The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for November, 2006

Security Visualization Portal

Posted by Xavier Ashe on November 28, 2006

I launched a new portal that deals with visualization of log files:

http://secviz.org/

The portal can only survive if people- you – take an active part in contributing content.

There are multiple resources available where community input is most welcome:

* Graph Exchange: The idea is that people can submit their graphs, explain why they think the graphs are useful, and how they generated them.
* Parser Exchange: To generate graphs, you need to parse your data. This is a place where you can submit your parsers.
* Links: A whole bunch of links around data analysis and visualization.
* Discussions: A free forum where you can start discussions around the topics of log visualization and analysis.

Let me know what you think and most importantly, submit your graphs: http://secviz.org/?q=image/tid/1

This is from Raffael Marty, from ArcSight (which I'll forgive him for… just once 🙂 ), on the LogAnalysis mailing list.  For my customers and others that are dealing with security log analysis, this website may prove useful.

Posted in Security | Leave a Comment »

NMap Online

Posted by Xavier Ashe on November 28, 2006

For all Nmap fans, our group have implemented Nmap Online service.

Its address is http://nmap-online.com/. The interface allows you to perform custom

Nmap scans from our server with only a few limitations in the syntax.

The service is free and can be used immediately, no registration is required.

From Fr33d0m.net.

Posted in Security | Leave a Comment »

PS1P Alpha 1 Released – Playstation One Emulator for PSP

Posted by Xavier Ashe on November 28, 2006

After the disapointing PS1 Emulator release by Sony which requires you to have a PS3 heres some better news.



Tonight Finally is the release time of PS1P the PlayStation Emulator for the PSP – AN Exclusive for the PSP News site at DCEmu.
Its been a long wait but our friend Anonymous Coder has now agreed to
release the first Alpha of his Playstation Emulator for the PSP.

This release was to be a Single Game release but AC
contacted me today and changed his mind so thats great for you all,
heres what he emailed me

The wait is worth it. I'm releasing a version that will run anything. ISO, BIN, Z and ZNX

The rest you know. scph1001.bin and images in the __SCE__ps1p directory

This version has some compatibility problems which I plan to fix soon,
for example the FF7 intro movie doesn't run. You can play the game
though, just get past the intro using a standard PC emulator (PCSX,
ePSXe, …) and copy over the memory card file ( mcd001.mcr or
mcd002.mcr).

Use L+R+ up/down to tweak the CPU timing.

I think L2 and R2 aren't working at the moment too.

–A.C.

P.S.: to make things clear. This emulator has nothing to do with PCSX,
psx4all or any other emulator already released. The only thing I did
was use for the game selection screen, the same font code that psx4all
uses–it's from some GP2X demo/app.

From PSP News.

Posted in PSP Hacks | Leave a Comment »

Audio from Xbox hacker's USC talk

Posted by Xavier Ashe on November 28, 2006

The audio from Andrew “bunnie” Huang's free talk at USC last night is
online, thanks to students Mike Jones and Andy Sternberg. Bunnie came
to fame for breaking the crypto on the Xbox, enabling the creation of
Xbox Linux, and is now working with the startup he founded, Chumby, which makes an open media-player/device.

Bunnie's talk was a fantastic exegesis on the mind of a
reverse-engineer, the perils and promise of hardware hacking, and the
pursuit of business models that encourage smart customers to get the
most out of their devices.

Next week's speaker is EFF Staff Technologist Seth Schoen, whose many claims to fame include authoring the DeCSS Haiku, his sharp critiques of trusted computing, his role in uncovering the color printer secret codes, and many other seminal technical achievements. He also maintains the Bootable Business Card distribution of Linux. Seth speaks at 7PM on Tuesday, Nov 28, at the USC Annenberg School, room 207.
Link, MP3 Link

From Boing Boing.

Posted in XBox Hacks | Leave a Comment »

A Challenge from Isreal Torres

Posted by Xavier Ashe on November 27, 2006

- click to download -

Here begins a series of challenges! Can you find the secret in #0001?
md5 : 354CC60C4486F842C347C8742D2905BC

update : [11/06/2006] : I am adding hints to incoming questions to ensure progress.

Hint 1 : The challenge is not to see who does not run the unknown executable (good try though!)
I will say that it is benign in every way; however caution should
always be taken in using a non-production machine and non-admin mode.
Hint 2 : The MD5 hash is only that of the executable and nothing more.
Hint 3 : In testing this on other machines I’ve unexpectedly found part of the solution so if you are lucky you will to. (If you do find it you can quickly build a tool to discover more… but now perhaps I’ve said too much!)
Hint 4 : No crypto is involved in any scripting.

Click here to download the Challenge.

Posted in Security | Leave a Comment »

MP3 player used to tap ATM conversations

Posted by Xavier Ashe on November 27, 2006

A FRAUDSTER outwitted sophisticated banking security systems by using an ordinary MP3 music player to bug cash machines and steal customers’ credit card secrets.

Maxwell Parsons, 41, was the central figure in a gang who went on to steal goods worth hundreds of thousands of pounds in high street stores across Britain.

Parsons or other gang members would use MP3 portable music players
to record data transmitted from free-standing ATM cash machines. The
data was then converted to readable numbers using a separate computer
programme.

The phone line running from the machine to an ordinary BT
white socket was unplugged and a two-way adaptor inserted. The MP3
player was then placed between the ATM machine’s output cable and the
phone socket.

The player would record the tones, which resemble the kind of sound emitted by a fax machine.

These were then interpreted using a modem line tap, or MLT,
acquired from Canada, or passed through a computer software program
bought illicitly in Ukraine.

Read the full article on The Times Online.

Posted in Security | Leave a Comment »

Zune Hacked! How To Bypass The Zune's WiFi Sharing DRM

Posted by Xavier Ashe on November 25, 2006

We knew it would be done sooner or later, and now that we have the mod to use your Zune as a portable hard drive, a method to bypass the Zune's WiFi sharing DRM is finally here.

First, you need to enable hard drive mode using the instructions we posted before.
Then, rename whatever files—MP3s, movies, programs—to have the
extension “.jpg” in order to fool the Zune into thinking its an image.
This hack works because Zune doesn't apply DRM to images!

Then what?

Now, take your Zune and send the folder
containing these files to your buddy along with a real photo. If you
only send a fake photo, an error is thrown. The last step is to have
your friend sync the Zune with their computer, open the “containing
folder” where the files were downloaded, and rename the files back to
their correct extension.

We tried doing this before with just the Zune software, without the
storage hack, and Zune threw an error because it resizes the images
down in order to conserve space, and our file wasn't a real image.

Transferring Movie, .zip and .pdf files with 3 tutorials. [Zune Scene]

From Gizmoto.

Posted in Security | Leave a Comment »

6 DMCA new exemptions – good and bad…

Posted by Xavier Ashe on November 25, 2006

Copy protection on games for which there is no longer support from any publisher is no more. Under the new DMCA laws, copy protection can legally be cracked is the copyright holder no longer has any interest in the game.

This means that old school games can now be preserved, and there shouldn't be any legal ramifications to the individual or group who does so.

Other alterations to the laws included allowing cell phone software to be cracked to allow for use on other service providers, allowing blind people to use third-party software to read copy-protected books, and allowing educators to make DVD scene compilations.

The new laws will begin on Monday and last for three years.

From GWN.  [viaEFF has more details about all 6 changes in the DMCA code:

1. Audiovisual works included in the educational library of a
college or university’s film or media studies department, when
circumvention is accomplished for the purpose of making compilations of
portions of those works for educational use in the classroom by media
studies or film professors.

2. Computer programs and video games distributed in formats that
have become obsolete and that require the original media or hardware as
a condition of access, when circumvention is accomplished for the
purpose of preservation or archival reproduction of published digital
works by a library or archive. A format shall be considered obsolete if
the machine or system necessary to render perceptible a work stored in
that format is no longer manufactured or is no longer reasonably
available in the commercial marketplace.

3. Computer programs protected by dongles that prevent access due to
malfunction or damage and which are obsolete. A dongle shall be
considered obsolete if it is no longer manufactured or if a replacement
or repair is no longer reasonably available in the commercial
marketplace.

4. Literary works distributed in ebook format when all existing
ebook editions of the work (including digital text editions made
available by authorized entities) contain access controls that prevent
the enabling either of the book’s read-aloud function or of screen
readers that render the text into a specialized format.

5. Computer programs in the form of firmware that enable wireless
telephone handsets to connect to a wireless telephone communication
network, when circumvention is accomplished for the sole purpose of
lawfully connecting to a wireless telephone communication network.

6. Sound recordings, and audiovisual works associated with those
sound recordings, distributed in compact disc format and protected by
technological protection measures that control access to lawfully
purchased works and create or exploit security flaws or vulnerabilities
that compromise the security of personal computers, when circumvention
is accomplished solely for the purpose of good faith testing,
investigating, or correcting such security flaws or vulnerabilities.

Posted in Other Technology, Privacy | Leave a Comment »

New litigation rules put IT on the front lines of data access

Posted by Xavier Ashe on November 25, 2006

On Dec. 1, when
the latest version of the FRCP (Federal Rules of Civil Procedure) goes
into effect, CIOs and their IT departments will find themselves on the
firing line in most major business litigation. [Read about the cases that started it all.]

The
process in which businesses decide which data they are legally required
to save, and which they can safely throw out, is known as “e-discovery
and e-hold.” Until now, businesses have been forced to make e-discovery
and e-hold decisions based on a mixed bag of individual court
decisions, balanced by guesswork by their corporate legal teams. The
new FRCP changes all that, codifying a dangerously confusing situation.

Your
company’s chances of winning in court — or staying out of court
altogether — will be greatly enhanced by creating appropriate
enterprisewide procedures for retention and disposal of data and
documents.

Here are five significant changes to FRCP, and the processes your company should establish in order to be legally secure.

1. Rule 26 (f): Early discussion preparedness

This
rule mandates that the pretrial conference between opposing attorneys
will now have a very specific purpose. A sweeping requirement obliges
the company being sued to cite all storage systems that hold data
relevant to the litigation, all relevant data sources and data formats,
and the steps counsel has taken to prevent relevant data from being
deleted. To comply, companies will need a retention program that allows
the litigation department to provide and describe this information
accurately.

This is a must read for all CIOs, IT Managers, and company lawyers.  Read the full article on Infoworld.  Here's more information from the Newsletter of the Federal Courts, “Electronically Stored Information Target of New Rules.”

Posted in Security | Leave a Comment »

Visual Learner?

Posted by Xavier Ashe on November 23, 2006

Then try some hacking videos:

Date Item Title Author Hits
Sunday, 19 November 2006
Hacking Terminal Server with TSgrinder, TScrack, & Rdesktop
Chris Gates 420
Friday, 03 November 2006
Using MSF v3 Meterpreter
Chris Gates 825
Monday, 30 October 2006
MSF v3 Meterpreter –> netcat upload –> registry hack video
Chris Gates 1079
Sunday, 29 October 2006
MSF v3 VNCinject Video
Chris Gates 565
Sunday, 29 October 2006
MSF v3 Recon Modules Video
Chris Gates 346
Sunday, 29 October 2006
MSSQL –> Pwdump –> John The Ripper Video
Chris Gates 652
Sunday, 29 October 2006
MSF 2.x DCOM –> Meterpreter video
Chris Gates 300
Sunday, 29 October 2006
MSF 2.x RRAS –> VNCinject video
Chris Gates 282
 

From Learn Security Online.

Posted in Security | Leave a Comment »

Information Security Handbook: A Guide for Managers

Posted by Xavier Ashe on November 21, 2006

This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. Typically, the organization looks to the program for overall responsibility to ensure the selection and implementation of appropriate security controls and to demonstrate the effectiveness of satisfying their stated security requirements. The topics within this document were selected based on the laws and regulations relevant to information security, including the Clinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA) of 2002, and Office of Management and Budget (OMB) Circular A-130. The material in this handbook can be referenced for general information on a particular topic or can be used in the decision-making process for developing an information security program. National Institute of Standards and Technology (NISTIR) Interagency Report 7298 provides a summary glossary for the basic security terms used throughout this document. While reading this handbook, please consider that the guidance is not specific to a particular agency. Agencies should tailor this guidance according to their security posture and business requirements.

The purpose of this publication is to inform members of the information security management team (agency heads; chief information officers [CIOs]; senior agency information security officers [SAISOs], also commonly referred to as Chief Information Security Officers [CISOs]; and security managers) about various aspects of information security that they will be expected to implement and oversee in their respective organizations. In addition, the handbook provides guidance for facilitating a more consistent approach to information security programs across the federal government. Even though the terminology in this document is geared toward the federal sector, the handbook can also be used to provide guidance on a variety of other governmental, organizational, or institutional security requirements.

Download the new NIST publication, Information Security Handbook: A Guide for Managers (PDF).

Posted in Security | Leave a Comment »

Cain & Abel v3.9 released

Posted by Xavier Ashe on November 21, 2006

Cain & Abel v3.9 released

New features:
– Added Ophcrack's RainbowTables support for NTLM Hashes Cryptanalysis attack.
– Added ability to dump MSCACHE hashes directly from SYSTEM and SECURITY registry hive files.
– MSCACHE Hashes Cryptanalysis via Sorted Rainbow Tables.
– ORACLE Hashes Cryptanalysis via Sorted Rainbow Tables.
– New RainbowTable types have been added to Winrtgen v2.0. “mscache” and “oracle” tables can be used against MSCACHE and ORACLE hashes for specific usernames that can be set in the configuration dialog.

Posted in Security, Tools | Leave a Comment »

UK Passport RFID Cracked

Posted by Xavier Ashe on November 17, 2006

Three million Britons
have been issued with the new hi-tech passport, designed to frustrate
terrorists and fraudsters. So why did Steve Boggan and a friendly
computer expert find it so easy to break the security codes?

“The Home Office has adopted a very high encryption technology
called 3DES – that is, to a military-level data-encryption standard
times three. So they are using strong cryptography to prevent
conversations between the passport and the reader being eavesdropped,
but they are then breaking one of the fundamental principles of
encryption by using non-secret information actually published in the
passport to create a 'secret key'. That is the equivalent of installing
a solid steel front door to your house and then putting the key under
the mat.”

Within minutes of applying the three passports to the
reader, the information from all of them has been copied and the
holders' images appear on the screen of Laurie's laptop. The passports
belong to Booth, and to Laurie's son, Max, and my partner, who have all
given their permission.

Booth is staggered. He has undercut
Laurie by finding an RFID reader for £174, which also works. “This is
simply not supposed to happen,” Booth says. “This could provide a
bonanza for counterfeiters because drawing the information from the
chip, complete with the digital signature it contains, could result in
a passport being passed off as the real article. You could make a
perfect clone of the passport.”

From The Guardian.

Posted in Privacy, Security | Leave a Comment »

Windows Vista Security Guide

Posted by Xavier Ashe on November 15, 2006

The Windows Vista Security Guide provides guidance and tools to
further protect Windows Vista against real-live threats such as malware
and information theft. This solution accelerator recommends the
Enterprise Client (EC) configuration for organizations of all types.
Only in extreme security situations does the guide recommend the
Specialized Security – Limited Functionality (SSLF) configuration,
which considerably limits client computer functionality.
The Solution Accelerator includes recommendations about how to use new
and enhanced security technologies in Windows Vista to better defend
the client computers in your organization against malware. The guide
also provides recommendations and best practices on how to use
encryption and access control technologies in Windows Vista to protect
corporate data. Application compatibility testing recommendations are
included.
This Solution Accelerator includes several files, such as the Windows
Vista Security Guide.doc, the detailed Appendix A of the Windows Vista
Security Guide.doc, the Windows Vista Security Guide Settings.xls, and
the GPOAccelerator tool to help you easily implement the guidance.

To view this Solution Accelerator online at TechNet, click here.

Send questions or feedback to us directly at secwish@microsoft.com

Download the Windows Vista Security Guide.

Posted in Security | Leave a Comment »

Play the XBox 360 HD-DVD on your PC

Posted by Xavier Ashe on November 14, 2006

Double Double toil and trouble, well more accurately it’s Torx 5
Torx 7 toil and lots trouble. Enticed by the $199 price, we set
ourselves on a mission to find out if the Microsoft’s XBox 360 HD-DVD
player could work on a normal PC. Now, this can’t be an easy task, can
it?

Knowing there was already software available for Windows XP to play HD-DVD’s, could simply plugging the HD-DVD drive into a PC work? Well, no Windows needs drivers.

If Windows wants drivers, drivers it will get. After installing these drivers magic started to happen. The HD-DVD drive was now recognized in Windows XP. Now we needed a piece of software to actually play the HD-DVD. And after some hard work we managed to find a version of WinDVD 8 that was able to play an HD-DVD movie even on my low end hardware (Granted with some stuttering).

Wow… a $199 HD-DVD for my home theater PC.  DONE!  Read all the details on UNEASYsilence.

Posted in XBox Hacks | Leave a Comment »

Group Tags More 'Hacker Safe' Sites

Posted by Xavier Ashe on November 14, 2006

Add Ace Hardware, American Red Cross, GNC, HP, Johnson
& Johnson, Nike, Northrop Grumman, Petco, Ritz Camera, the Red
Cross, Sony, Sports Authority, World Bank, Yahoo, and Yankee Candle to
the list of Hacker Safe-labeled Websites identified by sla.ckers.org
as containing cross-site scripting vulnerabilities (XSS). (See 'Hacker Safe:' Safe for Hackers.)

In the past few days, the hacker group has posted these and
several additional Hacker Safe sites as containing XSS bugs, and says
there will be plenty more. But ScanAlert, which provides the security
scanning services for these sites and provides the Hacker Safe seal,
says users won't become victims of XSS attacks if they go directly to
those sites.

ScanAlert maintains that XSS isn't a server-side problem, but more a client-side one. (See Hackers Reveal Vulnerable Websites and Two Vendors Deny XSS Flaws.)

Looks like that little label isn't worth as much as it used to be.  I have waited for hacker groups to start targeting site with those silly labels.  Read the full article on Dark Reading.

Posted in Security | Leave a Comment »

Information Security Handbook: A Guide for Managers

Posted by Xavier Ashe on November 10, 2006

NIST is pleased to announce the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program.

URL to this Special Publication:
http://csrc.nist.gov/publications/nistpubs/#sp800-100

Posted in Security | Leave a Comment »

Top 10 Signs You Have an Insecure Web App

Posted by Xavier Ashe on November 7, 2006

I often
surf the web and see blatant design errors that make me shake my head. Without
even investigating the security of a site, I know without a doubt that the site
will be chock full of vulnerabilities. How can I be so sure? I see programming
mistakes that illustrate an utter lack of concern for security. They are ugly
mistakes that are far too prevalent. If you have any of the issues mentioned
below in your own web application, it's time to sit down with your developers
and have a chat. If these mistakes are being made, dig deeper. You may not like
what you see, but its better that you uncover the problems than leave them to
be discovered by someone else. For each of the signs listed below, take a look
at the included examples for public evidence of just how wide spread the
problem is.

  • Exposed Usage statistics
  • Copies of backup files
  • Your site shows up on a 'Wall of Shame'
  • Browseable directories
  • Login credentials passed over clear text
  • Outdated SSL certificates
  • Vulnerable third party applications
  • Verbose error messages
  • Developer comments in source code
  • You've been defaced!

From Michael Sutton's Blog.

Posted in Security | Leave a Comment »

 
%d bloggers like this: