8. F.I.R.E. v0.3.5
  9. nUbuntu vFlight 6
  10. INSERT Rescue Security
    Toolkit v1.3.6

Get the SecureDVD here.

Posted in Other Technology, Security, Tools | Leave a Comment »

Breach rules toughened for federal agencies

Posted by Xavier Ashe on July 19, 2006

The White House's Office of Management and Budget instructed U.S.
federal agencies to alert the US-CERT within one hour to any breach
involving personally identifiable information, even if the possibility
of a breach is only suspected.

The memo (PDF), dated last week, is the fourth letter regarding information-security policy sent to government agencies in the past two months. Another memo (PDF),
dated Monday, required that government agencies report any computer
systems missing from their inventory and outline the results of an
investigation into handling of personally identifiable information
within their agency. An earlier memo mandated that agencies use encryption to protect sensitive data on laptops.

From SecurityFocus.

Posted in Security | Leave a Comment »

Microsoft uses Pirated Software?

Posted by Xavier Ashe on July 19, 2006

Located there are exactly nine WAV files, with a size between 80 and 360
Kilobytes. They serve as background sound during the Windows Media
Player Tour. When you open one of these files with the notepad, you at
first only see scrambled letters. Of course, you think, it's a sound
file, after all.

But things become interesting when you scroll
down to the very bottom in notepad. Located there is a type of
watermarking, which records the software that the Microsoft musician
used to create the WAV files.

We found the following text there:
LISTB INFOICRD 2000-04-06 IENG Deepz0ne ISFT Sound Forge 4.5

first, that sounds anything but spectacular. It seems as if the
Microsoft musician or the freelance musician commissioned by Microsoft
used the Sony-made software ” Sound Forge ” (formerly Sonic) in its 4.5
version. Sound Forge is a tool for professionals and enables users to
create WAV, AIFF, MP3 and other music files priced at $400.

its face, all that's not unusual: Microsoft uses professional software.
Who would've thought? But wait a minute, who or what is “DeepzOne”?


is (or at least was) member of the Warez group Radium that had
specialized on cracking music software. Along with a person using the
alias “Sandor,” he was also co-founder of this group, which was
established in 1997( see in this interview ). In addition, it was
DeepzOne who started circulating the cracked 4.5 version of Sound Forge
a few years ago.

Found on the TechRepublic Forums.  DeepzOne is in my WAV files too…. hmmmm.

A few years back, the group “Radium” caused quite a stir. It cracked
the original Fraunhofer MP3 codec in order improve the limited MP3
codec that comes along with Microsoft. To listen to MP3s, the
Windows codec was solid, but it offered only limited encoding
functions. The Radium codec, by contrast, boasted an improved encoder
(up to 320 Kbit/s). During this Warez release, then, the name DeepzOne”
surfaced. But what is the name “DeepzOne” doing in nine WAV files in
Windows XP? Nothing more than a coincidence? One has the suspicion that
that the files were generated with the cracked version of Sound Forge
4.5. It's difficult to say whether Microsoft itself did that or one of
the freelancers. Only the Redmond-based employees in charge of the
Windows Media Player will know that for sure. It seems, though, as if
someone wanted to get around filling out an investment order to buy a
software worth $400.

Posted in Security | Leave a Comment »

Who wants a 50 Mbit connection at home?

Posted by Xavier Ashe on July 19, 2006

Verizon today introduced the fastest Internet connection speeds in the
country for consumers and small businesses — up to 50 megabits per second
(Mbps) downstream and 10 Mbps upstream. The new speeds complement the Verizon
FiOS Internet speed increases introduced in May of up to 20 Mbps downstream /
5 Mbps upstream and up to 10 Mbps downstream / 2 Mbps upstream for customers
in New York, New Jersey and Connecticut.

Residential customers who want to determine whether they can order FiOS
Internet Service can call 888-GET FIOS (888-438-3467) or visit Verizon's FiOS
Web site at Small businesses can call 877- FIOS BIZ
(877-346-7249) to determine if they qualify for FiOS Internet Service for
Business or visit for more information and
current promotions.

Verizon offers FiOS Internet and FiOS TV services over its advanced,
fiber-to-the-premises (FTTP) network — the only network that currently brings
fiber-optic technology directly to homes and businesses on a widespread scale.
The company is currently building its FTTP network in more than half of the
states where it offers landline communications services, including more than
200 communities in the tri-state area.

Wow…. The 50/10 deal is only $350 a month.  That's pretty awesome.  From Yahoo Finance. [via]

Posted in Other Technology | Leave a Comment »

Metasploit Creator Releases Malware Search Engine

Posted by Xavier Ashe on July 18, 2006

H.D. Moore, creator of the Metasploit
hacking tool and the security researcher behind the MoBB (Month of
Browser Bugs) project, has released a search engine that finds live
malware samples through Google queries.

The new Malware Search
engine provides a Web interface that allows anyone to enter the name of
a known virus or Trojan and find Google results for Web sites hosting
malicious executables.

The release of the search engine was motivated in part by a recent
announcement by Websense Security Labs, of San Diego-based Websense,
that it was using the freely available Google SOAP (Simple Object
Access Protocol) Search API to find dangerous .exe files sitting on Web

“My Web interface will identify specific malware without the Google
API. It directly searches Google using fingerprints from executables
that we already have,” he said.

From E-Week.  Click here for the Malware Search Engine.

Posted in Security | Leave a Comment »

Automated Master Lock Crackers

Posted by Xavier Ashe on July 18, 2006

[xander] sent in links to two machines designed to solve padlocks automatically. The
first one just modified an old robot project
since it already had the necessary stepper motor. The second
was built from scratch and includes a solenoid to test the lock. Both systems are just brute forcing the
combination, but they do use some shortcuts. Even though locks have 60 numbers there is less than 20 actual divisions.
Also, multiple final numbers can be tested without putting in the first two. With these two shortcuts there are approx.
400 passes. These machines can solve a lock in about 30 minutes. Of course we’ve shown before that any human can solve
one in about 10 minutes.

From Hack-a-Day.

Posted in Security | Leave a Comment »

New Behavioral Analysis Rootkit Detection Tool

Posted by Xavier Ashe on July 18, 2006

Helios is an advanced malware detection system.
It has been designed to detect, remove and inoculate against modern
Windows rootkits. It performs behavioral analysis as opposed to
signature based analysis and is able to detect rootkits in real-time as
well as unhide hidden processes and restore hijacked system functions.

A public technology preview can be downloaded from here.
Also provided are videos of Helios in action and a whitepaper on the technology.


Posted in Security, Tools | Leave a Comment »

Network Chemistry RogueScanner

Posted by Xavier Ashe on July 17, 2006

Wireless security firm Network Chemistry recently released a cross-platform, free software security tool called RogueScanner in conjunction with its wireless network protection package RFprotect. RogueScanner, licensed under the GPL and the latest of three free software security modules available from Network Chemistry, allows you to monitor your network for rogue wireless devices. Release 1.0 comes in both Windows and Linux versions.

RogueScanner works using collaborative classification.
Classification decisions are made by a central server which learns
based on previous classifications it has performed. This means that classification accuracy will improve over time.

If RogueScanner doesn't classify your devices accurately the first time you run it, don't despair. Run it again in a few days and you should see more accurate results.

collects information from devices on your network (which we call
evidence) and uses this evidence to make classification decisions. The
evidence collected includes:

  • The IP address and MAC address.
  • What TCP and UDP ports are open.
  • How the device responds to common network requests like a serving a web-page, telnet or SNMP.
  • The DNS or Netbios name used by the device.

This information is sent to the classification server over an SSL encrypted link. No identifying information is stored by the server. For example, it doesn't store the request IP address together with the evidence.

Posted in Security | Leave a Comment »


Posted by Xavier Ashe on July 17, 2006

You're sitting in an airport or in a cafe, and people want your money for
Internet access. They do allow DNS traffic, though. Enters NSTX. NSTX is
a hack to tunnel IP traffic over DNS. NSTX (IP-over-DNS) seems cool, but you
cannot get it to work. You've downloaded the latest version, maybe because you
saw it mentioned
on Slashdot
. You've looked at the nstx project page and the
freshmeat page. You even
tried reading some confusing
. Maybe you gave up and tried OzymanDNS. But curiousity got the better
of you. You really want to use this.

Once you've followed these instructions, you basically have a remote proxy,
providing you with access to the Internet. Communication between you and the
remote proxy is over NSTX.

If DNS traffic does not work, but ICMP traffic (i.e., ping) works, try ICMPTX: IP-over-ICMP. Note that these
instructions play nicely with ICMPTX. You can run both on one proxy.

Pretty interesting stuff on  I haven't had a problem since getting an EVDO PC card from Sprint. .5- 1 Meg pipe from just about anywhere.  No more hotspot searching!

Posted in Security | Leave a Comment »

Myspace Hack spreading like wildfire

Posted by Xavier Ashe on July 17, 2006

Well, well. Somebody has managed to hack with a flash based
redirect that exploits what is apparently a gaping wide hole in the
Myspace code. If you are signed into Myspace, and you go to a friends
page, and then find yourself redirected to a blog post containing a
diatribe about how the United States government is behind the 9/11
attacks, then your account has been hacked, and everyone who visits
your page will be infected!! Yes, it's true, at least for now –
everybody who visits an infected profile while signed into their
Myspace account will have their page hijacked!

From  Go here to find out how the MySpace SWF hack worked.

The solution is rather simple: Go to your home page, and click on edit
profile, remove the line below (and only the line below) from your
About Me section: (I added some “f's” to the code so it won't work here)

fembed ffallowscriptaccess=”fnever” src=”f”

Posted in Security | Leave a Comment »

2006 CSI/FBI Computer Crime and Security Survey Released

Posted by Xavier Ashe on July 17, 2006

Click here to download the PDF.  Here are the Key Findings:

Virus attacks continue to be the source of the greatest financial losses.  unauthorized access continues to be the second-greatest source of financial loss. Financial losses related to laptops (or mobile hardware) and theft of proprietary information (i.e., intellectual property) are third and fourth. These four categories account for more than 74 percent of financial losses.

Unauthorized use of computer systems slightly decreased this year, according to respondents.

The total dollar amount of financial losses resulting from security breaches had a substantial decrease this year, according to respondents. Although a large part of this drop was due to a decrease in the number of respondents able and willing to provide estimates of losses, the average amount of financial losses per respondent also decreased substantially this year.

Despite talk of increasing outsourcing, the survey results related to outsourcing are similar to those reported in the last two years and indicate very little outsourcing of information security activities. In fact, 61 percent of the respondents indicated that their organizations do not outsource any computer security functions. Among those organizations that do outsource some computer security activities, the percentage of security activities outsourced is rather low.

Use of cyber insurance remains low, but may be on the rise.

The percentage of organizations reporting computer intrusions to law enforcement has reversed its multi-year decline, standing at 25 percent as compared with 20 percent in the previous two years. However, negative publicity from reporting intrusions to law enforcement is still a major concern for most organizations.

Most organizations conduct some form of economic evaluation of their security expenditures, with 42 percent using Return on Investment (ROI), 21 percent using Internal Rate of Return (IRR), and 19 percent using Net Present Value (NPV). These percentages are all up from last year’s reported numbers. Moreover, in open-ended comments, respondents frequently identified economic and management issues such as capital budgeting and risk management as among the most critical security issues they face.

Over 80 percent of the organizations conduct security audits.

The impact of the Sarbanes–Oxley Act on information security continues to be substantial. In fact, in open-ended comments, respondents noted that regulatory compliance related to information security is among the most critical security issues they face.

Once again, the vast majority of the organizations view security awareness training as important. In fact, there is a substantial increase in the respondents’ perception of the importance of security awareness training. On average, respondents from most sectors do not believe their organization invests enough in this area.

Posted in Security | Leave a Comment »

The Israeli Conflict Spills over to the Internet

Posted by Xavier Ashe on July 15, 2006

The fighting along Israel’s northern border with Lebanon
has brought with it an upsurge in attacks on Israeli-related web sites
in the past 24 hours, Israeli web sites reported Thursday.

As the violence escalated, hackers from the Islamic world have targeted web sites hosted by all of Israel’s major Internet service providers.

counter the threat, the ISPs added even more security to protect their
servers from the latest round of digital warfare. Most of the attacks
are coming from hackers located in Morocco and Turkey.

From the Red Herring.

Posted in Security | Leave a Comment »

%d bloggers like this: